Problem with MD5 Authentication and PAP
Alan DeKok
aland at deployingradius.com
Sat Nov 10 07:36:33 CET 2007
Jonathan Wong wrote:
> I am running Freeradius 1.1.4, MySQL, MD5, and PAP.
Upgrade to 1.1.7.
> Another weird thing is when I have PAP and MD5 set, and I do not have
> a radgroupcheck entry for my group, I can get authenticated by putting
> the MD5 Hash as my password. For example, if my MD5 hash was "abcd…",
> I would have to use "abcd…" as my password, and I would get an
> access-accept.
Because it's not processing the password as an MD5 hash. It's
processing the password as a text string.
Upgrade to 1.1.7, and make sure you have the *correct* configuration
for the "pap" module. There are some new configuration items, so go
read the comments in radiusd.conf.
Also make sure that "pap" is listed *last* in the "authorize" section,
just like with the default radiusd.conf in 1.1.7.
Then, update your DB:
> +----+----------+-----------+----+----------------------------------+
>
> | 36 | stryker8 | Password | := | 5f4dcc3b5aa765d61d8327deb882cf99 |
>
> +----+----------+-----------+----+----------------------------------+
Change "Password" to "MD5-Password".
> rlm_sql: Failed to create the pair: Unknown attribute "MD5-Password"
You upgraded to 1.1.4 from an older version, and aren't using the new
dictionaries.
Alan DeKok.
More information about the Freeradius-Users
mailing list