Thanks Alan, Changed:
| 844 | bogdan | Crypt-Password | == | 55MCU5TXMoKsA | To | 844 | bogdan | SSHA-Password | == | 55MCU5TXMoKsA | And pap { encryption_scheme = sha1 } And it says: rlm_sql: unknown attribute SSHA-Password However the output significantly changed. It looks like it's now trying the user in all the groups: rad_recv: Access-Request packet from host 206.186.81.100:4147, id=76, length=50 User-Name = "shipcoadsl" User-Password = "test" rad_lowerpair: User-Name now 'shipcoadsl' rad_rmspace_pair: User-Name now 'shipcoadsl' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_sql (sql): - sql_groupcmp radius_xlat: 'shipcoadsl' rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl' radius_xlat: 'SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl'' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl' rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): - sql_groupcmp finished: User does not belong in group dialup rlm_sql (sql): - sql_groupcmp radius_xlat: 'shipcoadsl' rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl' radius_xlat: 'SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl'' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl' rlm_sql (sql): Released sql socket id: 3 rlm_sql (sql): - sql_groupcmp finished: User does not belong in group idm rlm_sql (sql): - sql_groupcmp radius_xlat: 'shipcoadsl' rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl' radius_xlat: 'SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl'' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl' rlm_sql (sql): Released sql socket id: 2 rlm_sql (sql): - sql_groupcmp finished: User does not belong in group ikano rlm_sql (sql): - sql_groupcmp radius_xlat: 'shipcoadsl' rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl' radius_xlat: 'SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl'' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl' rlm_sql (sql): Released sql socket id: 1 rlm_sql (sql): - sql_groupcmp finished: User does not belong in group adsl rlm_sql (sql): - sql_groupcmp radius_xlat: 'shipcoadsl' rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl' radius_xlat: 'SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl'' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE UserName='shipcoadsl' rlm_sql (sql): - sql_groupcmp finished: User belongs in group adsl-static rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "shipcoadsl", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "shipcoadsl" rlm_realm: Proxying request from user shipcoadsl to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: 'shipcoadsl' rlm_sql (sql): sql_set_user escaped user --> 'shipcoadsl' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'shipcoadsl' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'shipcoadsl' ORDER BY id rlm_sql: unknown attribute SMD5-Password rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Finished request 0 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ius.org] On Behalf Of [EMAIL PROTECTED] Sent: May 4, 2006 4:27 PM To: FreeRadius users mailing list Subject: Re: FreeRadius + MySQL & Encrypted passwords Hi, > I've been trying to encrypt the passwords in mySQL using SHA1 or MD5 > without any luck for the last several days. > > ---------------------------+ > | 844 | bogdan | Crypt-Password | == | 55MCU5TXMoKsA | > +-----+------------+---------------+----+----------------------------- > +-----+------------+---------------+----+-- okay. attribute set to Crypt-Password. however, when you changed to SHA1 or MD5 you DIDNT change this attribute. from the Documentation, you can see Header Attribute Description ------ --------- ----------- {clear} User-Password clear-text passwords {cleartext} User-Password clear-text passwords {crypt} Crypt-Password Unix-style "crypt"ed passwords {md5} MD5-Password MD5 hashed passwords {smd5} SMD5-Password MD5 hashed passwords, with a salt {sha} SHA-Password SHA1 hashed passwords {ssha} SSHA-Password SHA1 hashed passwords, with a salt {nt} NT-Password Windows NT hashed passwords {x-nthash} NT-Password Windows NT hashed passwords {lm} LM-Password Windows Lan Manager (LM) passwords. the error log posted clearly showed rlm_pap bleating away that it was being told to use MD5 or SHA but that only Crypt-Password attribute was present. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html