On 07/19/2010 10:13 AM, Lionne Stangier wrote:
Is there a double colon (::) after the userPassword attribute name in the ldapsearch result? (e.g. userPassword:: xxxxxxxxxxxxxxxxx). If so that means the attribute value was binary (had some non-ascii printing character in it) so it was base64 encoded. This is a bit obscure, I got tripped up by it recently too :-) Try base64 decoding the the value. I bet it'll look like {hash}xxxxxxxxxxxx where hash is one of sha1, md5, etc. and xxxxxxxxxxx is the hash digest of the password. FWIW it's not unusual when a hashing to a digest to end up with a non-ascii character (thus triggering the base64 encoding)Yes the password it´s like you describe. I tested different forms in the ldap.attrmap now. Same trouble as before. We only load the schema on LDAP. Are there some different important settings?
Have a look at: http://deployingradius.com/documents/protocols/compatibility.html and how your passwords are stored (and hashed) that will tell you what will work. The only password type that works with everything is cleartext, which has it's own issues. So you've got some decisions to make. -- John Dennis <[email protected]> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
