Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FreeRadius3: MD5-Password encryption

    pfSense Packages
    2
    3
    59
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGr
      JeGr LAYER 8 Moderator last edited by JeGr

      Hi,

      as I set up a new box for a customer yesterday, I installed the FreeRadius3 package to go with OpenVPN. As I set it up like our other boxes, I tried creating a user with cleartext and md5 password encryption. But checking it with Diagnostics > Authentication, only the user with cleartext password seems to work. I checked an older box of mine which is set up exactly the same (as far as the obvious things like NAS, Interfaces, EAP settings etc.) and there both kind of users work flawlessly.

      So does anyone has an idea as to why the freshly installed box won't work with md5-crypted passes? Error Log shows:

      Nov 26 09:13:39	radiusd	77042	(3) Login incorrect (Failed retrieving values required to evaluate condition): [jegr/<via Auth-Type = mschap>] (from client localhost port 0)
      

      If I change it to cleartext-password, everything is fine (or check the other testuser with cleartext password). Our other box(es) can test both users with either password setting just fine. Don't understand the difference...

      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        I'm not aware of any problems like that.

        Is there maybe some whitespace around the password that got ignored for cleartext but included in the MD5 hash?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • JeGr
          JeGr LAYER 8 Moderator last edited by

          @jimp said in FreeRadius3: MD5-Password encryption:

          Is there maybe some whitespace around the password that got ignored for cleartext but included in the MD5 hash?

          @jimp
          Nope, double checked that. The internal auth test works with cleartext password, MD5 gets rejected with above error. Don't understand it the least, as my box at home for example is configured exactly the same way and has no problems testing both kinds of users... I'm at a complete loss...

          Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post