FreeRadius and md5 hashed passwords

Martin Jessa freebsd at yazzy.org
Tue Sep 16 20:19:14 PDT 2003


Hi Scott, guys.

I am stucked. I made some changes in the config file and added Auth-Type to the radgroupcheck table (which was previously empty) and now I cannot authenticate at all.
Seems like the problem is somewhere else.

My radiusd.conf:

modules {
        mschap {
                authtype = MD5
                        use_mppe = yes
                        require_encryption = yes
                        require_strong = yes
                        encryption_scheme = md5
        }

authorize {
	
	preprocess
        suffix
        sql
}

authenticate {
        authtype MD5 {
        mschap   
        }
}




mysql> select * from radgroupreply;
+----+-----------+-------------------+----+-----------------+------+
| id | GroupName | Attribute         | op | Value           | prio |
+----+-----------+-------------------+----+-----------------+------+
|  1 | user      | Framed-IP-Netmask | := | 255.255.255.0   |    0 |
|  2 | user      | Framed-IP-Address | := | 255.255.255.254 |    0 |
|  3 | user      | Service-Type      | := | Framed-User     |    0 |
|  4 | user      | Auth-Type         | := | Local           |    0 |
+----+-----------+-------------------+----+-----------------+------+

mysql> select * from usergroup;
+----+-----------------+-----------+
| id | UserName        | GroupName |
+----+-----------------+-----------+
|  1 | yazzy at yazzy.org | user      |
+----+-----------------+-----------+

mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
|  1 | user      | Auth-Type | := | MD5   |
+----+-----------+-----------+----+-------+

mysql> select * from radcheck;
+----+-----------------+---------------+----+----------------+
| id | UserName        | Attribute     | op | Value          |
+----+-----------------+---------------+----+----------------+
|  1 | yazzy at yazzy.org | User-Password | := | $1$bc8bf6f2fd343cab9d387d5dcc777be3                         |
+----+-----------------+---------------+----+----------------+

Then running:
radtest yazzy at yazzy.org my_pass 127.0.0.1 1812 radius_pass 127.0.0.1

i get following error:



rad_recv: Access-Request packet from host 127.0.0.1:57048, id=44, length=73
        User-Name = "yazzy at yazzy.org"
        User-Password = "my_pass"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
        Framed-Protocol = PPP
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "mschap" returns notfound
    rlm_realm: Looking up realm yazzy.org for User-Name = "yazzy at yazzy.org"
    rlm_realm: Found realm DEFAULT
    rlm_realm: Adding Stripped-User-Name = "yazzy"
  rlm_realm: Proxying request from user yazzy to realm DEFAULT
    rlm_realm: Adding Realm = "DEFAULT"
rlm_realm:  Authentication realm is LOCAL.

***SNIP***

rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type MD5
auth: type "MD5"
modcall: entering group authtype
rlm_mschap: No LM/NT password configured. Check authorization.
  modcall[authenticate]: module "mschap" returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4

Any idea how to fix that and what can be wrong?



On Tue, 16 Sep 2003 22:24:35 -0400
Scott Lambert <lambert at lambertfam.org> wrote:

> On Wed, Sep 17, 2003 at 03:03:43AM +0200, Martin Jessa wrote:
> > Hi guys.
> > 
> > I have set up freeradius with authentication agains MySQL.
> > I have poptop talking to the radius server and in that way authenticating my users.
> > The problem is I cannot make the radius server read md5 encrypted passwords, only plain text.
> > Any idea what to do to make it read md5 passwords?
> > Example of the password table:
> > 
> > table 'radcheck' :
> > 
> > Cleartext (works):
> > INSERT INTO radcheck VALUES (2,'test at yazzy.org','User-Password',':=','12233445');
> > 
> > MD5 (no love):
> > INSERT INTO radcheck VALUES (3,'test at yazzy.org','User-Password',':=','bc8bf6f2fd343cab9d387d5dcc777be3');
> 
> I think you are missing the salt.
> 
> This is an MD5 cryptpassword of your example cleartext password:
> 
> $1$HuVWpRMf$dmUeqUO15b9HGbDmmki6W.
> 
> 
> -- 
> Scott Lambert                    KC5MLE                       Unix SysAdmin
> lambert at lambertfam.org      
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"




More information about the freebsd-isp mailing list