Hi Fajar, First of all thanks for your reply but I won't upgrade it unless I can confirm this is a bug of my version because I am not familiar with the upgrade. I'd like to know is there any misconfiguration can cause this problem? Hoping someone knows this Regards, LiuYang -----Original Message----- From: freeradius-users-bounces+liu-yang=sms-grp.com@lists.freeradius.org [mailto:freeradius-users-bounces+liu-yang=sms-grp.com@lists.freeradius.org] On Behalf Of Fajar A. Nugraha Sent: Wednesday, 22 June, 2011 7:00 PM To: FreeRadius users mailing list Subject: Re: pap authenticate issue On Wed, Jun 22, 2011 at 5:41 PM, liuyang <liu-yang@sms-grp.com> wrote:
Hi All,
I got a problem with my freeradius server 2-2.1.7-7
PAP knew we're using NT-Password, but it still using CRYPT encryption
Did you try upgrading? I'm using 2.1.10, and a simple test with users file and LM/NT-Password shows pap can do the right thing. On my system the debug log goes something like this rad_recv: Access-Request packet from host 127.0.0.1 port 40049, id=103, length=60 User-Name = "testuser" User-Password = "testpass" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 ... [files] users: Matched entry testuser at line 2 ++++[files] returns ok [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "testpass" [pap] Using NT encryption. [pap] expand: %{User-Password} -> testpass [pap] NT-Hash of testpass = 35ccba9168b1d5ca6093b4b7d56c619b [pap] expand: %{mschap:NT-Hash %{User-Password}} -> 35ccba9168b1d5ca6093b4b7d56c619b [pap] User authenticated successfully ++[pap] returns ok Login OK: [testuser] (from client localhost port 0) WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/default Sending Access-Accept of id 103 to 127.0.0.1 port 40049 -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html