UNCLASSIFIED
> -----Original Message-----
> > Looking at this it seems that the LDAP record is holding
> the password
> > with a certain encryption and that Radius needs to be told
> to encrypt
> > the password it has passed to it in that format.
> >
> > Anyone know what the LDAP encryption would be, and how to influence
> > RADIUS's treatment of the password.
> >
> > David
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> Now fixed.
>
> All I had to do in the end was add the line for "userPassword" and
> then change this from no to yes
>
> pap {
> auto_header = yes
> }
>
> in my radiusd.conf file which allows radius to work out how to encrypt
> the password - in this case I *THINK* against a /etc/shadow format
> hash
>
>From man slappasswd
-h scheme
If -h is specified, one of the following RFC 2307
schemes may be specified: {CRYPT}, {MD5}, {SMD5},
{SSHA}, and {SHA}. The default is {SSHA}.
Note that scheme names may need to be protected, due to
{ and }, from expansion by the user's command inter-
preter.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1),
the latter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the
latter with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be
added to userPassword as clear text.
Regards
Frank Ranner
Classification=UNCLASSIFIED
Precedence=ROUTINE
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
