cancel
Showing results for 
Search instead for 
Did you mean: 

how to designate the password field used by LDAP AAA/RADIUS

how to designate the password field used by LDAP AAA/RADIUS

Tom10
New Contributor

Is there any way to define which attribute the RADIUS server checks in an external LDAP server? It seems to be hitting the first one that it hits (NT passwd) rather than the userPassword attribute which has caused some odd problems.

13 REPLIES 13

Tom10
New Contributor
Thanks for getting back to me. I also figured this out in the meantime and it sort of like your answer...

The radius server on Aerohive has a typical limitation in that it needs a clear text password returned from the userpasswd attribute. It can also use a ntpassword or lmpassword field if it finds those, which we have.

This has finally motivated us to figure out how to keep the two fields in sync.

Thanks!

samantha_lynn
Esteemed Contributor III

Thank you for your patience, I'm sorry for the long wait here. I wanted to confirm before I got back to you, but it looks like the only way we would be able to not report that password field would be to have it not reported in plain text from the server.

Tom10
New Contributor
That search group doesn’t hide the “sambaNTpassword” field, which is what I think you may have been expecting based on the webpage you cited.

Exec-Program output:
Search user 'tom' under baseDN ou=users,dc=pcc,dc=com successful.
filter: (uid=tom)
dn: uid=tom,ou=users,dc=pcc,dc=com
uid: tom
mail: tom@pcc.com
password exists
password exists

samantha_lynn
Esteemed Contributor III

I'm sorry, I'm not sure what you mean when you say it's returning two passwords. Could you clarify and/or send a screen shot of what you are seeing?

GTM-P2G8KFN