What he is saying is that pap should work fine with smb authentication but
you can not do chap because smb uses encrypted passwd and the only way that
chap will work is if the passwd is stored in plain text on the server.
- Original Message -
From: "Miriam Benham" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 13, 2002 5:25 PM
Subject: Re: ppp authentication & windows NT domain
> I'm confused. What do you mean with "That's not true"
>
> Alan DeKok wrote:
> >
> > Miriam Benham <[EMAIL PROTECTED]> wrote:
> > > PAP works great with my existing NT domain authentication
configuration,
> > > but if I use CHAP it fails. I've read that I have to create users
> > > credentials on the freeradius server if I want to use CHAP.
> >
> > That's not true. PAP is fine.
> > As for why CHAP fails, see the FAQ. The problem with SMB
> > authentication is exactly the same as for Unix authentication against
> > /etc/passwd
> >
> > > Question: Is there anyway around the username/password duplication on
> > > the freeradius server. Is there any way to have the password
encrypted
> > > through the phone line (using CHAP) and get authenticated by the NT
> > > domain server without using "password in the clear" PAP.
> >
> > No. See the FAQ.
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html