Thanks Ivan for your reply. Here is the ldap configuration section:

ldap {
server = "x.x.x.x"
identity = "cn=username"
password = password
basedn = "ou=email,o=data,c=eg"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
password_header = "{CRYPT}"
ldap_connections_number = 100
timeout = 15
timelimit = 10
net_timeout = 5

tls {
start_tls = no
}

profile_attribute = "radiusProfileDn"
         access_attr = "dialupAccess"
dictionary_mapping = ${confdir}/ldap.attrmap
password_attribute = radiususerPassword
}



and here is the debug message


++[ldap] returns ok
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group PAP {...}
[pap] login attempt with password "123456"
[pap] Using clear text password "&^%$%$%JGjgjg(&%%^njahjahs"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> username
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0



Thanks for your support.
Wessam


On Thu, Sep 24, 2009 at 1:37 PM, Ivan Kalik <tnt@kalik.net> wrote:
>    I decided to install free radius 2.1.6-2 to test it and then to upgrade
> my existing versions in my servers. I configured my free radius to use
> ldap.
> When I tried to authenticate from the new radius it gave me the following
> message "from radius -X".
>
>  Replacing User-Password in config items with Cleartext-Password.     !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Please update your configuration so that the "known good"
> !!!
> !!! clear text password is in Cleartext-Password, and not in
> User-Password.
> !!!
>
>
> Note that when I wrote the password encrypted  "like
> *%@&ksjd%@sdgsadgjhsb"
> I was able to login but when I wrote the password in clear text  "like
> test"
> I failed to login.

Password in ldap probably has a header. You can ignore the message then,
because server will convert User-Password to appropriate password
attribute on it's own (Crypt-Password for {crypt}, SHA-Password for {sha}
etc.) if auto-header is enabled. Post the whole debug.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html