Access-Reject in attempted PAP cleartext setup?

Vincent Fox vincent_b_fox at yahoo.com
Sun Nov 23 17:51:07 CET 2008


>  Just a question... why -XXX when all of the documentation, FAQ, etc.
says -X ?

I had found several debugging threads which mentioned it.
Never mind.

> Sat Nov 22 20:14:19 2008 : Info: [pap] Using CRYPT encryption.

>  That should be a hint, too.  It's using crypt because the passwords in
>/etc/passwd are crypt'd.

>  Maybe we need to update the PAP module to look for multiple passwords,
>compare them to each other, and then complain loudly if they don't match.

Ahhh!  That did it thank you!

I was misreading because to my old brain....

Linux passwords are not "crypt" as in old-style "crypt" command.
Isn't it an MD5?  Anyhow when looking at the rlm_pap man pages there
were references to it using "crypt" so I thought perhaps I had a
misunderstanding/misconfiguration with PAP issue.  It didn't seem to
be complaining in the unix module but did seem to be while
processing in pap at least to my way of reading the output.

Anyhow it's all working now that I understand this and either avoid
username collision, or where they intersect use Auth-Type := System.
Thanks!


      



More information about the Freeradius-Users mailing list