3.45.10. ServerChecksPassword Previous topic Parent topic Child topic Next topic

Normally, Radiator fetches the user's password attribute from the LDAP server using the PasswordAttr parameter and checks the password internally. This optional parameter causes the LDAP server to check the password instead. This is useful with LDAP servers
When ServerChecksPassword is specified, the password checking is performed using an LDAP bind operation.
This parameter is not supported by <AuthBy LDAP> or <AuthBy LDAPSDK>.
Here is an example of using that implement proprietary encryption algorithms in their passwords (notably Open Directory from Platinum) can be used.
When ServerChecksPassword is specified, the password checking is performed using an LDAP bind operation.
<AuthBy LDAP> or <AuthBy LDAPSDK> do not support this parameter.
Here is an example of using ServerChecksPassword:
# We are using Open Directory
ServerChecksPassword
CAUTION
ServerChecksPassword is compatible with PAP, EAP-TTLS/PAP, and other authentication methods that provide a plain text password. ServerChecksPassword does not work with CHAP, MSCHAP, and most EAP methods since these do not provide a password Radiator can use with an LDAP bind operation.
Note
In some cases, using ServerChecksPassword with HoldServerConnection may cause failure situations. This is due to some LDAP servers' behaviour when the password check fails but the connection is not closed. A failure situation may also occur when the password check succeeds but the user is not allowed to perform searches in the server. If your users experience unexpected authentication failures, try testing your system without using these 2 parameters together.