Rob Shepherd wrote:
No clear-text is stored in LDAP. I have MD5 in userPassword and the two
samba hashes.
The cisco kit, VPN concentrator and switches etc, supply a clear text
password at radius. I figured my only option was to PAP-to-LDAP.
Is there an alternative for this situation?
Use an instance of the "pap" module with "encryption_scheme = nt"
modules {
pap nthashpap {
encryption_scheme = nt
}
}
authorize {
preprocess
files
}
authenticate {
Auth-Type PAP {
nthashpap
}
}
...however, you will need:
DEFAULT Auth-Type := PAP
...somewhere, since the PAP module in 1.1.0 (and I think all non-CVS
versions?) does not (irritatingly) set Auth-Type to PAP, and cannot even
run in the authorize section.
Newer versions of the server (CVS) will both auto-detect "{type}hash"
type prefixes in values *and* set the auth-type so you can just do:
modules {
pap {
auto_header = yes
}
}
authorize {
preprocess
pap
ldap
}
authenticate {
Auth-Type PAP {
pap
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
