Tom Leach wrote: > To correct the bind problem, I added an ACL to the directory to allow > 'uid=admin,o=radtree' to access the userPassword attribute, then > configured the ldap module to use 'uid=admin,o=radtree' as the identity > and 'secret' as the password. Now the bind succeeds, the -X output says > that it's mapping userPassword -> Crypt-Password == > "{crypt}4gOgBZqZgtwIw"
The "Crypt-Password" attribute is supposed to be the crypt'd version of the password *without* the "{crypt}" header. Change the mapping from "userPassword -> Crypt-Password" to "userPassword -> User-Password", and it will work. The PAP module will look for the "{crypt}" header, and create a Crypt-Password with the appropriate value. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html