On Wed, Feb 12, 2003 at 03:49:37PM -0500, Damian Gerow wrote:
[...]
> The problem I've got is that some of our passwords are in there as an MD5
> hash, some are in there as a 'crypt' password, and some are plaintext. I'm
> a bit lost as to how to get FreeRADIUS to accept all three types as
> acceptable passwords...
>
> From my understanding, the Attribute in the radcheck table should be
> Crypt-Password for MD5 and crypt(), and Password for plaintext? Or am I way
> off base?
Take a look at the pap module, it can handle all the password types you
mention above.
You could probably do something like the following in radius.conf:
modules {
[stuff]
pap pap-md5 {
encryption_scheme = md5
}
pap pap-crypt {
encryption_scheme = crypt
}
pap pap-clear {
encryption_scheme = clear
}
[stuff]
}
authenticate {
[stuff]
authtype PAP-MD5 {
pap-md5
}
authtype PAP-CRYPT {
pap-crypt
}
authtype PAP-CLEAR {
pap-clear
}
[stuff]
}
Then set auth-type to pap-md5/pap-crypt/pap-clear in
radcheck/radgroupcheck for the different account types. You should be
able to use Password for all password types, so no need for
Crypt-Password.
The above isn't tested, but it should hopefully get you pointed in the
right direction.
--
Simon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
