how to designate the password field used by LDAP AAA/RADIUS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-17-2018 01:51 PM
Is there any way to define which attribute the RADIUS server checks in an external LDAP server? It seems to be hitting the first one that it hits (NT passwd) rather than the userPassword attribute which has caused some odd problems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-30-2018 04:34 PM
The radius server on Aerohive has a typical limitation in that it needs a clear text password returned from the userpasswd attribute. It can also use a ntpassword or lmpassword field if it finds those, which we have.
This has finally motivated us to figure out how to keep the two fields in sync.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-26-2018 08:26 PM
Thank you for your patience, I'm sorry for the long wait here. I wanted to confirm before I got back to you, but it looks like the only way we would be able to not report that password field would be to have it not reported in plain text from the server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-18-2018 03:01 PM
Exec-Program output:
Search user 'tom' under baseDN ou=users,dc=pcc,dc=com successful.
filter: (uid=tom)
dn: uid=tom,ou=users,dc=pcc,dc=com
uid: tom
mail: tom@pcc.com
password exists
password exists
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-18-2018 02:58 PM
I'm sorry, I'm not sure what you mean when you say it's returning two passwords. Could you clarify and/or send a screen shot of what you are seeing?
