FreeRadius + MySQL & Encrypted passwords

Bogdan Dumitriu - Technical Support Team helpdesk22 at mycybernet.net
Thu May 4 23:22:12 CEST 2006


Thanks Alan,

Changed:

 | 844 | bogdan | Crypt-Password | == | 55MCU5TXMoKsA |

To
 | 844 | bogdan | SSHA-Password | == | 55MCU5TXMoKsA |

And
        pap {
                encryption_scheme = sha1
        }

And it says:

rlm_sql: unknown attribute SSHA-Password




However the output significantly changed. It looks like it's now trying
the user in all the groups:

rad_recv: Access-Request packet from host 206.186.81.100:4147, id=76,
length=50
        User-Name = "shipcoadsl"
        User-Password = "test"
rad_lowerpair:  User-Name now 'shipcoadsl'
rad_rmspace_pair:  User-Name now 'shipcoadsl'
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_sql (sql): - sql_groupcmp
radius_xlat:  'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat:  'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query:  SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
dialup
rlm_sql (sql): - sql_groupcmp
radius_xlat:  'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat:  'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query:  SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
idm
rlm_sql (sql): - sql_groupcmp
radius_xlat:  'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat:  'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query:  SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): Released sql socket id: 2
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
ikano
rlm_sql (sql): - sql_groupcmp
radius_xlat:  'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat:  'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query:  SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): Released sql socket id: 1
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
adsl
rlm_sql (sql): - sql_groupcmp
radius_xlat:  'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat:  'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query:  SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): - sql_groupcmp finished: User belongs in group
adsl-static
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "preprocess" returns ok for request 0
    rlm_realm: No '@' in User-Name = "shipcoadsl", looking up realm NULL
    rlm_realm: Found realm "NULL"
    rlm_realm: Adding Stripped-User-Name = "shipcoadsl"
    rlm_realm: Proxying request from user shipcoadsl to realm NULL
    rlm_realm: Adding Realm = "NULL"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0
radius_xlat:  'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'shipcoadsl' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = 'shipcoadsl' ORDER BY id
rlm_sql: unknown attribute SMD5-Password
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns fail for request 0
modcall: group authorize returns fail for request 0
There was no response configured: rejecting request 0
Server rejecting request 0.
Finished request 0



-----Original Message-----
From:
freeradius-users-bounces+helpdesk22=mycybernet.net at lists.freeradius.org
[mailto:freeradius-users-bounces+helpdesk22=mycybernet.net at lists.freerad
ius.org] On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: May 4, 2006 4:27 PM
To: FreeRadius users mailing list
Subject: Re: FreeRadius + MySQL & Encrypted passwords


Hi,

> I've been trying to encrypt the passwords in mySQL using SHA1 or MD5 
> without any luck for the last several days.
>  
> ---------------------------+
> | 844 | bogdan | Crypt-Password | == | 55MCU5TXMoKsA |
> +-----+------------+---------------+----+-----------------------------
> +-----+------------+---------------+----+--

okay. attribute set to Crypt-Password. however, when you changed to SHA1
or MD5 you DIDNT change this attribute. from the Documentation, you can
see

       Header       Attribute          Description
       ------       ---------          -----------
       {clear}      User-Password      clear-text passwords
       {cleartext}  User-Password      clear-text passwords
       {crypt}      Crypt-Password     Unix-style "crypt"ed passwords
       {md5}        MD5-Password       MD5 hashed passwords
       {smd5}       SMD5-Password      MD5 hashed passwords, with a salt
       {sha}        SHA-Password       SHA1 hashed passwords
       {ssha}       SSHA-Password      SHA1 hashed passwords, with a
salt
       {nt}         NT-Password        Windows NT hashed passwords
       {x-nthash}   NT-Password        Windows NT hashed passwords
       {lm}         LM-Password        Windows Lan Manager (LM)
passwords.

the error log posted clearly showed rlm_pap bleating away that it was
being told to use MD5 or SHA but that only Crypt-Password attribute was
present. 

alan
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list