[RADIATOR] LDAP, crypt, hook
Heikki Vatiainen
hvn at open.com.au
Mon May 16 07:07:43 CDT 2011
On 05/16/2011 11:14 AM, romans at cc.technion.ac.il wrote:
Hello Roman,
> We use Radiator for authentication WPA2 wireless via LDAP.
>
> Users passwords are stored inside LDAP in CRYPT form and we have a
> possibility to receive the same CRYPTed string from a clear-text
> password by executing
>
> crypt <crypted-string-from-LDAP> <clear-text-from NAS-Request>
>
> in perl script.
See the reference manual for version 4.8 (ref.pdf) and there AuthBy
LDAP2 and sections "5.37.11 PasswordAttr" and "5.37.12
EncryptedPasswordAttr". If your crypt passwords do not start with
{crypt} you can use something like this:
TranslatePasswordHook sub { return "{crypt}$_[0]"; }
See also goodies/ldap.cfg for an LDAP authentication configuration example.
> I.e. first according to User-Name in NAS-request we need to receive an
> answer from LDAP, then execute script and then we need to compare the
> resulting crypted string with <crypted-string-from-LDAP> and only after
> all this send a reply to NAS.
>
> But we don't know how can it be done in Radiator conf-file, what hook we
> need to use to achieve the result.
Radiator should be able to do what you require when you configure AuthBy
LDAP2 and configure appropriate PasswordAttr or EncryptedPasswordAttr
See also ref.pdf sections "13.1.1 User-Password, Password" and "13.1.2
Encrypted-Password" for more about how Radiator interprets various
password formats.
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list