Extreme Networks

Tom10 · ‎12-17-2018

Is there any way to define which attribute the RADIUS server checks in an external LDAP server? It seems to be hitting the first one that it hits (NT passwd) rather than the userPassword attribute which has caused some odd problems.

Tom10 · ‎12-30-2018

Thanks for getting back to me. I also figured this out in the meantime and it sort of like your answer...

The radius server on Aerohive has a typical limitation in that it needs a clear text password returned from the userpasswd attribute. It can also use a ntpassword or lmpassword field if it finds those, which we have.

This has finally motivated us to figure out how to keep the two fields in sync.

Thanks!

samantha_lynn · ‎12-26-2018

Thank you for your patience, I'm sorry for the long wait here. I wanted to confirm before I got back to you, but it looks like the only way we would be able to not report that password field would be to have it not reported in plain text from the server.

Tom10 · ‎12-18-2018

That search group doesn’t hide the “sambaNTpassword” field, which is what I think you may have been expecting based on the webpage you cited.

Exec-Program output:
Search user 'tom' under baseDN ou=users,dc=pcc,dc=com successful.
filter: (uid=tom)
dn: uid=tom,ou=users,dc=pcc,dc=com
uid: tom
mail: tom@pcc.com
password exists
password exists

samantha_lynn · ‎12-18-2018

I'm sorry, I'm not sure what you mean when you say it's returning two passwords. Could you clarify and/or send a screen shot of what you are seeing?

Extreme Networks

how to designate the password field used by LDAP AAA/RADIUS

how to designate the password field used by LDAP AAA/RADIUS