FDS + Freeradius = pain.

Dusty Doris freeradius at mail.doris.cc
Fri Feb 3 21:05:22 CET 2006

On Fri, 3 Feb 2006, Joey McDonald wrote:

> I wonder why can't I just use an ldap bind to authenticate? I'm already
> doing it to authorize.. seems like I should be able to do it to authenticate
> as well.
>            --joey

Because you don't have a password to do a simple bind with.  During 
authorization, you are programming the username/password into radius.conf. 
So, ldap has a username/password to bind with.  During authentication, if 
you use ldap, it uses the username/password that comes in the 
access-request to bind with.  In this case, you don't have a 
user-password because you're doing CHAP.

Can you get your NAS to send over the Access-Request with a plaintext 
password (PAP)?  Then it will work, just like it does when you use 

More information about the Freeradius-Users mailing list