From owner-freebsd-isp@FreeBSD.ORG Tue Sep 16 20:19:13 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EACE416A4B3 for ; Tue, 16 Sep 2003 20:19:13 -0700 (PDT) Received: from mail.yazzy.org (yazzy.org [217.8.140.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id A906943FB1 for ; Tue, 16 Sep 2003 20:19:12 -0700 (PDT) (envelope-from freebsd@yazzy.org) Received: from localhost (localhost [127.0.0.1]) by mail.yazzy.org (Postfix) with ESMTP id 911DE3986E; Wed, 17 Sep 2003 05:19:07 +0200 (CEST) Received: from mail.yazzy.org ([127.0.0.1]) by localhost (urukhai.yazzy.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60380-06; Wed, 17 Sep 2003 05:19:06 +0200 (CEST) Received: from yazzy.solheim (yazzy [192.168.98.11]) by mail.yazzy.org (Postfix) with SMTP id 23B423986D; Wed, 17 Sep 2003 05:19:03 +0200 (CEST) Date: Wed, 17 Sep 2003 04:58:28 +0200 From: Martin Jessa To: lambert@lambertfam.org Message-Id: <20030917045828.4c7f7ec9.freebsd@yazzy.org> In-Reply-To: <20030917022435.GA14843@laptop.lambertfam.org> References: <20030917030343.52426383.freebsd@yazzy.org> <20030917022435.GA14843@laptop.lambertfam.org> Organization: WRS ASA X-Mailer: Sylpheed version 0.9.0claws (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: FreeRadius and md5 hashed passwords X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2003 03:19:14 -0000 Hi Scott, guys. I am stucked. I made some changes in the config file and added Auth-Type to the radgroupcheck table (which was previously empty) and now I cannot authenticate at all. Seems like the problem is somewhere else. My radiusd.conf: modules { mschap { authtype = MD5 use_mppe = yes require_encryption = yes require_strong = yes encryption_scheme = md5 } authorize { preprocess suffix sql } authenticate { authtype MD5 { mschap } } mysql> select * from radgroupreply; +----+-----------+-------------------+----+-----------------+------+ | id | GroupName | Attribute | op | Value | prio | +----+-----------+-------------------+----+-----------------+------+ | 1 | user | Framed-IP-Netmask | := | 255.255.255.0 | 0 | | 2 | user | Framed-IP-Address | := | 255.255.255.254 | 0 | | 3 | user | Service-Type | := | Framed-User | 0 | | 4 | user | Auth-Type | := | Local | 0 | +----+-----------+-------------------+----+-----------------+------+ mysql> select * from usergroup; +----+-----------------+-----------+ | id | UserName | GroupName | +----+-----------------+-----------+ | 1 | yazzy@yazzy.org | user | +----+-----------------+-----------+ mysql> select * from radgroupcheck; +----+-----------+-----------+----+-------+ | id | GroupName | Attribute | op | Value | +----+-----------+-----------+----+-------+ | 1 | user | Auth-Type | := | MD5 | +----+-----------+-----------+----+-------+ mysql> select * from radcheck; +----+-----------------+---------------+----+----------------+ | id | UserName | Attribute | op | Value | +----+-----------------+---------------+----+----------------+ | 1 | yazzy@yazzy.org | User-Password | := | $1$bc8bf6f2fd343cab9d387d5dcc777be3 | +----+-----------------+---------------+----+----------------+ Then running: radtest yazzy@yazzy.org my_pass 127.0.0.1 1812 radius_pass 127.0.0.1 i get following error: rad_recv: Access-Request packet from host 127.0.0.1:57048, id=44, length=73 User-Name = "yazzy@yazzy.org" User-Password = "my_pass" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "mschap" returns notfound rlm_realm: Looking up realm yazzy.org for User-Name = "yazzy@yazzy.org" rlm_realm: Found realm DEFAULT rlm_realm: Adding Stripped-User-Name = "yazzy" rlm_realm: Proxying request from user yazzy to realm DEFAULT rlm_realm: Adding Realm = "DEFAULT" rlm_realm: Authentication realm is LOCAL. ***SNIP*** rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type MD5 auth: type "MD5" modcall: entering group authtype rlm_mschap: No LM/NT password configured. Check authorization. modcall[authenticate]: module "mschap" returns invalid modcall: group authtype returns invalid auth: Failed to validate the user. Delaying request 4 for 1 seconds Finished request 4 Any idea how to fix that and what can be wrong? On Tue, 16 Sep 2003 22:24:35 -0400 Scott Lambert wrote: > On Wed, Sep 17, 2003 at 03:03:43AM +0200, Martin Jessa wrote: > > Hi guys. > > > > I have set up freeradius with authentication agains MySQL. > > I have poptop talking to the radius server and in that way authenticating my users. > > The problem is I cannot make the radius server read md5 encrypted passwords, only plain text. > > Any idea what to do to make it read md5 passwords? > > Example of the password table: > > > > table 'radcheck' : > > > > Cleartext (works): > > INSERT INTO radcheck VALUES (2,'test@yazzy.org','User-Password',':=','12233445'); > > > > MD5 (no love): > > INSERT INTO radcheck VALUES (3,'test@yazzy.org','User-Password',':=','bc8bf6f2fd343cab9d387d5dcc777be3'); > > I think you are missing the salt. > > This is an MD5 cryptpassword of your example cleartext password: > > $1$HuVWpRMf$dmUeqUO15b9HGbDmmki6W. > > > -- > Scott Lambert KC5MLE Unix SysAdmin > lambert@lambertfam.org > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"