help.. MD5 with PAP

Alan DeKok aland at deployingradius.com
Wed Feb 13 15:19:58 CET 2008


cengiz coþkun wrote:
> Hi, 
> I have configured freeradius 2.0.0 EAP-ttls and
> configured a mysql db to store the users. 
> It was working fine until i recently decided to
> convert the database-stored passwords to md5
> encryption.

  Store the passwords as "MD5-Password".  See "man rlm_pap".

  You do NOT need to edit anything in the default configuration.

> 	Auth-Type md5 {
> 		pap

  This is not necessary.  Delete it.

> 	pap {
>                 encryption_scheme = md5 
> authtype = md5 
> 		auto_header =  yes

  Did you even read the comments in radiusd.conf for the "pap" module?
The "encryption_scheme" should *not* be used in 2.0, and it is *not*
documented as a working configuration.

-+----------------------+----------------+----+----------------------------------+----------------------+
> | 90 | t1                   | Crypt-Password | := |
> 83f1535f99ab0bf4e9d02dfd85d3e3f7 | cengiz             

  Read "man rlm_pap".  Really, it explains almost everything...

> and the following in radgroupcheck table. 
> +----+-----------+--------------+----+-------------+
> | id | groupname | attribute    | op | value       |
> +----+-----------+--------------+----+-------------+
> |  1 | dynamic   | Auth-Type    | := | MD5         | 

  Delete that entry.  It's wrong.

  Alan DeKok.



More information about the Freeradius-Users mailing list