Hello readers, I've browsed the FAQs, the mailing list archives but I have failed to find a definite, clear answer to this: what kind of user/password back-end can work if one is to support MS-CHAP? is anything storing crypt or MD5 passwords (/etc/passwd+shadow, NIS, LDAP) hopeless? (I suspect it is)
I'm setting up a VPDN server on a Cisco AS5300 for Windows clients. It works fine if I use PAP and no encryption. If I want to use encryption, I need MS-CHAP, right? Right now my FreeRADIUS server is configured to use PAM. It runs on a box that is a NIS master, as well as a LDAP server with a directory built from NIS data using the well-known migration scripts (but FreeRADIUS doesn't talk to LDAP now). The master source of authentication is /etc/passwd and /etc/shadow, so passwords are in MD5 format. Is there any way I can get FreeRADIUS to handle MS-CHAP authentication requests from the Cisco box in this context? (i'm kind of expecting a big "no" here, but I want to be sure) If I'm not using Samba or a domain controller, do I need cleartext passwords to achieve this? where? in the "users" file only? In radiusd.conf, the "mschap" module has parameters for a Samba smpasswd format file or invoking ntlm_auth. If neither is set, where does it try to get the password from? I'm confused. Thanks for any reply, pointers etc. Greets, _Alain_ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html