I have been reading and looking at similar post non-stop and have an
idea what is wrong, but am not sure how to fix it.
I understand there may be a need to map ldap and radius attributes and I
have found a couple examples, but I am not entirely sure what the
changes should be.
It seems the other problem may be the authentication being used., maybe
a combination of both. I would guess I'm about one or two config changes
from getting this to work.
The ldap user I am trying to authenticate was created via:
./migrate_group.pl and # ldapadd on the ldap server
Not sure if that helps identify the changes I need to make???
On 6/24/2010 3:21 PM, Josip Rodin wrote:
On Thu, Jun 24, 2010 at 12:33:10PM -0400, John Dennis wrote:
But even if you did, ldap has this:
userPassword:: e1NIQX13ak83dXhlS3FYR0NFVlhPTEVzVUo4OW9DWFE9
They aren't the same are they? The LDAP entry looks like a hash, you'll
have to figure out which kind. Note it does not contain a {hash} prefix
so FreeRADIUS can't figure what kind of hash it is.
No, the two colons in ldapsearch output just indicate that the attribute
value is MIME-encoded. It can be decoded for example with:
% echo e1NIQX13ak83dXhlS3FYR0NFVlhPTEVzVUo4OW9DWFE9 | mimencode -u
{SHA}wjO7uxeKqXGCEVXOLEsUJ89oCXQ=
% echo e1NIQX13ak83dXhlS3FYR0NFVlhPTEVzVUo4OW9DWFE9 | perl -e 'use MIME::Base64;
print decode_base64(<>);'
{SHA}wjO7uxeKqXGCEVXOLEsUJ89oCXQ=
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
