cisco WAP/FreeRadius/OpenLDAP

Phil Mayers p.mayers at
Wed Nov 2 17:16:50 CET 2011

On 02/11/11 15:41, Matthew Arguin wrote:

> and here is the debug when i test a laptop connecting:

Sigh. This is not the full debug. The full debug starts when radiusd 
starts up, and dumps the module configs. This is why we never ask people 
to give their configs - it's in the debug, and is redundant, but if you 
trim the debug, that's unhelpful.

> [gtc] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
> [gtc] +- entering group PAP {...}
> [pap] login attempt with password "r0adkill"
> [pap] Using CRYPT password "*"

Where is this ^^^ coming from?

i.e. "CRYPT password <star>"

Something is setting a password somewhere. If it's not the LDAP module, 
it must be something else. Find it and remove it.

If I "diff" the modules that are running when you do your successful PAP 
and your unsuccessful EAP/GTC inner-tunnel, I see the inner-tunnel has:

[unix] returns updated
[control] returns noop

What are you updating in the inner-tunnel? You must have:

server inner-tunnel {

authorize {

  # this isn't here in the "default"
  # this isn't here in the "default"
  update control {
     ??? what here?


More information about the Freeradius-Users mailing list