Using other ldap attribute as wifi password

wim vinckier wimpunk at
Fri Sep 14 11:01:52 CEST 2018

On Wed, 5 Sep 2018 at 18:44, Alan DeKok <aland at> wrote:

> > On Sep 5, 2018, at 11:54 AM, Wim Vinckier <wimpunk at> wrote:
> > I've configured freeIPA and freeRadius so I could use my ldap password as
> > login to the network.  Unfortunatly my manager wants me to change the
> > system so it would be possible to use another ldap attribute as wifi
> > password.
>   That should be simple enough.
I was glad to hear this.  It motivated me to continue searching.

> > I already extended the ldap configuration with an wifiCode attribute and
> > when I query the ldap database I get the correct result back.  The
> > ipa-tools also return the correct value.
> > Now I want to use this field in freeradius but I get stuck.  I replaced
> the
> > line "control:NT-Password             := 'ipaNTHash'" by
> > "control:Cleartext-Password      := 'wifiCode'" but without any result.
>   See the FAQ for "it doesn't work".
> > Is there any other thing I have to change to make it working?
>   Asking a good question would help.
>   Alan DeKok

You were right again.  I've should have be more detailed on my question.
Anyway, I found the solution.  Adding the wifiCode was a good step.  I just
had to allow the user to read the wifiCode at the ldap side, that was the
part I was missing.

Kind regards,

Wim Vinckier.
I would love to change the world, but they wont give me the source code.

More information about the Freeradius-Users mailing list