Antw: Re: LDAP + CHAP

Anja Ruckdaeschel Anja.Ruckdaeschel at
Mon Mar 3 13:22:29 CET 2014

Hi Adam,

if you are using eDirectory you might want to look into this:
Look out for the Keyword "Universal Password".

if you are using AD, you might want to look into ntlm_auth.

Ciao Anja

>>> Adam Seed <adamjseed at> 03.03.2014 13:07 >>>
Hi Arran,

Are you saying I need to make a change to the LDAP? do you know of any
information/guides I can look at?

On Mon, Mar 3, 2014 at 10:30 AM, Arran Cudbard-Bell <
a.cudbardb at> wrote:

> On 3 Mar 2014, at 10:21, Adam Seed <adamjseed at> wrote:
> > Hi Alan,
> >
> > That same wiki says 'The ldap module can only work with PAP passwords
> since it needs to send the clear text user password to the LDAP server to
> authenticate the user.' I might be mis-understanding as im new to Radius,
> but that doesnt sound to positive. Anyway... I'm hoping to find a workaround
> For CHAP you need a copy of the password in cleartext. You then pull the
> cleartext password out of LDAP during authorize, and compare it with the
> CHAP-Password (after some hashing), with the PAP module in authenticate.
> Arran Cudbard-Bell <a.cudbardb at>
> FreeRADIUS Development Team
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list