<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2900.2873" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN class=190323713-08052006>Hi
Miguel,</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006>Bellow you will find the config I'm using. It works
with Unix Crypt but not with md5 or SHA1. It looks like for md5 or sha1 the
crypt-password attribute has to be changed to MD5-password or SHA1-password.
However my freeRadius doesn't recognize any of these 2 attributes (<FONT
size=2>rlm_sql: unknown attribute SSHA-Password</FONT>). For the time
beeing I'll stick with Unix Crypt.</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006>Please let me know if you find a better
config.</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006>Bogdan.</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN class=190323713-08052006>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Bogdan Dumitriu - Technical
Support Team [mailto:helpdesk22@mycybernet.net] <BR><B>Sent:</B> May 4, 2006
3:40 PM<BR><B>To:</B> 'freeradius-users@lists.freeradius.org'<BR><B>Subject:</B>
FreeRadius + MySQL & Encrypted passwords<BR><BR></FONT></DIV>
<DIV><FONT face=Tahoma size=2><SPAN class=512530219-04052006>Hi
all,</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma size=2><SPAN
class=512530219-04052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma size=2><SPAN class=512530219-04052006>I've been trying to
encrypt the passwords in mySQL using SHA1 or MD5 without any luck for the last
several days.</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma size=2><SPAN
class=512530219-04052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma size=2><SPAN class=512530219-04052006>First let me tell
you a bit about our system:</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma size=2></FONT> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>RedHat ES
4</FONT></SPAN></DIV>
<DIV><FONT face=Tahoma size=2>freeradius-1.0.1-2.RHEL4</FONT></DIV>
<DIV><FONT face=Tahoma size=2>freeradius-mysql-1.0.1-2.RHEL4</FONT></DIV>
<DIV><FONT face=Tahoma
size=2>mysql-server-4.1.7-4.RHEL4.1<BR>mysql-4.1.7-4.RHEL4.1</FONT></DIV>
<DIV><FONT face=Tahoma size=2></FONT> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>Everything works
fine with clear text passwords and if I use Unix Crypt.</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>This is the config
that works with Unix Crypt:</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>radcheck</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>+-----+------------+---------------+----+----------------------------------------------------------+<BR>|
id | UserName | Attribute | op |
Value
|<BR>+-----+------------+---------------+----+----------------------------------------------------------+<BR>|
844 | bogdan | Crypt-Password | == | <FONT face="Times New Roman"
size=3>55MCU5TXMoKsA</FONT>
|<BR>+-----+------------+---------------+----+----------------------------------------------------------+</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>usergroup</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>+-----+------------+-------------+<BR>| id | UserName |
GroupName |<BR>+-----+------------+-------------+<BR>| 844
| bogdan | adsl-static
|<BR>+-----+------------+-------------+</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>radgroupcheck</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>+----+-------------+-----------+----+-------+<BR>| id |
GroupName | Attribute | op | Value
|<BR>+----+-------------+-----------+----+-------+<BR>| 1 |
adsl | Auth-Type | := |
PAP |<BR>| 2 | adsl-static | Auth-Type | := | PAP
|</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>radius.conf</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>-------------</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>...........................</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>modules
{</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>..................</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2> pap
{<BR>
encryption_scheme = crypt<BR>
}</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>....................</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>}</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>authenticate
{</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>..............<BR> Auth-Type
PAP
{<BR>
pap<BR> }</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>...............</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>}</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>This works perfect
!</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>now I want to use
MD5 or SHA1 so I change:</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2> pap
{<BR>
encryption_scheme = sha1 (or
md5)<BR> }</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>and this is what I get in /usr/sbin/radiusd
-X</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006> modcall[authorize]: module "sql"
returns ok for request 0<BR>modcall: group authorize returns ok for request
0<BR> rad_check_password: Found Auth-Type PAP<BR>auth: type
"PAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall:
entering group Auth-Type for request 0<BR>rlm_pap: login attempt by "shipcoadsl"
with password test<BR>rlm_pap: Crypt-Password attribute but encryption scheme is
not set to CRYPT<BR> modcall[authenticate]: module "pap" returns fail for
request 0<BR>modcall: group Auth-Type returns fail for request 0</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>if I change:</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><SPAN class=512530219-04052006><FONT
face=Tahoma
size=2>+-----+------------+---------------+----+----------------------------------------------------------+<BR>|
id | UserName | Attribute | op |
Value
|<BR>+-----+------------+---------------+----+----------------------------------------------------------+<BR>|
844 | bogdan | Crypt-Password | == | {<FONT face="Times New Roman"
size=3>md5}
password</FONT> |<BR>+-----+------------+---------------+----+----------------------------------------------------------+</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><SPAN
class=512530219-04052006></SPAN></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><SPAN
class=512530219-04052006>to:</SPAN></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><SPAN
