freeradius with multiple ldap servers

Ivan Kalik tnt at
Fri Jul 4 10:56:42 CEST 2008

> Problem still persists. What do you mean by the {crypt} header.

>From RFC2256:

5.36. userPassword

    ( NAME 'userPassword' EQUALITY octetStringMatch
      SYNTAX{128} )

   Passwords are stored using an Octet String syntax and are not

Since you are intent on violating RFC you need to add a password header
to indicate what type of encryption is used.

>rlm_ldap: waiting for bind result ...
>rlm_ldap: Bind failed with invalid credentials
>++[ldap1] returns reject
>auth: Failed to validate the user.

Without the header userPassword is treated as clear text (not crypted
value) and that does't match.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list