From: Nick Porter Date: Tue, 5 Nov 2024 16:27:32 +0000 (+0000) Subject: Add Samba to the list of identified LDAP directories X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f3d4770b2f60f3928ad89d67ef4abb130b9c8ec;p=thirdparty%2Ffreeradius-server.git Add Samba to the list of identified LDAP directories It's behaviour is a mimic of AD, so the same warnings apply --- diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h index 2144b770835..deec044d33b 100644 --- a/src/lib/ldap/base.h +++ b/src/lib/ldap/base.h @@ -150,7 +150,8 @@ typedef enum { FR_LDAP_DIRECTORY_ORACLE_VIRTUAL_DIRECTORY, //!< Directory server is Oracle Virtual Directory. FR_LDAP_DIRECTORY_SUN_ONE_DIRECTORY, //!< Directory server is Sun One Directory. FR_LDAP_DIRECTORY_SIEMENS_AG, //!< Directory server is Siemens AG. - FR_LDAP_DIRECTORY_UNBOUND_ID //!< Directory server is Unbound ID + FR_LDAP_DIRECTORY_UNBOUND_ID, //!< Directory server is Unbound ID + FR_LDAP_DIRECTORY_SAMBA //!< Directory server is Samba. } fr_ldap_directory_type_t; typedef enum { diff --git a/src/lib/ldap/directory.c b/src/lib/ldap/directory.c index 563118827d2..9fe1c5b3c4c 100644 --- a/src/lib/ldap/directory.c +++ b/src/lib/ldap/directory.c @@ -40,6 +40,7 @@ static fr_table_num_sorted_t const fr_ldap_directory_type_table[] = { { L("Oracle Internet Directory"), FR_LDAP_DIRECTORY_ORACLE_INTERNET_DIRECTORY }, { L("Oracle Unified Directory"), FR_LDAP_DIRECTORY_ORACLE_UNIFIED_DIRECTORY }, { L("Oracle Virtual Directory"), FR_LDAP_DIRECTORY_ORACLE_VIRTUAL_DIRECTORY }, + { L("Samba"), FR_LDAP_DIRECTORY_SAMBA }, { L("Siemens AG"), FR_LDAP_DIRECTORY_SIEMENS_AG }, { L("Sun One Directory"), FR_LDAP_DIRECTORY_SUN_ONE_DIRECTORY }, { L("Unbound ID"), FR_LDAP_DIRECTORY_UNBOUND_ID }, @@ -88,6 +89,8 @@ int fr_ldap_directory_result_parse(fr_ldap_directory_t *directory, LDAP *handle, if (directory->vendor_str) { if (strcasestr(directory->vendor_str, "International Business Machines")) { directory->type = FR_LDAP_DIRECTORY_IBM; + } else if (strcasestr(directory->vendor_str, "Samba Team")) { + directory->type = FR_LDAP_DIRECTORY_SAMBA; } goto found; @@ -173,6 +176,7 @@ found: switch (directory->type) { case FR_LDAP_DIRECTORY_ACTIVE_DIRECTORY: case FR_LDAP_DIRECTORY_EDIRECTORY: + case FR_LDAP_DIRECTORY_SAMBA: directory->cleartext_password = false; break; diff --git a/src/modules/rlm_ldap/user.c b/src/modules/rlm_ldap/user.c index f3ea04380d3..bbdd989b0f9 100644 --- a/src/modules/rlm_ldap/user.c +++ b/src/modules/rlm_ldap/user.c @@ -270,8 +270,10 @@ void rlm_ldap_check_reply(request_t *request, rlm_ldap_t const *inst, char const warnings: switch (ttrunk->directory->type) { case FR_LDAP_DIRECTORY_ACTIVE_DIRECTORY: + case FR_LDAP_DIRECTORY_SAMBA: RWDEBUG2("!!! Found map between LDAP attribute and a FreeRADIUS password attribute"); - RWDEBUG2("!!! Active Directory does not allow passwords to be read via LDAP"); + RWDEBUG2("!!! %s does not allow passwords to be read via LDAP", + (ttrunk->directory->type == FR_LDAP_DIRECTORY_SAMBA ? "Samba" : "Active Directory")); RWDEBUG2("!!! Remove the password map and either:"); RWDEBUG2("!!! - Configure authentication via ntlm_auth (mschapv2 only)"); RWDEBUG2("!!! - Configure authentication via wbclient (mschapv2 only)");