On Wed, Dec 17, 2003 at 06:21:12PM +0800, Rohaizam Abu Bakar wrote:
>
>
> # debug MODE
>
[deleted]
> auth: type "LDAP"
why are you setting your auth type to LDAP when you want
CHAP authentication ?
> modcall: entering group Auth-T
can anyone help me on this CHAP issue
thanks...
- Original Message -
From:
Rohaizam Abu
Bakar
To: [EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 6:21
PM
Subject: migrate PAP to CHAP for
LDAP
How can i migrate PAP authentication method to
How can i migrate PAP authentication method to CHAP
using existing LDAP data ??
Tested below:
- In radiusd.conf under ldap module:
password_header = "{clear}"password_attribute =
radiusCHAPPassword [mapped to
CHAP-Password]
=> added
radiusCHAPPassword
e, 2003-12-16 at 16:23, Kostas Kalevras wrote:
> On Tue, 16 Dec 2003, Sevcik Berndt wrote:
>
> > Thanks for the tip with th NT Domain hack Brian.
> >
> > An other problem is the LDAP Query themself. I get no result for my Username.
> > But the User exists and wh
On Tue, 16 Dec 2003, Sevcik Berndt wrote:
> Thanks for the tip with th NT Domain hack Brian.
>
> An other problem is the LDAP Query themself. I get no result for my Username.
> But the User exists and when I use the ldapsearch command with the
> same filter I also get an result
The problem is solved! Sorry for the posting
Thanks
Berndt
On Tue, 2003-12-16 at 15:09, Sevcik Berndt wrote:
> Thanks for the tip with th NT Domain hack Brian.
>
> An other problem is the LDAP Query themself. I get no result for my Username. But
> the User exists and when I use th
Thanks for the tip with th NT Domain hack Brian.
An other problem is the LDAP Query themself. I get no result for my Username. But the
User exists and when I use the ldapsearch command with the
same filter I also get an result.
I use the latest CVS Version of Freeradius
and openLDAP Version
from an iPlanet certificate server (EAP-TLS) and also a
> username/password against LDAP. Would this be EAP-TTLS?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t; from an iPlanet certificate server (EAP-TLS) and also a
> username/password against LDAP. Would this be EAP-TTLS? If someone can
> point me to the correct keyword I'm sure I can figure it out from there.
Yes that would be EAP-TTLS.
You can also set the EAP-TLS-Require-Client-Cert attrib
against LDAP. Would this be EAP-TTLS? If someone can
point me to the correct keyword I'm sure I can figure it out from there.
Thanks,
-Patrick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Arthur EBEL" <[EMAIL PROTECTED]> wrote:
> I am using freeradius 0.9.3 on a linux box
> I have found the eap_ttls module in the CVS tree
> How to install it ???
You install a snapshot. You can't use EAP-TTLS with 0.9.3.
> I dont want to use personnal certif
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> > I am using freeradius 0.9.3 on a linux box
> > I have found the eap_ttls module in the CVS tree
> > How to install it ???
>
> ./configure
> make
> make install
And watch the server dies as soon as it receives an EAP-TTLS request.
Alan DeKok.
-
On Wed, 10 Dec 2003, Arthur EBEL wrote:
> Hi,
> I am using freeradius 0.9.3 on a linux box
> I have found the eap_ttls module in the CVS tree
> How to install it ???
./configure
make
make install
>
> Can anyone can explain me the interest to use EAP TTLS + LDAP
>
> I do
Hi,
I am using freeradius 0.9.3 on a linux box
I have found the eap_ttls module in the CVS tree
How to install it ???
Can anyone can explain me the interest to use EAP TTLS + LDAP
I dont want to use personnal certificate but only the login and ldap passwd
of the personn
Is TTLS+LDAP it a good
AP
because you don't know how the server works. Stop trying to figure
out how to use PAP to solve a problem you don't understand.
If you configure the LDAP module to pull a password out of an LDAP
database for a user, then almost all of the authentication methods in
the server will w
Please forgive my ignorance here. There is much about this I do not
understand. I am using the Alfa&Ariss client. If it is sending eap
packetts and those packetts do not contain a pap password does that mean
I can't use pap? Should I consider another method?
rick...
Rom.5:8
>>> [EMAIL PROTECTED]
"Rick Whitley" <[EMAIL PROTECTED]> wrote:
> Thanks for the info...should I comment out the eap module in radiusd?
