Hello all. I'm trying to get FreeRADIUS to authenticate against MD5 passwords. Here's the relevant part of my config... ............ modules { pap { encryption_scheme = md5 } ...... instantiate { #mysqlcounter } authorize { preprocess sql } authenticate { pap } preacct { preprocess } accounting { #acct_unique #detail sql radutmp # ? } session { radutmp # ? sql } [end of file] I have the passwords in my database as MD5 (I have included a testuser2 with a plaintext password for troubleshooting): id UserName Attribute op Value 1 testuser1 Password == ae2b1fca515949e5d54fb22b8ed95575 2 testuser2 Password == testing What do I need to do to make FreeRADIUS authenticate passwords sent as plaintext to it from a client NAS, to MD5 stored in the database? Is this possible? (please see attempt logs below) Regards, Jan Mulders ### client request ### www~# radtest testuser1 testing localhost:1812 3 testing123 Sending Access-Request of id 111 to 127.0.0.1 port 1812 User-Name = "testuser1" User-Password = "testing" NAS-IP-Address = 255.255.255.255 NAS-Port = 3 Re-sending Access-Request of id 111 to 127.0.0.1 port 1812 User-Name = "testuser1" User-Password = "testing" NAS-IP-Address = 255.255.255.255 NAS-Port = 3 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=111, length=20 0www~# ### radiusd log ### Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:49086, id=111, length=61 User-Name = "testuser1" User-Password = "testing" NAS-IP-Address = 255.255.255.255 NAS-Port = 3 rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): No matching entry in the database for request from user [testuser1] Login incorrect: [testuser1/testing] (from client localhost port 3) rad_recv: Access-Request packet from host 127.0.0.1:49086, id=111, length=61 Sending Access-Reject of id 111 to 127.0.0.1 port 49086
Le Mon, Sep 25, 2006 at 12:27:28AM +0100, Jan Mulders ecrivait:
Hello all.
I'm trying to get FreeRADIUS to authenticate against MD5 passwords. Here's the relevant part of my config...
............ modules { pap { encryption_scheme = md5 } ...... instantiate { #mysqlcounter
}
authorize { preprocess sql }
authenticate { pap }
preacct { preprocess }
accounting { #acct_unique #detail sql radutmp # ? }
session { radutmp # ? sql
} [end of file]
I have the passwords in my database as MD5 (I have included a testuser2 with a plaintext password for troubleshooting):
id UserName Attribute op Value 1 testuser1 Password == ae2b1fca515949e5d54fb22b8ed95575 2 testuser2 Password == testing
Did you try with Crypt-Password ? Regards, Fox.
"Jan Mulders" <lastchancehotel@gmail.com>wrote:
I have the passwords in my database as MD5 (I have included a testuser2 with a plaintext password for troubleshooting):
id UserName Attribute op Value 1 testuser1 Password == ae2b1fca515949e5d54fb22b8ed95575 2 testuser2 Password == testing
Don't use '=='. See doc/rlm_sql. Use ':='. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (3)
-
Alan DeKok -
Francois-Xavier GAILLARD -
Jan Mulders