>In ldap.attrmap I have the line: >checkItem NT-Password ntPassword > >in radiusd.conf in my ldap declaration, I have: >password_attribute = ntPassword > And that would work if you were using pap module. But you are using mschap. That one looks for cleartext password first. If it doesn't find it tries nt stuff.
And you have an encrypted User-Password here. Delete that ... >Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: Added User-Password = >ĂĽ,ÂŹgA??"J;???ÂŚĂm in check items .. and server will use this one: >Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: looking for check items in >directory... >Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: LDAP attribute ntPassword as >RADIUS attribute NT-Password == 0xe52cac67419a9a224a3b108f3fa6cb6d And you won't see any of this: >Wed Jun 11 09:42:02 2008 : Debug: >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >Wed Jun 11 09:42:02 2008 : Debug: !!! Replacing User-Password in config >items with Cleartext-Password. !!! >Wed Jun 11 09:42:02 2008 : Debug: >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >Wed Jun 11 09:42:02 2008 : Debug: !!! Please update your configuration so that >the "known good" !!! >Wed Jun 11 09:42:02 2008 : Debug: !!! clear text password is in >Cleartext-Password, and not in User-Password. !!! >Wed Jun 11 09:42:02 2008 : Debug: >!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >Wed Jun 11 09:42:02 2008 : Debug: auth: type Local On top of that - what happened to the eap module? It should be called before files. You haven't commented that out by any chance? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
