On Sat, Mar 10, 2012 at 5:29 AM, <[email protected]> wrote: >> So to save lots of time and configuration problem: does your LDAP >> store user passwords in clear text or any "common" hash (e.g. md5, >> unix)? If yes, AND you know what the LDAP attribute is, you don't even >> need an LDAP section in authenticate. > > Mostly crypt, but I've seen a few SSHA hashes. I know the ldap attribute as > well. Assuming those hashes are "common" enough, what do I need to do?
If the hash is supported (see http://wiki.freeradius.org/Protocol%20Compatibility) , you only need to make sure FR sees it in the right place. See ldap.atrmap. > > I should point out that I had been using: > > DEFAULT Auth-Type = Ldap > > In the users file as well on the two older servers, despite docs that say > that it > is "almost always wrong", but it was the only way we got it working. > If you have the attribute, and the hash is supported, you shouldn't need that. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
