Freeradius v3.0.11 LDAP "userpassword: {SASL}bob" problems

Kouata Modibo sande7kouata at
Wed Jun 15 10:54:02 CEST 2016

I installed freeradius version 3.0.11. I have two LDAP directory servers.
An LDAP server prinicpal A that contains all users. and an LDAP server B
directly connected to radius server (same network). LDAP server B contacts
the prinicpal server  A when needed to authenticate a user. The password
fields of  users on the server B are in the form
userpassword: {SASL}bob
bob is the username. Here is a part of debug output when authentificating a

rlm_ldap (ldap): Reserved connection (2)
(8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(8) ldap:    --> (uid=kouata)
(8) ldap: Performing search in "dc=example,dc=com" with filter "(uid=bob)",
scope "sub"
(8) ldap: Waiting for search result...
 ldap: User object found at DN
(8) ldap: Processing user attributes
(8) ldap: control:Password-With-Header += '{SASL}bob'
rlm_ldap (ldap): Released connection (2)
(8)       [ldap] = updated
(8)       [expiration] = noop
(8)       [logintime] = noop
(8) pap: Unknown header {{SASL}} in Password-With-Header, re-writing to
(8) pap: Removing &control:Password-With-Header

My radius server can not authenticate users from LDAP server B.

Can anyone help me?
thank you!

More information about the Freeradius-Users mailing list