You have a table on Alan DeKok's site explaining what protocol/password hashing combinations are possible and which are not: http://deployingradius.com/documents/protocols/compatibility.html Ivan Kalik Kalik Informatika ISP Dana 15/3/2007, "Dariusz Dwornikowski" <tdi@vercom.pl> piše:
On 2007-03-15, at 16:55, Alan DeKok wrote:
Dariusz Dwornikowski wrote:
Hi. My problem is such, that we store our passwords in Md5 in database, when authorization request comes from ser, i get digest attributes. I issue:
Digest authentication and MD5 hashed passwords are incompatible.
It won't work. so I HAVE to user clear text passwords? I was thinking just to compare md5 of password from SIP package.
I also tried to use Digest-HA1 instead of User-Password in database, but it does not work (i am using freeradius 1.1.4). getting: rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication.
And in Database I have:
id = 1 UserName = test001 Attribute=User-Password Value = test
Now, my real database stores passwords as md5 hashes and the radius compares the clear text passwords, how can i force it to compate md5 hashes of passwords?
Use the "MD5-Password" attribute, not the "User-Password" attribute. See "man rlm_pap" for more.
can it be combined with digest ? as I am gennting all the time:
rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
-- Dariusz Dwornikowski tdi@vercom.pl
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html