MySQL and users file... Difference???

Alex Savguira savguira at gmail.com
Fri Feb 24 19:04:33 CET 2006 

Hi to all...
Does anyone have any idea why placing the following two lines into
users file works perfectly with both PAP and CHAP
users
btest   User-Password == Master1
btest   Crypt-Password == "$1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1"

whereas  placing the same two records into radcheck table doesn't work
for PAP it does however work for  CHAP?
username |      att                | op |    val
--------------+-------------------------+----+-----------
btest        | User-Password  | == | Master1
btest        | Crypt-Password | == | $1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1

It seems that rlm_sql is hitting the unencrypted password only,
whereas encryption-scheme in radiusd.conf is defined crypt...
Am I missing something?

Any help will be appreciated
Alex Savguira

radius -X  (version 1.0.4 ) says

rad_recv: Access-Request packet from host 192.168.0.8:4544, id=47, length=45
       User-Name = "btest"
       User-Password = "Master1"
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
 modcall[authorize]: module "preprocess" returns ok for request 0
   rlm_realm: No '@' in User-Name = "btest", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 0
   users: Matched entry DEFAULT at line 171
   users: Matched entry DEFAULT at line 173
 modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'btest'
rlm_sql (sql): sql_set_user escaped user --> 'btest'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'btest' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
 FROM radgroupcheck,usergroup WHERE usergroup.Username = 'btest' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'btest' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
 FROM radgroupreply,usergroup WHERE usergroup.Username = 'btest' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
 modcall[authorize]: module "sql" returns ok for request 0
 modcall[authorize]: module "domainmschap" returns noop for request 0
modcall: group authorize returns ok for request 0
 rad_check_password:  Found Auth-Type PAP
auth: type "PAP"
 Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_pap: login attempt by "btest" with password Master1
rlm_pap: Using password "Master1" for user btest authentication.
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
 modcall[authenticate]: module "pap" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Login incorrect (rlm_pap: CRYPT password check failed):
[btest/Master1] (from client rasdata port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 47 to 192.168.0.8:4544
Waking up in 4 seconds...

More information about the Freeradius-Users mailing list