FreeRadius + MySQL & Encrypted passwords
Bogdan Dumitriu - Technical Support Team
helpdesk22 at mycybernet.net
Thu May 4 23:22:12 CEST 2006
Thanks Alan,
Changed:
| 844 | bogdan | Crypt-Password | == | 55MCU5TXMoKsA |
To
| 844 | bogdan | SSHA-Password | == | 55MCU5TXMoKsA |
And
pap {
encryption_scheme = sha1
}
And it says:
rlm_sql: unknown attribute SSHA-Password
However the output significantly changed. It looks like it's now trying
the user in all the groups:
rad_recv: Access-Request packet from host 206.186.81.100:4147, id=76,
length=50
User-Name = "shipcoadsl"
User-Password = "test"
rad_lowerpair: User-Name now 'shipcoadsl'
rad_rmspace_pair: User-Name now 'shipcoadsl'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_sql (sql): - sql_groupcmp
radius_xlat: 'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat: 'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
dialup
rlm_sql (sql): - sql_groupcmp
radius_xlat: 'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat: 'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
idm
rlm_sql (sql): - sql_groupcmp
radius_xlat: 'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat: 'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): Released sql socket id: 2
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
ikano
rlm_sql (sql): - sql_groupcmp
radius_xlat: 'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat: 'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): Released sql socket id: 1
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
adsl
rlm_sql (sql): - sql_groupcmp
radius_xlat: 'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat: 'SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl''
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE
UserName='shipcoadsl'
rlm_sql (sql): - sql_groupcmp finished: User belongs in group
adsl-static
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: No '@' in User-Name = "shipcoadsl", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "shipcoadsl"
rlm_realm: Proxying request from user shipcoadsl to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
radius_xlat: 'shipcoadsl'
rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'shipcoadsl' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = 'shipcoadsl' ORDER BY id
rlm_sql: unknown attribute SMD5-Password
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns fail for request 0
modcall: group authorize returns fail for request 0
There was no response configured: rejecting request 0
Server rejecting request 0.
Finished request 0
-----Original Message-----
From:
freeradius-users-bounces+helpdesk22=mycybernet.net at lists.freeradius.org
[mailto:freeradius-users-bounces+helpdesk22=mycybernet.net at lists.freerad
ius.org] On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: May 4, 2006 4:27 PM
To: FreeRadius users mailing list
Subject: Re: FreeRadius + MySQL & Encrypted passwords
Hi,
> I've been trying to encrypt the passwords in mySQL using SHA1 or MD5
> without any luck for the last several days.
>
> ---------------------------+
> | 844 | bogdan | Crypt-Password | == | 55MCU5TXMoKsA |
> +-----+------------+---------------+----+-----------------------------
> +-----+------------+---------------+----+--
okay. attribute set to Crypt-Password. however, when you changed to SHA1
or MD5 you DIDNT change this attribute. from the Documentation, you can
see
Header Attribute Description
------ --------- -----------
{clear} User-Password clear-text passwords
{cleartext} User-Password clear-text passwords
{crypt} Crypt-Password Unix-style "crypt"ed passwords
{md5} MD5-Password MD5 hashed passwords
{smd5} SMD5-Password MD5 hashed passwords, with a salt
{sha} SHA-Password SHA1 hashed passwords
{ssha} SSHA-Password SHA1 hashed passwords, with a
salt
{nt} NT-Password Windows NT hashed passwords
{x-nthash} NT-Password Windows NT hashed passwords
{lm} LM-Password Windows Lan Manager (LM)
passwords.
the error log posted clearly showed rlm_pap bleating away that it was
being told to use MD5 or SHA but that only Crypt-Password attribute was
present.
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list