freeradius + pap + md5 (or encrypt) problem

tnt at kalik.co.yu tnt at kalik.co.yu
Thu May 17 11:08:12 CEST 2007 

Allow only PAP on clients. For Win XP:

Go to Network Connections an open Properties for this connection.

Select Security tab

Click on Advanced radio button, and then on Settings button

Leave only PAP ticked

Click OK to set it

That's what you can do from the clent side. If you have control over
NAS, then set it to accept only PAP authentication. If you can do that,
all clients will "listen" and use only PAP. In that case there is no
need to configure anything on the client.

Ivan Kalik
Kalik Informatika ISP


Dana 17/5/2007, "vik" <vik_viktor at yahoo.com> piše:

>How do i tell my users not to send CHAP-Password ?
>
>Is pap allowed in the authorize section in 1.1.6 ?
>
>Thank you for the fastest answer i've ever expected !
>
>----- Original Message ----
>From: Peter Nixon <listuser at peternixon.net>
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Sent: Thursday, May 17, 2007 10:28:34 AM
>Subject: Re: freeradius + pap + md5 (or encrypt) problem
>
>On Thu 17 May 2007, vik wrote:
>> Hello,
>>
>> I have 1.1.3 server version.
>
>Please update to 1.1.6
>
>> I would like to be able to store encrypted passwords on my computer, but i
>> can't. I've read about everything dealing with this problem, but still i
>> cannot manage to succeed.
>>
>> In my users file i have
>>
>> DEFAULT Auth-Type := PAP
>>                     Fall-Through = Yes
>
>This bit is not necessary..
>
>> gogo User-Password := "my_encrypted_password_using_md5"
>> ....
>>
>> Here i've tried also with Crypt-Password, but it doesn't work either.
>
>You do need to use Crypt-Password...
>
>> Still i have in the debugs:
>> Auth: rlm_pap: Attribute "Password" is required for authentication. Cannot
>> use "CHAP-Password".
>>
>> Why is rlm_pap receiving an CHAP-Password argument, i don't understand, i
>> have disabled all chap options in the radiusd.conf.
>
>Because your users are sending you CHAP passwords. If you don't support them,
>tell your users to send use PAP instead..
>
>
>--
>
>Peter Nixon
>http://www.peternixon.net/
>PGP Key: http://www.peternixon.net/public.asc
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>
>
>____________________________________________________________________________________Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
>http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list