store encypted passwords

alan buxey A.L.M.Buxey at lboro.ac.uk
Mon Oct 8 23:44:09 CEST 2012


Hi,

> I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04,
> Mysql Server version: 5.5.24. Everything is up and running but the
> users passwords are stored in plain text in raddacct. I tried changing
> the attribute to Crypt-Password but it doesn't change anything. Do I
> need to make a change to a config file also? Not sure what type of
> encryption would be best one that works MD5?

what you say radacct you really mean the radacct table? in which case
you mean that the accounting module is storing the passwords?  if you dont
want the passwords stored, then ensure that you are either NOT storing them
(eg uncomment

	#suppress {
		# User-Password
	#}


in the detail module)

and/or alter the SQL commands in sql/mysql/dialup.conf to not record them...or to obfuscate
them...eg  SHA1(%{%{User-Password}:-%{Chap-Password}}) or MD5(%{%{User-Password}:-%{Chap-Password}}

if you mean the radauth table...then thats up to you to populate properly...and to ensure
that whatever you are filling it with is setting the right crypto type.

is your mysql on a remote server...or same box as FR?  If on same box, does it need to
be accessed from off the box?  for it not, if MySQL is only local and only accessible
from FR, then if someones able to read your tables you have a far bigger problem anyway ;-)

alan


More information about the Freeradius-Users mailing list