Is it possible to make PAP module understand both CRYPT (MD5) and plaintext passwords?
Having pap pap{ encryption_scheme = crypt } pap papplain{ encryption_scheme = clear } .... Auth-Type PAP { pap } Auth-Type PAPPLAIN { papplain } in radiusd.conf having user1 Crypt-Password := blablaencrypted user2 User-Password := blablacleartext in radcheck table. having pptp Auth-Type := PAPPLAIN dialup Auth-Type := pap in radgroupcheck having user1 ppttp user2 dialup in user groups... In fact I have added extra logic to the custom dialup-admin clone I am running to make it select the right attribute and ecnryption scheme or none for user depending on his/her membership in a certain group. Regards Alex.
Alex Savguira wrote:
Having pap pap{ encryption_scheme = crypt } pap papplain{ encryption_scheme = clear }
If I understand you, then you are redoing what the server already does. FreeRADIUS knows which scheme to use based on the attribute in the users file or SQL: username Password := blah or username Crypt-Password := $1$blah If it sees, the first, it knows that "blah" is the clear password it needs to check against. If it sees the second, it knows that it is crypted. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com
participants (2)
-
Alex Savguira -
Dennis Skinner