UNCLASSIFIED > -----Original Message----- > > Looking at this it seems that the LDAP record is holding > the password > > with a certain encryption and that Radius needs to be told > to encrypt > > the password it has passed to it in that format. > > > > Anyone know what the LDAP encryption would be, and how to influence > > RADIUS's treatment of the password. > > > > David > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > Now fixed. > > All I had to do in the end was add the line for "userPassword" and > then change this from no to yes > > pap { > auto_header = yes > } > > in my radiusd.conf file which allows radius to work out how to encrypt
> the password - in this case I *THINK* against a /etc/shadow format > hash > >From man slappasswd -h scheme If -h is specified, one of the following RFC 2307 schemes may be specified: {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. The default is {SSHA}. Note that scheme names may need to be protected, due to { and }, from expansion by the user's command inter- preter. {SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the latter with a seed. {MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter with a seed. {CRYPT} uses the crypt(3). {CLEARTEXT} indicates that the new password should be added to userPassword as clear text. Regards Frank Ranner
Classification=UNCLASSIFIED Precedence=ROUTINE
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html