"Douglas G. Phillips" <[EMAIL PROTECTED]> wrote:
> Our LDAP server is using crypted passwords at the moment.
RADIUS clients can use PAP. Nothing else.
> The problem is this: If I pass the radtest client a clear-text password,
> authentication is successful. If either I pass the client an encrypted
> password (copied from the logs)
That won't work. The server will interpret the User-Password
attribute as the clear-text password, because that's the definition of
User-Password.
There are no provisions in RADIUS for passing crypt'd passwords in a
RADIUS packet.
> ... or point the 5350 at the radius server, it doesn't work.
I don't see why.
> Here is the configuration (comments omitted to save space). I have
> tried with the password_header both set to {CRYPT} and commented out.
That tells the LDAP module how to interpret the password it gets
from the LDAP server. It doesn't tell FreeRADIUS to treat
User-Password as a crypt'd password. The documentation for the LDAP
module makes the first point clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
