Ms-Chap + NT-Password
Alan DeKok
aland at deployingradius.com
Mon Dec 31 17:01:26 CET 2018
On Dec 31, 2018, at 9:56 AM, Anton Kiryushkin <swood at fotofor.biz> wrote:
> As I understand I need two sites for authorizing clients via wifi and
> ethernet.
What's a "site" ?
Please use *standard* words for things.
> I made a different site, and I wrote a rule to redirect users.
> But. When I'm checking this solution I can't understand why freeradius
> expecting Cleartext-Password instead MD5-password (Please see log below):
Because you configured multiple passwords for the user.
> (9) pap: WARNING: Config already contains a "known good" password
> (&control:Cleartext-Password). Ignoring &config:Password-With-Header
> (9) pap: Normalizing MD5-Password from base64 encoding, 24 bytes -> 16 bytes
You've configured the user with:
Cleartext-Password
Password-With-Header
MD5-Password
Why?
It's your configuration. You should know what you've configured. None of that is in the default config.
> (9) [pap] = updated
> (9) } # authorize = updated
> (9) Found Auth-Type = PAP
> (9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
> (9) Auth-Type PAP {
> (9) pap: Login attempt with password
> (9) pap: Comparing with "known good" Cleartext-Password
> (9) pap: ERROR: Cleartext password does not match "known good" password
> (9) pap: Passwords don't match
Which seems to be clear.
Alan DeKok.
More information about the Freeradius-Users
mailing list