To all, I am finally attempting to upgrade from version 1.1.3 to 1.1.5 and have encountered an issue when attempting to use pap to authenticate users with the new auto_header feature. The Cisco NAS I have used over the past three years has always sent the user password to FreeRADIUS in clear-text, and then I would have encryption_scheme set to MD5 to compare the sent password to the MD5 value in the database.
This no longer seems to work, as FreeRADIUS seems to be attempting to compare the clear-text password with the MD5 password returned from the database. I'm guessing it's an oversight on my end, and wanted to see if anyone on this list noticed anything. I have included portions of my radiusd.conf and users files which are pertinent to this issue. users //---------- DEFAULT NAS-IP-Address == "192.168.1.1", Autz-Type := sql1 DEFAULT NAS-IP-Address == "192.168.2.1", Autz-Type := sql2 radiusd.conf //---------- modules { pap { auto_header = yes } } authorize { preprocess autztype sql1 { sql } autztype sql2 { sql2 } files pap } authenticate { Auth-Type PAP { pap } } rad_recv: Access-Request packet from host 192.168.1.1:32805, id=3, length=70 User-Name = "test.user" User-Password = "testpassword" CVPN3000-Auth-Server-Priority = 2 NAS-IP-Address = 192.168.1.1 NAS-Port-Type = Virtual Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched entry DEFAULT at line 151 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 Found Autz-Type sql1 Processing the authorize section of radiusd.conf modcall: entering group sql1 for request 0 radius_xlat: 'test.user' rlm_sql (sql): sql_set_user escaped user --> 'test.user' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE UserName = '265100' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 9 radius_xlat: '' radius_xlat: '' radius_xlat: '' rlm_sql (sql): Released sql socket id: 9 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group sql1 (returns ok) for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [test.user/testpassword] (from client 192.168.1.1 port 0) Delaying request 0 for 2 seconds Finished request 0 Thanks in advance, Chris DeRamus HQ VPN Administrator SAIC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html