If your are doing IPsec with PPTP or L2TP Tunneling the IPsec tunnel will protect the PAP Passwords because IPsec encryption wraps round the L2TP/PPTP Tunnel and with it encrypts the passwords ... The Passwords will only be exchanged in plaintext between the NAS and your Radius (not bad if your LAN is switched for example ...)
-----Ursprungliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im Auftrag von Kurt Hockenbury Gesendet: Montag, 25. Februar 2002 19:20 An: [EMAIL PROTECTED] Betreff: Using smbpasswd with freeradius? Here's my situation. I have a few thousand users, and they'd like to be able to do VPN. I have a cisco VPN box, that supports radius. I have a crypt(3) unix passwd file, and an smbpasswd file, with entries in both for all users. Now I could use freeradius with PAP authentication against the crypt(3) passwords -- but then passwords are going to be flying around in the clear, which is no good, especially since some of those VPN users could be coming in over a wireless connection. So that implies using CHAP. But I don't have plaintext passwords for these users. I have seen tantalizing glimpses that it may be possible use our smbpasswd file to do MS-CHAP authentication, but I can't find any specific instructions as to how to make this happen. So my question is, is this possible? And if so, can some one point me a (even rough) instructions? If I can get it working, I'll gladly write an entry for the FAQ on how to do it. Thanks, -Kurt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
