RE: Save Passwords Encrypted in DB

Nasser Heidari Mon, 06 Sep 2010 11:25:24 -0700

r...@tradius:~# cat /etc/raddb/users 
DEFAULT Auth-Type := Local, Simultaneous-Use := 1
        Fall-Through = Yes
 
------------------------------------------
 
r...@tradius:~# radtest nasser plainpass 127.0.0.1:1812 1700 adminsecret
Sending Access-Request of id 155 to 127.0.0.1 port 1812
        User-Name = "nasser"
        User-Password = "plainpass"
        NAS-IP-Address = 192.168.7.254
        NAS-Port = 1700
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=155, length=20


------------------------------------------

rad_recv: Access-Request packet from host 127.0.0.1 port 49986, id=155, 
length=65
        User-Name = "nasser"
        User-Password = "plainpass"
        NAS-IP-Address = 192.168.7.254
        NAS-Port = 1700
Tue Sep  7 10:39:22 2010 : Info: +- entering group authorize {...}
Tue Sep  7 10:39:22 2010 : Info: ++[preprocess] returns ok
Tue Sep  7 10:39:22 2010 : Info: [files] users: Matched entry DEFAULT at line 1
Tue Sep  7 10:39:22 2010 : Info: ++[files] returns ok
Tue Sep  7 10:39:22 2010 : Info: [suffix] No '@' in User-Name = "nasser", 
looking up realm NULL
Tue Sep  7 10:39:22 2010 : Info: [suffix] No such realm "NULL"
Tue Sep  7 10:39:22 2010 : Info: ++[suffix] returns noop
Tue Sep  7 10:39:22 2010 : Info: [sql]     expand: %{User-Name} -> nasser
Tue Sep  7 10:39:22 2010 : Info: [sql] sql_set_user escaped user --> 'nasser'
Tue Sep  7 10:39:22 2010 : Debug: rlm_sql (sql): Reserving sql socket id: 19
Tue Sep  7 10:39:22 2010 : Info: [sql]     expand: call 
usercheck('%{SQL-User-Name}') -> call usercheck('nasser')
Tue Sep  7 10:39:22 2010 : Debug: rlm_sql_mysql: query:  call 
usercheck('nasser')
Tue Sep  7 10:39:22 2010 : Info: [sql] User found in radcheck table
Tue Sep  7 10:39:22 2010 : Info: [sql]     expand: call 
userreply('%{SQL-User-Name}') -> call userreply('nasser')
Tue Sep  7 10:39:22 2010 : Debug: rlm_sql_mysql: query:  call 
userreply('nasser')
Tue Sep  7 10:39:22 2010 : Debug: rlm_sql (sql): Released sql socket id: 19
Tue Sep  7 10:39:22 2010 : Info: ++[sql] returns ok
GOT CLONE -1219773760 0x86eea50
Tue Sep  7 10:39:22 2010 : Info: ++[logintime] returns noop
Tue Sep  7 10:39:22 2010 : Info: [reply_log]    expand: 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> 
/var/log/radius/radacct/127.0.0.1/reply-detail-20100907
Tue Sep  7 10:39:22 2010 : Info: [reply_log] 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to 
/var/log/radius/radacct/127.0.0.1/reply-detail-20100907
Tue Sep  7 10:39:22 2010 : Info: [reply_log]    expand: %t -> Tue Sep  7 
10:39:22 2010
Tue Sep  7 10:39:22 2010 : Info: ++[reply_log] returns ok
Tue Sep  7 10:39:22 2010 : Info: Found Auth-Type = Local
Tue Sep  7 10:39:22 2010 : Info: WARNING: Please update your configuration, and 
remove 'Auth-Type = Local'
Tue Sep  7 10:39:22 2010 : Info: WARNING: Use the PAP or CHAP modules instead.
Tue Sep  7 10:39:22 2010 : Info: User-Password in the request does NOT match 
"known good" password.
Tue Sep  7 10:39:22 2010 : Info: Failed to authenticate the user.
Tue Sep  7 10:39:22 2010 : Auth: Login incorrect: [nasser/plainpass] (from 
client admincheck port 1700)
Tue Sep  7 10:39:22 2010 : Info: Using Post-Auth-Type Reject
Tue Sep  7 10:39:22 2010 : Info: +- entering group REJECT {...}
Tue Sep  7 10:39:22 2010 : Info: ++[sql] returns ok
Tue Sep  7 10:39:22 2010 : Info: [reply_log]    expand: 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> 
/var/log/radius/radacct/127.0.0.1/reply-detail-20100907
Tue Sep  7 10:39:22 2010 : Info: [reply_log] 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to 
/var/log/radius/radacct/127.0.0.1/reply-detail-20100907
Tue Sep  7 10:39:22 2010 : Info: [reply_log]    expand: %t -> Tue Sep  7 
10:39:22 2010
Tue Sep  7 10:39:22 2010 : Info: ++[reply_log] returns ok
Tue Sep  7 10:39:22 2010 : Info: Delaying reject of request 0 for 3 seconds
Tue Sep  7 10:39:22 2010 : Debug: Going to the next request
Tue Sep  7 10:39:22 2010 : Debug: Waking up in 0.9 seconds.
Tue Sep  7 10:39:23 2010 : Debug: Waking up in 1.9 seconds.
Tue Sep  7 10:39:25 2010 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 155 to 127.0.0.1 port 49986
Tue Sep  7 10:39:25 2010 : Debug: Waking up in 9.9 seconds.
Tue Sep  7 10:39:35 2010 : Info: Cleaning up request 0 ID 155 with timestamp +17
Tue Sep  7 10:39:35 2010 : Info: Ready to process requests.
^C
r...@tradius:~# 

________________________________

From: [email protected] on behalf 
of Alan DeKok
Sent: Mon 9/6/2010 7:49 PM
To: FreeRadius users mailing list
Subject: Re: Save Passwords Encrypted in DB



Nasser Heidari wrote:
> But no success, also I add Password-With-Header := "{crypt}" to my
> sql.conf but no success !
> Do I missing something ?

  See the FAQ for "it doesn't work"

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

<<winmail.dat>>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Save Passwords Encrypted in DB

Reply via email to