Re: [Help-gnu-radius] Radauth

[Sergey Poznyakoff]

Charles Sprickman <address@hidden> wrote:

> On Fri, 25 Jun 2004, Georges EL OJAIMI wrote:
> 
> > I also tried to set the authentication type inside of the 'users' in
> > (/usr/local/etc/raddb) with no luck.
> > - Can somebody give me a sample structure of this file for users to be
> > authenticating on MySQL?
> 
> I think your problem with the encrypted password is that you need to use a
> standard DES or MD5 crypted password, not MySQL's own crypt function.

That's right. MySQL password() function creates a MySQL's own *two-way*
hash. To create a valid DES or MD5 hash (that's what Radius is
expecting), use ENCRYPT() function. Please refer to MySQL docs for its
detailed description.

> Cutting and pasting a password from a standard unix password file should
> give you something to test with.

Quite right.

On Fri, 25 Jun 2004, Georges EL OJAIMI wrote:
 
> - How can I define the type of the
> password (Encrypted or not -- and what algorithm should I use)?

There are (basically) two password types: plaintext and encrypted
(DES or MD5 -- Radius doesn't care). These are declared by

Auth-Type = Local     (for plaintext passwords)

and

Auth-Type = Crypt-Local (for encrypted ones)

Optional Password-Location attributes specifies where exactly
the password is stored. For an SQL database:

Auth-Type = Local, Password-Location = SQL

means your SQL authentication table keeps a plaintext password value,
whereas

Auth-Type = Crypt-Local, Password-Location = SQL

means your SQL authentication table keeps a MD5 or DES (*not* MySQL
password()!) hash of the password.

As a shorthand and for compatibility with previous versions, the latter
declaration may also be written as `Auth-Type = SQL'.


Regards,
Sergey