Discussion:
please help !!!! =/ -> freeradius + mysql with encrypted MD5
Diogo Teixeira
2008-12-06 23:19:23 UTC
Permalink
Hi people,

I'm Portuguese student !

I have a big problem to solve.

I have my freeradius, thats authenticates users by mysql database.

I have passwords encrypted with MD5, but when i test, the Login is always
Incorrect !

If password is clear, the freeradius works OK !

In the attachment i put my config files.

My only query to create "new user" is:

*INSERT INTO radcheck (username, attribute, op, value) VALUES
('5','MD5-Password', '==', MD5('teste'));*

I have create many users, in different ways ! please look:

mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck;
+----+----------+----------------+----------------------------------+----+
| id | UserName | Attribute | Value | op |
+----+----------+----------------+----------------------------------+----+
| 1 | teste | Password | teste | == |
| 2 | 1 | Password | 698dc19d489c4e4db73e28a713eab07b | == |
| 3 | 2 | Password | 698dc19d489c4e4db73e28a713eab07b | == |
| 4 | 3 | User-Password | 698dc19d489c4e4db73e28a713eab07b | == |
| 5 | 4 | Crypt-Password | 698dc19d489c4e4db73e28a713eab07b | == |
| 6 | 5 | MD5-Password | 698dc19d489c4e4db73e28a713eab07b | == |
+----+----------+----------------+----------------------------------+----+

I have read, many many times the "man rlm_pap" but i don't know where i put
the headers (i.e {md5} {clear} etc...) !!!

please help me to solve this big truble !!! =/

I need this to put my freeradius authenticate users, and the passwords in
Mysql DB have to be encrypted !!

Sorry for my poor english ! =/

Big thks

Regards,

Diogo Teixeira
t***@kalik.net
2008-12-06 23:43:58 UTC
Permalink
Post by Diogo Teixeira
I have passwords encrypted with MD5, but when i test, the Login is always
Incorrect !
You should provide debug for that case.
Post by Diogo Teixeira
If password is clear, the freeradius works OK !
*INSERT INTO radcheck (username, attribute, op, value) VALUES
('5','MD5-Password', '==', MD5('teste'));*
That should be := not ==.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diogo Teixeira
2008-12-06 23:55:20 UTC
Permalink
Big BIG Thanks Ivan !!!

But the only problem is the "==" ?

In attachment i put debug lines, with the option: "freeradius -xx"

Best Regards,

Diogo Teixeira
Post by t***@kalik.net
Post by Diogo Teixeira
I have passwords encrypted with MD5, but when i test, the Login is always
Incorrect !
You should provide debug for that case.
Post by Diogo Teixeira
If password is clear, the freeradius works OK !
*INSERT INTO radcheck (username, attribute, op, value) VALUES
('5','MD5-Password', '==', MD5('teste'));*
That should be := not ==.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
t***@kalik.net
2008-12-07 00:06:31 UTC
Permalink
Post by Diogo Teixeira
In attachment i put debug lines, with the option: "freeradius -xx"
I don't see the attachment. Use -X not -xx.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diogo Teixeira
2008-12-07 00:14:33 UTC
Permalink
Ok !

Now, the attach is the log with "Freeradius -x" option, and with new user.
Create with:

INSERT INTO radcheck (username, attribute, op, value) VALUES
('7','MD5-Password', ':=', MD5('teste'));

Big thks !

Best Regards,

Diogo Teixeira
Post by t***@kalik.net
Post by Diogo Teixeira
In attachment i put debug lines, with the option: "freeradius -xx"
I don't see the attachment. Use -X not -xx.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
t***@kalik.net
2008-12-07 00:21:21 UTC
Permalink
Post by Diogo Teixeira
Now, the attach is the log with "Freeradius -x" option, and with new user.
INSERT INTO radcheck (username, attribute, op, value) VALUES
('7','MD5-Password', ':=', MD5('teste'));
Ah, you can't use md5 encryption with PEAP.

http://deployingradius.com/documents/protocols/compatibility.html

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diogo Teixeira
2008-12-07 00:30:59 UTC
Permalink
Big Thanks for your answer !

really ? =//

I don't know this ! =/ Can you explain me why ?

I'm not doubting from you. Just for curiosity!

I can use another type of encryption with PEAP ?

Best Regards,

Diogo Teixeira
Post by t***@kalik.net
Post by Diogo Teixeira
Now, the attach is the log with "Freeradius -x" option, and with new user.
INSERT INTO radcheck (username, attribute, op, value) VALUES
('7','MD5-Password', ':=', MD5('teste'));
Ah, you can't use md5 encryption with PEAP.
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
t***@kalik.net
2008-12-07 00:38:14 UTC
Permalink
Post by Diogo Teixeira
I don't know this ! =/ Can you explain me why ?
I can use another type of encryption with PEAP ?
It's all on the page.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diogo Teixeira
2008-12-07 01:34:24 UTC
Permalink
If i use PEAP with NT-PASSWORD, my freeradius it works ?

Query:

INSERT INTO radcheck (username, attribute, op, value) VALUES
('10','NT-Password', ':=', '2a5f0679ba350887d5a800902056134e');

Best Regards

Diogo Teixeira
Post by t***@kalik.net
Post by Diogo Teixeira
I don't know this ! =/ Can you explain me why ?
I can use another type of encryption with PEAP ?
It's all on the page.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
t***@kalik.net
2008-12-07 10:07:42 UTC
Permalink
Post by Diogo Teixeira
If i use PEAP with NT-PASSWORD, my freeradius it works ?
Yes.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diogo Teixeira
2008-12-07 16:26:28 UTC
Permalink
Please,

Explain me how to do this. Can you explain me please ? I not found anywhere
tutorial that explain: "Howto freeradius + peap + DB with NT-Passwords !!!

For Use PEAP with NT-PASSWORD, the only thing that i can do is add new user
in DB with this query :

INSERT INTO radcheck (username, attribute, op, value) VALUES
('NT','NT-Password', ':=', 'C6E4266FEBEBD6A8AAD3B435B51404EE');

???

C6E4266FEBEBD6A8AAD3B435B51404EE == tiger !!!!

I don't kwow how can i generate NT-Passwords ! =/

in radiusd.conf i have to configure anything ?

Very Very Thanks for your BIG patience.

Best Regards,

Diogo Teixeira
Post by t***@kalik.net
Post by Diogo Teixeira
If i use PEAP with NT-PASSWORD, my freeradius it works ?
Yes.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Alan DeKok
2008-12-07 16:48:57 UTC
Permalink
Post by Diogo Teixeira
Explain me how to do this. Can you explain me please ? I not found
anywhere tutorial that explain: "Howto freeradius + peap + DB with
NT-Passwords !!!
There is no howto. Most people use systems like AD or Samba that
automatically calculate the NT password.
Post by Diogo Teixeira
For Use PEAP with NT-PASSWORD, the only thing that i can do is add new
INSERT INTO radcheck (username, attribute, op, value) VALUES
('NT','NT-Password', ':=', 'C6E4266FEBEBD6A8AAD3B435B51404EE');
That's the LM password for "tiger", not the NT password.
Post by Diogo Teixeira
I don't kwow how can i generate NT-Passwords ! =/
$ smbencrypt tiger
LM Hash NT Hash
-------------------------------- --------------------------------
C6E4266FEBEBD6A8AAD3B435B51404EE 0B9957E8BED733E0350C703AC1CDA822

This program comes with the server.

Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...