Kirti S. Bajwa schrieb:
> rlm_chap: login attempt by "test" with CHAP password
> rlm_chap: Could not find clear text password for user
> test
>
> I believe that the problem lies in the above description.
> If that is
> correct, why the password be clear test?
Sorry? Somehow that sentence seems to be missing
some word.
> I think somewhere a setting is missing!! HELP.
There are essentially two ways to represent a password:
cleartext or hashed. From the cleartext, you always can
get the hashed password but never vice versa. Even worse,
if you hash a password twice, it will be totally different the
second time and there is no way to get from one hashed form
to another hashed form or compare two hashes to check
if they "belong" to the same password.
Password verification now takes a hashed password and
a cleartext pssword and checks if the cleartext password can be
hashed to the hashed password.
So one side always has to provide the cleartext password.
Either you pass a clear text password from your computer
to the NAS which passes it to the radius server (and then,
the radius server only needs to know a password hash),
_or_ your computer only passes a hash to the NAS (based
on the clear text password you entered), then the cleartext
password needs to be stored on the radius server to be
able to do the password check.
In your case, either your computer connecting to the NAS
or the NAS seems to have "decided" (or is configured that
way) that passing the clear text password over the "line"
(or "air", if WLAN) would be to dangerous, so it's
transmitting a hashed password. Then, the radius server
needs to know the cleartext password.
So either store the cleartext passwords on the radius
server or change the NAS's (or user's computer's)
configuration to do "PAP" instead of "CHAP".
HTH,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
