On 03/12/2010 06:44 AM, omega bk wrote:
i just want to understand.
why [ldap] Added User-Password = test in check items , and how to
replace it by Cleartext-Password.
Is ldap returns password non crypted?
is ldap use 'Auth-Type = Local' ?
In the raddb directory is a file called ldap.attrmap. When you find a
user in ldap it will retrieve all the check items listed there that it
can find associated with the user. The file maps the ldap attribute name
to a radius attribute name and adds it as a check item to the request.
You most likely have a line in the ldap.attrmap file which maps an ldap
attribute to User-Password. The User-Password radius attribute is
deprecated, just like it clearly says in the debug output. The radius
User-Password attribute has been replaced by Cleartext-Password. Change
you ldap mapping so the Cleartext-Password is returned instead of
User-Password.
It is possible to prepend the cleartext password with a {hash-type}
prefix if the password is actually hashed (e.g. {crypt}). This is
documented in raddb/modules/pap. Which type of password is compatible
with which authentication method is documented here:
http://deployingradius.com/documents/protocols/compatibility.html
The use of check items, the role of authorization & authentication is
documented in doc/aaa.txt. LDAP processing is documented in
doc/ldap_howto.txt. Please try and read the documentation before you ask
questions. The reason we know the answers is because we read the
documentation ;-)
i don't really understand how ldap deals back information.
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