Huh? Can you explain to me why you would think that was necessary?
Your client is sending EAP packets. How are you going to
authenticate them, if you don't use the EAP module?
Thanks for the info...should I comment out the eap module in radiusd?
Now reading rlm_ldap.
rick...
Rom.5:8
>>> [EMAIL PROTECTED] 12/08/03 03:18PM >>>
"Rick Whitley" <[EMAIL PROTECTED]> wrote:
> I am running freeradius snapshot 20030922. I need to get pap
nticate]: module "pap" returns invalid
> modcall: group authtype returns invalid
> auth: Failed to validate the user.
See? That won't work.
Why don't you try authenticating the user *without* editing the
"users" file, to see if it works? Odds are that once you poi
"Rick Whitley" <[EMAIL PROTECTED]> wrote:
> I am running freeradius snapshot 20030922. I need to get pap working
> with ldap. How do I set the password attribute for pap? Where do I look
> in the docs to provide this info?
doc/rlm_ldap should be a place to star
Hi,
I am running freeradius snapshot 20030922. I need to get pap working
with ldap. How do I set the password attribute for pap? Where do I look
in the docs to provide this info? Below are my settings. Any help would
be
greatly appreciated.
radiusd:
ldap {
server
Arthur EBEL said:
> Hi :-)
>
> I would like to user freeradius and LDAP to authentication. Do u know
> where
> can I find documentation about this kind of configuration.
>
> Anyone have a experience about that ???
Yep. I already had existing user objects, so I added radiusp
On Mon, 8 Dec 2003, Arthur EBEL wrote:
> Hi :-)
>
> I would like to user freeradius and LDAP to authentication. Do u know where
> can I find documentation about this kind of configuration.
doc/rlm_ldap
>
> Anyone have a experience about that ???
Quite a few people have manag
Hi :-)
I would like to user freeradius and LDAP to authentication. Do u know where
can I find documentation about this kind of configuration.
Anyone have a experience about that ???
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Entelin <[EMAIL PROTECTED]> wrote:
> Its using CHAP, I have read a bunch about all this and know
> that CHAP requires the passwords to be stored as plaintext. Indeed my
> configuration works fine if I change the ldap password to plaintext.
> However I would really rather not hav
works fine if I change the ldap password to plaintext.
However I would really rather not have all my passwords stored this way.
All my users in ldap have perms to read themselves, is it possible to
have freeradius to permit baised on if a rebind as the user succeeds?.
for example.
first freeradius
I am running freeradius 20030922 snapshot on RedHat 9.0. I am
authorizing and authenticating via ldap. I seem to be getting authorized
and authenticated but my supplicant continues to try and authenticate.
Below is my debug output. If anyone can see anything unusual please let
me know. Thanks for
On Thu, 4 Dec 2003, Marcelo Azola M. wrote:
> Hi:
> I need obtain the group membership for a user that is created in a LDAP
> server, from freeradius server.
>
> I configured the freeradius to authenticate the user to LDAP server, but
> only validate the username
> And pass
Hi:
I need obtain the group
membership for a user that is created in a LDAP server, from freeradius server.
I configured the freeradius to authenticate the user to LDAP server, but
only validate the username
And password. I need know the group that the user to as it belongs,
or the
f,or users.In users file,i do nothing
> except commenting out the line of "DEFAULT Auth-Type = System
> Fall-Through = 1".In radiusd.conf file,i configure some parameter of
> "ldap" module in modules section.And i think LDAP works.All passwords are
> clearte
Hello:
I need help !!!
I need to make a consultation of groups from a NetScreen to a
LDAP server through freeradius.
When making the consultation, in debug of freeradius single appears
username and password, and not the group to consult.
In the users file:
DEFAULT Auth-Type := LDAP
ystem
Fall-Through = 1".In radiusd.conf file,i configure some parameter of
"ldap" module in modules section.And i think LDAP works.All passwords are
cleartext in my ldap server.I read some documents of freeradius,but i can't
find any hint.Can you give me any
On Mon, Dec 01, 2003 at 11:05:59AM +, jiang chong wrote:
> anybody can tell me ?
> thanks in advance.
>
Yes it can.
--
Andrej Brkic
Fakultet Prometnih Znanosti, Zagreb, Croatia
E-mail: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
anybody can tell me ?
thanks in advance.
