Help with Chap and ldap

P K getpkme at
Fri Dec 6 19:03:18 CET 2013

Thank you so much Alan. I changed the ldap.attrmap as you said and
voila!  Have a good weekend!

On 6 December 2013 14:53, Alan DeKok <aland at> wrote:
> P K wrote:
>> I'm using openldap and phpldapadmin to create account. The interface
>> allows me to store "clear" password. When I do an ldapsearch
>> commandline, I get base64 password. I don't see an option in
>> phpldapadmin to store "clear-text" type.
>> I've configured freeradius to use ldap and I'm using radtest to test
>> but chap always fails. Is it failing because of base64? It seems to
>> have decoded fine looking at the logs. Why is CHAP failing? Please
>> help.
>   The debug log shows why it's failing:
>> [pap] Failed to decode Password-With-Header = "password01"
>   The password is stored in LDAP without any prefix such as "{clear}".
> It should either have that header, or, you should change raddb/ldap.attrmap:
> checkitem       Password-With-Header            userPassword
> to:
> checkitem       Cleartext-Password              userPassword
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list