[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] Radauth
From: |
Georges EL OJAIMI |
Subject: |
Re: [Help-gnu-radius] Radauth |
Date: |
Fri, 25 Jun 2004 01:51:56 +0200 |
Guys.. I am stucked!!
It is giving me always 'FAIL'
This is the structure of my 'users' file exactly (where 'testing' is the
username and 'password' is my password)
testing Auth-Type = Local, User-Password = "password",
Password-Location = SQL,
Service-Type = Frame-User,
Session-Timeout = 0,
Idle-Timeout = 0
I want a simple authentication to succeed before switching to the encrypted one!
Where is the error?
Sergey Poznyakoff wrote:
> Charles Sprickman <address@hidden> wrote:
>
> > On Fri, 25 Jun 2004, Georges EL OJAIMI wrote:
> >
> > > I also tried to set the authentication type inside of the 'users' in
> > > (/usr/local/etc/raddb) with no luck.
> > > - Can somebody give me a sample structure of this file for users to be
> > > authenticating on MySQL?
> >
> > I think your problem with the encrypted password is that you need to use a
> > standard DES or MD5 crypted password, not MySQL's own crypt function.
>
> That's right. MySQL password() function creates a MySQL's own *two-way*
> hash. To create a valid DES or MD5 hash (that's what Radius is
> expecting), use ENCRYPT() function. Please refer to MySQL docs for its
> detailed description.
>
> > Cutting and pasting a password from a standard unix password file should
> > give you something to test with.
>
> Quite right.
>
> On Fri, 25 Jun 2004, Georges EL OJAIMI wrote:
>
> > - How can I define the type of the
> > password (Encrypted or not -- and what algorithm should I use)?
>
> There are (basically) two password types: plaintext and encrypted
> (DES or MD5 -- Radius doesn't care). These are declared by
>
> Auth-Type = Local (for plaintext passwords)
>
> and
>
> Auth-Type = Crypt-Local (for encrypted ones)
>
> Optional Password-Location attributes specifies where exactly
> the password is stored. For an SQL database:
>
> Auth-Type = Local, Password-Location = SQL
>
> means your SQL authentication table keeps a plaintext password value,
> whereas
>
> Auth-Type = Crypt-Local, Password-Location = SQL
>
> means your SQL authentication table keeps a MD5 or DES (*not* MySQL
> password()!) hash of the password.
>
> As a shorthand and for compatibility with previous versions, the latter
> declaration may also be written as `Auth-Type = SQL'.
>
> Regards,
> Sergey