Frank Winkler wrote:
Why is the password displayed in plain text instead of hashed as on the old server?
Because it helps with debugging.
I think you didn't get the point of my question. I was wondering about the difference on two clients querying the same server for the same data.
Huh? You asked about the difference between a new server and an old server. How does that translate into two clients querying the same server?
So... the passwords don't match?
They do but the lookup seems to be incorrect. What I have in the file is the outout of "smbencrypt" but maybe that's not what the server is expecting.
The server can use NT hashed passwords to perform MS-CHAP authentication.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:65271, id=108, length=57 User-Name = "fwvpn" User-Password = "XXX" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 try to find in file rlm_passwd: Added LM-Password: '624AAC413795CDC1AAD3B435B51404EE' to config_items rlm_passwd: Added NT-Password: 'C5A237B7E9D8E708D8436B6148A25FA1' to config_items try to find in file
Why have you massively edited the debug output?
Login incorrect: [fwvpn/cu@34t] (from client localhost port 10) Sending Access-Reject of id 108 to 127.0.0.1 port 65271
The password is displayed in plain text.
Which password? Could you explain which part of the edited output you refer to? In any case, what little you've posted shows that the client is sending a PAP authentication request. Are you sure that you have configured the server to do PAP authentication using NT-hashed passwords? The debug output you've posted conveniently deletes EVERY REFERENCE TO THE AUTHENTICATION PROCESS. i.e. You're asking for help, and making it as hard as possible for anyone to help you. Why? Alan DeKok.