Need help

[Alan DeKok]

Frank Winkler wrote:
>  >>Why is the password displayed in plain text instead of hashed as on
> the old
>  >>server?
>  >
>  >Because it helps with debugging.
> 
> I think you didn't get the point of my question. I was wondering about
> the difference on two clients querying the same server for the same data.

  Huh?  You asked about the difference between a new server and an old
server.  How does that translate into two clients querying the same server?

>  >So... the passwords don't match?
> 
> They do but the lookup seems to be incorrect. What I have in the file is
> the outout of "smbencrypt" but maybe that's not what the server is
> expecting.

  The server can use NT hashed passwords to perform MS-CHAP authentication.

> Ready to process requests.
> 
> rad_recv: Access-Request packet from host 127.0.0.1:65271, id=108,
> length=57
>         User-Name = "fwvpn"
>         User-Password = "XXX"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 10
> try to find in file
> rlm_passwd: Added LM-Password: '624AAC413795CDC1AAD3B435B51404EE' to
> config_items
> rlm_passwd: Added NT-Password: 'C5A237B7E9D8E708D8436B6148A25FA1' to
> config_items
> try to find in file

  Why have you massively edited the debug output?

> Login incorrect: [fwvpn/cu at 34t] (from client localhost port 10)
> Sending Access-Reject of id 108 to 127.0.0.1 port 65271
> 
> 
> The password is displayed in plain text.

  Which password?  Could you explain which part of the edited output you
refer to?

  In any case, what little you've posted shows that the client is
sending a PAP authentication request.  Are you sure that you have
configured the server to do PAP authentication using NT-hashed
passwords?  The debug output you've posted conveniently deletes EVERY
REFERENCE TO THE AUTHENTICATION PROCESS.

  i.e. You're asking for help, and making it as hard as possible for
anyone to help you.  Why?

  Alan DeKok.