Check LDAP password with SHA512

Will W. will at
Wed Feb 3 01:13:19 CET 2016

both accounts are read only administrators..... both have bind rights, both
accounts are being used in other places for LDAP authentication.
I am following everyones instructions, here is a recap since I came here
for help.
problem 1 needed help with LDAP and SHA512, resolution not supported on
version 2.x and goto version 3.x
problem 2 went to version 3.0.11, had an issue with /dev/urandom,
resolution was told there was a bug and pushed a fix goto 3.1.0
problem 3 told to change auth order in default fie, posted radiusd -X out
put and config, resolution none
problem 4 went to version 3.1.0, for unknow_error message with
/dev/urandom, and fixed an issue on the OS side regrading gnutls and
openssl as Ubuntu and Debian both seem to be baking gnutls into their
latest brews. Now that the freeradius server I have had to build from
source can connect over SSL, I am back to the same problem I can not
authenticate a user on LDAP. resolution being told I can not follow

Where have I not followed instruction, I have made several course
correction with shrewd comments and that is fine it gets the problem fixed,
however the problem is not fixed and I am still having the issue of not
being able to authenticate a users password with all the documentation and
instruction I have received.

So far since being told to only modify the LDAP configure and change the
order of the default file I have edited on my LDAP information. Seemed to
make sense at the time as I want to authenticate users against my LDAP
server like the rest of the services.
Seeing how this LDAP system is working on all my systems  in various forms
and I am using the same user account to bind, what is so different with
this setup?
Secondly if it isn't rocket science then you should be able to explain it
to anyone, especially since all the modification, which have been minimal
were direct by people from your group and by group I am referring to people
with individuals. I am not trying to be rude and I
have been reading all the documentation I can get my hands on, however I am
still stuck. Coming to the e-mail threads has been a last resort of sorts.
As this project started I never planned to build from source or need to do
a git pull request to get things working smoothly, but here we are.

I am just asking for help.

On Tue, Feb 2, 2016 at 1:04 PM, Alan DeKok <aland at>

> On Feb 2, 2016, at 3:58 PM, Will W. <will at> wrote:
> >
> > LDAP server is already service up for VPN access and all users
> authenticate
> > but to clarifiy both user accounts are identical other than username.
> The only difference I can see is that the bind-user is the user account
> that is binding the freeradius server to LDAP.
> > So the bind user can look himself up isn’t really a win as none of the
> other users in the system can be authenticated.
>   <sigh>
>   You were told to configure a read-only administrator account.  That
> account should have permissions to read everyones passwords.  Then,
> FreeRADIUS should be configured to use that account when binding to LDAP.
>   The majority of problems you're running into are because you fail to
> follow instructions.
>   It's not complicated.  You're making it complicated.  You're trying all
> kinds of different things, essentially randomly.  When instead, following
> the instructions would have gotten this solved a LONG time ago.
>   It's time to stop asking questions, and to start following
> instructions.  If you don't care enough to follow instructions, we can help
> you by unsubscribing you from the list.  We don't have any interest in
> helping people who waste everyones time.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list