Re: freeradius + pap + md5 (or encrypt) problem
How do i tell my users not to send CHAP-Password ? Is pap allowed in the authorize section in 1.1.6 ? Thank you for the fastest answer i've ever expected ! ----- Original Message ---- From: Peter Nixon <listuser@peternixon.net> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Sent: Thursday, May 17, 2007 10:28:34 AM Subject: Re: freeradius + pap + md5 (or encrypt) problem On Thu 17 May 2007, vik wrote:
Hello,
I have 1.1.3 server version.
Please update to 1.1.6
I would like to be able to store encrypted passwords on my computer, but i can't. I've read about everything dealing with this problem, but still i cannot manage to succeed.
In my users file i have
DEFAULT Auth-Type := PAP Fall-Through = Yes
This bit is not necessary..
gogo User-Password := "my_encrypted_password_using_md5" ....
Here i've tried also with Crypt-Password, but it doesn't work either.
You do need to use Crypt-Password...
Still i have in the debugs: Auth: rlm_pap: Attribute "Password" is required for authentication. Cannot use "CHAP-Password".
Why is rlm_pap receiving an CHAP-Password argument, i don't understand, i have disabled all chap options in the radiusd.conf.
Because your users are sending you CHAP passwords. If you don't support them, tell your users to send use PAP instead.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ____________________________________________________________________________________Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
Allow only PAP on clients. For Win XP: Go to Network Connections an open Properties for this connection. Select Security tab Click on Advanced radio button, and then on Settings button Leave only PAP ticked Click OK to set it That's what you can do from the clent side. If you have control over NAS, then set it to accept only PAP authentication. If you can do that, all clients will "listen" and use only PAP. In that case there is no need to configure anything on the client. Ivan Kalik Kalik Informatika ISP Dana 17/5/2007, "vik" <vik_viktor@yahoo.com> piše:
How do i tell my users not to send CHAP-Password ?
Is pap allowed in the authorize section in 1.1.6 ?
Thank you for the fastest answer i've ever expected !
----- Original Message ---- From: Peter Nixon <listuser@peternixon.net> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Sent: Thursday, May 17, 2007 10:28:34 AM Subject: Re: freeradius + pap + md5 (or encrypt) problem
On Thu 17 May 2007, vik wrote:
Hello,
I have 1.1.3 server version.
Please update to 1.1.6
I would like to be able to store encrypted passwords on my computer, but i can't. I've read about everything dealing with this problem, but still i cannot manage to succeed.
In my users file i have
DEFAULT Auth-Type := PAP Fall-Through = Yes
This bit is not necessary..
gogo User-Password := "my_encrypted_password_using_md5" ....
Here i've tried also with Crypt-Password, but it doesn't work either.
You do need to use Crypt-Password...
Still i have in the debugs: Auth: rlm_pap: Attribute "Password" is required for authentication. Cannot use "CHAP-Password".
Why is rlm_pap receiving an CHAP-Password argument, i don't understand, i have disabled all chap options in the radiusd.conf.
Because your users are sending you CHAP passwords. If you don't support them, tell your users to send use PAP instead..
--
Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
____________________________________________________________________________________Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
tnt@kalik.co.yu -
vik