ok I think I am really close to getting this working (having everything in
mysql db).
as a side note. i use a table called user instead of radcheck with different
titles for the columns because this db is for other stuff too.. here are the
tables:
mysql> select * from user;
+----------+------------+-------------+----------+--------------+---------------+----+
| useridnr | userid | passwd | clientid | maxmail_size | Attribute
| op |
+----------+------------+-------------+----------+--------------+---------------+----+
| 30 | radman2 | testing | 0 | 2097152 |
User-Password | := |
+----------+------------+-------------+----------+--------------+---------------+----+
mysql> select * from usergroup;
+----+------------+-----------+
| id | UserName | GroupName |
+----+------------+-----------+
| 2 | radman2 | default |
+----+------------+-----------+
mysql> select * from radgroupcheck;
+----+-----------+------------------+--------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+------------------+--------+------+
| 10 | default | Simultaneous-Use | 1 | := |
| 9 | default | Auth-Type | PAP | := |
+----+-----------+------------------+--------+------+
mysql> select * from radgroupreply;
+----+-----------+-------------------+-------------+------+------+
| id | GroupName | Attribute | Value | op | prio |
+----+-----------+-------------------+-------------+------+------+
| 2 | default | User-Service-Type | Framed-User | = | 0 |
| 3 | default | Framed-Protocol | PPP | = | 0 |
| 4 | default | Fall-Through | Yes | = | 0 |
+----+-----------+-------------------+-------------+------+------+
I have my radiusd.conf like this:
pap {
encryption_scheme = clear
}
authorize {
preprocess
sql
}
authenticate {
authtype PAP {
pap
}
}
preacct {
preprocess
}
accounting {
unix
sql
radutmp
}
session {
radutmp
}
When I run
radtest radman2 testing localhost 10 <sekret> 2 <NAS hostname>
radtest seems to always encrypt my password, since I am storing pwds in
cleartext, the auth never works. Here is some output:
root@localhost# radtest radman2 testing localhost 10 <sekret> 2 <NAS hostname>
Sending Access-Request of id 128 to 127.0.0.1:1812
User-Name = "radman2"
User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@"
NAS-IP-Address = <NAS hostname>
NAS-Port-Id = "10"
Framed-Protocol = PPP
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=128, length=20
rad_decode: Received Access-Reject packet from 127.0.0.1 with invalid
signature!
*************************
output from radiusd -X
rad_recv: Access-Request packet from host 127.0.0.1:1087, id=128, length=63
User-Name = "radman2"
User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@"
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = "10"
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
radius_xlat: 'radman2'
sql_escape in: 'radman2'
sql_escape out: 'radman2'
sql_set_user: escaped user --> 'radman2'
radius_xlat: 'SELECT useridnr,userid,Attribute,passwd,op FROM user WHERE
userid = 'radman2' ORDER BY useridnr'
rlm_sql: Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'radman2' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'radman2' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'radman2' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
radius_xlat: 'SELECT passwd,Attribute FROM user WHERE userid = 'radman2' AND
( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute =
'Crypt-Password' ) ORDER BY Attribute DESC'
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type PAP
auth: type "PAP"
modcall: entering group authtype
rlm_pap: login attempt by "radman2" with password à\z
rlm_pap: Using password testing for user radman2 authentication.
rlm_pap: Using clear text password.
rlm_pap: Passwords don't match
modcall[authenticate]: module "pap" returns reject
modcall: group authtype returns reject
auth: Failed to validate the user.
Login incorrect (rlm_pap: CLEAR TEXT password check failed): [radman2/\340\\z]
(from client localhost port 0)
WARNING: Unprintable characters in the password. ? Double-check the shared
secret on the server and the NAS!
****************
This WARNING says check my secret, but I know that is correct for sure. From
the rest of the above messages I see that the password doesn't match. And
from this "[radman2/\340\\z]" I can see that it is not comparing the correct
password.
Why does radtest always encrypt my password and how I can go about testing my
radius setup if I cannot use radtest?
Thanks for all your help thus far!
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
