On Thursday, November 18, 2010 09:40:26 am Kenneth Marshall wrote:
On Wed, Nov 17, 2010 at 05:00:19PM -0500, William wrote:
On Wednesday, November 17, 2010 04:24:32 pm Kenneth Marshall wrote:
On Wed, Nov 17, 2010 at 04:15:47PM -0500, William wrote:
Greetings,
First, Thanks Alan DeKok. That was exactly what I needed for
NAS_Showt_Name.
Second, I just discovered a new issue. Not sure if this is a radius or a
MySQL issue.
When I crypt a password (MySQL CRYPT command) the password matches anything and everything that matches the first 8 characters of the password.
Is this a limitation of Radius crypt or is it a Mysql crypt ? I need 16+ character password that match.
Wm
Crypt has an 8 character limit in its specification. Some screwy systems play tricks like using the first 7 chars + the last char of a string longer than 8 chars (MacOS) instead of just the first 8, but it is still eight chars. You will need to use another encoding system for more characters.
What attribute would I use instead of Crypt-Password ? I tried MD5-Password and a couple of others, but I can find no documentation on anything other than User-Password, Crypt-Password, ClearText-Password, and CHAP-Password.
Wm
Crypt-Password just holds the encrypted password. It is up to you
I tried a MD5 password of "testpassword" so that table has: ID|username|attribute...................|op..|value. 1 | testuser | Crypt-Password | == | e16b2ab8d12314bf4efbd6203906ea6c using SQL command that contained: SET `value` = MD5( 'testpassword' ) Radius claims the password is incorrect when I test it. ** Result from radius -X: (attribute set to CRYPT-Password) <snip> +- entering group PAP {...} [pap] login attempt with password "testpassword" [pap] Using CRYPT encryption. [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Login incorrect (rlm_pap: CRYPT password check failed): [testuser/testpassword] (from client Local2 port 12) **Result from radiusd -X: (attribute set to MD5-Password) [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [testuser/testpassword] (from client Local2 port 12) Using Post-Auth-Type Reject I tried with attribute as MD5-Password. I've read the man rlm_pap man-file. I saw the section marked Header. How/where do I need to add that? or is it auto-magic? I even tried {md5}<encrypted password here> still claoms php can't find a known good password. I tried with pap's auto-header set to yes... Nothing seems to work. Any pointers or suggestions? Wm