freeradius-users-bounces+christian=poessinger.com@lists.freeradius.org wrote:
"Christian Poessinger" <christian@poessinger.com> wrote:
I'm really getting confused now ... is it actually possible to use md5 hashed passwords in a sql backend and doing EAP-TTLS for authenticating wireless clients?
http://deployingradius.com/documents/protocols/compatibility.html
See the matrix, the answer is "yes, for PAP".
I had a little look at the rlm_sql and rlm_pap sourcecode and well the only attribute stuff I found was Password and Crypt-Password. So I'm thinking it could be possible that it just won't work with md5 hashed passwords and it will only work with CRYPT passwords.
In 1.1.x, you have to tell the "pap" module that the password is stored as an MD5 hash. See it's examples & documentation.
I think you mean this: radiusd.conf pap { encryption_scheme = md5 } Well I have this in my configuration since I tried to set this up but when you look some messages ago I got it working with crypt. With the md5 hash I always got the missing Auth-Type error. I also added an Auth-Type MD5 { pap } to the Authenticate section but I wasn't that lucky. -CP