openwisp-radius & freeradius only PAP

[Tommaso Feola]

I'll start by saying that I'm new to openwisp: after reading various documentation and some help in chat, I managed to install Openwisp with the RADIUS module. I did several tests with radtest: the authorization only works if I use PAP. If I try to use chap or mschap , rest (using the freeradius -X command) reports that the password is empty. Can anyone give me a tip? Thank you

Tommaso

[Federico Capoano]

The password in the DB is hashed by Django (the framework on which OpenWISP is based), for more info on this, see https://docs.djangoproject.com/en/4.2/topics/auth/passwords/.

We have no way to calculate a different hash, that would mean having to store the password in clear text which we do not do, the other way would be to change the hashing algorithm to be the same used by chap/mschap but these algorithms are too weak nowadays.

At least this is the situation if you want to use the users defined in OpenWISP, if you are storing passwords elsewhere you would need to configure freeradius to look for passwords differently.

Federico

On Wed, 15 Nov 2023 at 08:35, Tommaso Feola <tommas...@gmail.com> wrote:

I'll start by saying that I'm new to openwisp: after reading various documentation and some help in chat, I managed to install Openwisp with the RADIUS module. I did several tests with radtest: the authorization only works if I use PAP. If I try to use chap or mschap , rest (using the freeradius -X command) reports that the password is empty. Can anyone give me a tip? Thank you

Tommaso

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/03a3fd94-80f8-4f0c-a183-f78d6c1090f4n%40googlegroups.com.