Security

Reply
Contributor II

Clearpass and OpenLDAP

Hi all.

 

I'm trying to autenticate users using ClearPass and OpenLDAP. The autentication mode is EAP TTLS + PAP.

It works fine when the user password hash is cleartext, but if we change to SHA1 or other methods we got the follow authentication error:

(RADIUS PAP: Configured SHA1 password has incorrect length)

This link says the EAP TTLS + PAP supports all methods.
http://deployingradius.com/documents/protocols/compatibility.html

Do you have any tip?

Thank you

Re: Clearpass and OpenLDAP

You need to convert the clear text password to sha format





Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Clearpass and OpenLDAP

Hi Victor.

 

All users' passwords are in SHA1. We have created a new user with cleartext password for testing.

The user with password cleartext authentication works, but not for users with password in SHA1 mode or another method.

Guru Elite

Re: Clearpass and OpenLDAP

The SHA-1 hash is prefixed with {SHA} in the userPassword attribute?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Clearpass and OpenLDAP

I'm sorry for delay.

Yes. It is prefixed with {SHA} in the userPassword attribute.  

Any other idea ?

 

Please see the pictures attached.

 

Guru Elite

Re: Clearpass and OpenLDAP

That error generally means the password is not stored correctly.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Clearpass and OpenLDAP

Thank you Tim

I checked the option 'Bind User - Allow bind using user password ' at clearpass side, and it worked with SHA1. 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: