Configuring MSCHAP to use attributes from PASSWD
Matthew Newton
mcn at freeradius.org
Mon Jan 25 12:21:52 CET 2021
On 25/01/2021 11:08, lingctam wrote:
> Could you please direct me to the correct way to configure the MSCHAP module to use the User-Name and Clear-Text Passwords from the PASSWD file?
If you mean /etc/passwd, then it's impossible. The password hashing is
incompatible.
If you're using the files module then yes, you can just define
Cleartext-Password as given in the examples that come with the server,
and mschap will use that. You need to make sure you call "files" in
authorize{} for the right users (if not all).
> I have added the expansion under authenticate in the following way:
>
> Auth-Type MS-CHAP {
> %{mschap:"User-Name"}
> }
Use the default config that comes with the server, rather than trying to
make up your own syntax. There's no need to change the config here.
> (9) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
> (9) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password
Because "files" hasn't been called in authorize{}, and passwd is
incompatible.
--
Matthew
More information about the Freeradius-Users
mailing list