rlm-ldap error for chap

Alan DeKok aland at deployingradius.com
Sat Feb 27 23:01:51 CET 2010

Eric Eric wrote:
> with Cleartext-password or User-Password I have the same error. radius
> -x and my configs for chap are here. I searched a lot and test it but
> not found why it can't find clear text password. Should I add other
> thing? or change another file?

  Does your database have a clear-text password for the user?  It looks
like the answer is "no".

> It worked for pap and I added :
> in users :
>  DEFAULT Client-IP-Address == , Auth-Type := Vpn, Autz-Type
> := Vpn, Post-Auth-Type := Vpn, Session-type := Vpn

  I don't see why all that is necessary.

> in radius.conf:
> ldap ldap-Vpn{
>                ....
>                 password_attribute = userPassword
>                 password_header = "{clear}"

  Well... it's not finding the "userPassword" attribute in LDAP.

>  Auth-Type Vpn{
>                 chap

  That makes no sense.  You've added a LOT to the server for little value.

  Try this:

1) start with a default install / configuration files

2) configure LDAP

3) get PAP working

4) do NOTHING ELSE until you get PAP working

5) get CHAP working (radclient will do this)

6) THEN go customize the heck out of the server.

  Alan DeKok.

More information about the Freeradius-Users mailing list