Hello Rob -
On Thu, 16 Nov 2000, Rob Hill wrote:
> Hi guys -
>
> We've just hit a bit of a problem due to the fact that we store our user
> passwords in encrypted format (in an LDAP database), but our provider's
> NAS's (all 500 of them) specify CHAP before PAP, so dial-up clients
> default to CHAP, and therefore do not authenticate.
>
> Using PAP, the NAS sends the user's password in plaintext to the radius
> server, which encrypts it and compares it to the locally stored (already
> encrypted) password. If they match, the user is authenticated.(GOOD)
>
> Using CHAP, the NAS encrypts the user's password via the shared secret,
> and radiator tries to encrypt the locally stored plaintext password, (also
> using the shared secret) and compares it to the encrypted password that
> the NAS sent. If they match, the user is authenticated. But since we store
> the passwords in encrypted format, this will not work.(BAD)
>
> All of these things are very hard to change -
>
> 1.) we don't want to have to get our provider to default their NAS's to
> PAP (even if that's possible)
> 2.) we don't want to have to store the user passwords in plaintext (this
> would require massive change with our system)
> 3.) we don't want to have all the dial-up customers disable CHAP in their
> networking settings (it should just work)
>
> What we want is to be able to tell the NAS's via Radiator to auth via PAP
> instead of CHAP - is this possible? It would solve all our problems.
CHAP/PAP is a NAS configuration issue, not a Radius issue.
I think you are between a rock and a hard place.
cheers
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
