TTLS-PAP and LDAP for google - User-Password? Cleartext-Password?

little-nemo at little-nemo at
Thu Nov 23 11:49:02 UTC 2023

Hello to you,
my freeradius 3.2.1 is already auth/authorizing through Active Directory and I'm trying to add a second auth/autz source (google) to the configuration.

I'm using the google-related freeradius templates.
I'm following the google documentation:

but I'm finding something that don't match with the rlm_pap official documentation. Actually, I'm not able to authenticate.

In particular, the google documentation reports:
/etc/freeradius/3.0/sites-available/default -> authorize
if (User-Password) {
    update control {
        Auth-Type := ldap

BUT in an older post I read that you have to set Cleartext-Password (see:
Moreover, in the rlm_pap docs, I don't see User-Password as an Attribute.

Should I avoid the google how-to? I chose it because it seemed a clear step-by-step procedure to follow, but if it contains mistakes I'll abandon it.

Does anyone know another tutorial for such a configuration?
I'd also need to understand what should I add in the "inner" config.

Thanks again for your support, Pietro.

More information about the Freeradius-Users mailing list