Hi to all. I've this configuration:
- freeradius 2.x - in mysql i have user "rosario" with attribute "NT-Passwors" and value "NTHash of my password" when i try to use radtest works greatlly. But i have a web library the try to authenticate the same user "rosario" but in "user-password" it put (i think) an NT-challenge password. This is the log of freeradius. rad_recv: Access-Request packet from host 127.0.0.1 port 51435, id=32, length=85 NAS-Identifier = "radius2" NAS-Port-Type = Virtual Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "127.0.0.1" User-Name = "rosario" User-Password = "\202\204\005\340-\275\341\344u\351-\310L$\260\242" +- entering group authorize {...} ++[preprocess] returns ok expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100311 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100311 expand: %t -> Thu Mar 11 15:31:56 2010 ++[auth_log] returns ok ++[mschap] returns noop [ntdomain] No '\' in User-Name = "rosario", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [suffix] No '@' in User-Name = "rosario", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop expand: %{User-Name} -> rosario [sql] sql_set_user escaped user --> 'rosario' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rosario' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rosario' ORDER BY id expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'rosario' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{User-Name}} -> rosario [sql_meeting] sql_set_user escaped user --> 'rosario' rlm_sql (sql_meeting): Reserving sql socket id: 4 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'rosario' ORDER BY id expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='rosario' rlm_sql (sql_meeting): Released sql socket id: 4 [sql_meeting] User rosario not found ++[sql_meeting] returns notfound WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{User-Name}} -> rosario [sql_biblio] sql_set_user escaped user --> 'rosario' rlm_sql (sql_biblio): Reserving sql socket id: 4 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'rosario' ORDER BY id expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='rosario' rlm_sql (sql_biblio): Released sql socket id: 4 [sql_biblio] User rosario not found ++[sql_biblio] returns notfound WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{User-Name}} -> rosario [sql_signum] sql_set_user escaped user --> 'rosario' rlm_sql (sql_signum): Reserving sql socket id: 4 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'rosario' ORDER BY id expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='rosario' rlm_sql (sql_signum): Released sql socket id: 4 [sql_signum] User rosario not found ++[sql_signum] returns notfound [pap] Normalizing NT-Password from hex encoding ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "???�-���u�-�L$��" [pap] Using NT encryption. [pap] rlm_mschap: NT-Hash: ???�-���u�-�L$�� [pap] rlm_mschap: NT-Hash: Result: 9bf2e48c667225847414c60fd3b16ce0 expand: %{mschap:NT-Hash ???�-���u�-�L$��} -> 9bf2e48c667225847414c60fd3b16ce0 [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Login incorrect (rlm_pap: NT password check failed): [rosario] (from client localhost port 0 cli 127.0.0.1) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 32 to 127.0.0.1 port 51435 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 51435, id=32, length=85 Sending duplicate reply to client localhost port 51435 - ID: 32 Sending Access-Reject of id 32 to 127.0.0.1 port 51435 Waking up in 4.9 seconds. Cleaning up request 0 ID 32 with timestamp +7 Ready to process requests. I think that rlm_pap try to hashing a not cleartext-password and so it doesn't work. How can I tell to rlm_pap to do the right thing, otherwise to try to hash a cleartect-password and do something (that i don't know) if not? Thanks. Rosario -- Rosario L.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html