EAP-TTLS + LDAP + PAP with encrypted password

Alan DeKok aland at deployingradius.com
Fri Aug 4 19:10:04 CEST 2006

wekz <fbl.list at gmail.com> wrote:
>                      The user is authorized and the password is got from the
> ldap (rlm_ldap: Adding userPassword as User-Password, value
> {sha}rur+4yJuecpmc8vxS/8wAyAMNHM= & op=21)

  In 1.1.x, you have to configure the "ldap" module to know about the
"{sha}" password header.  See the "ldap" section of "modules".

>                      And after matching the group Local in my users-file:
>                                  auth: type Local
>                                  auth: user supplied User-Password does NOT
> match local User-Password
>                                  auth: Failed to validate the user.

  Unfortunately, this is one of the few cases where you probably have
to set Auth-Type = PAP.  Note that this is ONLY a 1.1.x limitation.
The CVS head, and therefore 2.0 has that fixed.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list