users are sending CHAP passwords

tnt at kalik.co.yu tnt at kalik.co.yu
Thu May 17 13:14:26 CEST 2007


Option 1 - you have control over NAS:

Configure NAS to accept only PAP authentification. Clents will have to
enable PAP if it is disabled (see option 2)

Option 2 - clent side approach

Configure clients to use only pap. For XP:

Go to Network Connections and open Properties for this connection

Click on Security tab

Click on Advanced radio button and Settings button

Leave only PAP ticked

OK, OK to exit

Ivan KAlik
KAlik Informatika ISP


Dana 17/5/2007, "vik" <vik_viktor at yahoo.com> piše:

>Sorry for the double post before.
>
>I'm still stuck with that problem:
>
>How to tel the user not to send CHAP-Password ?
>
>As to the server version i will update to 1.1.6 later on today.
>
>Thx a lot.
>
>----- Original Message ----
>From: Peter Nixon <listuser at peternixon.net>
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Sent: Thursday, May 17, 2007 10:28:34 AM
>Subject: Re: freeradius + pap + md5 (or encrypt) problem
>
>On Thu 17 May 2007, vik wrote:
>> Hello,
>>
>> I have 1.1.3 server version.
>
>Please update to 1.1.6
>
>> I would like to be able to store encrypted passwords on my computer, but i
>> can't. I've read about everything dealing with this problem, but still i
>> cannot manage to succeed.
>>
>> In my users file i have
>>
>> DEFAULT Auth-Type := PAP
>>                     Fall-Through = Yes
>
>This bit is not necessary..
>
>> gogo User-Password := "my_encrypted_password_using_md5"
>> ....
>>
>> Here i've tried also with Crypt-Password, but it doesn't work either.
>
>You do need to use Crypt-Password...
>
>> Still i have in the debugs:
>> Auth: rlm_pap: Attribute "Password" is required for authentication. Cannot
>> use "CHAP-Password".
>>
>> Why is rlm_pap receiving an CHAP-Password argument, i don't understand, i
>> have disabled all chap options in the radiusd.conf.
>
>Because your users are sending you CHAP passwords. If you don't support them,
>tell your users to send use PAP instead..
>
>
>--
>
>Peter Nixon
>http://www.peternixon.net/
>PGP Key: http://www.peternixon.net/public.asc
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>
>
>____________________________________________________________________________________
>Get your own web address.
>Have a HUGE year through Yahoo! Small Business.
>http://smallbusiness.yahoo.com/domains/?p=BESTDEAL
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list