PAP + ??NT challange??
Rosario Lumia
eryter at gmail.com
Thu Mar 11 15:35:18 CET 2010
Hi to all.
I've this configuration:
- freeradius 2.x
- in mysql i have user "rosario" with attribute "NT-Passwors" and value
"NTHash of my password"
when i try to use radtest works greatlly.
But i have a web library the try to authenticate the same user "rosario" but
in "user-password" it put (i think) an NT-challenge password.
This is the log of freeradius.
rad_recv: Access-Request packet from host 127.0.0.1 port 51435, id=32,
length=85
NAS-Identifier = "radius2"
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "127.0.0.1"
User-Name = "rosario"
User-Password = "\202\204\005\340-\275\341\344u\351-\310L$\260\242"
+- entering group authorize {...}
++[preprocess] returns ok
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20100311
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100311
expand: %t -> Thu Mar 11 15:31:56 2010
++[auth_log] returns ok
++[mschap] returns noop
[ntdomain] No '\' in User-Name = "rosario", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[suffix] No '@' in User-Name = "rosario", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
expand: %{User-Name} -> rosario
[sql] sql_set_user escaped user --> 'rosario'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'rosario' ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'rosario' ORDER BY id
expand: SELECT groupname FROM usergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM usergroup WHERE username =
'rosario' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand: %{Stripped-User-Name:-%{User-Name}} -> rosario
[sql_meeting] sql_set_user escaped user --> 'rosario'
rlm_sql (sql_meeting): Reserving sql socket id: 4
expand: SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'rosario' ORDER BY id
expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='rosario'
rlm_sql (sql_meeting): Released sql socket id: 4
[sql_meeting] User rosario not found
++[sql_meeting] returns notfound
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand: %{Stripped-User-Name:-%{User-Name}} -> rosario
[sql_biblio] sql_set_user escaped user --> 'rosario'
rlm_sql (sql_biblio): Reserving sql socket id: 4
expand: SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'rosario' ORDER BY id
expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='rosario'
rlm_sql (sql_biblio): Released sql socket id: 4
[sql_biblio] User rosario not found
++[sql_biblio] returns notfound
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand: %{Stripped-User-Name:-%{User-Name}} -> rosario
[sql_signum] sql_set_user escaped user --> 'rosario'
rlm_sql (sql_signum): Reserving sql socket id: 4
expand: SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'rosario' ORDER BY id
expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='rosario'
rlm_sql (sql_signum): Released sql socket id: 4
[sql_signum] User rosario not found
++[sql_signum] returns notfound
[pap] Normalizing NT-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "???�-���u�-�L$��"
[pap] Using NT encryption.
[pap] rlm_mschap: NT-Hash: ???�-���u�-�L$��
[pap] rlm_mschap: NT-Hash: Result: 9bf2e48c667225847414c60fd3b16ce0
expand: %{mschap:NT-Hash ???�-���u�-�L$��} ->
9bf2e48c667225847414c60fd3b16ce0
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Login incorrect (rlm_pap: NT password check failed): [rosario] (from client
localhost port 0 cli 127.0.0.1)
WARNING: Unprintable characters in the password. Double-check the
shared secret on the server and the NAS!
Using Post-Auth-Type Reject
WARNING: Unknown value specified for Post-Auth-Type. Cannot perform
requested action.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 32 to 127.0.0.1 port 51435
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 51435, id=32,
length=85
Sending duplicate reply to client localhost port 51435 - ID: 32
Sending Access-Reject of id 32 to 127.0.0.1 port 51435
Waking up in 4.9 seconds.
Cleaning up request 0 ID 32 with timestamp +7
Ready to process requests.
I think that rlm_pap try to hashing a not cleartext-password and so it
doesn't work.
How can I tell to rlm_pap to do the right thing, otherwise to try to hash a
cleartect-password and do something (that i don't know) if not?
Thanks.
Rosario
--
Rosario L.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100311/7db18a57/attachment.html>
More information about the Freeradius-Users
mailing list