FreeRadius + MySQL - Crypt-Passwrd in radcheck table

Nataniel Klug nata at cnett.com.br
Mon Feb 19 13:37:45 CET 2007 

Hi Alan,

This is me again asking for help and you are here to help. So you think 
that plain text is not unsecure? I was thinking about it and if my SQL 
system is secure, so my tables will be secure too. But, when a client 
sends a package in my network, someone else can see this with a spoofing 
software?

So using version 1.1.4 I could not compile it to use MySQL. It always 
says that there is no rlm_sql library. I tryied many times, but 
nothing... Unfurtunately the documentation is mostly useless or spare...

Thank you for your time.

Alan DeKok escreveu:
> Nataniel Klug wrote:
>   
>>     Into radcheck table I have:
>>
>> mysql> SELECT * FROM radcheck;
>> +----+----------+----------------+----+----------------------------------+
>> | id | UserName | Attribute      | op | Value                            |
>> +----+----------+----------------+----+----------------------------------+
>> |  1 | teste    | Crypt-Password | == | 42cbf4730aeac1d645324d4818104826 |
>> +----+----------+----------------+----+----------------------------------+
>>     
>
>   Use ':=', not '=='.  See the rlm_sql documentation for why.
>
>   
>>     The password was encrypted using PHP MD5 command and should be 8872. 
>> But when I use a radtest command the respose of my Radius is:
>>     
>
>   Hmm.. Crypt-Password is for Unix crypt'd passwords, not MD5 hashed
> passwords.
>
>   
>>     I made the same in debug mode and radius just not get the password. 
>> I think it is not testing the 8872 password to see if it matches de MD5 
>> crypt. I tryed with "42cbf4730aeac1d645324d4818104826" as a password and 
>> it returned OK for the request. How can I do this work? I need that into 
>> MySQL table I have a crypted password (for security reasons)
>>     
>
>   I disagree, but that's another story.
>
>   
>> and I need 
>> that my clients can put a simple text password.
>>     
>
>   In 1.1.4, you can put this into SQL:
>
> Password-With-Header := "{md5}42cbf4730aeac1d645324d4818104826"
>
>   That should work with the default config.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   

-- 
Att,

NATANIEL KLUG
nata at cnett.com.br


Cyber Nett - Internet Banda Larga
www.cnett.com.br
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070219/d42bf08e/attachment.html>

More information about the Freeradius-Users mailing list