LDAP and FreeRadius

Fajar A. Nugraha list at fajar.net
Wed Aug 15 16:01:36 CEST 2012

On Wed, Aug 15, 2012 at 8:54 PM, Sonny Taberman
<sonny.taberman at lan-master.eu> wrote:
> Hi everyone.
> This is my first post to this list.
> I have set up freeradius (V2.1.12) together with openldap (V2.4.31) and so with some success I think.
> But I have to say that setting this up using only users-file was a breeze.
> Setting up freeradius with ldap not so simple.
> I am using cleartext password in ldap. I am not using any special schema for freeradius in my ldap-setup.
> My problem is something I noticed many other users has struggled with and that is this part from my debug output:
> ++[pap] returns noop
> Found Auth-Type = EAP
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!    Replacing User-Password in config items with Cleartext-Password.     !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Please update your configuration so that the "known good"               !!!
> !!! clear text password is in Cleartext-Password, and not in User-Password. !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> # Executing group from file /etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> So you say what is the problem, the solution is in your debug message?
> I have to say it's not.
> I can't find where to modify my config so this message does not repeat in my log/debug.
> So please what do I have to do to get rid of this problem?

Does your ldap.attrmap look like this?

In particular look for "Password-With-Header"


More information about the Freeradius-Users mailing list