FreeRADIUS 3.0 - Help with understanding op value for cleartext-password

Alan DeKok aland at
Wed Jul 6 14:51:28 CEST 2016

On Jul 6, 2016, at 8:23 AM, Ian Hiddleston <ian.hid at> wrote:
> Ah, that makes sense! I'm asking because I was sat staring at this for a
> bit before figuring it out. I did read through the Operators bit on the
> website, I guess I failed pretty hard at getting the wider picture logic
> though. At the time I was trying to match a plaintext password in the
> request to a plaintext password in the DB, which I thought would work with
> '=='.

  You should never "match" passwords.  The simple explanation is that there are many password storage method (crypt, etc.), and many authentication methods (PAP, CHAP, MS-CHAP, etc.)

  You should tell the server what the "known good" password is.  The server will then do the authentication itself.

  After all, FreeRADIUS is an authentication server.  Let it do authentication, and everything will "just work".

  Alan DeKok.

More information about the Freeradius-Users mailing list