Please HELP!!! Any ideas??? MySQL and users file... Difference???

Alex Savguira savguira at gmail.com
Sun Feb 26 07:38:00 CET 2006


Hi, Alan!

Thanks for answering...

First of all I never intended to use CRYPT passwords for MS-CHAPv2.
C'mon, I know that much about MS-CHAP.  ;-) Not all my users need
access to new services, as I wrote, I was planning to expose the
cleartext password for those who need (perhaps NT-Password in the
future) and to continue using CRYPT for those who do not need the new
services. If you say SQL doesn't like having two passwords in radcheck
and only grabs the first one - let it be... What I wrote about hacking
the  code was about trying to fix this perhaps, shouldn't SQL take all
check records found?...

Actually I've found my around the problem... I've made a second
instance of pap using clear text passwords in radiusd and I'll only
change password attributes to
clear text in radcheck to those who use MS-CHAP as well (placing them
into group which does Auth-Type := papplain).  This however leaves
me without NT-Password (which is NT-Hash). An ideal situation for me would be
something like this in radcheck:
username |      att                | op |    val
--------------+-------------------------+----+-----------
btest        | NT-Password  | == | NT-hashbla-bla-bla^&&@0-3443
btest        | Crypt-Password | == | $1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1

This however will not work because PAP burps on Crypt-Password  this way.


Here is the dump of having  both, it was stupid of me not to include
one, I admit:

btest   User-Password == Master1
btest   Crypt-Password == "$1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1"

Authentication PAP

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.8:1248, id=5, length=45
        User-Name = "btest"
        User-Password = "Master1"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
    rlm_realm: No '@' in User-Name = "btest", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched entry btest at line 69
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'btest'
rlm_sql (sql): sql_set_user escaped user --> 'btest'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'btest' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User btest not found in radcheck
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
 FROM radgroupcheck,usergroup WHERE usergroup.Username = 'btest' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
 FROM radgroupreply,usergroup WHERE usergroup.Username = 'btest' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): User btest not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns notfound for request 0
  modcall[authorize]: module "domainmschap" returns noop for request 0
modcall: group authorize returns ok for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [btest] (from client rasdata port 0)
Sending Access-Accept of id 5 to 192.168.0.8:1248
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...

---------------------------------------------------------------------------------------------------------

Authentication CHAP


rad_recv: Access-Request packet from host 192.168.0.8:1271, id=11, length=46
        User-Name = "btest"
        CHAP-Password = 0xd2bf262017f2f6812bc00cbd077aed9b55
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
    rlm_realm: No '@' in User-Name = "btest", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched entry btest at line 69
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'btest'
rlm_sql (sql): sql_set_user escaped user --> 'btest'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'btest' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User btest not found in radcheck
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
 FROM radgroupcheck,usergroup WHERE usergroup.Username = 'btest' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
 FROM radgroupreply,usergroup WHERE usergroup.Username = 'btest' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): User btest not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns notfound for request 0
  modcall[authorize]: module "domainmschap" returns noop for request 0
modcall: group authorize returns ok for request 0
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [btest] (from client rasdata port 0)
Sending Access-Accept of id 11 to 192.168.0.8:1271
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...




More information about the Freeradius-Users mailing list