I'm trying to get FreeRADIUS to authenticate against MD5 passwords. Here's the relevant part of my config...
............
modules {
pap {
encryption_scheme = md5
}
......
instantiate {
#mysqlcounter
}
authorize {
preprocess
sql
}
authenticate {
pap
}
preacct {
preprocess
}
accounting {
#acct_unique
#detail
sql
radutmp # ?
}
session {
radutmp # ?
sql
}
[end of file]
I have the passwords in my database as MD5 (I have included a testuser2 with a plaintext password for troubleshooting):
id UserName Attribute op Value
1 testuser1 Password == ae2b1fca515949e5d54fb22b8ed95575
2 testuser2 Password == testing
What do I need to do to make FreeRADIUS authenticate passwords sent as plaintext to it from a client NAS, to MD5 stored in the database?
Is this possible?
(please see attempt logs below)
Regards,
Jan Mulders
### client request ###
www~# radtest testuser1 testing localhost:1812 3 testing123
Sending Access-Request of id 111 to 127.0.0.1 port 1812
User-Name = "testuser1"
User-Password = "testing"
NAS-IP-Address = 255.255.255.255
NAS-Port = 3
Re-sending Access-Request of id 111 to 127.0.0.1 port 1812
User-Name = "testuser1"
User-Password = "testing"
NAS-IP-Address = 255.255.255.255
NAS-Port = 3
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=111, length=20
0www~#
### radiusd log ###
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:49086, id=111, length=61
User-Name = "testuser1"
User-Password = "testing"
NAS-IP-Address = 255.255.255.255
NAS-Port = 3
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): No matching entry in the database for request from user [testuser1]
Login incorrect: [testuser1/testing] (from client localhost port 3)
rad_recv: Access-Request packet from host 127.0.0.1:49086, id=111, length=61
Sending Access-Reject of id 111 to 127.0.0.1 port 49086
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
