AW: using encrypted passwords in users file or sql-radcheck table

Rascher, Markus markus.mr.rascher at siemens.com
Wed May 30 14:30:57 CEST 2007 

With pap I'm running into problems...
Can u give me an example config?

In users-File I have: (Password is 'testpwd')
testuser        Auth-Type = PAP, MD5-Password == "$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0"
                Service-Type = Login-User


In radiusd.conf I have:

modules {
        pap {
             encryption_scheme = MD5
        }
...

authorize {
#       preprocess
        files
}

authenticate {
        Auth-Type PAP {
                pap
        }
}

---------------------
Radiusd says:
---------------------
rad_recv: Access-Request packet from host 10.1.1.1:1645, id=239, length=82
        NAS-IP-Address = 10.1.1.1
        NAS-Port = 1
        NAS-Port-Type = Virtual
        User-Name = "testuser"
        Calling-Station-Id = "1.2.3.4"
        User-Password = "testpwd"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
    users: Matched entry DEFAULT at line 184
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested action.
auth: Failed to validate the user.
Login incorrect: [testuser/testpwd] (from client Testclient port 1 cli 1.2.3.4)
Delaying request 0 for 1 seconds
Finished request 0


Problem: the entry in the users-File for testuser doesn't match..
Whats my mistake?
 



-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org] Im Auftrag von Alan Dekok
Gesendet: Mittwoch, 30. Mai 2007 11:42
An: FreeRadius users mailing list
Betreff: Re: using encrypted passwords in users file or sql-radcheck table

Rascher, Markus wrote:
> Hi all,
>  
> cleartext, unix crypt and MD5 - Passwords work fine in both, users file
> and db.
> does sha1-hashed pwds work?

  Yes.  See "man rlm_pap".

> another question:
> can i use symmetric password encryption in users-File or radcheck table?

  No.  They're useless.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list