Hello, I'm trying to setup a System to authenticate WLAN users via EAP-TTLS with md5 crypted passwords, stored in a sql database.
I'm using MySQL as the Backend and it works great when the passwords are stored in cleartext or UNIX crypt. When i convert the password from crypt to md5 and change pap encryption_scheme to md5 it doen't work anymore. As I have to use the SQL attribute field with 'Crypt-Password' in it, it seems that it wants to use crypt passwords and not md5. I tried to change it to 'md5-password' but well ... that wasn't the answer. Here is the error: --------- modcall: entering group PAP for request 4 rlm_pap: login attempt by "foo" with password bar rlm_pap: Crypt-Password attribute but encryption scheme is not set to CRYPT modcall[authenticate]: module "pap" returns fail for request 4 modcall: leaving group PAP (returns fail) for request 4 auth: Failed to validate the user. TTLS: Got tunneled reply RADIUS code 3 TTLS: Got tunneled Access-Reject --------- Anyone has an Idea how to use the MD5 hashed Passwords in the Database with EAP-TTLS for authentication? I appended my radius configuration. Thanks. ----------- CONFIG ------------ eap { default_eap_type = ttls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no leap { } tls { private_key_file = /etc/ssl/rad.pem certificate_file = /etc/ssl/rad.pem CA_file = /etc/ssl/ca.pem dh_file = /etc/ssl/rad.dh random_file = /dev/urandom fragment_size = 1024 include_length = yes check_crl = yes } ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no } peap { default_eap_type = mschapv2 } mschapv2 { } } modules { pap { encryption_scheme = md5 } } authorize { preprocess suffix eap files sql } authenticate { Auth-Type PAP { pap } eap } users-file DEFAULT Auth-Type = PAP Fall-Through = 0 -------- END OF CONFIG -------------
smime.p7s
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html