Issue with OpenLdap and FreeRadius

Sven Hartge sven at
Thu Aug 21 14:23:52 CEST 2014

On 18.08.2014 18:17, Andrew Niemantsverdriet wrote:

> I'm am using FreeRadius 2.1.12 from the CentOS repo and am trying to get
> it working with OpenLDAP 2.3.43 also from the CentOS repo. Everything is
> working great until I add and ACL to OpenLDAP that gives self write
> access to sambaNTpassword. When that line is added FreeRadius will stop
> authenticating clients.

Do you use an ACL like:

access to attrs=sambaNTpassword
  by self =w

? If so, then you granted write access, but no read access. You need to use

access to attrs=sambaNTpassword
  by self =rw

Note that there is a difference between writing

access to attrs=sambaNTpassword
 by self write


access to attrs=sambaNTpassword
 by self =w

The first one includes read access, the second one does not.

Use the slapacl utility to test your ACLs and see the difference.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list