passwd encrypted in user file

vazoumana fofana zoumlander at
Fri Apr 20 16:27:25 CEST 2012

> Date: Fri, 20 Apr 2012 15:47:28 +0200
> From: aland at
> To: freeradius-users at
> Subject: Re: passwd encrypted in user file
> vazoumana fofana wrote:
> > i want to use encrypted passwd in "users" file without using unix files.
> > So, i have to write :
> > 
> > username Crypt-Password := "$1$5oVGRb3C$PCKT5Fv7d81NZTmzEm83e0".
> > 
> > How does Freeradius link the encrypted  password with password ?
>   The PAP module does this.  It sees the Crypt-Password as one of the
> formats supported for "known good" passwords.  It then uses
> User-Password from the packet, and compares the two.
> > I want to run a command wich crypt password. Wich command could i use ?
> > My system is unix-like.
>   See "radcrypt", which comes with the server.
I use radcrypt but i note that for the same passwd , the encrypted passwd changes everytime. It it right ?
How does freeradius link passwd and encrypt-passwd if this last changes at each run ?

I try to connect a client with encrypted passwd. I used radcrypt without option. I inserted result in users file.
Here s the debug :

[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: vazou
[mschap] Told to do MS-CHAPv2 for vazou with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject

To configure windows client, i use PEAP with mschap V2. Is it right ? I don't find other ways to connect windows client with login/passwd.

> > Then, i want to store this encrypted password in "users" file ?
>   Yes.
> > i look
> > to man  rlm_pap and i set yes to auto_header.
>   You don't need to set that.  Leave it as the default.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list