PAP/SSHA plus MS-CHAP on 2.17

Alan DeKok aland at deployingradius.com
Thu Jan 14 07:48:57 CET 2010


Eric Swanson wrote:
> ...
> [ldap] Added User-Password = {SSHA}i9--censored--JI in check items
> [ldap] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x4338--censored--4531
> rlm_ldap: sambaLmPassword -> LM-Password == 0x4637--censored--4545

  You have 3 versions of the "known good" password for the user.  Which
one do you want to use?

> [pap] Using CRYPT encryption.

  And the "pap" module isn't configured to use any of them.

> The part that seems strange to me is that the system clearly
> identifies the type of passwords we are using ("Normalizing
> SSHA1-Password from base64 encoding" seems proof enough of that), but
> a couple lines later PAP has decided to use CRYPT encryption for some
> reason.  I can't imagine what I've done to make the system believe it
> should use CRYPT instead of SSHA.

  Check the configuration of the PAP module.

  Alan DeKok.



More information about the Freeradius-Users mailing list