Stefan Adams wrote: > It's been quite a challenge to maintain both radiusNTPassword and > sambaNTPassword in a user's LDAP object, especially when > radiusNTPassword is just sambaNTPassword, prepended with '0x'. If > nothing else, that's redundant.
Hmm... in 1.1.7, the "pap" module will take care of fixing NT-Passwords. i.e. map sambaNTPassword to NT-Password in ldap.attrmap, and list "pap" at the end of the "authorize" section. The pap module will see the 32-character hex string NT-Password, and convert it to 16-character binary format, which the rest of the server needs. > Does that make sense? Anything wrong with doing this? Obviouly this > patch is teeny and not very profound... For what reason is this > avoided? rlm_ldap expects the value to be in hex. What do you mean by that? > diff -urN freeradius-1.1.7/src/modules/rlm_ldap/rlm_ldap.c ... > for (vals_idx = 0; vals_idx < vals_count; vals_idx++) { > value = vals[vals_idx]; > +sprintf(hex, "0x%s", value); > +value = hex; > +DEBUG("!!! %s !!!", value); Huh? You're adding "0x" to the start of EVERY attribute. That's wrong... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html