Credentials differ when proxying

Alan DeKok aland at
Mon Oct 19 17:45:09 CEST 2020

> On Oct 19, 2020, at 11:39 AM, Julien COCHENNEC <julien.cochennec at> wrote:
> I have a server A proxying requests to server B (having LDAP enabled), and a client C requesting A.
> When I try to connect from A to B with radclient it works. Logs say :
> Login OK: [blabla2] (from client rad1-eee port 0)

  That's good.

> When I try to connect from C to A :
> Login incorrect (ldap: Bind credentials incorrect: Invalid credentials): [blabla2/?Q?#%?????)[~???dW???ŝ7?g-m?[˵] (from client rad1-eee port 0)

  And that's the same problem people have seen for 20 years.

  The shared secret is wrong.

> I don't get why the credentials differ while proxying, which conf file should I check to understand this?
> Is this part coming from an ldap conf problem or from radiusd.conf problem?

  The password is coming from the client.

> Here's the site-available/default file content :

  Why?  *all* of the documentation says to post the output of "radiusd -X".  And all of the documentation says "don't post configuration files".

  If you run the server in debugging mode as ALL of the documentation says, it will TELL YOU what's wrong.

  Alan DeKok.

More information about the Freeradius-Users mailing list