_
享用世界上最大的电子邮件系统― MSN Hotmail。 http://www.hotmail.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear Andrej Brkic,
let me try it out.Thanks very much.
_
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Nov 27, 2003 at 10:14:41AM +, jiang chong wrote:
> Andrej Brkic,
> thanks for your response.I have a question yet.I use cleartext password
> in my LDAP Server.But it doesn't work.When i run "radtest test test
> localhost:1645 0 testing123",it's
Dear jiang chong,
read aaa.txt
--Thursday, November 27, 2003, 1:14:41 PM, you wrote to [EMAIL PROTECTED]:
jc> Andrej Brkic,
jc> thanks for your response.I have a question yet.I use cleartext password
jc> in my LDAP Server.But it doesn't work.When i run "radtest test
Andrej Brkic,
thanks for your response.I have a question yet.I use cleartext password
in my LDAP Server.But it doesn't work.When i run "radtest test test
localhost:1645 0 testing123",it's say ok.The 'test,test'is my LDAP entry.so
i think my LDAP Server is ok.B
On Thu, Nov 27, 2003 at 08:53:51AM +, jiang chong wrote:
> why why why ?My NAS is cisco PIX525,but cisco NAS only use MS-CHAP
> authentication method.
> i want to go to die.
>
MS-CHAP in fact does work with LDAP, the only issue is that you need
either cleartext or md4 passwords
why why why ?My NAS is cisco PIX525,but cisco NAS only use MS-CHAP
authentication method.
i want to go to die.
_
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
-
List info/subscribe/unsubscribe? See http://www.freerad
Dear Andrej Brkic,
--Wednesday, November 26, 2003, 12:02:31 PM, you wrote to [EMAIL PROTECTED]:
AB> userPassword in the LDAP database is SHA1 encrypted and MS-CHAP need
AB> cleartext passwords and of course this is not working, is there any
AB> way of making this work without having
>> you could include the samba schema in the ldap server using
>> the ntPassword attribute for password.
>> Use "smbencrypt [string]" to generate a NT Hash for testing.
>> On samba site you should find more about automating this step in ldap-pdc
>> doc
On Wed, Nov 26, 2003 at 12:12:54PM +0100, Giosuè Pacifico wrote:
> Hi,
> you could include the samba schema in the ldap server using
> the ntPassword attribute for password.
> Use "smbencrypt [string]" to generate a NT Hash for testing.
> On samba site you should find m
Hi,
you could include the samba schema in the ldap server using
the ntPassword attribute for password.
Use "smbencrypt [string]" to generate a NT Hash for testing.
On samba site you should find more about automating this step in ldap-pdc
docs.
Better than nothing..
Bye
Giosuè
At 1
Greetings to all the list readers,
Running freeradius 0.9.3 and trying to make MS-CHAP work with LDAP, the
setup is following:
I have clients connecting to a pptp server with MPPE. MS-CHAPv2 is
required for MPPE to work. Now since I have a LDAP database with all
the users which is also used for
I want to use my freeradius server as an authentication server for my
802.11 wlan. I have an LDAP server that I want to use for account
storage, and my rlm_ldap is loading successfully.
How can I determine which attributes of radiusProfile are needed for an
account of this nature, what valid
Hello,
I would like, for testing, a sample configuration for freeradius with
peap or EAP/TTLS with a openLDAP server backend.
Thanks.
Escuse my english
--
GQS
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, 19 Nov 2003, Costas Christonis wrote:
> Hi to all,
> I want to ask this:
> using freeradius, can you have users in LDAP and mysql so doing
> authentication from both simultaneous?
In general yes. Though you will probably need to play with Autz-Type and
Auth-Type to get tha
Hi to all,
I want to ask this:
using freeradius, can you have users in LDAP and mysql so doing
authentication from both simultaneous?
Thanks a lot
Costas A. Christonis
Networking & Communications Centre
Gallos Campus - University of Crete
email: [EMAIL PROTECTED]
http://www.ucnet.uo
"Lai Fu Keung" <[EMAIL PROTECTED]> wrote:
> I expect that freeradius will only do user authentication and nothing
> about the user's behaviour after login. I can't imagine how
> freeradius affects the browser's behaviour after successfully
> authenticated.
It doesn't. You've configured FreeR
We use freeradius with LDAP authentication for dial-up PPP service.
