Selon Alan DeKok <[EMAIL PROTECTED]>:
> Something other than EAP-MD5.
>
> LEAP should work.
>
> As an alternative, you could try storing NT passwords. That will
> allow LEAP & MS-CHAP to work.
>
okay i'm not really into Win stuff .. ntPassword fields seem crypted since i
can't "read" them with my eyes, but i think it's just a hash or something. Isn't
it the regular way to store NT passwords ?
anyway, here is my ldap section in radiusd.conf:
ldap {
server = "192.168.1.6"
basedn = "ou=Users,dc=mtp,dc=epsi,dc=fr"
filter = "(&(objectclass=posixAccount)(uid=%u))"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = ntPassword #<--- i changed this one just to try it out,
it was originally userPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
and here are my sldapd access rules:
access to dn=".*,dc=mtp,dc=epsi,dc=fr" attr=userPassword
by dn="cn=root,dc=mtp,dc=epsi,dc=fr" write
by self write
by * auth
access to dn=".*,dc=mtp,dc=epsi,dc=fr" attr=ntPassword
by dn="cn=root,dc=mtp,dc=epsi,dc=fr" write
by self write
by * auth
access to dn=".*,dc=mtp,dc=epsi,dc=fr" attr=lmPassword
by dn="cn=root,dc=mtp,dc=epsi,dc=fr" write
by self write
by * auth
if i remember well (long time i've not reconfigured openldap) the write perm
also allow read ?
since i didn't configure any user in the ldap section of radiusd, isn't it
supposed to log in the ldap server with the username/passwd received by radiusd,
and grab the user password which should be possible since it has write (read ?)
perm ?
thanks for your help
--
Arnauld Dravet
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
