>----- Oorspronkelijk bericht ----- >Van : wessam seleem [mailto:wessam.sel...@gmail.com] >Verzonden : zondag , september 27, 2009 02:34 PM >Aan : 'FreeRadius users mailing list' >Onderwerp : Re: > >Dear Thor and Ivan, > Thanks for your support. I would like to notice that I have the >same configuration in a server that has freeradius-1.1.7-1 installed and it >is working fine. I want to upgrade. That is why I am testing >freeradius-2.1.6-2. I want to ask is there is any difference between 1.1.7-1 >and 2.1.6-2 configuration files that I should put it in my consideration? > > >Thor, >I don't have the same output in the debug mode. I have what you can see >below: > > >++[ldap] returns ok >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >!!! Replacing User-Password in config items with Cleartext-Password. >!!! >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >!!! Please update your configuration so that the "known good" >!!! >!!! clear text password is in Cleartext-Password, and not in User-Password. >!!! >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >+- entering group PAP {...} >[pap] login attempt with password "password" >[pap] Using clear text password "$...@hfgusllj%$#kasjs" >[pap] Passwords don't match >++[pap] returns reject >Failed to authenticate the user. >Using Post-Auth-Type Reject >+- entering group REJECT {...} >[attr_filter.access_reject] expand: %{User-Name} -> username > attr_filter: Matched entry DEFAULT at line 11 >++[attr_filter.access_reject] returns updated > >Dear Ivan and Thor, > >As you can see the problem that I am sending a clear text password and the >radius doesn't convert it to encrypted one. I want my radius to take a >clear >text password and encrypt it then compare it with the encrypted one in my >ldap. Please let me know if I should clarify more or if you need more info. > >Thanks again for your support. >Regards, >
I'm not saying that how I got it working is *the* way to do it, I just got it working this way... I'm using 2.1.7, but I guess 2.1.6 has exactly the same behaviour. In your ldap module configuration, remove this: password_header = "{CRYPT}" Then the ldap module will not remove {CRYPT} from User-Password and the server will not complain about the attributes... The pap module configuration should only have the following line: auto_header = yes This will make the PAP authentication step recognize that the password retrieved from ldap is crypted and do the correct password comparison. Regards, Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html