Failing to authenticate using FreeRadius(in OpenBSD) + XP as a client +Linksys AP (WRT54v2.2) using peap

Maurizio Cimaschi mauri at
Sat Aug 16 10:19:12 CEST 2008

Alan DeKok wrote:
>> test100 User-Password == "venkat",
>   No.  Use Cleartext-Password := ...
>   This is given in the example in the FAQ.

I checked the example, but it's not clear to me why it is so.

In my envirnoment I authenticate against an LDAP server, so according to 
the ldap.attrmap file the LDAP attribute "userPassword" (which contain 
the password in clear text form) is copied to the check-item 
"User-Password". While no attribute seems copied as check-item 
"Cleartext-Password". Still the mschap module is able to authenticate 
the users.

Is it done "behind the curtain" by the ldap module ?

In may environment da LDAP server also is used by samba; so there're 
also LM/NT password available (in fact, some users are not also samba 
users but are authenticed via radius); but while googling about using 
freeradius with LDAP that possibility wasn't mentioned, while I found an 
howto that said to add to ldap.attrmap the line:

checkItem       User-Password                   userPassword

More information about the Freeradius-Users mailing list