Security

 View Only

  • 1.  Clearpass and OpenLDAP

    Posted Apr 29, 2018 08:33 PM

    Hi all.

     

    I'm trying to autenticate users using ClearPass and OpenLDAP. The autentication mode is EAP TTLS + PAP.

    It works fine when the user password hash is cleartext, but if we change to SHA1 or other methods we got the follow authentication error:

    (RADIUS PAP: Configured SHA1 password has incorrect length)

    This link says the EAP TTLS + PAP supports all methods.
    http://deployingradius.com/documents/protocols/compatibility.html

    Do you have any tip?

    Thank you



  • 2.  RE: Clearpass and OpenLDAP

    Posted Apr 30, 2018 09:38 AM
    You need to convert the clear text password to sha format





    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: Clearpass and OpenLDAP

    Posted May 02, 2018 12:24 PM

    Hi Victor.

     

    All users' passwords are in SHA1. We have created a new user with cleartext password for testing.

    The user with password cleartext authentication works, but not for users with password in SHA1 mode or another method.



  • 4.  RE: Clearpass and OpenLDAP

    Posted May 02, 2018 12:28 PM
    The SHA-1 hash is prefixed with {SHA} in the userPassword attribute?


  • 5.  RE: Clearpass and OpenLDAP

    Posted May 09, 2018 09:59 AM

    I'm sorry for delay.

    Yes. It is prefixed with {SHA} in the userPassword attribute.  

    Any other idea ?

     

    Please see the pictures attached.

     



  • 6.  RE: Clearpass and OpenLDAP

    Posted May 09, 2018 10:28 AM
    That error generally means the password is not stored correctly.


  • 7.  RE: Clearpass and OpenLDAP

    Posted May 09, 2018 03:07 PM

    Thank you Tim

    I checked the option 'Bind User - Allow bind using user password ' at clearpass side, and it worked with SHA1. 

     

     



Related Content