Another LDAP/RADIUS integration problem.

Alan DeKok aland at
Fri Jul 23 20:59:00 CEST 2010

Tom Leach wrote:
> To correct the bind problem, I added an ACL to the directory to allow
> 'uid=admin,o=radtree' to access the userPassword attribute, then
> configured the ldap module to use 'uid=admin,o=radtree' as the identity
> and 'secret' as the password.  Now the bind succeeds, the -X output says
> that it's mapping userPassword -> Crypt-Password ==
> "{crypt}4gOgBZqZgtwIw"

  The "Crypt-Password" attribute is supposed to be the crypt'd version
of the password *without* the "{crypt}" header.  Change the mapping from
"userPassword -> Crypt-Password" to "userPassword -> User-Password", and
it will work.

  The PAP module will look for the "{crypt}" header, and create a
Crypt-Password with the appropriate value.

  Alan DeKok.

More information about the Freeradius-Users mailing list