Save Passwords Encrypted in DB

Nasser Heidari nasser at rasana.net
Mon Sep 6 20:21:13 CEST 2010


root at tradius:~# cat /etc/raddb/users 
DEFAULT Auth-Type := Local, Simultaneous-Use := 1
        Fall-Through = Yes
 
------------------------------------------
 
root at tradius:~# radtest nasser plainpass 127.0.0.1:1812 1700 adminsecret
Sending Access-Request of id 155 to 127.0.0.1 port 1812
        User-Name = "nasser"
        User-Password = "plainpass"
        NAS-IP-Address = 192.168.7.254
        NAS-Port = 1700
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=155, length=20

------------------------------------------

rad_recv: Access-Request packet from host 127.0.0.1 port 49986, id=155, length=65
        User-Name = "nasser"
        User-Password = "plainpass"
        NAS-IP-Address = 192.168.7.254
        NAS-Port = 1700
Tue Sep  7 10:39:22 2010 : Info: +- entering group authorize {...}
Tue Sep  7 10:39:22 2010 : Info: ++[preprocess] returns ok
Tue Sep  7 10:39:22 2010 : Info: [files] users: Matched entry DEFAULT at line 1
Tue Sep  7 10:39:22 2010 : Info: ++[files] returns ok
Tue Sep  7 10:39:22 2010 : Info: [suffix] No '@' in User-Name = "nasser", looking up realm NULL
Tue Sep  7 10:39:22 2010 : Info: [suffix] No such realm "NULL"
Tue Sep  7 10:39:22 2010 : Info: ++[suffix] returns noop
Tue Sep  7 10:39:22 2010 : Info: [sql]     expand: %{User-Name} -> nasser
Tue Sep  7 10:39:22 2010 : Info: [sql] sql_set_user escaped user --> 'nasser'
Tue Sep  7 10:39:22 2010 : Debug: rlm_sql (sql): Reserving sql socket id: 19
Tue Sep  7 10:39:22 2010 : Info: [sql]     expand: call usercheck('%{SQL-User-Name}') -> call usercheck('nasser')
Tue Sep  7 10:39:22 2010 : Debug: rlm_sql_mysql: query:  call usercheck('nasser')
Tue Sep  7 10:39:22 2010 : Info: [sql] User found in radcheck table
Tue Sep  7 10:39:22 2010 : Info: [sql]     expand: call userreply('%{SQL-User-Name}') -> call userreply('nasser')
Tue Sep  7 10:39:22 2010 : Debug: rlm_sql_mysql: query:  call userreply('nasser')
Tue Sep  7 10:39:22 2010 : Debug: rlm_sql (sql): Released sql socket id: 19
Tue Sep  7 10:39:22 2010 : Info: ++[sql] returns ok
GOT CLONE -1219773760 0x86eea50
Tue Sep  7 10:39:22 2010 : Info: ++[logintime] returns noop
Tue Sep  7 10:39:22 2010 : Info: [reply_log]    expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/127.0.0.1/reply-detail-20100907
Tue Sep  7 10:39:22 2010 : Info: [reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20100907
Tue Sep  7 10:39:22 2010 : Info: [reply_log]    expand: %t -> Tue Sep  7 10:39:22 2010
Tue Sep  7 10:39:22 2010 : Info: ++[reply_log] returns ok
Tue Sep  7 10:39:22 2010 : Info: Found Auth-Type = Local
Tue Sep  7 10:39:22 2010 : Info: WARNING: Please update your configuration, and remove 'Auth-Type = Local'
Tue Sep  7 10:39:22 2010 : Info: WARNING: Use the PAP or CHAP modules instead.
Tue Sep  7 10:39:22 2010 : Info: User-Password in the request does NOT match "known good" password.
Tue Sep  7 10:39:22 2010 : Info: Failed to authenticate the user.
Tue Sep  7 10:39:22 2010 : Auth: Login incorrect: [nasser/plainpass] (from client admincheck port 1700)
Tue Sep  7 10:39:22 2010 : Info: Using Post-Auth-Type Reject
Tue Sep  7 10:39:22 2010 : Info: +- entering group REJECT {...}
Tue Sep  7 10:39:22 2010 : Info: ++[sql] returns ok
Tue Sep  7 10:39:22 2010 : Info: [reply_log]    expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/127.0.0.1/reply-detail-20100907
Tue Sep  7 10:39:22 2010 : Info: [reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20100907
Tue Sep  7 10:39:22 2010 : Info: [reply_log]    expand: %t -> Tue Sep  7 10:39:22 2010
Tue Sep  7 10:39:22 2010 : Info: ++[reply_log] returns ok
Tue Sep  7 10:39:22 2010 : Info: Delaying reject of request 0 for 3 seconds
Tue Sep  7 10:39:22 2010 : Debug: Going to the next request
Tue Sep  7 10:39:22 2010 : Debug: Waking up in 0.9 seconds.
Tue Sep  7 10:39:23 2010 : Debug: Waking up in 1.9 seconds.
Tue Sep  7 10:39:25 2010 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 155 to 127.0.0.1 port 49986
Tue Sep  7 10:39:25 2010 : Debug: Waking up in 9.9 seconds.
Tue Sep  7 10:39:35 2010 : Info: Cleaning up request 0 ID 155 with timestamp +17
Tue Sep  7 10:39:35 2010 : Info: Ready to process requests.
^C
root at tradius:~# 

________________________________

From: freeradius-users-bounces+nasser=rasana.net at lists.freeradius.org on behalf of Alan DeKok
Sent: Mon 9/6/2010 7:49 PM
To: FreeRadius users mailing list
Subject: Re: Save Passwords Encrypted in DB



Nasser Heidari wrote:
> But no success, also I add Password-With-Header := "{crypt}" to my
> sql.conf but no success !
> Do I missing something ?

  See the FAQ for "it doesn't work"

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 7287 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100906/90873b5c/attachment.bin>


More information about the Freeradius-Users mailing list