After posting I continued looking in to the problem, and searching the list archives, and discovered that I really did not ask the right question.
What I would like to do is be able to use MD5 passwords. I've configured my radiusd.conf and database properly, as near as I can tell, but it isn't working. The output of "radiusd -X" is: rad_recv: Access-Request packet from host 64.254.34.5:1025, id=251, length=116 User-Name = "[EMAIL PROTECTED]" User-Password = "password" NAS-IP-Address = 64.254.34.5 NAS-Port = 20205 NAS-Port-Type = Async State = 0x Calling-Station-Id = "6203312503" Called-Station-Id = "3162606719" Acct-Session-Id = "424765938" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/64.254.34.5/auth-detail-20050303' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/64.254.34.5/auth-detail-20050303 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Looking up realm "realm" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "realm" rlm_realm: Adding Stripped-User-Name = "user" rlm_realm: Proxying request from user user to realm realm rlm_realm: Adding Realm = "realm" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 radius_xlat: 'user' rlm_sql (sql): sql_set_user escaped user --> 'user' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'user' AND Active = 1 ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'user' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): No matching entry in the database for request from user [user] rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. My configuration file, relevant lines only: modules { pap { encryption_scheme = crypt } pap md5 { encryption_scheme = md5 } } authenticate { Auth-Type MD5 { md5 } Auth-Type PAP { pap } } My database tables, relevant lines only: radgroupcheck: id 10, groupname MD5, attribute Auth-Type, op :=, Value MD5 id 11, groupname MD5, attribute Service-Type, op ==, Value Framed-User ^^^ added id #11 at the reccomendation of another mailing list post from 2003 radcheck: id 3, username user, attribute Password, op ==, value <md5sum> Now the odd part here is that it's basically saying it can't find the username in the database (it's there). Now, get this, if I change radgroupcheck id 10's Value back to "Dialup" (which was working fine before i did this) it still didn't work, but when I removed the Auth-Type MD5 from the configuration file, everything went back to normal! I'm scratchin my ass on this one, I clearly have no idea what to do, and none of this is documented anywhere. So far I've been pretty excited about this software. Very customizeable and highly extensable. My one complaint? There's nearly ZERO documentation on how to do that customization. This project REALLY needs a wiki or something. On Thu, 2005-03-03 at 15:11, Alan DeKok wrote: > Nick Bright <[EMAIL PROTECTED]> wrote: > > I'm using mysql for authorization, and have made everything work > > wonderfully with plain text passwords. I'd like to find out, though, > > what password types are supported for the mysql authorization system. > > None. :) The MySQL module doesn't look at, or use passwords. > > Instead, it pulls RADIUS attributes out of the database, and adds > them to the request. > > > What I'd really like to know is what password types are supported > > through this mechanism? Is there a list somewhere? > > In the latest CVS snapshots, see "man rlm_pap", which lists the > password types it supports. > > > If I could simply put the users in with "md5-Password" and slap in their > > md5'd password, that'd make my life really easy :) > > In the CVS head, that should work. > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Nick Bright Terraworld, Inc 888-332-1616 x315 http://home.terraworld.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html