Configuring MSCHAP to use attributes from PASSWD

Matthew Newton mcn at freeradius.org
Mon Jan 25 12:21:52 CET 2021



On 25/01/2021 11:08, lingctam wrote:
> Could you please direct me to the correct way to configure the MSCHAP module to use the User-Name and Clear-Text Passwords from the PASSWD file?

If you mean /etc/passwd, then it's impossible. The password hashing is 
incompatible.

If you're using the files module then yes, you can just define 
Cleartext-Password as given in the examples that come with the server, 
and mschap will use that. You need to make sure you call "files" in 
authorize{} for the right users (if not all).

> I have added the expansion under authenticate in the following way:
> 
> Auth-Type MS-CHAP {
>                  %{mschap:"User-Name"}
> }

Use the default config that comes with the server, rather than trying to 
make up your own syntax. There's no need to change the config here.


> (9) mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
> (9) mschap: WARNING: No Cleartext-Password configured.  Cannot create LM-Password

Because "files" hasn't been called in authorize{}, and passwd is 
incompatible.

-- 
Matthew


More information about the Freeradius-Users mailing list