Hi,
But, I don't understand, how can be shown it if password is encrypted in LDAP and I am using EAP-TTLS, is not the password into the tunnel?. I am using securew2 with PAP from windows clients. Does it mean that password could be sniffed when radius is not running in debug mode??
the server KNOWS the password. therefore it is showing it. thats how it can do the LDAP stuff...it HAS to know the password to make the LDAP attempt successful. the password will always be available in a raw format in the server engine. if you dont like passwords, move to a challenge/response system - eg MSCHAPv2 i wouldnt lose sleep over it. when the server is not running in debug mode, the only way of sniffing the password is via a few changes to the FreeRADIUS source code. in general practice that password is buried in a TTLS tunnel. its not readable by anything other than the RADIUS server. think of the information flow and process. alan