Help with Chap and ldap
Alan DeKok
aland at deployingradius.com
Fri Dec 6 15:53:59 CET 2013
P K wrote:
> I'm using openldap and phpldapadmin to create account. The interface
> allows me to store "clear" password. When I do an ldapsearch
> commandline, I get base64 password. I don't see an option in
> phpldapadmin to store "clear-text" type.
>
> I've configured freeradius to use ldap and I'm using radtest to test
> but chap always fails. Is it failing because of base64? It seems to
> have decoded fine looking at the logs. Why is CHAP failing? Please
> help.
The debug log shows why it's failing:
> [pap] Failed to decode Password-With-Header = "password01"
The password is stored in LDAP without any prefix such as "{clear}".
It should either have that header, or, you should change raddb/ldap.attrmap:
checkitem Password-With-Header userPassword
to:
checkitem Cleartext-Password userPassword
Alan DeKok.
More information about the Freeradius-Users
mailing list