Here's my situation. I have a few thousand users, and they'd like to be able to do VPN. I have a cisco VPN box, that supports radius. I have a crypt(3) unix passwd file, and an smbpasswd file, with entries in both for all users.
Now I could use freeradius with PAP authentication against the crypt(3) passwords -- but then passwords are going to be flying around in the clear, which is no good, especially since some of those VPN users could be coming in over a wireless connection. So that implies using CHAP. But I don't have plaintext passwords for these users. I have seen tantalizing glimpses that it may be possible use our smbpasswd file to do MS-CHAP authentication, but I can't find any specific instructions as to how to make this happen. So my question is, is this possible? And if so, can some one point me a (even rough) instructions? If I can get it working, I'll gladly write an entry for the FAQ on how to do it. Thanks, -Kurt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
