Of significant note if I change id 3 username user, attribute Crypt-Password, op :=, value <MD5 crypt'd password>
to id 3 username user, attribute Crypt-Password, op :=, value <plain text password> It authenticates the user properly. Odd, eh? - Nick On Thu, 2005-03-03 at 16:45, Nick Bright wrote: > On Thu, 2005-03-03 at 16:14, Alan DeKok wrote: > > Nick Bright <[EMAIL PROTECTED]> wrote: > > > What I would like to do is be able to use MD5 passwords. > > > > I think they're MD5-crypt'd passwords. Do they have $1$ at the > > start? If so, they're not just MD5 hashes. > > Uh yes, it is the MD5-crypt'd password (it has $1$ at the start) > > > > > > radcheck: > > > > > > id 3, username user, attribute Password, op ==, value <md5sum> > > > > Which doesn't match the password in the request. > > Sorry, I think I wasn't clear with this. I copied the password of a user > out of /etc/shadow and pasted it into the value for this user. That is > what I need to be able to authenticate against. > > > > > If the passwords do have $1$ at the start, then change radcheck to > > say: > > > > id 3 username user, attribute Crypt-Password, op :=, value <foo> > > > > You should set Auth-Type := Local for this to work. > > > > Alan DeKok. > > Ok, I removed all refrences in the database to MD5, basically put it > back how it was working with my plain-text passwords. I'm using the same > radgroupcheck line for plain text AND md5 now. (Auth-Type := Local) > > Now, after doing that I set the attribute in radcheck for the user to > Crypt-Password and changed the op to := as you suggested. > > At this point, the output of radiusd -X has now changed (for the better > I think). It's identifying the user properly in SQL now and getting the > error: > > "auth user supplied User-Password does NOT match local User-Password" > > > I'm not exactly sure where to procede from here. If it helps, the point > of all this is that I need to import /etc/shadow from one computer to > the SQL database on my radius server, and have the users authenticate. > > Thanks for your help Alan, I appreciate it. > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html -- - Nick Bright Terraworld, Inc 888-332-1616 x315 http://home.terraworld.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html