Date: Wed, 17 Sep 2003 04:58:28 +0200 From: Martin Jessa <freebsd@yazzy.org> To: lambert@lambertfam.org Cc: freebsd-isp@freebsd.org Subject: Re: FreeRadius and md5 hashed passwords Message-ID: <20030917045828.4c7f7ec9.freebsd@yazzy.org> In-Reply-To: <20030917022435.GA14843@laptop.lambertfam.org> References: <20030917030343.52426383.freebsd@yazzy.org> <20030917022435.GA14843@laptop.lambertfam.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Scott, guys.
I am stucked. I made some changes in the config file and added Auth-Type to the radgroupcheck table (which was previously empty) and now I cannot authenticate at all.
Seems like the problem is somewhere else.
My radiusd.conf:
modules {
mschap {
authtype = MD5
use_mppe = yes
require_encryption = yes
require_strong = yes
encryption_scheme = md5
}
authorize {
preprocess
suffix
sql
}
authenticate {
authtype MD5 {
mschap
}
}
mysql> select * from radgroupreply;
+----+-----------+-------------------+----+-----------------+------+
| id | GroupName | Attribute | op | Value | prio |
+----+-----------+-------------------+----+-----------------+------+
| 1 | user | Framed-IP-Netmask | := | 255.255.255.0 | 0 |
| 2 | user | Framed-IP-Address | := | 255.255.255.254 | 0 |
| 3 | user | Service-Type | := | Framed-User | 0 |
| 4 | user | Auth-Type | := | Local | 0 |
+----+-----------+-------------------+----+-----------------+------+
mysql> select * from usergroup;
+----+-----------------+-----------+
| id | UserName | GroupName |
+----+-----------------+-----------+
| 1 | yazzy@yazzy.org | user |
+----+-----------------+-----------+
mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
| 1 | user | Auth-Type | := | MD5 |
+----+-----------+-----------+----+-------+
mysql> select * from radcheck;
+----+-----------------+---------------+----+----------------+
| id | UserName | Attribute | op | Value |
+----+-----------------+---------------+----+----------------+
| 1 | yazzy@yazzy.org | User-Password | := | $1$bc8bf6f2fd343cab9d387d5dcc777be3 |
+----+-----------------+---------------+----+----------------+
Then running:
radtest yazzy@yazzy.org my_pass 127.0.0.1 1812 radius_pass 127.0.0.1
i get following error:
rad_recv: Access-Request packet from host 127.0.0.1:57048, id=44, length=73
User-Name = "yazzy@yazzy.org"
User-Password = "my_pass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "mschap" returns notfound
rlm_realm: Looking up realm yazzy.org for User-Name = "yazzy@yazzy.org"
rlm_realm: Found realm DEFAULT
rlm_realm: Adding Stripped-User-Name = "yazzy"
rlm_realm: Proxying request from user yazzy to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.
***SNIP***
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MD5
auth: type "MD5"
modcall: entering group authtype
rlm_mschap: No LM/NT password configured. Check authorization.
modcall[authenticate]: module "mschap" returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Any idea how to fix that and what can be wrong?
On Tue, 16 Sep 2003 22:24:35 -0400
Scott Lambert <lambert@lambertfam.org> wrote:
> On Wed, Sep 17, 2003 at 03:03:43AM +0200, Martin Jessa wrote:
> > Hi guys.
> >
> > I have set up freeradius with authentication agains MySQL.
> > I have poptop talking to the radius server and in that way authenticating my users.
> > The problem is I cannot make the radius server read md5 encrypted passwords, only plain text.
> > Any idea what to do to make it read md5 passwords?
> > Example of the password table:
> >
> > table 'radcheck' :
> >
> > Cleartext (works):
> > INSERT INTO radcheck VALUES (2,'test@yazzy.org','User-Password',':=','12233445');
> >
> > MD5 (no love):
> > INSERT INTO radcheck VALUES (3,'test@yazzy.org','User-Password',':=','bc8bf6f2fd343cab9d387d5dcc777be3');
>
> I think you are missing the salt.
>
> This is an MD5 cryptpassword of your example cleartext password:
>
> $1$HuVWpRMf$dmUeqUO15b9HGbDmmki6W.
>
>
> --
> Scott Lambert KC5MLE Unix SysAdmin
> lambert@lambertfam.org
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030917045828.4c7f7ec9.freebsd>