class=512530219-04052006></SPAN></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><SPAN class=512530219-04052006><SPAN
class=512530219-04052006><FONT face=Tahoma
size=2>+-----+------------+---------------+----+----------------------------------------------------------+<BR>|
id | UserName | Attribute | op |
Value
|<BR>+-----+------------+---------------+----+----------------------------------------------------------+<BR>|
844 | bogdan | User-Password | == | <FONT face="Times New Roman"
size=3><FONT face=Tahoma size=2>{</FONT><FONT face="Times New Roman" size=3>md5}
password</FONT></FONT>
|<BR>+-----+------------+---------------+----+----------------------------------------------------------+</FONT></SPAN></SPAN></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><SPAN
class=512530219-04052006></SPAN></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><SPAN class=512530219-04052006>and this is
what I get:</SPAN></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><SPAN
class=512530219-04052006></SPAN></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>rlm_sql (sql): No matching entry in the
database for request from user [shipcoadsl]<BR>rlm_sql (sql): Released sql
socket id: 4<BR> modcall[authorize]: module "sql" returns notfound for
request 0<BR>modcall: group authorize returns ok for request 0<BR>auth: No
authenticate method (Auth-Type) configuration found for the request: Rejecting
the user<BR>auth: Failed to validate the user.<BR>Login incorrect:
[shipcoadsl/test] (from client TestNAS2 port 0)</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>I also tried changing:</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>radgroupcheck</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>+----+-------------+-----------+----+-------+<BR>| id |
GroupName | Attribute | op | Value
|<BR>+----+-------------+-----------+----+-------+<BR>| 1 |
adsl | Auth-Type | := |
PAP |<BR></FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>to:</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>radgroupcheck</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>+----+-------------+-----------+----+-------+<BR>| id |
GroupName | Attribute | op | Value
|<BR>+----+-------------+-----------+----+-------+<BR>| 1 |
adsl | Auth-Type | :=
| MD5 |</FONT></SPAN></DIV><SPAN class=512530219-04052006><FONT
face=Tahoma size=2></FONT></SPAN></FONT></SPAN></DIV><SPAN
class=512530219-04052006><FONT face=Tahoma size=2><SPAN
class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN></FONT></SPAN></SPAN></DIV><SPAN
class=512530219-04052006><SPAN class=512530219-04052006><FONT face=Tahoma
size=2><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN></FONT></SPAN></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2><SPAN
class=512530219-04052006><SPAN class=512530219-04052006><FONT face=Tahoma
size=2><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN></FONT></SPAN></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2><SPAN
class=512530219-04052006><SPAN class=512530219-04052006><FONT face=Tahoma
size=2><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN></FONT></SPAN></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2><SPAN
class=512530219-04052006><SPAN class=512530219-04052006><FONT face=Tahoma
size=2><SPAN class=512530219-04052006><FONT face=Tahoma size=2>then
add:</FONT></SPAN></FONT></SPAN></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2><SPAN
class=512530219-04052006><SPAN class=512530219-04052006><FONT face=Tahoma
size=2><SPAN class=512530219-04052006><FONT face=Tahoma
size=2></FONT></SPAN></FONT></SPAN></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2><SPAN
class=512530219-04052006><SPAN class=512530219-04052006><FONT face=Tahoma
size=2><SPAN class=512530219-04052006><FONT face=Tahoma size=2>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma size=2>authenticate
{</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>..............<BR>
Auth-Type MD5
{<BR>
pap<BR> }</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>...............</FONT></SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT face=Tahoma
size=2>}</FONT></SPAN></DIV></DIV>
<DIV><BR></DIV></FONT></SPAN></FONT></SPAN></SPAN>
<DIV><SPAN class=512530219-04052006>an I got exactly the same answer as
before!</SPAN></DIV>
<DIV><SPAN class=512530219-04052006><FONT
color=#0000ff></FONT></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>Tried adding to the
radgroupreply:</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>| 26 | adsl-static |
Auth-Type | := |
PAP
| 0 |<BR></DIV></SPAN>
<DIV><SPAN class=512530219-04052006>but still no luck!</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>Is this a bug? What am I
missing?</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006></SPAN><SPAN class=512530219-04052006>Your
help will be greatly appreciated!</SPAN></DIV>
<DIV><SPAN class=512530219-04052006></SPAN> </DIV>
<DIV><SPAN class=512530219-04052006>Thanks,</SPAN></DIV>
<DIV><SPAN
class=512530219-04052006>Bogdan.</SPAN></DIV></FONT></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2><SPAN
class=190323713-08052006></SPAN></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN class=190323713-08052006><FONT
color=#0000ff> </FONT></SPAN></FONT></FONT></DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN
class=190323713-08052006> </SPAN>-----Original Message-----<BR><B>From:</B>
freeradius-users-bounces+helpdesk22=mycybernet.net@lists.freeradius.org
[mailto:freeradius-users-bounces+helpdesk22=mycybernet.net@lists.freeradius.org]
<B>On Behalf Of </B>Miguel Angel Quiles<BR><B>Sent:</B> May 8, 2006 5:34
AM<BR><B>To:</B> FreeRadius users mailing list<BR><B>Subject:</B> Re: FreeRadius
+ MySQL & Encrypted passwords<BR><BR></DIV></FONT></FONT>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV> I would like to find out how to configure freeradius
so I don't have to save clear text passwords in the users file.</DIV>
<DIV>I've been following the mail list but I've seen so many ways of
configuring crypted passwords, md5, .... that right now I've got a mess in my
head.</DIV>
<DIV>If someone can help me, to address me to a tutorial, or a link to a
website where I can find some clear info over this, I would
appreciate.</DIV>
<DIV> </DIV>
<DIV>Thank you.</DIV></BLOCKQUOTE></BODY></HTML>