pptpd+freeradius+ldap: which password encryption can I use?

Alan DeKok aland at deployingradius.com
Tue Apr 30 14:33:52 CEST 2013

Alberto Aldrigo wrote:
> I'm trying to setup a PPTPD server which would authenticate users using
> my openLDAP user database, in doing so I need freeradius.
> By now the only setup that actually works is: users in LDAP with clear
> text password.

  What kind of authentication method is PPTPD using?  You can tell by
looking at the FreeRADIUS debug log... which is suggested daily on this

> Obviously I want to use some kind of encryption for passwords and I
> don't like the solution of using cleartext passwords and the use of a
> specific user allowed to access to the password attribute, so my
> question is: which other possibilities I have?
> Looking to this table
> http://deployingradius.com/documents/protocols/compatibility.html I
> understand that I can use pap + sha1 but I can't understand how. Can
> anyone help me understand what is possible and what not?

  You're really asking the wrong question.  If the only thing that works
is LDAP with clear-text passwords, then the authentication method
doesn't support encrypted passwords.

  That's why the web page says it's *IMPOSSIBLE*.  Because, well, it's
impossible.  What other conclusion did you reach after reading that page?

  Alan DeKok.

More information about the Freeradius-Users mailing list