On Tue, May 14, 2002 at 07:40:51PM +0100, Rick M wrote: > Currently we use PAP to validate on our network. In the past, radius was > unable to do CHAP via unix password file and I am not so sure freeradius > can do it now.
> I have looked through the documentation on 0.5 but cannot locate > information relating CHAP and the unix password file. > It appears if you do it the old way set the user up in the users file and > use auth-type of local it will do CHAP. I need it to work with the > password file. > If there is a way to use the unix password file, I'd like to know what it > is. <G> Examples are always welcome. The only way you could ever use CHAP with a unix password file is if the encryption on your unix passwords was completely worthless. CHAP requires both sides to have access to the plaintext password. About the closest you can come is MS-CHAP, which instead of plaintext passwords uses plaintext-equivalent, deterministic (i.e., no random salt) password hashes. That still won't work with your standard unix password file, though you can configure freeradius to do MS-CHAP against a Samba-style password file. Steve Langasek postmodern programmer
msg05638/pgp00000.pgp
Description: PGP signature
