John Dennis wrote:
Authentication modules need access to either the cleartext password or
hashed password, it is the role of the authorization modules to insert
the password information into the *config* list of the request. The
authentication modules will extract the password information from
I'm a little confused by how rlm_ldap is handing passwords. First let me
state what I believe to be true, if I'm wrong on any of these
assumptions please correct me.
Authentication modules need access to either the cleartext password or
hashed password, it is the role of the authorization
I'm a little confused by how rlm_ldap is handing passwords. First let me
state what I believe to be true, if I'm wrong on any of these
assumptions please correct me.
They are, sort of, correct.
Or am I just missing something?
You are looking at rlm_ldap in isolation. rlm_pap will handle
I changed the users file as you recommended, the ldap.attrmap contains the
additional line:
checkItem User-Category primaryGroupID
Unfortunately also in this case only the Reject entry matches, although the
primaryGroupID seems to passed to User-Category:
radiusd -AX
Dusty Doris wrote:
Did you get the second email I sent. I don't believe you can use that
check item from ldap in the users file. Try the ldap-group options I
sent over in the last email. That should work for you.
Thank you, I got it and already tried that attribute. The behaviour is a
Thank you, I got it and already tried that attribute. The behaviour is a bit
better, but does not really lead to the desired result, as the client gets
an:
Incoming RADIUS packet did not have correct Message-Authenticator - dropped
Well, at least you've got the ldap part working. The
I want to add a checkitem from an ldap request and use it, when later
the users file is processed.
Therefore I added
checkItem User-Category primaryGroupID
to ldap.attrmap
The users file contains nothing but:
##
Dusty Doris wrote:
...
If this is your users file, its incorrect. Notice the placement of
commas. The check-items should be on one line seperated by commas.
The reply items should be over multiple lines seperated by a comma,
except for the last line.
HOST/lnxad.tde002.sitest.net,
8 matches
Mail list logo