Storing hashes in MySQL when using MS_CHAP
Yuriy Grishin
grishin-mailing-lists at minselhoz.samara.ru
Tue Mar 17 18:19:01 CET 2009
Hello,
I'm trying to conceal plain-text passwords from my radius.radcheck
database in order to it'll be useless if it's stolen.
My config is FreeBSD 7.0 + FreeRadius1.1.7 + mpd4 + MySQL-5.0.67
(windowsXP and Vista Clients)
Well, I found a solution here
http://www.usenet-forums.com/freeradius-users/280602-re-freeradius-mysql-crypt-passwrd-radcheck-table.html
written by Alan DeKok.
But I haven't got it working.
radcheck was :
+----+----------+----------------------+----+---------------------------------------+
| id | UserName | Attribute | op |
Value |
+----+----------+----------------------+----+---------------------------------------+
| 1 | user1 | Password-With-Header | := |
{md5}c4ca4238a0b923820dcc509a6f75849b |
and raduis -X said :
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
rlm_chap: login attempt by "user1" with CHAP password
rlm_chap: Could not find clear text password for user user1
modcall[authenticate]: module "chap" returns invalid for request 0
modcall: leaving group CHAP (returns invalid) for request 0
auth: Failed to validate the user.
radiusd's searching a plain-text password.
Then I googled a little bit more and found a combination with
Attribute='Auth-Type' and Value='Crypt-Local', generated a hash using
$ openssl passwd -1 1
$1$HR1R2p.2$7tsK8wE30pDf6AQ6KEi6d/
Unfortunately, it doesn't work too..
It that possible to get hashed passwords together with MS_CHAP?
--
Yuriy Grishin.
More information about the Freeradius-Users
mailing list