Thank you so much Alan. I changed the ldap.attrmap as you said and voila! Have a good weekend! On 6 December 2013 14:53, Alan DeKok <aland@deployingradius.com> wrote:
P K wrote:
I'm using openldap and phpldapadmin to create account. The interface allows me to store "clear" password. When I do an ldapsearch commandline, I get base64 password. I don't see an option in phpldapadmin to store "clear-text" type.
I've configured freeradius to use ldap and I'm using radtest to test but chap always fails. Is it failing because of base64? It seems to have decoded fine looking at the logs. Why is CHAP failing? Please help.
The debug log shows why it's failing:
[pap] Failed to decode Password-With-Header = "password01"
The password is stored in LDAP without any prefix such as "{clear}". It should either have that header, or, you should change raddb/ldap.attrmap:
checkitem Password-With-Header userPassword
to:
checkitem Cleartext-Password userPassword
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html