<div dir="ltr">The only way I found to make it works is setting the following lines in the user file:<div><br></div><div>vi users:</div><div><br></div><div>avillaverde Auth-Type := MSCHAP, Cleartext-Password = "123456"</div><div><br></div><div>It works, but how do you handle 1000 users for example? It turns very difficult to manage the user passwords.</div><div><br></div><div>For instance, if the user change the password in the linux box, then you need to edit the users file to replicate that password.</div><div><br></div><div>I have running tacacs+ in the same box, and the user only has to use an unique password for radius and tacacs defined by passwd. I am using PAM authentication for this. </div><div><br></div><div><br></div><div>On the other hand, If I work with PAP I can handle the users like a Linux user, so the managament is easier and it depends on the final user. The user can access the linux box and change his password with a simple passwd and all is replicated for tacacs and freeradius. It is the way how is working today, but I was requested to set MSCHAP authentication due to security audits.<br></div><div><br></div><div>When user try to access wireless controller, he puts his password and then radius checks the password with the passwd file or shadow file without any necesity of "editing radius users file"</div><div><br></div><div>I think I am missing something regarding how to set MSCHAP authentication, and that radius checks the password without using Cleartext-Password in the USERS file.</div><div><br></div><div>I dont know if I am clear enough for you. Sorry for my poor english.</div><div><br></div><div> </div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-10-29 19:27 GMT-03:00 Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
> On 29 Oct 2014, at 18:16, Alan Alejandro Villaverde <<a href="mailto:alan.villaverde@gmail.com">alan.villaverde@gmail.com</a>> wrote:<br>
><br>
> Hi Alan,<br>
><br>
> Thx for your quick feedback!<br>
><br>
> I finally got it working. I get it work setting Cleartext-Password into the users files as you explained to me.But, is it possible to use PAM with MSCHAP? what about with a lot of users? I read the FAQ, but I am not sure about how to make it works with MSCHAP and PAM.<br>
<br>
</span>No.<br>
<span class=""><br>
> Could you give me a clue?<br>
<br>
</span>PAM and MSCHAP won't work. If you're authenticating using PAM you need the Cleartext-Password available<br>
which you don't have with MSCHAP.<br>
<br>
-Arran<br>
<br>
Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
FreeRADIUS development team<br>
<br>
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2<br>
<div class="HOEnZb"><div class="h5"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Alan Alejandro Villaverde. <br><pre><font size="3"><span style="white-space:pre-wrap"> ,JL.
j@, Zv
uJ.u@qJ
:LBO:v1
:r1@ MB
G1 rB8Ur ,
r@Ei O .7 @.
:N,:BBO05v,:, :7 u Or
vM@r:E: rqr,: .v X Or
7@r v@U ,@::: 5 .L M:
YO:2@OS. . .7: N iP
Y@riBr ,:i::: :q ,q.
qk :ii YO.
iv7r77r iGF :7v7
:u0u. 7Lj ;5k1r7BN
7P552552v: LUM1, 7FUi:..v@B
ik7JMJ. ..,v@rk.
_..._ Y8. vL: .5@v E.
.' '. ui,N: .G.O@: @
/ _ _ \ .P: J7LEBO Bi
| (o)_(o) | .1 i@B7 .MU
\( ) / 2 :M@u .uMi
//'._.'\ \ :k :U@BOi:vSM2B
// . \ \ 7E@B@B@O8PrMk ;B
|| . \ \ @: @r
|\ : / | EM. ;@
\ `) ' (` /_ .B7 0L
_)``".____,.'"` (_ ..,:i;7vjuFXZEOMMBBL:::.rB@B@B@
) )'--'( ( .,::ir77vvJjuu2UF5SS00GZOMBB@B@B@B@B@B@
'---` `---` ::iirr77rrr77vLLLjuu25FXPNZGMOOO@B@B@B@B@@@B@B@B@B
:i:i::,:,i,:,:.:.:.:.:.:.:.,.,.,............. ...</span></font><font face="Times New Roman" size="3"><span style="white-space:pre-wrap"><br></span></font></pre></div>
</div>