Freeradius experts,
I am trying to configure freeradius to use openldap as a backend for authentication, but I can't seem to get the passwords to authenticate. It seems to have no problem binding and finding the username (uid). I am using crypt passwords in the ldap userPassword field:

I am not using any radius attributes. I simply want to allow any uid to authenticate. I get these results:

rad_recv: Access-Request packet from host, id=60, length=59
        User-Name = "tylertj"
        User-Password = "xxxxxx"
        NAS-IP-Address =
        NAS-Port = 1812
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tylertj
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to, authentication 0
rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cacert.cer
rlm_ldap: starting TLS
rlm_ldap: bind as / to
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tylertj authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
rad_recv: Access-Request packet from host, id=60, length=59
Sending Access-Reject of id 60 to

What might I be doing wrong? I presume that the ldap server doesn't have to store the passwords in plain text, correct? I can store them in md5 or SHA1 hash if I want, correct? I did uncomment:

authenticate {
   Auth-Type LDAP {

  Am I wrong to think this is now a password issue?

Tim Tyler
Network Engineer - Beloit College
List info/subscribe/unsubscribe? See

Reply via email to