Fajar thanks for the reply. I checked the freeradius attribute list, there is no md5-password. Should i need to add it? If yes how to add that attribute? http://freeradius.org/rfc/attributes.html I didn't touch freeradius config on the auth protocols. I suppose, by default freeradius is set to accept all auth protocols? Do i need to say in the config use PAP exclusively? Thanks, Det On Aug 17, 2011, at 9:56 PM, "Fajar A. Nugraha" <list@fajar.net> wrote:
On Wed, Aug 17, 2011 at 8:50 PM, det.explorer@yahoo.com <det.explorer@yahoo.com> wrote:
Hi,
I am testing freeradius. I use dialup admin and mysql to add users, which is configured to store passwords in md5. The attribute is User-Password.
Use MD5-Password attribute instead
Used radtest for testing, but seems radtest is only able to recognize cleartext password.
radtest (and other NAS client, for that matter) doesn't really care how radius store user passwords.
However, for freeradius to succesfully authenticate the user, the password encryption/hash method must ne compatible with the authentication method used. If you use PAP then you can store user password in any encryption/hash method supported by freeradius (MD5, crypt, NT-hash, etc).
How to tell freeradius that passwords are in md5?
Store it as MD5-Password.
As an alternative, you MIGHT be able to use auto_header (and change what's stored in User-Password attribute). See http://wiki.freeradius.org/Rlm_pap
Should i need to use other client aside from radtest?
It won't really matter
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html