Thanks Alan :) I have done a tcpdump capture and the username is sent in clear with what it seems to be a simple MD5 hash of the password. What do you mean by "NPS is lying to you". Is it completely safe to use the module ? Thanks in advance On Fri, Oct 20, 2017 at 4:45 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Oct 20, 2017, at 10:42 AM, Oussama BOUNAIM <o.bounaim@gmail.com> wrote:
The authentication works, however, the NPS (Radius Server) is complaining about the authentication method used by pam_radius_auth.so. It says that the client is using PAP insecure PAP protocol.
That's a stupid complaint.
I didn't find any parameter on the module documentation <https://github.com/FreeRADIUS/pam_radius> to change this behavior. Does pam_radius_auth.so support other secure protocol like CHAP ?
CHAP isn't more secure, unfortunately. And neither is MS-CHAP.
Ignore the message, NPS is lying to you.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html