On 07/19/2010 08:17 AM, Lionne Stangier wrote:
Here are a couple of things to check which often trip folks up:
1) is the userPassword attribute defined in $RADDB/ldap.attrmap ?
By default it isn't (I've never understood why it isn't) You should have
a line in that file which looks like this:
checkItem Cleartext-Password userPassword
Nice to know. I don’t use this line before :) thank you.
I used ldapsearch -h ldap.... -b dc=allesklar,dc=com -x "uid=lionne.stangier"
I get the userPassword but encoded :(
Is there a double colon (::) after the userPassword attribute name in
the ldapsearch result? (e.g. userPassword:: xxxxxxxxxxxxxxxxx). If so
that means the attribute value was binary (had some non-ascii printing
character in it) so it was base64 encoded. This is a bit obscure, I got
tripped up by it recently too :-) Try base64 decoding the the value. I
bet it'll look like {hash}xxxxxxxxxxxx where hash is one of sha1, md5,
etc. and xxxxxxxxxxx is the hash digest of the password. FWIW it's not
unusual when a hashing to a digest to end up with a non-ascii character
(thus triggering the base64 encoding)
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
