Work with clear password , but not with MD5 ( but both work with radtest)

Alan DeKok aland at deployingradius.com
Thu Oct 14 14:45:16 CEST 2021


On Oct 14, 2021, at 4:14 AM, webmaster at techshop-lille.fr wrote:
> I'm using Freeradius 2.1.12

  Why?  v2 is EOL, and there are security fixes after after 2.1.12.  You should run at least 2.2.10.

> with mysql Backend and a Ubiquity/Unify network for authenticating my wireless users
> 
> Actually it work fine with users in Sql DB with User-Password := value
> 
> Off course i wanted to change it for a MD5 version
> 
> So i changed User-Password with MD5-Password
> 
> Radtest is working fine , with both users using the MD5 and Clear Text password , replying me with auth and VLAN ID
> 
> but when i try to authenticate with real world Wireless users , only the users with clear text password are working

  It's impossible.

http://deployingradius.com/documents/protocols/compatibility.html

  Security isn't a magic thing you get to apply everywhere.  You have multiple options for security, some choices prevent you from using other choices.

  In this case, MD5 passwords in the DB prevent you from using PEAP.  So you have to pick either clear-text passwords in the DB, or using TTLS+PAP.

  Alan DeKok.




More information about the Freeradius-Users mailing list