> Date: Fri, 20 Apr 2012 15:47:28 +0200 > From: al...@deployingradius.com > To: freeradius-users@lists.freeradius.org > Subject: Re: passwd encrypted in user file > > vazoumana fofana wrote: > > i want to use encrypted passwd in "users" file without using unix files. > > So, i have to write : > > > > username Crypt-Password := "$1$5oVGRb3C$PCKT5Fv7d81NZTmzEm83e0". > > > > How does Freeradius link the encrypted password with password ? > > The PAP module does this. It sees the Crypt-Password as one of the > formats supported for "known good" passwords. It then uses > User-Password from the packet, and compares the two. > > > I want to run a command wich crypt password. Wich command could i use ? > > My system is unix-like. > > See "radcrypt", which comes with the server. I use radcrypt but i note that for the same passwd , the encrypted passwd changes everytime. It it right ? How does freeradius link passwd and encrypt-passwd if this last changes at each run ? I try to connect a client with encrypted passwd. I used radcrypt without option. I inserted result in users file. Here s the debug : [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: vazou [mschap] Told to do MS-CHAPv2 for vazou with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject To configure windows client, i use PEAP with mschap V2. Is it right ? I don't find other ways to connect windows client with login/passwd. > > > Then, i want to store this encrypted password in "users" file ? > > Yes. > > > i look > > to man rlm_pap and i set yes to auto_header. > > You don't need to set that. Leave it as the default. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html