Problem with MD5 Authentication and PAP

[Wong, Jonathan]

Thanks for the fast reply.  Out of curiosity, why is it processing the
password as a text string and not an MD5 hash?  Was my radiusd.conf
setting misconfigured?  Or was there a bug in the 1.1.4 release?  In any
case, I will upgrade my version and my dictionaries.

Thanks!

Jonathan


-----Original Message-----
From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Alan
DeKok
Sent: Saturday, November 10, 2007 12:37 AM
To: FreeRadius users mailing list
Subject: Re: Problem with MD5 Authentication and PAP

Jonathan Wong wrote:
> I am running Freeradius 1.1.4, MySQL, MD5, and PAP.

  Upgrade to 1.1.7.

> Another weird thing is when I have PAP and MD5 set, and I do not have
> a radgroupcheck entry for my group, I can get authenticated by putting
> the MD5 Hash as my password.  For example, if my MD5 hash was
"abcd...",
> I would have to use "abcd..." as my password, and I would get an
> access-accept.

  Because it's not processing the password as an MD5 hash.  It's
processing the password as a text string.

  Upgrade to 1.1.7, and make sure you have the *correct* configuration
for the "pap" module.  There are some new configuration items, so go
read the comments in radiusd.conf.

  Also make sure that "pap" is listed *last* in the "authorize" section,
just like with the default radiusd.conf in 1.1.7.

  Then, update your DB:


> +----+----------+-----------+----+----------------------------------+
> 
> | 36 | stryker8 | Password  | := | 5f4dcc3b5aa765d61d8327deb882cf99 |
> 
> +----+----------+-----------+----+----------------------------------+

  Change "Password" to "MD5-Password".

> rlm_sql: Failed to create the pair: Unknown attribute "MD5-Password"

  You upgraded to 1.1.4 from an older version, and aren't using the new
dictionaries.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html