mel wrote:
In that case, something is *really* wrong with my setup and I have no
idea why. I can only authenticate if the password in OpenLDAP is
cleartext, but never if it's hashed. debug output, radiud.conf (modules
ldap section), sites-enable/default follows.
I managed to get the
mel wrote:
In that case, something is *really* wrong with my setup and I have no
idea why. I can only authenticate if the password in OpenLDAP is
cleartext, but never if it's hashed. debug output, radiud.conf (modules
ldap section), sites-enable/default follows.
You have edited the
Hi,
authorize {
preprocess
ldap
chap
mschap
suffix
eap
#files
}
See? You edited that. A lot. And broke it.
You got that right - I've accidently/intentionally (I can't remember
which) deleted pap. My bad.
I have *no* idea why so many people install the
mel wrote:
I've managed to setup FreeRadius with OpenLDAP. The passwords however,
are hashed (e.g. {SHA}) in LDAP. Authenticating directly to LDAP
works, but it failed with Freeradius.
What does that mean?
If the password is in plain-text,
authentication is successful.
Well, yes.
Hi,
FreeRADIUS does that automatically... IF it receives a password in the
Access-Request. If it doesn't receive a password in the Access-Request,
what you want to do is impossible.
See the web page for more explanations.
A bit clearer now. So you're saying that I should use:
radtest
mel wrote:
A bit clearer now. So you're saying that I should use:
radtest testuser {SHA}... radiusserver 0 secret
No. The *client* is not the *server*. The client sends a clear-text
password to the server. The server looks up the user in a database, and
(perhaps) finds a SHA hashed
Alan DeKok wrote:
password to the server. The server looks up the user in a database, and
(perhaps) finds a SHA hashed password. The server then SHA hashes the
password supplied by the client, and compares it to the SHA password
from the database.
In that case, something is *really* wrong
Hi all,
I've managed to setup FreeRadius with OpenLDAP. The passwords however,
are hashed (e.g. {SHA}) in LDAP. Authenticating directly to LDAP
works, but it failed with Freeradius. If the password is in plain-text,
authentication is successful. Question:
What are the setting in FR
8 matches
Mail list logo