) > So, please impart the knowledge unto me, what incantation ) > in SQL or configuration must I utter to authenticate ) > against these hashes?
) Just make the attribute field in the radcheck record 'Crypt-Password' Still no joy. Here is the full output of what I've done. # cat davec User-Name = davec User-Password = password # echo -n "password" | md5sum 5f4dcc3b5aa765d61d8327deb882cf99 - radius=# select * from radcheck where id = 2; id | username | attribute | value | op ----+----------+----------------+----------------------------------+---- 2 | davec | Crypt-Password | 5f4dcc3b5aa765d61d8327deb882cf99 | (1 row) # cat davec | radclient localhost:21812 auth testing123 Received response ID 125, code 3, length = 20 (radiusd -x output below) rad_recv: Access-Request packet from host 127.0.0.1:32771, id=144, length=45 User-Name = "davec" User-Password = "\333\253\375\362\353)\237Y\333\336\005c\t\232e1" rlm_sql: Reserving sql socket id: 1 query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'davec' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'davec' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = query: SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'davec' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'davec' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = query: SELECT Value,Attribute FROM radcheck WHERE UserName = 'davec' AND Attribute = 'Crypt-Password' ORDER BY Attribute DESC rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = rlm_sql: Released sql socket id: 1 Login incorrect: [davec/password] (from client localhost port 0) rad_recv: Access-Request packet from host 127.0.0.1:32771, id=144, length=45 Sending Access-Reject of id 144 to 127.0.0.1:32771 Then I change the query back to look for User-Password OR Crypt-Password: (radiusd -x) rad_recv: Access-Request packet from host 127.0.0.1:32771, id=161, length=45 User-Name = "davec" User-Password = "\265\261\322\204AM\340#\315\215\001o\003};x" rlm_sql: Reserving sql socket id: 4 query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'davec' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'davec' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = query: SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'davec' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'davec' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = query: SELECT Value,Attribute FROM radcheck WHERE UserName = 'davec' AND ( Attribute = 'User-Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = rlm_sql: Released sql socket id: 4 Login incorrect: [davec/password] (from client localhost port 0) rad_recv: Access-Request packet from host 127.0.0.1:32771, id=161, length=45 Sending Access-Reject of id 161 to 127.0.0.1:32771 I see that last query returns 'affected rows = '. I can assert that it works for a plaintext user... Any more ideas, or do you need more information? Dave -- Dave Logan "NO! Try not! Do. Or do not." -- Yoda - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
