Check LDAP password with SHA512

Alan DeKok aland at
Tue Feb 2 22:04:57 CET 2016

On Feb 2, 2016, at 3:58 PM, Will W. <will at> wrote:
> LDAP server is already service up for VPN access and all users authenticate
> but to clarifiy both user accounts are identical other than username. The only difference I can see is that the bind-user is the user account that is binding the freeradius server to LDAP.
> So the bind user can look himself up isn’t really a win as none of the other users in the system can be authenticated.


  You were told to configure a read-only administrator account.  That account should have permissions to read everyones passwords.  Then, FreeRADIUS should be configured to use that account when binding to LDAP.

  The majority of problems you're running into are because you fail to follow instructions.

  It's not complicated.  You're making it complicated.  You're trying all kinds of different things, essentially randomly.  When instead, following the instructions would have gotten this solved a LONG time ago.

  It's time to stop asking questions, and to start following instructions.  If you don't care enough to follow instructions, we can help you by unsubscribing you from the list.  We don't have any interest in helping people who waste everyones time.

  Alan DeKok.

More information about the Freeradius-Users mailing list