<font face="courier new,monospace">Hello,<br><br>I know this question has been asked many times before yet I could not find a solution to my problem:<br><br>On
debian squeeze, I installed freeradius 2.1.10 and use mysql (5.1.49)
for the authentication (I uncommented the line "sql" in the 'authorize'
and 'accounting' sections of /etc/freeradius/sites-available/default )<br>
<br>When I test with the following command:<br><br>root@my-machine:~# radtest sqltest testpwd localhost 1812 testing123<br>Sending Access-Request of id 116 to 127.0.0.1 port 1812<br> User-Name = "sqltest"<br>
User-Password = "testpwd"<br> NAS-IP-Address = 10.50.1.3<br> NAS-Port = 1812<br>rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=116, length=20<br><br>it receives the authorization correctly. It works fine...<br>
<br>Yet, on the debugging messages, I see the following (famous) message:<br><br>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>!!! Replacing User-Password in config items with Cleartext-Password. !!!<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>!!! Please update your configuration so that the "known good" !!!<br>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br><br><br>I have read in the messages archive that I should<br>"replace in your configuration (either user file or database) all occurrences of "User-Password" with "Cleartext-Password"."<br>
<br>Yet in my DB, I have:<br><br>mysql> select * from radcheck;<br>+----+----------+-----------+----+---------+<br>| id | username | attribute | op | value |<br>+----+----------+-----------+----+---------+<br>| 1 | sqltest | Password | == | testpwd |<br>
+----+----------+-----------+----+---------+<br><br>If I change the
attribute to "Cleartext-Password" instead of "Password", the connection
is rejected (ERROR: No authenticate method (Auth-Type) found for the
request: Rejecting the user)<br>
<br>I did grep "Cleartext" in /etc/freeradius/* but found nothing.<br><br>Should I really worry about that warning and if yes, how can I get rid of that message?<br><br>DEBUG INFO:<br>-----------<br>Ready to process requests.<br>
rad_recv: Access-Request packet from host 127.0.0.1 port 35731, id=116, length=59<br> User-Name = "sqltest"<br> User-Password = "testpwd"<br> NAS-IP-Address = 10.50.1.3<br> NAS-Port = 1812<br>
# Executing section authorize from file /etc/freeradius/sites-enabled/default<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>
[suffix] No '@' in User-Name = "sqltest", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>[sql] expand: %{User-Name} -> sqltest<br>
[sql] sql_set_user escaped user --> 'sqltest'<br>rlm_sql (sql): Reserving sql socket id: 3<br>[sql]
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'sqltest' ORDER BY id<br>
WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br>[sql] User found in radcheck table<br>[sql]
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'sqltest' ORDER BY id<br>
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username =
'sqltest' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 3<br>++[sql] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>++[pap] returns updated<br>Found Auth-Type = PAP<br>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
!!! Replacing User-Password in config items with Cleartext-Password. !!!<br>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>!!! Please update your configuration so that the "known good" !!!<br>
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<br>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br># Executing group from file /etc/freeradius/sites-enabled/default<br>
+- entering group PAP {...}<br>[pap] login attempt with password "testpwd"<br>[pap] Using clear text password "testpwd"<br>[pap] User authenticated successfully<br>++[pap] returns ok<br># Executing section post-auth from file /etc/freeradius/sites-enabled/default<br>
+- entering group post-auth {...}<br>++[exec] returns noop<br>Sending Access-Accept of id 116 to 127.0.0.1 port 35731<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 116 with timestamp +2<br>
Ready to process requests<br><br>---------------<br><br>I did read 'man rlm_pap' as suggested but could not find the solution.<br><br>Here is an excerpt of my /etc/freeradius/sites-available/default :<br><br>authorize {<br>
preprocess<br> chap<br> mschap<br> digest<br> suffix<br> eap {<br> ok = return<br> }<br> sql<br> expiration<br> logintime<br> pap<br>}<br><br>authenticate {<br>
Auth-Type PAP {<br> pap<br> }<br><br> Auth-Type CHAP {<br> chap<br> }<br><br> Auth-Type MS-CHAP {<br> mschap<br> }<br><br> digest<br>
unix<br> eap<br>}<br><br><br>Any help would be greatly appreciated.<br><br>Yannick</font>