AW: using encrypted passwords in users file or sql-radcheck table

Alan Dekok aland at deployingradius.com
Wed May 30 14:47:22 CEST 2007


Rascher, Markus wrote:
> With pap I'm running into problems...
> Can u give me an example config?
> 
> In users-File I have: (Password is 'testpwd')
> testuser        Auth-Type = PAP, MD5-Password == "$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0"

  Don't set Auth-Type.  I have NO idea why so many people are fascinated
with setting it.

  Use ":=" for the MD5-Password, not "==".  See "man users" for why.

> modules {
>         pap {
>              encryption_scheme = MD5

  Why?  If you're using the most recent version, the documentation in
"man rlm_pap", and the comments in radiusd.conf make it clear that the
"encryption_scheme" configuration option shouldn't be used.

> authorize {
> #       preprocess
>         files
> }

  Why?  You've gone to a lot of trouble to remove everything from the
"authorize" section.  The documentation in "radiusd.conf" at the end of
the "authorize" section says you should list "pap".  The documentation
in "man rlm_pap" says the same thing.

...
> modcall: entering group authorize for request 0
>     users: Matched entry DEFAULT at line 184

  i.e. it didn't match the entry you posted above.  It didn't match
because the format of the entry was wrong.

> Problem: the entry in the users-File for testuser doesn't match..
> Whats my mistake?

  You haven't read the documentation.  You haven't read the comments in
the config files you're editing.  You've done a LOT of work to break the
default configuration.

  FreeRADIUS ships with a default configuration that works in the widest
possible set of circumstances.  If you don't understand the
configuration, CHANGE AS LITTLE AS POSSIBLE.

  I will also not you're either running an older version, which is not
recommended, or you didn't follow my previous recommendation to read
"man rlm_pap"

  Read the documentation.  Don't destroy the default configuration.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list