pap authenticate issue

Fajar A. Nugraha list at fajar.net
Wed Jun 22 12:59:59 CEST 2011


On Wed, Jun 22, 2011 at 5:41 PM, liuyang <liu-yang at sms-grp.com> wrote:
> Hi All,
>
>
>
> I got a problem with my freeradius server 2-2.1.7-7
>
>
>
> PAP knew we’re using NT-Password, but it still using CRYPT encryption

Did you try upgrading? I'm using 2.1.10, and a simple test with users
file and LM/NT-Password shows pap can do the right thing. On my system
the debug log goes something like this

rad_recv: Access-Request packet from host 127.0.0.1 port 40049,
id=103, length=60
	User-Name = "testuser"
	User-Password = "testpass"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 0

...

[files] users: Matched entry testuser at line 2
++++[files] returns ok
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "testpass"
[pap] Using NT encryption.
[pap] 	expand: %{User-Password} -> testpass
[pap] NT-Hash of testpass = 35ccba9168b1d5ca6093b4b7d56c619b
[pap] 	expand: %{mschap:NT-Hash %{User-Password}} ->
35ccba9168b1d5ca6093b4b7d56c619b
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [testuser] (from client localhost port 0)
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
Sending Access-Accept of id 103 to 127.0.0.1 port 40049

-- 
Fajar




More information about the Freeradius-Users mailing list