Check LDAP password with SHA512

Arran Cudbard-Bell a.cudbardb at
Thu Jan 28 18:53:35 CET 2016

> On Jan 28, 2016, at 3:49 AM, Will W. <will at> wrote:
> OK this is getting fun, two systems up, the first one I get working wins.
> - original system: SEL 12.1 Freeradius install via repo binaries 3.0.4
> I'm familiar with 2.x but 3.x has a few differences.
> I am guessing that this needs to be changed in
> /etc/raddb/sites-enabled/default
> Emailing from my phone is a bit painful.
> -second system after getting the email about Freeradius 3.1.0 with patch
> for crypt. Ubuntu x86_64 14.04 cloned from github about three hours ago.
> Freeradius 3.1.0
> Still trying to figure out what is wrong with my /dev/urandom file set in
> /etc/freeradius/mods-enabled/ldap
> Seems like on both RHEL 7.x and Ubuntu 14.04 when I compile from source and
> run either freeradius -X the first thing that it complained about was:
> random_file = /dev/urandom is world writable. Quick chmod 644 and then I
> get an unknown error trying to set the random_file.
> Is there a fix for this?

Unknown error means ldap_set_option returned an error without setting an error
on the ldap handle.

Reading through the OpenLDAP code, it seems that this particular option is only
available as a global, so we're not allowed to pass in an ldap handle.

This is undocumented behaviour.

I'll push a fix.

As for module ordering, edit sites-available/default

Remove everything from the authorize section, and just list the modules


in that order.

Remove everything from the auth section, and just list pap.

It should work.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list