Freeradius and OpenLDAP authentication with hashed passwords

Alan DeKok aland at deployingradius.com
Mon Mar 31 20:00:20 CEST 2008


mel wrote:
> A bit clearer now. So you're saying that I should use:
> 
>  radtest testuser {SHA}... <radiusserver> 0 <secret>

  No.  The *client* is not the *server*.  The client sends a clear-text
password to the server.  The server looks up the user in a database, and
(perhaps) finds a SHA hashed password.  The server then SHA hashes the
password supplied by the client, and compares it to the SHA password
from the database.

  Alan DeKok.



More information about the Freeradius-Users mailing list