After the manual's config, chap wont work with LDAP

Matt Juszczak matt at atopia.net
Fri Dec 16 17:22:35 CET 2005


>
> To do CHAP, you must have:
>
>  1. The PLAINTEXT password in the LDAP server
>  2. The Radius server permitted to read that attribute
>  3. The ldap module configured to put whatever that attribute is 
> (usually userPassword) into the radius "User-Passord", using the 
> "password_attribute" option of the ldap module
>  4. "chap" above "pap" in the authorize (which you've got)
>  5. "chap" anywhere in authenticate


Hiya,

We have all of those set.  The password is stored plain text in 
userPassword.  The radius server has read access to that attribute.  The 
ldap module is configured in radiusd.conf for that attribute.  Chap is 
above pap, and chap is also in authenticate {}.

The password is still showing up as "blank" when they dial up, before it 
even hits the LDAP server.  Is there debugging output I could send you 
that might help with this?

Regards,

Matt



More information about the Freeradius-Users mailing list