Hi to all.<br><br>I've this configuration:<br><br>- freeradius 2.x<br>- in mysql i have user "rosario" with attribute "NT-Passwors" and value "NTHash of my password"<br><br>when i try to use radtest works greatlly.<br>
But i have a web library the try to authenticate the same user "rosario" but in "user-password" it put (i think) an NT-challenge password.<br>This is the log of freeradius.<br><br>rad_recv: Access-Request packet from host 127.0.0.1 port 51435, id=32, length=85<br>
NAS-Identifier = "radius2"<br> NAS-Port-Type = Virtual<br> Service-Type = Framed-User<br> Framed-Protocol = PPP<br> Calling-Station-Id = "127.0.0.1"<br> User-Name = "rosario"<br>
User-Password = "\202\204\005\340-\275\341\344u\351-\310L$\260\242"<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br> expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/<a href="http://127.0.0.1/auth-detail-20100311">127.0.0.1/auth-detail-20100311</a><br>
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/<a href="http://127.0.0.1/auth-detail-20100311">127.0.0.1/auth-detail-20100311</a><br> expand: %t -> Thu Mar 11 15:31:56 2010<br>
++[auth_log] returns ok<br>++[mschap] returns noop<br>[ntdomain] No '\' in User-Name = "rosario", looking up realm NULL<br>[ntdomain] No such realm "NULL"<br>++[ntdomain] returns noop<br>[suffix] No '@' in User-Name = "rosario", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[files] returns noop<br> expand: %{User-Name} -> rosario<br>[sql] sql_set_user escaped user --> 'rosario'<br>
rlm_sql (sql): Reserving sql socket id: 4<br> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rosario' ORDER BY id<br>
[sql] User found in radcheck table<br> expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rosario' ORDER BY id<br>
expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'rosario' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 4<br>++[sql] returns ok<br>WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br> expand: %{Stripped-User-Name:-%{User-Name}} -> rosario<br>
[sql_meeting] sql_set_user escaped user --> 'rosario'<br>rlm_sql (sql_meeting): Reserving sql socket id: 4<br> expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'rosario' ORDER BY id<br>
expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='rosario'<br>rlm_sql (sql_meeting): Released sql socket id: 4<br>[sql_meeting] User rosario not found<br>
++[sql_meeting] returns notfound<br>WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br> expand: %{Stripped-User-Name:-%{User-Name}} -> rosario<br>[sql_biblio] sql_set_user escaped user --> 'rosario'<br>
rlm_sql (sql_biblio): Reserving sql socket id: 4<br> expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'rosario' ORDER BY id<br>
expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='rosario'<br>rlm_sql (sql_biblio): Released sql socket id: 4<br>[sql_biblio] User rosario not found<br>
++[sql_biblio] returns notfound<br>WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br> expand: %{Stripped-User-Name:-%{User-Name}} -> rosario<br>[sql_signum] sql_set_user escaped user --> 'rosario'<br>
rlm_sql (sql_signum): Reserving sql socket id: 4<br> expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'rosario' ORDER BY id<br>
expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='rosario'<br>rlm_sql (sql_signum): Released sql socket id: 4<br>[sql_signum] User rosario not found<br>
++[sql_signum] returns notfound<br>[pap] Normalizing NT-Password from hex encoding<br>++[pap] returns updated<br>Found Auth-Type = PAP<br>+- entering group PAP {...}<br>[pap] login attempt with password "???�-���u�-�L$��"<br>
[pap] Using NT encryption.<br>[pap] rlm_mschap: NT-Hash: ???�-���u�-�L$��<br>[pap] rlm_mschap: NT-Hash: Result: 9bf2e48c667225847414c60fd3b16ce0<br> expand: %{mschap:NT-Hash ???�-���u�-�L$��} -> 9bf2e48c667225847414c60fd3b16ce0<br>
[pap] Passwords don't match<br>++[pap] returns reject<br>Failed to authenticate the user.<br>Login incorrect (rlm_pap: NT password check failed): [rosario] (from client localhost port 0 cli 127.0.0.1)<br> WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!<br>
Using Post-Auth-Type Reject<br> WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.<br>Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>
Sending delayed reject for request 0<br>Sending Access-Reject of id 32 to 127.0.0.1 port 51435<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 51435, id=32, length=85<br>Sending duplicate reply to client localhost port 51435 - ID: 32<br>
Sending Access-Reject of id 32 to 127.0.0.1 port 51435<br>Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 32 with timestamp +7<br>Ready to process requests.<br><br><br>I think that rlm_pap try to hashing a not cleartext-password and so it doesn't work.<br>
How can I tell to rlm_pap to do the right thing, otherwise to try to hash a cleartect-password and do something (that i don't know) if not?<br><br>Thanks.<br><br>Rosario<br clear="all"><br>-- <br>Rosario L. <br>