Help with Chap and ldap
P K
getpkme at gmail.com
Fri Dec 6 19:03:18 CET 2013
Thank you so much Alan. I changed the ldap.attrmap as you said and
voila! Have a good weekend!
On 6 December 2013 14:53, Alan DeKok <aland at deployingradius.com> wrote:
> P K wrote:
>> I'm using openldap and phpldapadmin to create account. The interface
>> allows me to store "clear" password. When I do an ldapsearch
>> commandline, I get base64 password. I don't see an option in
>> phpldapadmin to store "clear-text" type.
>>
>> I've configured freeradius to use ldap and I'm using radtest to test
>> but chap always fails. Is it failing because of base64? It seems to
>> have decoded fine looking at the logs. Why is CHAP failing? Please
>> help.
>
> The debug log shows why it's failing:
>
>> [pap] Failed to decode Password-With-Header = "password01"
>
> The password is stored in LDAP without any prefix such as "{clear}".
> It should either have that header, or, you should change raddb/ldap.attrmap:
>
> checkitem Password-With-Header userPassword
>
> to:
>
> checkitem Cleartext-Password userPassword
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list