On 07/22/2010 08:26 PM, newtownz wrote:
The password stored in eDirectory is valid.
My understanding of eDirectory is that it will never let you see the actual
password
of a user, it will hash it first. Is this behavior of freeradius normal?
There is eDirectory support in the rlm_ldap module which (I belive) does
a "special" query to get a the "universal password); see the docs for
rlm_ldap.
But you (or rather the FreeRadius bind DN) *will* need permissions to
read the plaintext password or you're stuck. You need that password or
the NT/LM hash to do PEAP/MS-CHAP.
Later in the process the user is rejected because no Auth-Type was found,
is this related?
Yes.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
