On Sat, 29 Mar 2008, Arran Cudbard-Bell wrote:
If there's a {ssha} header on the password, then the PAP module should figure it out.But it doesn't appear to be... you have got the autoheader option set in the PAP module? pap { auto_header = yes }
Yes, that's configured.
*nothing* will work until you get the hash into the correct attribute with the header stripped off.
Right. As already noted, radtest against a user entry in our LDAP data *does* work. I just need to get this working inside the TTLS tunnel.
Fudging it by creating a static mapping userPassword -> SSHA-Password in ldap.attrmap won't work because the header will still be present in the hash...
Ok, which suggests that my attempt to use "password_radius_attribute" (if that parameter still existed) in the ldap configuration would have still failed, because I was trying to set it to SSHA-Password there. Alan's suggestion was to map it tp User-Password, though, which is where rlm_pap *would* know how to deal with it. Thanks, of course, for your continued interest ... -- ---------------------------------------------------------------------- Sylvain Robitaille [EMAIL PROTECTED] Systems and Network analyst Concordia University Instructional & Information Technology Montreal, Quebec, Canada ---------------------------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
