EAP-TTLS MD5 hashed Passwords in MySQL Database for WPA-802.1x auth
Christian Poessinger
christian at poessinger.com
Mon Jul 24 13:32:22 CEST 2006
Hello,
I'm trying to setup a System to authenticate WLAN users via EAP-TTLS with
md5 crypted passwords, stored in a sql database.
I'm using MySQL as the Backend and it works great when the passwords are
stored in cleartext or UNIX crypt. When i convert the password from crypt to
md5 and change pap encryption_scheme to md5 it doen't work anymore. As I
have to use the SQL attribute field with 'Crypt-Password' in it, it seems
that it wants to use crypt passwords and not md5. I tried to change it to
'md5-password' but well ... that wasn't the answer.
Here is the error:
---------
modcall: entering group PAP for request 4
rlm_pap: login attempt by "foo" with password bar
rlm_pap: Crypt-Password attribute but encryption scheme is not set to CRYPT
modcall[authenticate]: module "pap" returns fail for request 4
modcall: leaving group PAP (returns fail) for request 4
auth: Failed to validate the user.
TTLS: Got tunneled reply RADIUS code 3
TTLS: Got tunneled Access-Reject
---------
Anyone has an Idea how to use the MD5 hashed Passwords in the Database with
EAP-TTLS for authentication? I appended my radius configuration. Thanks.
----------- CONFIG ------------
eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
leap {
}
tls {
private_key_file = /etc/ssl/rad.pem
certificate_file = /etc/ssl/rad.pem
CA_file = /etc/ssl/ca.pem
dh_file = /etc/ssl/rad.dh
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
check_crl = yes
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
modules {
pap {
encryption_scheme = md5
}
}
authorize {
preprocess
suffix
eap
files
sql
}
authenticate {
Auth-Type PAP {
pap
}
eap
}
users-file
DEFAULT Auth-Type = PAP
Fall-Through = 0
-------- END OF CONFIG -------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2709 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060724/8b482475/attachment.bin>
More information about the Freeradius-Users
mailing list