At 07:40 PM 5/14/2002 +0100, Rick M wrote:
>Hi,
>
>Currently we use PAP to validate on our network. In the past, radius was
>unable to do CHAP via unix password file and I am not so sure freeradius
>can do it now.
No. It's not a limitation of the radius server, it's a limitation of
how CHAP works. CHAP requires the radius server ( whether freeradius,
lucent radius, funk software, etc. ) to have access to the *plaintext*
password. By definition the system password file on unix contains a
one-way encrypted version of the password ( IE, you cannot extract the
plaintext password from the encrypted version ).
>It appears if you do it the old way set the user up in the users file and
>use auth-type of local it will do CHAP. I need it to work with the
>password file.
>
>If there is a way to use the unix password file, I'd like to know what it
>is. <G> Examples are always welcome.
Sorry, it's just not possible with *any* radius server.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
