Hi,
0x%{base64tohex: %{control:RESTENA-SSHA1-Password1}}
Sorry (again), but this still doesn't get the job done. xlat is now happy and produces a hex value, but it must be doing something wrong; I'm getting "Passwords don't match.". This is today's GIT of 2.x.x. Since this is an en-/decoding thing, I don't mind sending a temporary cleartext password along with the debug. I can confirm that the base64 hash itself is in order: if I send the incoming request to a different virtual server, which uses the DB's SSHA1-Password attribute directly, I can authenticate. Greetings, Stefan Winter # ./radtest swinter Exclamation\!Mark123 127.0.0.1:1812 123 testing123 Sending Access-Request of id 171 to 127.0.0.1 port 1812 User-Name = "swinter" User-Password = "Exclamation!Mark123" NAS-IP-Address = 158.64.2.206 NAS-Port = 123 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=171, length=20 And the relevant part of the debug output is: ++- entering policy redundant {...} [sql-smtp-hash] expand: %{User-Name} -> swinter [sql-smtp-hash] sql_set_user escaped user --> 'swinter' rlm_sql (sql-smtp-hash): Reserving sql socket id: 2 [sql-smtp-hash] expand: (SELECT id, username, 'RESTENA-SSHA1-Password', value, op FROM check_smtp_ssha1 WHERE username='%{SQL-User-Name}') -> (SELECT id, username, 'RESTENA-SSHA1-Password', value, op FROM check_smtp_ssha1 WHERE username='swinter') rlm_sql_mysql: query: (SELECT id, username, 'RESTENA-SSHA1-Password', value, op FROM check_smtp_ssha1 WHERE username='swinter') [sql-smtp-hash] User found in radcheck table rlm_sql (sql-smtp-hash): Released sql socket id: 2 +++[sql-smtp-hash] returns ok ++- policy redundant returns ok expand: %{control:RESTENA-SSHA1-Password} -> oPQYKSRg5w8XWEiJCcNtzKRhUhtJMUQ/WjdCWlVQS2JWN2Qz expand: 0x%{base64tohex: %{control:RESTENA-SSHA1-Password}} -> 0xffff18292460ff0f175848ff09ff6dffff61521b4931443f5a37425a55504b6256376433 ++[control] returns ok ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /usr/local/freeradius/config/raddb/sites-enabled/SMTP +- entering group PAP {...} ++- entering policy pap_hash_debugfallback {...} +++- entering group {...} [pap] login attempt with password "Exclamation!Mark123" [pap] Using SSHA encryption. [pap] Passwords don't match ++++[pap] returns reject ++++? if ("%{control:RESTENA-Debug-Password}" ) expand: %{control:RESTENA-Debug-Password} -> ? Evaluating ("%{control:RESTENA-Debug-Password}" ) -> FALSE ++++? if ("%{control:RESTENA-Debug-Password}" ) -> FALSE [pap] login attempt with password "Exclamation!Mark123" [pap] Using SSHA encryption. [pap] Passwords don't match ++++[pap] returns reject +++- group returns reject ++- policy pap_hash_debugfallback returns reject Failed to authenticate the user. } # server SMTP -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473