On Thu, 2005-03-03 at 16:14, Alan DeKok wrote: > Nick Bright <[EMAIL PROTECTED]> wrote: > > What I would like to do is be able to use MD5 passwords. > > I think they're MD5-crypt'd passwords. Do they have $1$ at the > start? If so, they're not just MD5 hashes.
Uh yes, it is the MD5-crypt'd password (it has $1$ at the start) > > > radcheck: > > > > id 3, username user, attribute Password, op ==, value <md5sum> > > Which doesn't match the password in the request. Sorry, I think I wasn't clear with this. I copied the password of a user out of /etc/shadow and pasted it into the value for this user. That is what I need to be able to authenticate against. > > If the passwords do have $1$ at the start, then change radcheck to > say: > > id 3 username user, attribute Crypt-Password, op :=, value <foo> > > You should set Auth-Type := Local for this to work. > > Alan DeKok. Ok, I removed all refrences in the database to MD5, basically put it back how it was working with my plain-text passwords. I'm using the same radgroupcheck line for plain text AND md5 now. (Auth-Type := Local) Now, after doing that I set the attribute in radcheck for the user to Crypt-Password and changed the op to := as you suggested. At this point, the output of radiusd -X has now changed (for the better I think). It's identifying the user properly in SQL now and getting the error: "auth user supplied User-Password does NOT match local User-Password" I'm not exactly sure where to procede from here. If it helps, the point of all this is that I need to import /etc/shadow from one computer to the SQL database on my radius server, and have the users authenticate. Thanks for your help Alan, I appreciate it. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Nick Bright Terraworld, Inc 888-332-1616 x315 http://home.terraworld.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html