EAP-TTLS MD5 hashed Passwords in MySQL Database for WPA-802.1x auth
Hello,
I'm trying to setup a System to authenticate WLAN users via EAP-TTLS with
md5 crypted passwords, stored in a sql database.
I'm using MySQL as the Backend and it works great when the passwords are
stored in cleartext or UNIX crypt. When i convert the password from crypt to
md5 and change pap encryption_scheme to md5 it doen't work anymore. As I
have to use the SQL attribute field with 'Crypt-Password' in it, it seems
that it wants to use crypt passwords and not md5. I tried to change it to
'md5-password' but well ... that wasn't the answer.
Here is the error:
-
modcall: entering group PAP for request 4
rlm_pap: login attempt by foo with password bar
rlm_pap: Crypt-Password attribute but encryption scheme is not set to CRYPT
modcall[authenticate]: module pap returns fail for request 4
modcall: leaving group PAP (returns fail) for request 4
auth: Failed to validate the user.
TTLS: Got tunneled reply RADIUS code 3
TTLS: Got tunneled Access-Reject
-
Anyone has an Idea how to use the MD5 hashed Passwords in the Database with
EAP-TTLS for authentication? I appended my radius configuration. Thanks.
--- CONFIG
eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
leap {
}
tls {
private_key_file = /etc/ssl/rad.pem
certificate_file = /etc/ssl/rad.pem
CA_file = /etc/ssl/ca.pem
dh_file = /etc/ssl/rad.dh
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
check_crl = yes
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
modules {
pap {
encryption_scheme = md5
}
}
authorize {
preprocess
suffix
eap
files
sql
}
authenticate {
Auth-Type PAP {
pap
}
eap
}
users-file
DEFAULT Auth-Type = PAP
Fall-Through = 0
END OF CONFIG -
smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS MD5 hashed Passwords in MySQL Database for WPA-802.1x auth
Christian Poessinger [EMAIL PROTECTED] wrote: As I have to use the SQL attribute field with 'Crypt-Password' in it Why? Why not just change that? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS MD5 hashed Passwords in MySQL Database for WPA-802.1x auth
Hello,
I'm trying to setup a System to authenticate WLAN users via EAP-TTLS with
md5 crypted passwords, stored in a sql database.
I'm using MySQL as the Backend and it works great when the passwords are
stored in cleartext or UNIX crypt. When i convert the password from crypt to
md5 and change pap encryption_scheme to md5 it doen't work anymore. As I
have to use the SQL attribute field with 'Crypt-Password' in it, it seems
that it wants to use crypt passwords and not md5. I tried to change it to
'md5-password' but well ... that wasn't the answer.
Here is the error:
-
modcall: entering group PAP for request 4
rlm_pap: login attempt by foo with password bar
rlm_pap: Crypt-Password attribute but encryption scheme is not set to CRYPT
modcall[authenticate]: module pap returns fail for request 4
modcall: leaving group PAP (returns fail) for request 4
auth: Failed to validate the user.
TTLS: Got tunneled reply RADIUS code 3
TTLS: Got tunneled Access-Reject
-
Anyone has an Idea how to use the MD5 hashed Passwords in the Database with
EAP-TTLS for authentication? I appended my radius configuration. Thanks.
--- CONFIG
eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
leap {
}
tls {
private_key_file = /etc/ssl/rad.pem
certificate_file = /etc/ssl/rad.pem
CA_file = /etc/ssl/ca.pem
dh_file = /etc/ssl/rad.dh
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
check_crl = yes
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
modules {
pap {
encryption_scheme = md5
}
}
authorize {
preprocess
suffix
eap
files
sql
}
authenticate {
Auth-Type PAP {
pap
}
eap
}
users-file
DEFAULT Auth-Type = PAP
Fall-Through = 0
END OF CONFIG -
smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
