please help !!!! =/ -> freeradius + mysql with encrypted MD5
Hi people, I'm Portuguese student ! I have a big problem to solve. I have my freeradius, thats authenticates users by mysql database. I have passwords encrypted with MD5, but when i test, the Login is always Incorrect ! If password is clear, the freeradius works OK ! In the attachment i put my config files. My only query to create "new user" is: *INSERT INTO radcheck (username, attribute, op, value) VALUES ('5','MD5-Password', '==', MD5('teste'));* I have create many users, in different ways ! please look: mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck; +----+----------+----------------+----------------------------------+----+ | id | UserName | Attribute | Value | op | +----+----------+----------------+----------------------------------+----+ | 1 | teste | Password | teste | == | | 2 | 1 | Password | 698dc19d489c4e4db73e28a713eab07b | == | | 3 | 2 | Password | 698dc19d489c4e4db73e28a713eab07b | == | | 4 | 3 | User-Password | 698dc19d489c4e4db73e28a713eab07b | == | | 5 | 4 | Crypt-Password | 698dc19d489c4e4db73e28a713eab07b | == | | 6 | 5 | MD5-Password | 698dc19d489c4e4db73e28a713eab07b | == | +----+----------+----------------+----------------------------------+----+ I have read, many many times the "man rlm_pap" but i don't know where i put the headers (i.e {md5} {clear} etc...) !!! please help me to solve this big truble !!! =/ I need this to put my freeradius authenticate users, and the passwords in Mysql DB have to be encrypted !! Sorry for my poor english ! =/ Big thks Regards, Diogo Teixeira
I have passwords encrypted with MD5, but when i test, the Login is always Incorrect !
You should provide debug for that case.
If password is clear, the freeradius works OK !
*INSERT INTO radcheck (username, attribute, op, value) VALUES ('5','MD5-Password', '==', MD5('teste'));*
That should be := not ==. Ivan Kalik Kalik Informatika ISP
Big BIG Thanks Ivan !!! But the only problem is the "==" ? In attachment i put debug lines, with the option: "freeradius -xx" Best Regards, Diogo Teixeira 2008/12/6 <tnt@kalik.net>
I have passwords encrypted with MD5, but when i test, the Login is always Incorrect !
You should provide debug for that case.
If password is clear, the freeradius works OK !
*INSERT INTO radcheck (username, attribute, op, value) VALUES ('5','MD5-Password', '==', MD5('teste'));*
That should be := not ==.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok ! Now, the attach is the log with "Freeradius -x" option, and with new user. Create with: INSERT INTO radcheck (username, attribute, op, value) VALUES ('7','MD5-Password', ':=', MD5('teste')); Big thks ! Best Regards, Diogo Teixeira 2008/12/7 <tnt@kalik.net>
In attachment i put debug lines, with the option: "freeradius -xx"
I don't see the attachment. Use -X not -xx.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Now, the attach is the log with "Freeradius -x" option, and with new user. Create with:
INSERT INTO radcheck (username, attribute, op, value) VALUES ('7','MD5-Password', ':=', MD5('teste'));
Ah, you can't use md5 encryption with PEAP. http://deployingradius.com/documents/protocols/compatibility.html Ivan Kalik Kalik Informatika ISP
Big Thanks for your answer ! really ? =// I don't know this ! =/ Can you explain me why ? I'm not doubting from you. Just for curiosity! I can use another type of encryption with PEAP ? Best Regards, Diogo Teixeira 2008/12/7 <tnt@kalik.net>
Now, the attach is the log with "Freeradius -x" option, and with new user. Create with:
INSERT INTO radcheck (username, attribute, op, value) VALUES ('7','MD5-Password', ':=', MD5('teste'));
Ah, you can't use md5 encryption with PEAP.
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If i use PEAP with NT-PASSWORD, my freeradius it works ? Query: INSERT INTO radcheck (username, attribute, op, value) VALUES ('10','NT-Password', ':=', '2a5f0679ba350887d5a800902056134e'); Best Regards Diogo Teixeira 2008/12/7 <tnt@kalik.net>
I don't know this ! =/ Can you explain me why ?
I can use another type of encryption with PEAP ?
It's all on the page.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please, Explain me how to do this. Can you explain me please ? I not found anywhere tutorial that explain: "Howto freeradius + peap + DB with NT-Passwords !!! For Use PEAP with NT-PASSWORD, the only thing that i can do is add new user in DB with this query : INSERT INTO radcheck (username, attribute, op, value) VALUES ('NT','NT-Password', ':=', 'C6E4266FEBEBD6A8AAD3B435B51404EE'); ??? C6E4266FEBEBD6A8AAD3B435B51404EE == tiger !!!! I don't kwow how can i generate NT-Passwords ! =/ in radiusd.conf i have to configure anything ? Very Very Thanks for your BIG patience. Best Regards, Diogo Teixeira 2008/12/7 <tnt@kalik.net>
If i use PEAP with NT-PASSWORD, my freeradius it works ?
Yes.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diogo Teixeira wrote:
Explain me how to do this. Can you explain me please ? I not found anywhere tutorial that explain: "Howto freeradius + peap + DB with NT-Passwords !!!
There is no howto. Most people use systems like AD or Samba that automatically calculate the NT password.
For Use PEAP with NT-PASSWORD, the only thing that i can do is add new user in DB with this query :
INSERT INTO radcheck (username, attribute, op, value) VALUES ('NT','NT-Password', ':=', 'C6E4266FEBEBD6A8AAD3B435B51404EE');
That's the LM password for "tiger", not the NT password.
I don't kwow how can i generate NT-Passwords ! =/
$ smbencrypt tiger LM Hash NT Hash -------------------------------- -------------------------------- C6E4266FEBEBD6A8AAD3B435B51404EE 0B9957E8BED733E0350C703AC1CDA822 This program comes with the server. Alan DeKok.
participants (3)
-
Alan DeKok -
Diogo Teixeira -
tnt@kalik.net