From owner-freebsd-isp@FreeBSD.ORG  Tue Sep 16 20:28:24 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 19BFE16A4B3
	for <freebsd-isp@freebsd.org>; Tue, 16 Sep 2003 20:28:24 -0700 (PDT)
Received: from fire.org.nz (firewall.fire.org.nz [203.97.144.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1DD5C43FCB
	for <freebsd-isp@freebsd.org>; Tue, 16 Sep 2003 20:28:22 -0700 (PDT)
	(envelope-from andy@fud.org.nz)
Received: by homer.fire.org.nz id <336011>; Wed, 17 Sep 2003 03:26:12 +1200
Message-Id: <03Sep17.032612nzst.336011@homer.fire.org.nz>
Date: Wed, 17 Sep 2003 15:28:18 +1200
From: Andrew Thompson <andy@fud.org.nz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.5b) Gecko/20030905 Thunderbird/0.2
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Martin Jessa <freebsd@yazzy.org>
References: <20030917030343.52426383.freebsd@yazzy.org>
	<20030917022435.GA14843@laptop.lambertfam.org>
	<20030917045828.4c7f7ec9.freebsd@yazzy.org>
In-Reply-To: <20030917045828.4c7f7ec9.freebsd@yazzy.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-isp@freebsd.org
Subject: Re: FreeRadius and md5 hashed passwords
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 03:28:24 -0000

Martin Jessa wrote:
> Hi Scott, guys.
> 
> I am stucked. I made some changes in the config file and added Auth-Type to the radgroupcheck table (which was previously empty) and now I cannot authenticate at all.
> Seems like the problem is somewhere else.
> 
> My radiusd.conf:
> 
> modules {
>         mschap {
>                 authtype = MD5
>                         use_mppe = yes
>                         require_encryption = yes
>                         require_strong = yes
>                         encryption_scheme = md5
>         }
> 
>

My understanding was that chap required the password on the sever to be 
in plain text, so MD5 could not be used.  The response from the client 
is encrypted with the password, so if its also encrypted locally, it 
cant be checked.

You may need to use pap.


Andy