Freeradius + LDAP password trouble

Alan DeKok aland at
Mon Jul 19 11:55:43 CEST 2010

Lionne Stangier wrote:
> Freeradius can't read the LDAP user passwords. Our LDAP passwords encoded in sha.

  .. it is impossible to use PEAP with SHA passwords.

> I access with a Windows XP Client. Without LDAP it's work without problem.
> 2nd question. Can I access with Windows XP without using certificates?

  I don't know what that means.
> [ldap] performing user authorization for lionne.stangier [ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
> [ldap]     ... expanding second conditional
> [ldap]     expand: %{User-Name} -> lionne.stangier
> [ldap]     expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=lionne.stangier)
> [ldap]     expand: dc=allesklar,dc=com -> dc=allesklar,dc=com
>   [ldap] ldap_get_conn: Checking Id: 0
>   [ldap] ldap_get_conn: Got Id: 0
>   [ldap] performing search in dc=allesklar,dc=com, with filter (uid=lionne.stangier) [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?

  The LDAP search isn't returning a userPassword.  So... what is in
LDAP?  What is returned when you do a search from the command line?

  Alan DeKok.

More information about the Freeradius-Users mailing list