Jonathan Wong wrote: > I am running Freeradius 1.1.4, MySQL, MD5, and PAP.
Upgrade to 1.1.7. > Another weird thing is when I have PAP and MD5 set, and I do not have > a radgroupcheck entry for my group, I can get authenticated by putting > the MD5 Hash as my password. For example, if my MD5 hash was "abcd…", > I would have to use "abcd…" as my password, and I would get an > access-accept. Because it's not processing the password as an MD5 hash. It's processing the password as a text string. Upgrade to 1.1.7, and make sure you have the *correct* configuration for the "pap" module. There are some new configuration items, so go read the comments in radiusd.conf. Also make sure that "pap" is listed *last* in the "authorize" section, just like with the default radiusd.conf in 1.1.7. Then, update your DB: > +----+----------+-----------+----+----------------------------------+ > > | 36 | stryker8 | Password | := | 5f4dcc3b5aa765d61d8327deb882cf99 | > > +----+----------+-----------+----+----------------------------------+ Change "Password" to "MD5-Password". > rlm_sql: Failed to create the pair: Unknown attribute "MD5-Password" You upgraded to 1.1.4 from an older version, and aren't using the new dictionaries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
