freeradius sql MD5-Password pap fails
b.candler at pobox.com
Thu Sep 29 16:15:37 CEST 2016
On 29/09/2016 12:32, Jan-Christoph Fuchs wrote:
> No I have changed the Database table radcheck to store MD5-Password.
> Tests with radtest works, but livetest will be rejected.
> I really dont know much about protocolls (pap, chap, eap and so on)
> Debigging freeradius told me that radtest uses pap
You can use "radtest -t mschap ...." to check with MSCHAP authentication.
> [eap] processing type mschapv2
It looks like your wireless clients are using PEAPv0, which is a TLS
tunnel on the outside and MSCHAP on the inside. This is the "normal" way
of doing wireless authenticate.
However, you cannot authenticate MSCHAP with an MD5-hashed password. You
need either the cleartext password, or the NT LAN Manager password hash.
More information about the Freeradius-Users