Freeradius and OpenLDAP authentication with hashed passwords

[Alan DeKok]

mel wrote:
> A bit clearer now. So you're saying that I should use:
> 
>  radtest testuser {SHA}... <radiusserver> 0 <secret>

  No.  The *client* is not the *server*.  The client sends a clear-text
password to the server.  The server looks up the user in a database, and
(perhaps) finds a SHA hashed password.  The server then SHA hashes the
password supplied by the client, and compares it to the SHA password
from the database.

  Alan DeKok.