mel wrote:
I've managed to setup FreeRadius with OpenLDAP. The passwords however, are hashed (e.g. "{SHA}....") in LDAP. Authenticating directly to LDAP works, but it failed with Freeradius.
What does that mean?
If the password is in plain-text, authentication is successful.
Well, yes. See: http://deployingradius.com/documents/protocols/compatibility.html Some authentication methods are not compatible with SHA'd passwords.
What are the setting in FR that I need to do in order for the authentication to work? - i.e. FR takes the plain-text password, hash it, then compared it with the one in LDAP.
FreeRADIUS does that automatically... IF it receives a password in the Access-Request. If it doesn't receive a password in the Access-Request, what you want to do is impossible. See the web page for more explanations. Alan DeKok.