Adam Seed wrote:
Hi Alan,
That same wiki says 'The ldap module can only work with PAP passwords since it needs to send the clear text user password to the LDAP server to authenticate the user.'
Where?
I might be mis-understanding as im new to Radius, but that doesnt sound to positive. Anyway... I'm hoping to find a workaround
That text (whatever it is) means that you can only do "bind as user" when the Access-Request contains User-Password (i.e. PAP).
So I checked my sites-enabled/default and it does have the LDAP module listed:
OK...
(I striped out the comments and highlighted the bits I changed)
Please don't post it here. It doesn't help.
In addition here is the output of my debug:
That's what we need.
[ldap] userPassword -> Password-With-Header == "{MD5}1hkMdaNUxxbUu/hufTrjtQ=="
You're storing passwords in MD5 hashed format. This is incompatible with CHAP. http://deployingradius.com/documents/protocols/compatibility.html
[chap] Cleartext-Password is required for authentication
See? I suggest believing that message. It'd true.
Any assistant is greatly welcomed.
(a) store clear-text passwords in LDAP (b) don't use CHAP. Pick one. Alan DeKok.