How to tell freeradius of the encryption used in DB

Fajar A. Nugraha list at fajar.net
Wed Aug 17 15:56:05 CEST 2011


On Wed, Aug 17, 2011 at 8:50 PM, det.explorer at yahoo.com
<det.explorer at yahoo.com> wrote:
> Hi,
>
> I am testing freeradius. I use dialup admin and mysql to add users, which is configured to store passwords in md5. The attribute is User-Password.

Use MD5-Password attribute instead

> Used radtest for testing, but seems radtest is only able to recognize cleartext password.

radtest (and other NAS client, for that matter) doesn't really care
how radius store user passwords.

However, for freeradius to succesfully authenticate the user, the
password encryption/hash method must ne compatible with the
authentication method used. If you use PAP then you can store user
password in any encryption/hash method supported by freeradius (MD5,
crypt, NT-hash, etc).

> How to tell freeradius that passwords are in md5?

Store it as MD5-Password.

As an alternative, you MIGHT be able to use auto_header (and change
what's stored in User-Password attribute). See
http://wiki.freeradius.org/Rlm_pap

> Should i need to use other client aside from radtest?

It won't really matter

-- 
Fajar



More information about the Freeradius-Users mailing list