LDAP backend and Password Encryption

Phillip Heller pheller at me.com
Mon Aug 18 18:24:18 CEST 2008

On Aug 18, 2008, at 12:03 PM, Alan DeKok wrote:

> Phillip Heller wrote:
>> rlm_ldap: Added User-Password =
>> {SSHA}aZj99e5gRcpUEv26zXq7VvTa2apMdKBY44sVyg== in check items
>  That should work....
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> !!!    Replacing User-Password in config items with
>> Cleartext-Password.     !!!
>  You've *deleted* the "pap" entry from the "authorize" section.  It
> should be the last entry in that section.

Ok, I added that in, but now:

   rad_check_password:  Found Auth-Type
!!!    Replacing User-Password in config items with Cleartext- 
Password.     !!!
!!! Please update your configuration so that the "known  
good"               !!!
!!! clear text password is in Cleartext-Password, and not in User- 
Password. !!!
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "fnord"
rlm_pap: Using clear text password  
rlm_pap: Passwords don't match
++[pap] returns reject
auth: Failed to validate the user.


More information about the Freeradius-Users mailing list