OpenLDAP / FreeRADIUS / Cisco 5350 problem

I'm running into an issue here, and I can't seem to find the forest for
the trees. I'm probably overlooking something obvious, and am not
searching correctly for the problem.

Our LDAP server is using crypted passwords at the moment.

The router is a cisco 5350. RADIUS is FreeRADIUS 1.0.1-2 on Debian
Sarge.

The problem is this: If I pass the radtest client a clear-text password,
authentication is successful. If either I pass the client an encrypted
password (copied from the logs) or point the 5350 at the radius server,
it doesn't work. I verified that the shared secret is correctly matched
with what is in the router.

Here is a sample of the password that is being passed:

User-Password = "\240d\351E\3737\025\022\0227,(rest removed)"

Here is the configuration (comments omitted to save space). I have
tried with the password_header both set to {CRYPT} and commented out.

ldap {
server = "*******"
identity = ********
password = ********
basedn = "ou=people,dc=eiu,dc=edu"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_header = "{CRYPT}"
timeout = 4
timelimit = 3
net_timeout = 1
}

authorize {
preprocess
auth_log
suffix
ldap
}

authenticate {
Auth-Type LDAP {
ldap
}
}

Any ideas?

Thanks.
--
Douglas G. Phillips
Distributed Computing Information Technology Services
Eastern Illinois University (217) 581-7631



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html