FreeRadius + MySQL - Crypt-Passwrd in radcheck table
Hello people, I am using freeradius-1.0.1-3.RHEL4.3 and freeradius-mysql-1.0.1-3.RHEL4.3 on a CentOS 4.4 server but I am sutcked into a problem. I have made my FreeRadius works great using MySQL but I could not make it uses Crypt-Password. Into radcheck table I have: mysql> SELECT * FROM radcheck; +----+----------+----------------+----+----------------------------------+ | id | UserName | Attribute | op | Value | +----+----------+----------------+----+----------------------------------+ | 1 | teste | Crypt-Password | == | 42cbf4730aeac1d645324d4818104826 | +----+----------+----------------+----+----------------------------------+ 1 row in set (0.00 sec) The password was encrypted using PHP MD5 command and should be 8872. But when I use a radtest command the respose of my Radius is: Sun Feb 18 17:23:56 2007 : Auth: Login incorrect: [teste/8872] (from client localhost port 1812) I made the same in debug mode and radius just not get the password. I think it is not testing the 8872 password to see if it matches de MD5 crypt. I tryed with "42cbf4730aeac1d645324d4818104826" as a password and it returned OK for the request. How can I do this work? I need that into MySQL table I have a crypted password (for security reasons) and I need that my clients can put a simple text password. Can someone give me a hit? -- Att, NATANIEL KLUG nata@cnett.com.br Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290
Nataniel Klug wrote:
Into radcheck table I have:
mysql> SELECT * FROM radcheck; +----+----------+----------------+----+----------------------------------+ | id | UserName | Attribute | op | Value | +----+----------+----------------+----+----------------------------------+ | 1 | teste | Crypt-Password | == | 42cbf4730aeac1d645324d4818104826 | +----+----------+----------------+----+----------------------------------+
Use ':=', not '=='. See the rlm_sql documentation for why.
The password was encrypted using PHP MD5 command and should be 8872. But when I use a radtest command the respose of my Radius is:
Hmm.. Crypt-Password is for Unix crypt'd passwords, not MD5 hashed passwords.
I made the same in debug mode and radius just not get the password. I think it is not testing the 8872 password to see if it matches de MD5 crypt. I tryed with "42cbf4730aeac1d645324d4818104826" as a password and it returned OK for the request. How can I do this work? I need that into MySQL table I have a crypted password (for security reasons)
I disagree, but that's another story.
and I need that my clients can put a simple text password.
In 1.1.4, you can put this into SQL: Password-With-Header := "{md5}42cbf4730aeac1d645324d4818104826" That should work with the default config. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Hi Alan, This is me again asking for help and you are here to help. So you think that plain text is not unsecure? I was thinking about it and if my SQL system is secure, so my tables will be secure too. But, when a client sends a package in my network, someone else can see this with a spoofing software? So using version 1.1.4 I could not compile it to use MySQL. It always says that there is no rlm_sql library. I tryied many times, but nothing... Unfurtunately the documentation is mostly useless or spare... Thank you for your time. Alan DeKok escreveu:
Nataniel Klug wrote:
Into radcheck table I have:
mysql> SELECT * FROM radcheck; +----+----------+----------------+----+----------------------------------+ | id | UserName | Attribute | op | Value | +----+----------+----------------+----+----------------------------------+ | 1 | teste | Crypt-Password | == | 42cbf4730aeac1d645324d4818104826 | +----+----------+----------------+----+----------------------------------+
Use ':=', not '=='. See the rlm_sql documentation for why.
The password was encrypted using PHP MD5 command and should be 8872. But when I use a radtest command the respose of my Radius is:
Hmm.. Crypt-Password is for Unix crypt'd passwords, not MD5 hashed passwords.
I made the same in debug mode and radius just not get the password. I think it is not testing the 8872 password to see if it matches de MD5 crypt. I tryed with "42cbf4730aeac1d645324d4818104826" as a password and it returned OK for the request. How can I do this work? I need that into MySQL table I have a crypted password (for security reasons)
I disagree, but that's another story.
and I need that my clients can put a simple text password.
In 1.1.4, you can put this into SQL:
Password-With-Header := "{md5}42cbf4730aeac1d645324d4818104826"
That should work with the default config.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Att, NATANIEL KLUG nata@cnett.com.br Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290
Nataniel Klug wrote:
Hi Alan,
This is me again asking for help and you are here to help. So you think that plain text is not unsecure? I was thinking about it and if my SQL system is secure, so my tables will be secure too.
Yes.
But, when a client sends a package in my network, someone else can see this with a spoofing software?
No.
So using version 1.1.4 I could not compile it to use MySQL. It always says that there is no rlm_sql library. I tryied many times, but nothing... Unfurtunately the documentation is mostly useless or spare...
You're running FreeRADIUS now. How did you install it? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Nataniel Klug