On Wednesday 18 April 2007 16:39:27 Sebastian Firpo wrote:
Hi, I migrated a freeradius server from version 0.6 to 1.5. I'm using a users file for authorize.
Wow, that's quite a leap. I assume from 0.6 to 1.1.5?
The server don't authorize and when a do a debug (radiusd -X) I saw the User-password in clear text. If I modify the User-password in the users file by the clear text one it works.
Here are the debug and an entry of the users file:
Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.12.4.2:1645, id=91, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "sebas" Calling-Station-Id = "10.11.1.25" User-Password = "hello" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched entry sebas at line 50 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 0 for 1 seconds
users file
sebas Auth-Type := Local, Crypt-Password == "(!lGOOlHaBWoQ" Service-Type = Administrative-User, Cisco-AVPair = "shell:priv-lvl=15"
Thanks very much!!
Don't set Auth-Type, the server will figure it out. The operator for Crypt-Password should be changed to := as well. Kevin Bonner