On 04/27/2012 03:43 PM, Markus Moeller wrote: Hello Markus,
> I have a radius client which uses CHAP instead of PAP. Is there > anything I need to change in the config to support this client ? No, if you have a password database that has passwords in plaintext format. > I noticed it works for me only with a user file with a cleartext > password. Yes, that is true. Generally, if the authentication protocol sends password in plaintext format, any authentication method at RADIUS server side can be used. Also, if the password database has the passwords in plaintext format, most authentication protocols (using hashes, plaintext, etc.) will work. > If I use PAM ( the password which is passed to the pam > module is emtpy) or MD5 encrypted password in the user file I get > denied. CHAP does not send a password. Instead it sends a hashed value that is calculated based on the password and other information. So there is no password that can be passed to PAM. In this case it does not matter what format the user file has. Note that if you used e.g., AuthBy FILE with plaintext passwords, CHAP would work. However, the usual concerns about storing plaintext passwords would apply in this case. > All other PAP client work fine. Yes, with PAM that sounds correct. Thanks! Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
