On Apr 5, 2019, at 11:22 AM, Ekene Ezeasor <ezeasorekene@gmail.com> wrote:
Please our users' password are encrypted using crypt() (blowfish) function in PHP. Now I want to use password_verify() to check the submitted password and I intend doing that in PHP. I have updated my authorize section to use the external PHP script like this:
update control { Auth-type := "/usr/bin/php -f /etc/freeradius/3.0/php/checkpassword.php %{User-Name} %{User-Password}" &Proxy-To-Realm := LOCAL }
But only the username is sent to the external PHP file. The password is empty.
If you're using WiFi, the User-Password won't exist. See the debug output for more information.
We are already running a large database and it may not be easy to change to another encryption method. Therefore this is very important and we really need to implement it.
See: http://deployingradius.com/documents/protocols/compatibility.html The clients will need to do TTLS with inner-tunnel PAP. Everything else won't work. Your choices are: * use TTLS with inner PAP * don't do WiFi * change all the passwords in the database to clear-text Pick one. Alan DeKok