Alan DeKok aland at
Thu Feb 4 09:10:56 CET 2010

James Devine wrote:
> I'm trying to setup a freeradius server on freebsd7 to authenticate
> against the local passwd file and seem to be running into some
> problems.

> and /etc/pam.d/radiusd setup such as:

  Err... why?

  You don't need to use PAM to authenticate against the password file.

> ++[unix] returns updated

  i.e. it found the user via getpwent().

  And you haven't configured it to use PAM at all.

> [pap] login attempt with password "testpass"
> [pap] Using CRYPT encryption.
> [pap] Passwords don't match

  Well... is there a user in /etc/passwd with that name && password?

> The password is correct, I'm not sure if the CRYPT encryption method
> is correct because I believe the passwords are stored as md5 hashes in
> the passwd file, any idea where I may be going wrong?

  The passwords are likely stored as salted MD5 hashes.

  And the authentication is done by calling the crypt() function on your
local system.  Since the system supports MD5 passwords, crypt() should
support them, too.

  Alan DeKok.

More information about the Freeradius-Users mailing list