When Win2k/WinXP users get authenticated with LDAP through
freeradius, they have problems loading some particular web sites. The
webpages cannot be loaded. It returns normal after I stop using
freeradius for authentication
On Fri, 7 Nov 2003, Peter Bates wrote:
>
> Hello all...
>
> Freeradius 0.9.2, built as an RPM on RedHat 7.3.
> I'm using LDAP support to try and authenticate users against
> Novell's eDirectory (which has the LDAP 'interface', as it were).
>
> Our u
Hello all...
Freeradius 0.9.2, built as an RPM on RedHat 7.3.
I'm using LDAP support to try and authenticate users against
Novell's eDirectory (which has the LDAP 'interface', as it were).
Our usernames are generally like: (or the full DN)
cn=Anstpbat,ou=NST,ou=AS,o=LSHTM
b
Hello all...
I'm running FreeRadius (0.9.2, built from the RedHat specfile as an
RPM), and trying to get it to use LDAP authentication, using Novell
eDirectory (8.6) as the LDAP source.
I use a similar method (PAM -> LDAP -> eDirectory) to authenticate
users for SSH/ftp and similar
Sent: Friday, October 24, 2003 10:32 AM
To: <[EMAIL PROTECTED]
Subject: ldap inside ttls
Is it possible to have ldap authentication within ttls?
rick...
Rom.5:8
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/us
Hi everybody,
we finally did it in having all the stuff work.
The server is running fine with our TTLS client, and performs authentication against a RadiantOne virtual LDAP running over a couple of different sources (quite a long tour to authenticate a user).
Thank you very much for your help and
On Tue, 28 Oct 2003, Jack J wrote:
> Hi,
>
> I could not find this information in archives.
> Can someone please share views ?
>
> For TTLS tunnel, I can have LDAP as user profile
> storage
> mechanism.
> Questions:
> 1) Can this be for both inner and outer TT
Hi,
I could not find this information in archives.
Can someone please share views ?
For TTLS tunnel, I can have LDAP as user profile
storage
mechanism.
Questions:
1) Can this be for both inner and outer TTLS tunnel
realms ?
2) How does FreeRADIUS communicate with LDAP via
some secured channel
Hi Alan,
If I use the same username/password with the radtest cmd it
authenticates me well over LDAP.
Should I need to define any encryption method in the radiusd.conf?
Thanks
Marios
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent
"Marios Karagiannopoulos" <[EMAIL PROTECTED]> wrote:
> I don't understand at all what's going on. I would appreciate it If you
> could give me a tip.
The password is wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Rick Whitley" <[EMAIL PROTECTED]> wrote:
> Whenever I set ldap as the authentication method with ttls I get a
> segmentation error after I start radiusd. Any help would be
> appreciated.
It would help *us* if you would read the FAQ, README, doc/BUGS, and
follow t
Hi guys,
Could you please check my radiusd -X -A below?
I'm trying to authenticate a Windows XP supplicant (PEAP) through an
802.1X SMC AP (10.1.0.180) and freeradius from the latest nightly build
! The LDAP server is an Active Directory Server (Windows 2003 Server).
Please keep in mind
Make sure you have the latest OpenSSL library for FreeRadius.
> -Original Message-
> From: Rick Whitley [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 27, 2003 6:32 AM
> To: [EMAIL PROTECTED]
> Subject: RE: ldap inside ttls
>
> Whenever I set ldap as the authe
Whenever I set ldap as the authentication method with ttls I get a
segmentation error after I start radiusd. Any help would be
appreciated.
rick...
Rom.5:8
>>> [EMAIL PROTECTED] 10/24/03 09:34AM >>>
Yes it is.
Ron.
> -Original Message-
> From: Rick Whitley
On Sun, 26 Oct 2003, Ruslan Spivak wrote:
> Hello.
>
> For now i use authentication(authtype PAP) and accounting in mysql(also
> rlm_sqlcounter).
> I saw in config option for authentication using ldap. Is it possible to
> use ldap authentication and mysql accounting and will rlm
Sorry, I had read the thread and could not identify what was going
on. I got it now.
The information below is VERY helpful.
Thanks very much.
Lai
On 27 Oct 2003 at 2:27, Matt Sapp wrote:
> Sigh. We just went over this last week in the LEAP+LDAP thread. If
> you u
Sigh. We just went over this last week in the LEAP+LDAP thread. If you use the
"password_attribute" setting in LDAP, it takes whatever value it gets from that
attribute to be the password. This breaks anything that requires ntPassword.
