FR3.0 and LDAP

Maja Wolniewicz mgw at
Mon Aug 12 23:28:31 CEST 2013

Dnia 12 sie 2013 o godz. 22:57 Arran Cudbard-Bell <a.cudbardb at> napisał(a):

> On 12 Aug 2013, at 21:47, Maja Wolniewicz <mgw at> wrote:
>> W dniu 12.08.2013 21:36, Alan DeKok pisze:
>>> Maja Wolniewicz wrote:
>>>> In FR3.0 the Auth-Type=LDAP isn't set in the rlm_ldap module, the
>>>> authorize section ends with Auth-Type=PAP, so authentication goes to the
>>>> PAP module.
>>>  That's what's supposed to happen when you use LDAP as a database.
>> Is there a way to decide which attribute is used in the PAP module?
>> I have in the ldap module config
>> update {
>>               control:NT-Password            := 'ntPassword'
>>               control:Password-With-Header    := 'userPassword'
>> }
>> and the PAP module uses NT encryption.
>> when I remove control:NT-Password line then CRYPT password is used
>> I would like the PAP module to use userPassword, I need ntPassword in the ldap module for PEAP authentication.
> Why? and no. Shouldn't they both be in sync?
In production yes, but for testing purposes  sometimes we are using different passwords.

> Arran Cudbard-Bell <a.cudbardb at>
> FreeRADIUS Development Team
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Devel mailing list