Douglas G. Phillips wrote:
I'm running into an issue here, and I can't seem to find the forest for the trees. I'm probably overlooking something obvious, and am not searching correctly for the problem.
Our LDAP server is using crypted passwords at the moment.
The router is a cisco 5350. RADIUS is FreeRADIUS 1.0.1-2 on Debian Sarge.
The problem is this: If I pass the radtest client a clear-text password, authentication is successful. If either I pass the client an encrypted password (copied from the logs) or point the 5350 at the radius server, it doesn't work. I verified that the shared secret is correctly matched with what is in the router.
Here is a sample of the password that is being passed:
User-Password = "\240d\351E\3737\025\022\0227,(rest removed)"
Here is the configuration (comments omitted to save space). I have tried with the password_header both set to {CRYPT} and commented out.
ldap { server = "*******" identity = ******** password = ******** basedn = "ou=people,dc=eiu,dc=edu" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_header = "{CRYPT}" timeout = 4 timelimit = 3 net_timeout = 1 }
authorize { preprocess auth_log suffix ldap }
authenticate { Auth-Type LDAP { ldap } }
Any ideas?
Thanks.
Please post the portion of radiusd -X output that illustrates the problem. password_header = "{clear}" in the ldap module config directives should make your CISCO authentication work properly. Give it a try. Is this what you want?
Chris Carver
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
