Re: FreeRadius and md5 hashed passwords

• Previous message: Scott Lambert: "Re: FreeRadius and md5 hashed passwords"
• In reply to: Scott Lambert: "Re: FreeRadius and md5 hashed passwords"
• Next in thread: Andrew Thompson: "Re: FreeRadius and md5 hashed passwords"
• Reply: Andrew Thompson: "Re: FreeRadius and md5 hashed passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 17 Sep 2003 04:58:28 +0200
To: lambert@lambertfam.org

Hi Scott, guys.

I am stucked. I made some changes in the config file and added Auth-Type to the radgroupcheck table (which was previously empty) and now I cannot authenticate at all.
Seems like the problem is somewhere else.

My radiusd.conf:

modules {
        mschap {
                authtype = MD5
                        use_mppe = yes
                        require_encryption = yes
                        require_strong = yes
                        encryption_scheme = md5
        }

authorize {
        
        preprocess
        suffix
        sql
}

authenticate {
        authtype MD5 {
        mschap
        }
}

mysql> select * from radgroupreply;
+----+-----------+-------------------+----+-----------------+------+
| id | GroupName | Attribute | op | Value | prio |
+----+-----------+-------------------+----+-----------------+------+
| 1 | user | Framed-IP-Netmask | := | 255.255.255.0 | 0 |
| 2 | user | Framed-IP-Address | := | 255.255.255.254 | 0 |
| 3 | user | Service-Type | := | Framed-User | 0 |
| 4 | user | Auth-Type | := | Local | 0 |
+----+-----------+-------------------+----+-----------------+------+

mysql> select * from usergroup;
+----+-----------------+-----------+
| id | UserName | GroupName |
+----+-----------------+-----------+
| 1 | yazzy@yazzy.org | user |
+----+-----------------+-----------+

mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
| 1 | user | Auth-Type | := | MD5 |
+----+-----------+-----------+----+-------+

mysql> select * from radcheck;
+----+-----------------+---------------+----+----------------+
| id | UserName | Attribute | op | Value |
+----+-----------------+---------------+----+----------------+
| 1 | yazzy@yazzy.org | User-Password | := | $1$bc8bf6f2fd343cab9d387d5dcc777be3 |
+----+-----------------+---------------+----+----------------+

Then running:
radtest yazzy@yazzy.org my_pass 127.0.0.1 1812 radius_pass 127.0.0.1

i get following error:

rad_recv: Access-Request packet from host 127.0.0.1:57048, id=44, length=73
        User-Name = "yazzy@yazzy.org"
        User-Password = "my_pass"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
        Framed-Protocol = PPP
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "mschap" returns notfound
    rlm_realm: Looking up realm yazzy.org for User-Name = "yazzy@yazzy.org"
    rlm_realm: Found realm DEFAULT
    rlm_realm: Adding Stripped-User-Name = "yazzy"
  rlm_realm: Proxying request from user yazzy to realm DEFAULT
    rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.

***SNIP***

rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
  rad_check_password: Found Auth-Type MD5
auth: type "MD5"
modcall: entering group authtype
rlm_mschap: No LM/NT password configured. Check authorization.
  modcall[authenticate]: module "mschap" returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4

Any idea how to fix that and what can be wrong?

On Tue, 16 Sep 2003 22:24:35 -0400
Scott Lambert <lambert@lambertfam.org> wrote:

> On Wed, Sep 17, 2003 at 03:03:43AM +0200, Martin Jessa wrote:
> > Hi guys.
> >
> > I have set up freeradius with authentication agains MySQL.
> > I have poptop talking to the radius server and in that way authenticating my users.
> > The problem is I cannot make the radius server read md5 encrypted passwords, only plain text.
> > Any idea what to do to make it read md5 passwords?
> > Example of the password table:
> >
> > table 'radcheck' :
> >
> > Cleartext (works):
> > INSERT INTO radcheck VALUES (2,'test@yazzy.org','User-Password',':=','12233445');
> >
> > MD5 (no love):
> > INSERT INTO radcheck VALUES (3,'test@yazzy.org','User-Password',':=','bc8bf6f2fd343cab9d387d5dcc777be3');
>
> I think you are missing the salt.
>
> This is an MD5 cryptpassword of your example cleartext password:
>
> $1$HuVWpRMf$dmUeqUO15b9HGbDmmki6W.
>
>
> --
> Scott Lambert KC5MLE Unix SysAdmin
> lambert@lambertfam.org
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Scott Lambert: "Re: FreeRadius and md5 hashed passwords"
• In reply to: Scott Lambert: "Re: FreeRadius and md5 hashed passwords"
• Next in thread: Andrew Thompson: "Re: FreeRadius and md5 hashed passwords"
• Reply: Andrew Thompson: "Re: FreeRadius and md5 hashed passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]