On Wed, Mar 7, 2012 at 3:09 AM, Stefano Zanmarchi <[email protected]> wrote: > On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha <[email protected]> wrote: >>> Instead, you should find out which LDAP attribute stores your >>> MD5-password, add the correct mapping to ldap.attrmap, and leave >>> Auth-Type section commented-out. > > Hi Fajar, > thank you for your kind answers, l'll try that out. > One thing still isn't clear to me though. Since the LDAP "userPassword" > contains the hashed password, how can freeradius use ldap.attrmap to > perform authentication? I thought it could only try to bind as the user.
I assume you've seen http://wiki.freeradius.org/Rlm_ldap ? Basically you need to determine: - which LDAP attribute stores the password (e.g. userPassword? something else?) - does the attribute store the password with header (e.g {md5})? - is the mapping in ldap.attrmap correct? -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
