FR3.0 and LDAP

Arran Cudbard-Bell a.cudbardb at
Mon Aug 12 23:29:57 CEST 2013

On 12 Aug 2013, at 22:28, Maja Wolniewicz <mgw at> wrote:

> Dnia 12 sie 2013 o godz. 22:57 Arran Cudbard-Bell <a.cudbardb at> napisał(a):
>> On 12 Aug 2013, at 21:47, Maja Wolniewicz <mgw at> wrote:
>>> W dniu 12.08.2013 21:36, Alan DeKok pisze:
>>>> Maja Wolniewicz wrote:
>>>>> In FR3.0 the Auth-Type=LDAP isn't set in the rlm_ldap module, the
>>>>> authorize section ends with Auth-Type=PAP, so authentication goes to the
>>>>> PAP module.
>>>> That's what's supposed to happen when you use LDAP as a database.
>>> Is there a way to decide which attribute is used in the PAP module?
>>> I have in the ldap module config
>>> update {
>>>              control:NT-Password            := 'ntPassword'
>>>              control:Password-With-Header    := 'userPassword'
>>> }
>>> and the PAP module uses NT encryption.
>>> when I remove control:NT-Password line then CRYPT password is used
>>> I would like the PAP module to use userPassword, I need ntPassword in the ldap module for PEAP authentication.
>> Why? and no. Shouldn't they both be in sync?
> In production yes, but for testing purposes  sometimes we are using different passwords.

Remove the one you don't want when you've figure out auth type.

update control {
	NT-Password !* ANY

More information about the Freeradius-Devel mailing list