> On Sat, Mar 10, 2012 at 10:47 AM, <u...@3.am> wrote: >> Both hashes are supported, thanks for the link. I assume I need to define >> something to map to, as well? Like this: >> >> raddb/dictionary: ATTRIBUTE userPassword 3004 string > > err... no. > >> >> raddb/ldap.attrmap: checkItem User-Password userPassword > > Is your LDAP attribute storing the password called userPassword? If > yes, you shouldn't need to do anything as it's already mapped to the > correct attribute on ldap.attrmap > > checkitem Password-With-Header userPassword
Ah...it seems that my ldap.attrmap is from an older version of FreeRadius that didn't have it. I had copied it over to the new raddb/ because I now have those custom POSIX expiry attributes that you and others helped me with. We generally try to use the entire existing raddb/ dir when we upgrade FR, because our configuration has gotten pretty complex (to us, anyway), but I guess this isn't always a good idea. Thanks again for your help! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html