On 28 Aug 2015, at 00:54, Noel Butler <noel.butler@ausics.net> wrote:
Howdy,
Building new radius setup, and in test bed using freeradius at present, I see v3 uses SHA-2, great, it's what we are trying, but when inserting into mariadb $6$salt$foobarqwerty.... does not seems not to work (clear text of course does but thats not an option in 2015) does it expect it in some other format?
FreeRADIUS doesn't need to support SHA2 for this, you just need to put the password in the right control attribute, so FreeRADIUS will treat it as a crypt password. update control { &Crypt-Password := "<value from db or other attribute>" } pap FreeRADIUS will then call crypt(), and if your system's crypt function understands the format, it should all work fine. If your systems crypt function does not support SHA2-512 then you need to break out the components. if ("<sql query/password attr>" =~ /\$6\$([^$]+)\$(.*)/) { update control { SSHA2-512-Password := "%{2}%{1}" } } -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2