Following on my adventure with freeradius, I decided to enable mysql and use EAP-TTLS. Having my passwords in SQL, I now want to encrypt them ( MD5 ) and use them to authenticate my user. <br><br>After reading the protocols compatibility matrix ,I saw that with EAP-TTLS, with tunneled PAP, I should be able to do so. <br>
<br>I configured my client (wpa_supplicant) to use EAP=TTLS and phase2="auth=PAP"<br><br>When I look into my radiusd -X log, I can see that I have a "Found Auth-Type = PAP" then "+- entering group PAP {...}". So that confirms my supplicant is correctly configured and that I have uncommented the correct lines in the "sites-enabled/inner-tunnel" to have radius look into mysql.<br>
<br>NOW the questions : <br><br>1- What do I set the "attribute" field to in the radcheck table to use MD5 passwords ?<br>2- What do I set the "attribute" field to in the radgroupcheck IF I have too ( I should'nt have right ? decided by user unless I want to lock them out of a method (read something like that in the radius files) )<br>
3- Is there a good reference to setup the mysql database to use authentication ? Frankly, the ammount of questions and conflicting information found on google is not helping.<br><br>radiusd -X :<br><br>++[sql] returns ok<br>
++[expiration] returns noop<br>++[logintime] returns noop<br>++[pap] returns updated<br>Found Auth-Type = PAP<br>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>!!! Replacing User-Password in config items with Cleartext-Password. !!!<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>!!! Please update your configuration so that the "known good" !!!<br>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>+- entering group PAP {...}<br>[pap] login attempt with password "unpassword" <-- Password sent by supplicant<br>
[pap] Using clear text password "$apr1$52gvO/..$3EWsna/pFsS3YSrKNmIcW0" <-- Password in mysql table.<br><br><br>Mysql : <br><br>mysql> select * from radcheck;<br>+----+----------+-----------+----+---------------------------------------+<br>
| id | username | attribute | op | value |<br>+----+----------+-----------+----+---------------------------------------+<br>| 1 | myuser | Password | := | $apr1$52gvO/..$3EWsna/pFsS3YSrKNmIcW0 | <br>
+----+----------+-----------+----+---------------------------------------+<br>1 row in set (0.00 sec)<br><br><br>-- <br>Philippe-Alexandre Lemelin<br>