Issues with rlm_pap

Deramus, Chris Chris.Deramus at hq.doe.gov
Mon Mar 19 19:34:48 CET 2007 

To all,

I am finally attempting to upgrade from version 1.1.3 to 1.1.5 and have
encountered an issue when attempting to use pap to authenticate users
with the new auto_header feature. The Cisco NAS I have used over the
past three years has always sent the user password to FreeRADIUS in
clear-text, and then I would have encryption_scheme set to MD5 to
compare the sent password to the MD5 value in the database.

This no longer seems to work, as FreeRADIUS seems to be attempting to
compare the clear-text password with the MD5 password returned from the
database. I'm guessing it's an oversight on my end, and wanted to see if
anyone on this list noticed anything. I have included portions of my
radiusd.conf and users files which are pertinent to this issue. 

users
//----------
DEFAULT NAS-IP-Address == "192.168.1.1", Autz-Type := sql1
DEFAULT NAS-IP-Address == "192.168.2.1", Autz-Type := sql2

radiusd.conf
//----------

modules {
	pap {
        	auto_header = yes
      }
}

authorize {
	preprocess
	autztype sql1 {
		sql
	}
	autztype sql2 {
		sql2
	}
	files
	pap
}

authenticate {
	Auth-Type PAP {
		pap
	}
}

rad_recv: Access-Request packet from host 192.168.1.1:32805, id=3,
length=70
        User-Name = "test.user"
        User-Password = "testpassword"
        CVPN3000-Auth-Server-Priority = 2
        NAS-IP-Address = 192.168.1.1
        NAS-Port-Type = Virtual
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
    users: Matched entry DEFAULT at line 151
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  Found Autz-Type sql1
  Processing the authorize section of radiusd.conf
modcall: entering group sql1 for request 0
radius_xlat:  'test.user'
rlm_sql (sql): sql_set_user escaped user --> 'test.user'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
UserName = '265100' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 9
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 9
  modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group sql1 (returns ok) for request 0
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.
Login incorrect: [test.user/testpassword] (from client 192.168.1.1 port
0)
Delaying request 0 for 2 seconds
Finished request 0

Thanks in advance,

Chris DeRamus
HQ VPN Administrator
SAIC

More information about the Freeradius-Users mailing list