converting pap to chap
Alan DeKok
aland at deployingradius.com
Thu Sep 13 07:27:08 CEST 2007
Stefan Kronawithleitner wrote:
> The existing setup is a freeradius 1.1.6, allowing auth from a NAS and
> PEAP against an eDirectory (ldap) userbase, which works fine. However,
> users of another realm should be proxied to another radius-server -
> which works fine for PEAP, but failes from the NAS, because the NAS can
> do only PAP - which is not allowed on the other radius-server.
The other RADIUS server is either broken, or the administrators are
being ridiculous.
For a host of reasons, PAP is actually *better* than CHAP. It's not
just easier to manage. It can actually be more secure in many cases!
> I read through the changelogs, finding nothing like that - has there
> been a change? Is it possible to convert PAP to CHAP? Howto?
It's possible. You'll have to write some code. It's not hard.
See rlm_example for writing a module. See radclient for how to
convert a cleartext password into a CHAP password. rad_chap_encode(..)
Alan DeKok.
More information about the Freeradius-Users
mailing list