help.. MD5 with PAP

cengiz coþkun coskuncengiz at yahoo.com
Wed Feb 13 12:59:10 CET 2008 

Hi, 
I have configured freeradius 2.0.0 EAP-ttls and
configured a mysql db to store the users. 
It was working fine until i recently decided to
convert the database-stored passwords to md5
encryption. Since then, i am getting the below output,
despite all my efforts. I tried all the things i could
find on the internet with no result. Can anybody help?

( I am a beginner for freeradius server, so it may be
very simple though) . 

Kind regards, 

I have 
authenticate {
	Auth-Type PAP {
		pap
	}

	Auth-Type md5 {
		pap
	}

in the authenticate section, and

	pap {
                encryption_scheme = md5 
authtype = md5 
		auto_header =  yes
	}
in the modules/radiusd.conf file.

I have the following in my mysql - radcheck
definition. 
+----+----------------------+----------------+----+----------------------------------+----------------------+
| id | username             | attribute      | op |
value                            | operator           
 |
+----+----------------------+----------------+----+----------------------------------+----------------------+
| 90 | t1                   | Crypt-Password | := |
83f1535f99ab0bf4e9d02dfd85d3e3f7 | cengiz             
 |
and the following in radgroupcheck table. 
+----+-----------+--------------+----+-------------+
| id | groupname | attribute    | op | value       |
+----+-----------+--------------+----+-------------+
|  1 | dynamic   | Auth-Type    | := | MD5         | 
|  2 | dynamic   | Service-Type | == | Framed-User | 
+----+-----------+--------------+----+-------------+


radiusd -X 
radtest t1 t1 10.1.1.170 0 testing123

rad_recv: Access-Request packet from host 10.1.1.170
port 32878, id=131, length=54
        User-Name = "t1"
        User-Password = "t1"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
->
/usr/local/var/log/radius/radacct/10.1.1.170/auth-detail-20080213
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/10.1.1.170/auth-detail-20080213
        expand: %t -> Wed Feb 13 13:36:39 2008
++[auth_log] returns ok
    rlm_realm: No '@' in User-Name = "t1", looking up
realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
        expand: %{User-Name} -> t1
rlm_sql (sql): sql_set_user escaped user --> 't1'
rlm_sql (sql): Reserving sql socket id: 4
        expand: SELECT id, username, attribute, value,
op           FROM radcheck           WHERE username =
'%{SQL-User-Name}'           ORDER BY id -> SELECT id,
username, attribute, value, op           FROM radcheck
          WHERE username = 't1'           ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, username, attribute, value,
op           FROM radreply           WHERE username =
'%{SQL-User-Name}'           ORDER BY id -> SELECT id,
username, attribute, value, op           FROM radreply
          WHERE username = 't1'           ORDER BY id
        expand: SELECT groupname           FROM
radusergroup           WHERE username =
'%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup          
WHERE username = 't1'           ORDER BY priority
        expand: SELECT id, groupname, attribute,      
    Value, op           FROM radgroupcheck          
WHERE groupname = '%{Sql-Group}'           ORDER BY id
-> SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE
groupname = 'dynamic'           ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
  rad_check_password:  Found Auth-Type 
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "t1"
rlm_pap: No password configured for the user.  Cannot
do authentication
++[pap] returns fail
auth: Failed to validate the user.
Login incorrect: [t1/t1] (from client
testUserShortName port 0)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> t1
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds. 
Sending delayed reject for request 0
Sending Access-Reject of id 131 to 10.1.1.170 port
32878
Waking up in 4.9 seconds. 
Cleaning up request 0 ID 131 with timestamp +2
Ready to process requests.





      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

More information about the Freeradius-Users mailing list