Check LDAP password with SHA512

Arran Cudbard-Bell a.cudbardb at
Wed Feb 3 14:05:09 CET 2016

> however the problem is not fixed and I am still having the issue of not
> being able to authenticate a users password with all the documentation and
> instruction I have received.

If it works with one account and not the other it's an LDAP issue, and you
should seek support from your LDAP vendor, or the OpenLDAP mailing list if
it's OpenLDAP.

> So far since being told to only modify the LDAP configure and change the
> order of the default file I have edited on my LDAP information. Seemed to
> make sense at the time as I want to authenticate users against my LDAP
> server like the rest of the services.
> Seeing how this LDAP system is working on all my systems  in various forms
> and I am using the same user account to bind, what is so different with
> this setup?

That you're attempting to retrieve the password from LDAP instead of binding
as the user?

You can authenticate users with LDAP in two ways, you either bind as the user
or you retrieve their credentials and do a comparison.

If you want to bind using the user's credentials the correct configuration is:

authorize {
	if (User-Password) {
		update control {
			Auth-Type := 'ldap'

authenticate {


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list