So, for doing CHAP, If you have both userPa
thread on 'NT passwords and LEAP'
Sorry, a bit loss on how this can be done.
Is it possible to have the userPassword and NT-Password in the same
DN in LDAP?
In LDAP module configuration, what value should I specify for
"password_attribute"? Or should I create 2 instances o
Hello.
For now i use authentication(authtype PAP) and accounting in mysql(also
rlm_sqlcounter).
I saw in config option for authentication using ldap. Is it possible to
use ldap authentication and mysql accounting and will rlm_sqlcounter
work in such combination?
Thanks in advance.
Your help
On Fri, 24 Oct 2003, Jack J wrote:
> Hi,
>
> I have a situation that I need to configure.
> I did not find in archives, thus hoping some one
> could shed some light.
>
> I need to configure 2 realms.
> Two of them need to use TTLS with different LDAP
> servers
>
Hi,
I have a situation that I need to configure.
I did not find in archives, thus hoping some one
could shed some light.
I need to configure 2 realms.
Two of them need to use TTLS with different LDAP
servers
that use TLS for communication.
Any tips how to configure this ?
Any samples ?
Thank
M
> To: [EMAIL PROTECTED]
> Subject: LDAP, LEAP and sha-encrypted passwords
>
>
> Hi All,
>
> I am trying to setup freeradius in such a way that a client
> pc can authenticate with LEAP via a CISCO aironet AP 1200
> using an account in LDAP.
>
> I am so far that my fr
Yes it is.
Ron.
> -Original Message-
> From: Rick Whitley [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 24, 2003 8:32 AM
> To: <
> Subject: ldap inside ttls
>
> Is it possible to have ldap authentication within ttls?
>
>
> rick...
> Rom.5:8
>
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> I have been reading all the related topics in the mail archive but I
> cannot find the solution.
>
> I would like to know:
> 1) is it possible to use ldap sha-encrypted passwords for leap authentication?
Is it possible to have ldap authentication within ttls?
rick...
Rom.5:8
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Lai Fu Keung" <[EMAIL PROTECTED]> wrote:
> We are heading to have Single Sign On for all services. Having a
> plain text password on a machine is considered insecure and loss of
> privacy.
Nonsense.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
Hi All,
I am trying to setup freeradius in such a way that a client pc can authenticate with
LEAP via a CISCO aironet AP 1200 using an account in LDAP.
I am so far that my freeradius adds my password (the header {SHA} is removed
succesfully) to the "check items", but when doing the &
lso use NT-Password. So I am
> thinking to have PAP to use crypted userPassword and MS-CHAP to use
> an encoded NT-Password eventually. Is it feasible?
Yes. Check the recent thread on 'NT passwords and LEAP'
>
> What can you suggest in configuring freeradius to have a single
On Wed, 22 Oct 2003, Lai Fu Keung wrote:
>
> > Well it seems that the bind operation is failing. If your encrypted password is
> > not the userpassword attribute then the ldap server will _not_ use that in the
> > bind operation and as a result the bind operation will f
an encoded NT-Password eventually. Is it feasible?
What can you suggest in configuring freeradius to have a single
crypted password in our LDAP for all types of logins (with different
authentication protocols)?
Thanks for your all replies anyway.
Lai
>
> Alan DeKok.
>
-
List inf
"Lai Fu Keung" <[EMAIL PROTECTED]> wrote:
> My problem is that both MS_CHAP and PAP authentications will look up
> the plain text password. But I want PAP to look up the crypted
> userPassword.
Again, why?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u
On 22 Oct 2003 at 11:09, Alan DeKok wrote:
> > How can ask LDAP to look at UserPassword attribute when PAP is used,
> > and look at chapPassword attribute when MS_CHAP is used?
>
> Why? UserPassword will work fine with both authentication methods.
I read the document w
"Lai Fu Keung" <[EMAIL PROTECTED]> wrote:
> How can ask LDAP to look at UserPassword attribute when PAP is used,
> and look at chapPassword attribute when MS_CHAP is used?
Why? UserPassword will work fine with both authentication methods.
Alan DeKok.
