Yuriy Grishin wrote:
Hello,
I'm trying to conceal plain-text passwords from my radius.radcheck database in order to it'll be useless if it's stolen.
That's admirable, but generally useless. And often counter-productive.
| 1 | user1 | Password-With-Header | := | {md5}c4ca4238a0b923820dcc509a6f75849b |
MD5 hashed passwords...
and raduis -X said : ... modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type CHAP
... are incompatible with CHAP. http://deployingradius.com/documents/protocols/compatibility.html What you want to do is impossible. You MUST have the clear-text passwords in the DB in order to do CHAP.
It that possible to get hashed passwords together with MS_CHAP?
You are doing CHAP, not MS-CHAP. They are very different. Alan DeKok.