pap authenticate issue

liuyang liu-yang at sms-grp.com
Wed Jun 22 13:14:16 CEST 2011 

Hi Fajar,

First of all thanks for your reply but I won't upgrade it unless I can
confirm this is a bug of my version because I am not familiar with the
upgrade.
I'd like to know is there any misconfiguration can cause  this problem?
Hoping someone knows this

Regards,
LiuYang

-----Original Message-----
From: freeradius-users-bounces+liu-yang=sms-grp.com at lists.freeradius.org
[mailto:freeradius-users-bounces+liu-yang=sms-grp.com at lists.freeradius.org]
On Behalf Of Fajar A. Nugraha
Sent: Wednesday, 22 June, 2011 7:00 PM
To: FreeRadius users mailing list
Subject: Re: pap authenticate issue

On Wed, Jun 22, 2011 at 5:41 PM, liuyang <liu-yang at sms-grp.com> wrote:
> Hi All,
>
>
>
> I got a problem with my freeradius server 2-2.1.7-7
>
>
>
> PAP knew we're using NT-Password, but it still using CRYPT encryption

Did you try upgrading? I'm using 2.1.10, and a simple test with users
file and LM/NT-Password shows pap can do the right thing. On my system
the debug log goes something like this

rad_recv: Access-Request packet from host 127.0.0.1 port 40049,
id=103, length=60
	User-Name = "testuser"
	User-Password = "testpass"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 0

...

[files] users: Matched entry testuser at line 2
++++[files] returns ok
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "testpass"
[pap] Using NT encryption.
[pap] 	expand: %{User-Password} -> testpass
[pap] NT-Hash of testpass = 35ccba9168b1d5ca6093b4b7d56c619b
[pap] 	expand: %{mschap:NT-Hash %{User-Password}} ->
35ccba9168b1d5ca6093b4b7d56c619b
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [testuser] (from client localhost port 0)
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
Sending Access-Accept of id 103 to 127.0.0.1 port 40049

-- 
Fajar

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list