Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius3: MD5-Password encryption

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 414 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by JeGr

      Hi,

      as I set up a new box for a customer yesterday, I installed the FreeRadius3 package to go with OpenVPN. As I set it up like our other boxes, I tried creating a user with cleartext and md5 password encryption. But checking it with Diagnostics > Authentication, only the user with cleartext password seems to work. I checked an older box of mine which is set up exactly the same (as far as the obvious things like NAS, Interfaces, EAP settings etc.) and there both kind of users work flawlessly.

      So does anyone has an idea as to why the freshly installed box won't work with md5-crypted passes? Error Log shows:

      Nov 26 09:13:39	radiusd	77042	(3) Login incorrect (Failed retrieving values required to evaluate condition): [jegr/<via Auth-Type = mschap>] (from client localhost port 0)
      

      If I change it to cleartext-password, everything is fine (or check the other testuser with cleartext password). Our other box(es) can test both users with either password setting just fine. Don't understand the difference...

      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I'm not aware of any problems like that.

        Is there maybe some whitespace around the password that got ignored for cleartext but included in the MD5 hash?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • JeGrJ
          JeGr LAYER 8 Moderator
          last edited by

          @jimp said in FreeRadius3: MD5-Password encryption:

          Is there maybe some whitespace around the password that got ignored for cleartext but included in the MD5 hash?

          @jimp
          Nope, double checked that. The internal auth test works with cleartext password, MD5 gets rejected with above error. Don't understand it the least, as my box at home for example is configured exactly the same way and has no problems testing both kinds of users... I'm at a complete loss...

          Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.