Hi, I am running Freeradius 1.1.4, MySQL, MD5, and PAP. For some reason, I cannot get authenticated using MD5 and PAP. The logins keep failing, and the logs says that I do not have a password set. When I use crypt and clear as the encryption schemes, I am able to get authenticated. The problem is that I am getting an md5 feed, so I have to use MD5. Can someone please help me figure out what I am doing wrong? Please let me know if other information is needed. Another weird thing is when I have PAP and MD5 set, and I do not have a radgroupcheck entry for my group, I can get authenticated by putting the MD5 Hash as my password. For example, if my MD5 hash was "abcd…", I would have to use "abcd…" as my password, and I would get an access-accept. #######Radiusd.conf######### modules{ pap { encryption_scheme = md5 } } authorize { preprocess auth_log sql } authenticate { Auth-Type PAP { pap } } ####### radcheck table entry ######### +----+----------+-----------+----+----------------------------------+ | id | UserName | Attribute | op | Value | +----+----------+-----------+----+----------------------------------+ | 36 | stryker8 | Password | := | 5f4dcc3b5aa765d61d8327deb882cf99 | +----+----------+-----------+----+----------------------------------+ ####### radreply table entry ######### +----+----------+-----------+----+----------------+ | id | UserName | Attribute | op | Value | +----+----------+-----------+----+----------------+ | 36 | stryker8 | Class | = | OU=utnet-staff | +----+----------+-----------+----+----------------+ ####### radgroupcheck table entry ######### +----+-------------+-----------+----+-------+ | id | GroupName | Attribute | op | Value | +----+-------------+-----------+----+-------+ | 8 | utnet-staff | Auth-Type | := | PAP | +----+-------------+-----------+----+-------+ ####### radiusd –X log ######### rad_recv: Access-Request packet from host 128.83.135.171:3335, id=5, length=48 User-Name = "stryker8" User-Password = "password" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 radius_xlat: '/var/log/radius/radacct/128.83.135.171/auth-detail-20071109' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/128.83.135.171/auth-detail-20071109 modcall[authorize]: module "auth_log" returns ok for request 1 radius_xlat: 'stryker8' rlm_sql (sql): sql_set_user escaped user --> 'stryker8' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'stryker8' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'stryker8' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'stryker8' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'stryker8' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'stryker8' ORDER BY id' rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'stryker8' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'stryker8' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'stryker8' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type PAP auth: type "PAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 1 rlm_pap: login attempt with password password rlm_pap: No password configured for the user. Cannot do authentication modcall[authenticate]: module "pap" returns fail for request 1 modcall: group Auth-Type returns fail for request 1 auth: Failed to validate the user. Login incorrect: [stryker8] (from client JW-Client port 0) -------- Also, since I am running 1.1.4, I tried using the auto-header in PAP, instead of the encryption_scheme. I set auto_header = yes in the pap module in radiusd.conf I set my Attribute to "MD5-Password" in the radcheck table. I added "pap" to the end of the Authorize Module in radiusd.conf I get the following error: radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'stryker8' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'stryker8' ORDER BY id rlm_sql: Failed to create the pair: Unknown attribute "MD5-Password" rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns fail for request 2 modcall: group authorize returns fail for request 2 There was no response configured: rejecting request 2 Server rejecting request 2. Thanks for your help in advance! Jonathan