No I didn't hex encode it. I'm using a stock freeradius 2.1.12 coming with Ubuntu 14.04 The table has been created as follows: This is the table schema CREATE TABLE `accounts_dummy` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(45) NOT NULL, `hash` varchar(255) NOT NULL, `salt` varchar(45) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id_UNIQUE` (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; And insert the user as follows echo "INSERT INTO `accounts_dummy` (`id`, `username`, `hash`, `salt`) VALUES ('1', 'freddi', '$( echo -n "wilmaberlin" | openssl sha1)', 'berlin');" > insert_user.sql After insertion I made sure that the sha1 in the db is: ae5fb20004bd032779db7ecb7eda7973fa25d281 On Mon, Aug 10, 2015 at 9:44 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On Aug 10, 2015, at 3:38 PM, Moataz Elmasry < zaza1851983ml@googlemail.com> wrote:
Hi Arran and thanks for the quick reply
Unfortunately I can't seem to get it running, getting a "[pap] Passwords don't match" error
Here's the simplest example I could come up with:
username: freddi password: wilma salt: berlin
Then hashed the password+salt: echo -n "wilmaberlin" | openssl sha1 (stdin)= ae5fb20004bd032779db7ecb7eda7973fa25d281
In the users table, the hash is set to that sha1, while salt=berlin
Then here's the configuration from sites-enabled/default:
update control { Tmp-String-0 := "%{sql:SELECT hash FROM accounts WHERE username = '%{User-Name}'}" Tmp-String-1 := "%{sql:SELECT salt FROM accounts WHERE username = '%{User-Name}'}" }
update control { SSHA-Password := "%{control:Tmp-String-0}%{control:Tmp-String-1}" }
I removed the 0x before the password value, so that it gets normalized
Is the salt hex encoded also when it comes out of the db?
-Arran