Title: Message
Hi Miguel,
 
Bellow you will find the config I'm using. It works with Unix Crypt but not with md5 or SHA1. It looks like for md5 or sha1 the crypt-password attribute has to be changed to MD5-password or SHA1-password. However my freeRadius doesn't recognize any of these 2 attributes (rlm_sql: unknown attribute SSHA-Password). For the time beeing I'll stick with Unix Crypt.
 
Please let me know if you find a better config.
 
Bogdan.
 
 
 
-----Original Message-----
From: Bogdan Dumitriu - Technical Support Team [mailto:[EMAIL PROTECTED]
Sent: May 4, 2006 3:40 PM
To: 'freeradius-users@lists.freeradius.org'
Subject: FreeRadius + MySQL & Encrypted passwords

Hi all,
 
I've been trying to encrypt the passwords in mySQL using SHA1 or MD5 without any luck for the last several days.
 
First let me tell you a bit about our system:
 
RedHat ES 4
freeradius-1.0.1-2.RHEL4
freeradius-mysql-1.0.1-2.RHEL4
mysql-server-4.1.7-4.RHEL4.1
mysql-4.1.7-4.RHEL4.1
 
Everything works fine with clear text passwords and if I use Unix Crypt.
 
This is the config that works with Unix Crypt:
 
radcheck
+-----+------------+---------------+----+----------------------------------------------------------+
| id  | UserName   | Attribute     | op | Value                                                    |
+-----+------------+---------------+----+----------------------------------------------------------+
| 844 | bogdan | Crypt-Password | == | 55MCU5TXMoKsA |
+-----+------------+---------------+----+----------------------------------------------------------+
usergroup
+-----+------------+-------------+
| id  | UserName   | GroupName   |
+-----+------------+-------------+
| 844 | bogdan | adsl-static |
+-----+------------+-------------+
radgroupcheck
+----+-------------+-----------+----+-------+
| id | GroupName   | Attribute | op | Value |
+----+-------------+-----------+----+-------+
|  1 | adsl        | Auth-Type | := | PAP   |
|  2 | adsl-static | Auth-Type | := | PAP   |
 
 
radius.conf
-------------
...........................
 
modules {
..................
        pap {
                encryption_scheme = crypt
        }
....................
}
 
authenticate {
..............
        Auth-Type PAP {
               pap
        }
...............
}
 
 
This works perfect !
 
now I want to use MD5 or SHA1 so I change:
 
        pap {
                encryption_scheme = sha1 (or md5)
        }
 
and this is what I get in /usr/sbin/radiusd -X
 
 
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type PAP
auth: type "PAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_pap: login attempt by "shipcoadsl" with password test
rlm_pap: Crypt-Password attribute but encryption scheme is not set to CRYPT
  modcall[authenticate]: module "pap" returns fail for request 0
modcall: group Auth-Type returns fail for request 0
 
if I change:
 
+-----+------------+---------------+----+----------------------------------------------------------+
| id  | UserName   | Attribute     | op | Value                                                    |
+-----+------------+---------------+----+----------------------------------------------------------+
| 844 | bogdan | Crypt-Password | == | {md5} password |
+-----+------------+---------------+----+----------------------------------------------------------+
 
to:
 
+-----+------------+---------------+----+----------------------------------------------------------+
| id  | UserName   | Attribute     | op | Value                                                    |
+-----+------------+---------------+----+----------------------------------------------------------+
| 844 | bogdan | User-Password | == | {md5} password |
+-----+------------+---------------+----+----------------------------------------------------------+
 
and this is what I get:
 
rlm_sql (sql): No matching entry in the database for request from user [shipcoadsl]
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns notfound for request 0
modcall: group authorize returns ok for request 0
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [shipcoadsl/test] (from client TestNAS2 port 0)
 
 
I also tried changing:
 
radgroupcheck
+----+-------------+-----------+----+-------+
| id | GroupName   | Attribute | op | Value |
+----+-------------+-----------+----+-------+
|  1 | adsl        | Auth-Type | := | PAP   |
to:
 
radgroupcheck
+----+-------------+-----------+----+-------+
| id | GroupName   | Attribute | op | Value |
+----+-------------+-----------+----+-------+
|  1 | adsl        | Auth-Type | := | MD5   |
 
 
then add:
 
authenticate {
..............
        Auth-Type MD5 {
               pap
        }
...............
}

an I got exactly the same answer as before!
 
 
Tried adding to the radgroupreply:
 
| 26 | adsl-static | Auth-Type         | := | PAP           |    0 |
but still no luck!
 
Is this a bug? What am I missing?
 
Your help will be greatly appreciated!
 
Thanks,
Bogdan.
 
 
 
 -----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Miguel Angel Quiles
Sent: May 8, 2006 5:34 AM
To: FreeRadius users mailing list
Subject: Re: FreeRadius + MySQL & Encrypted passwords

Hi,
 
    I would like to find out how to configure freeradius so I don't have to save clear text passwords in the users file.
I've been following the mail list but I've seen so many ways of configuring crypted passwords, md5, .... that right now I've got a mess in my head.
If someone can help me, to address me to a tutorial, or a link to a website where I can find some clear info over this, I would appreciate.
 
Thank you.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to