Thanks for the info. I'm not sure how to determine what to use in
ldap.attrmap, but will see what I can figure out.
One question though; before attempting this current setup, I installed
freeradius_1.1.0-1ubuntu2.1_i386.deb and ldap on the same localhost..
radtest and authenticating via WPA worked perfectly using the same user
credentials I am using today from my new radius server. The difference
is the version and the fact the radius server is on a different box.
What might need to be configured differently now that freeradius is on a
seperate box?
On 6/24/2010 11:33 AM, John Dennis wrote:
On 06/24/2010 12:21 PM, Raymond Norton wrote:
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
You don't have the userPassword mapped in /etc/raddb/ldap.attrmap
But even if you did, ldap has this:
userPassword:: e1NIQX13ak83dXhlS3FYR0NFVlhPTEVzVUo4OW9DWFE9
and the request has this:
User-Password = "password"
They aren't the same are they? The LDAP entry looks like a hash,
you'll have to figure out which kind. Note it does not contain a
{hash} prefix so FreeRADIUS can't figure what kind of hash it is.
You'll have to force that with the right radius attribute for
userPassword in ldap.attrmap.
But you better look at this:
http://deployingradius.com/documents/protocols/compatibility.html
and understand the consequences.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html