[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] Problem related to Authentication
|
From: |
Sergey Poznyakoff |
|
Subject: |
Re: [Help-gnu-radius] Problem related to Authentication |
|
Date: |
Wed, 12 Mar 2003 15:57:51 +0200 |
Hello,
> What wrong with my RADIUS server?
Take a look at your database record:
> +-----------+------------+----------+--------+
> | user_name | service | password | active |
> +-----------+------------+----------+--------+
> | farooq | Framed-User| 123456 | Y |
> +-----------+------------+----------+--------+
What's wrong here is that you have your password in plaintext, whereas
your users profile implies it is encrypted. That's probably the most
frequently committed mistake.
If you use Auth-Type = SQL in your raddb/users, then your SQL
database must keep the MD5 or DES encrypted password, not a
plaintext one (Use MySQL function ENCRYPT() to produce a sutable
hash).
Otherwise, if you plan to use plaintext passwords in your database,
you should use 'Auth-Type = Local, Password-Location = SQL'.
You may find useful the following links:
Description of Auth-Type = SQL:
http://www.gnu.org/software/radius/manual/html_chapter/radius_10.html#SEC85
Description of SQL authentication:
http://www.gnu.org/software/radius/manual/html_chapter/radius_10.html#SEC83
Use of plaintext passwords:
http://www.gnu.org/software/radius/manual/html_chapter/radius_10.html#SEC82
Notice also the following inconsistencies in your setup:
> mysql> select * from attrib;
> +-----------+-------------------+-----------+------+
> | user_name | attr | value | op |
> +-----------+-------------------+-----------+------+
> | farooq | NAS-IP-ADDRESS |172.17.1.86| NULL |
There is no use returning NAS-IP-Address to the NAS. It will simply be
ignored.
> | farooq | Framed-IP-Address | NULL | NULL |
Avoid using NULL values in attrib table.
Regards,
Sergey