Hi Doris:

I tried again but the problem persiste. I ran radius in debug mode and this is the output:

rad_recv: Access-Request packet from host 10.250.1.1:1645, id=55, length=76
        NAS-IP-Address = 10.250.1.1
        NAS-Port = 1
        NAS-Port-Type = Async
        User-Name = "cisco"
        CHAP-Password = 0x1d4cf1f5afcc05956d50d493b34cf5f2cb
        Service-Type = Framed-User
        Framed-Protocol = PPP
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "cisco", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
radius_xlat:  'cisco'
rlm_sql (sql): sql_set_user escaped user --> 'cisco'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'cisco' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'cisco' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'cisco' ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'cisco' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
  rlm_chap: login attempt by "cisco" with CHAP password
  rlm_chap: Could not find clear text password for user cisco
  modcall[authenticate]: module "chap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 55 to 10.250.1.1:1645
        Cisco-AVPair = "lcp:callback-dialstring="
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 55 with timestamp 4177ccb4
Nothing to do.  Sleeping until we see a request.

freeradius always expect to find password in clear text?. Any ideas?

Thank you.

EDWIN LIMACHI N.
ENTEL - Operaciones y Mantenimiento
Regional La Paz
TSE - INFONET BOLIVIA
Phone. 591-2-2123978
Movil: 591-715-29967
Fax: 591-2-2123975  





Dustin Doris <[EMAIL PROTECTED]>
Enviado por: [EMAIL PROTECTED]

21/10/2004 10:31

Por favor, responda a
[EMAIL PROTECTED]

Para
[EMAIL PROTECTED]
cc
Asunto
Re: Password Encryption






> Dera list:
>
> I�m working with PPP Dial-In connections to a Cisco box with CHAP
> authentication. My users are authenticated through Radius server
> (freeradius 1.0.1) and the user profiles are load in a MySQL database
> created with the script provided in a freeradius.tar.gz file. All is
> working fine. However all passwords are in clear text and I�d like to work
> with Encrypted password.
> For a first test I filled the radcheck table with this mysql sentence:
>
> insert into radcheck (Username,Attribute,op,Value) Values
> ('my_user','User-Password','==',ENCRYT('my_password'));

I believe you need to change it from User-Password to Crypt-Password in
mysql.

('my_user', 'Crypt-Password', '==', ENCRYPT('my_password')


Hope that helps.

Dusty Doris


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to