-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All I am looking for is simple authentication against MD5 passwords
in a MySQL database.
When I try to authenticate I get the following..
<snip from -X logging >
rad_recv: Access-Request packet from host 127.0.0.1:32768, id=121,
length=67
User-Name = "mheitland"
User-Password = "praise"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
radius_xlat: 'mheitland'
rlm_sql (sql): sql_set_user escaped user --> 'mheitland'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'mheitland' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgr
oupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'mheitland' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'mheitland' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgr
oupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'mheitland' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
- --- Walking the entire request list ---
Waking up in 1 seconds...
- --- Walking the entire request list ---
Waking up in 1 seconds...
- --- Walking the entire request list ---
Sending Access-Reject of id 121 to 127.0.0.1:32768
Waking up in 4 seconds...
- --- Walking the entire request list ---
Cleaning up request 0 ID 121 with timestamp 3f72a48f
</snip>
<snip radius.conf >
modules {
pap {
encryption_scheme = MD5
}
chap {
authtype = MD5
use_mppe = yes
require_encryption = yes
require_strong = yes
encryption_scheme = md5
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
md5 {
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
}
instantiate {
expr
}
authorize {
preprocess
chap
#suffix
sql
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
}
preacct {
preprocess
#suffix
#files
}
accounting {
acct_unique
detail
unix
sql
radutmp
}
session {
radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {
#eap
}
< mysql layout >
mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
| 3 | bronze | Auth-Type | := | MD5 |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)
mysql> select * from radcheck;
+----+-----------+---------------+----+-------------------------------
- - -----+
| id | UserName | Attribute | op | Value
| |
+----+-----------+---------------+----+-------------------------------
- - -----+
| 1 | mheitland | User-Password | := |
| $1$oSUNRvDS$RtN9mvQk5gTGtTTInrkq50 |
+----+-----------+---------------+----+-------------------------------
- - -----+
1 row in set (0.00 sec)
mysql> select * from usergroup;
+----+-----------+-----------+
| id | UserName | GroupName |
+----+-----------+-----------+
| 1 | mheitland | bronze |
+----+-----------+-----------+
1 row in set (0.00 sec)
mysql> select * from radreply;
+----+-----------+-------------------+----+---------+
| id | UserName | Attribute | op | Value |
+----+-----------+-------------------+----+---------+
| 1 | mheitland | Framed-IP-Address | := | 1.2.3.4 |
+----+-----------+-------------------+----+---------+
1 row in set (0.01 sec)
mysql> select * from radgroupreply;
+----+-----------+-----------+----+-------+------+
| id | GroupName | Attribute | op | Value | prio |
+----+-----------+-----------+----+-------+------+
| 4 | bronze | Auth-Type | := | MD5 | 0 |
+----+-----------+-----------+----+-------+------+
1 row in set (0.00 sec)
Regards,
Mike
- -------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQA/AwUBP3M/DpGsAsIUPHd7EQLq0QCeLLSdkTpwL6foBEoNZwD5NSerbSEAoOzI
gwxFTuhAOgGAL3/YxCN6gOqK
=3f5j
-----END PGP SIGNATURE-----
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