-
List info
> Well it seems that the bind operation is failing. If your encrypted password is
> not the userpassword attribute then the ldap server will _not_ use that in the
> bind operation and as a result the bind operation will fail. So make sure you
> are using the right password attribute.
On Tue, 21 Oct 2003, Lai Fu Keung wrote:
>
> Hi,
>
> I use LDAP to authenticate all requests. LDAP contains 2 password
> attributes -- a plain text password for authenticating MS-CHAP and a
> crypted password for authenticating PAP, CHAP.
>
> I can get CHAP, MS-CHAP w
Hi,
I use LDAP to authenticate all requests. LDAP contains 2 password
attributes -- a plain text password for authenticating MS-CHAP and a
crypted password for authenticating PAP, CHAP.
I can get CHAP, MS-CHAP working, but not with PAP.
Anyone can help? Thanks in advance.
Lai
Error
"Jason Schultz" <[EMAIL PROTECTED]> wrote:
> I'm a newbie to radius and am trying to get mschap to authenticate over ppp
> using an ldap server. I have read through many archives and checked the
> faq's but still no luck.
The output of the server helps, to
Hi.
I'm a newbie to radius and am trying to get mschap to authenticate over ppp
using an ldap server. I have read through many archives and checked the
faq's but still no luck. I can authenticate successfully using text
passwords and everything works fine connecting to poptop without
in the format of "0xblahblahblah".. Authentication wouldn't work until I started
storing then prefixed with the
MS> "0x". I'm not sure if they'd need to be in the same format in LDAP, but you might
give that a try.
MS> -Matt
MS> MNU Internet Sys
I'm currently storing NT-Password hashes in a MySQL database, and they had to be in
the format of "0xblahblahblah".. Authentication wouldn't work until I started storing
then prefixed with the "0x". I'm not sure if they'd need to be in the same format
ith filter (uid=leap_test)
rlm_ldap: Added password 8846F7EAEE8FB117AD06BDD830B7586C in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding ntpassword as NT-Password, value
8846F7EAEE8FB117AD06BDD830B7586C & op=21
>> the attribute 'ntpassword' in
g thread:
http://lists.cistron.nl/pipermail/freeradius-users/2003-March/017366.html
Based on that thread it looks to me like you need:
password_attribute = "NT-Password"
This is then mapped via the ldap.attrmap file to ntPassword (which you should be able
to change to whatever ldap
O.K., I've almost got this working...
The LDAP stores the NT password in a field called 'ntpassword'. It is
stored as a standard NT-hash - '8846F7...'. I've modified the LDAP module
section so that it uses 'password_attribute = ntpassword'. Now, if
"Michael Kopp" <[EMAIL PROTECTED]> wrote:
> > If you can pull the NT-Password out of the LDAP database, the
> > EAP/LEAP module can use it for authentication.
>
> does this mean this also applies to the newly freeradius feature
> PEAP-MSCHAP2 ?
Yes. Th
Hi,
> > Since we already have the NT
> > hashed version of the password stored in our LDAP that would work
> > beautifully. Am I reading this correctly? Or is my understanding
> clouded
> > by my need to find a solution?
>
> If you can pull the NT-Password ou
"Woods, Bryan" <[EMAIL PROTECTED]> wrote:
> Since my "real" users are in the LDAP, I won't be using the 'users' file.
> So where do I define the Auth-Type? And what value should it be set to?
You don't define the Auth-Type. The server will
Thank you for clarifying that for me.
Since my "real" users are in the LDAP, I won't be using the 'users' file.
So where do I define the Auth-Type? And what value should it be set to?
And I'm guessing that I can setup the ldap section of 'modules' to
a clear text password??
Yes.
> Since we already have the NT
> hashed version of the password stored in our LDAP that would work
> beautifully. Am I reading this correctly? Or is my understanding clouded
> by my need to find a solution?
If you can pull the NT-Password out of
rk. The
client is a Macintosh iBook running Mac OS 10.2.8 (the latest patches have
been applied).
This all works quite nicely with the test accounts that I setup in the
'users' file:
"testeap" Auth-Type := EAP, User-Password == "password"
Now here's my probl
Hello,
I am working on authorizing using LDAP and
authentication using PAP. Presently working on PAP
with clear text pasword stored in LDAP, but later
would like to use SHA1. I have defined an ldap
attribute to store password in ldap database and
mapped it to "User-Password". But
1 - 100 of 936 matches
Mail list logo