Help migrating from 1.1.7 to 2.1.10 - clear text password being lost

John.Hayward at John.Hayward at
Fri Mar 11 23:30:30 CET 2011

> Hi Radius Fans,
> I am trying to move our current environment from 1.1.7 to 2.1.10 and are
> having a problem getting things to work.
> We have a Novell NDSLdap server which provides clear text passwords for
> Novell users.
> We are using peap-mschapv2.

> What might be causing the request->config to be at a different location
> between when the clear text password is stored and when it is needed to
> authenticate?

What happens is that when a packet is sent from the server to the client
radius discards the request-config which contains the password  on the identity

In the inner-tunnel you need to have ldap specified (as well as the 
default) so that it will look up the password (again). (my mistake)

I was surprised that it appears that in the current environment for both 
default and inner-tunnel:
         #  The example below uses module failover to avoid querying all
         #  of the following modules if the EAP module returns "ok".
         #  Therefore, your LDAP and/or SQL servers will not be queried
         #  for the many packets that go back and forth to set up TTLS
         #  or PEAP.  The load on those servers will therefore be reduced.
         eap {
                 ok = return
That there are 3 queries to the ldap server and 3 queries to the sql 
server (which is a lot better than the 12 of each which occur without 
this option)

I assumed that if radius looked up the password via ldap or sql in default
it might have them for inner - but i guess the identity could be different
for inner vs default.

> johnh...

More information about the Freeradius-Users mailing list