Security

Reply
New Contributor

MariaDB Hash Authentication

Hi, I have set up an authentication source using external MariaDB.

I can test this authentication succesfully using clear text passwords with the policy simulation tool

When I tried to change the password type to any kind of hash (md5, sha or sha256), the policy simulation fails with user reject message

The filter query I am using is:

SELECT username as UserName, password AS User_Password, perfil, descripcion, estado FROM usuarios WHERE username = '%{Authentication:Username}';

 

Is there any different keyword instead of User_Password to be used with hashed passwords?

I read an article using Hash_Password but in that case I receive an error indicating wrong filter query

Thanks in advance

Regards

MVP Guru

Re: MariaDB Hash Authentication

Would this video on how to configure ClearPass with MySQL (compatible with MariaDB) help?

 

And it's part of a playlist on setting up MySQL and PostgreSQL for integration with ClearPass.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
New Contributor

Re: MariaDB Hash Authentication

Dear Herman, thanks for your answer. I've already configured the authentication source as indicated in all your tutorial videos. It works fine with cleartext passwords, but I can not make it work with hashed passwords.

I am using CPPM 6.8.1.109777

Thanks in advance

Regards

Highlighted
MVP Guru

Re: MariaDB Hash Authentication

I just tried with the same ClearPass version and it works for me with a PAP authentication and a SHA256 hashed password. 

 

Do you have an authentication selected that provides the cleartext password to ClearPass, like PAP or captive portal? You can not run this with MSCHAPv2 for example, unless the hash is NT Hash.

 

What does the Alert tab give as a reason for the failed authentication in Access Tracker?

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
New Contributor

Re: MariaDB Hash Authentication

Dear Herman, I solved the problem. It was not a issue with the connection with the database, but a problem with database itself. It has defined case sensivity, so the query for hashes was faling

After changing the DB, the policy simulation was succesfull

Now, I configure a Guest Device Operator, as mentioned in your tutorial video, using the authentication source already mentioned.

When I do a policy simulation which mathces the corresponding service for device operator login, it fails. So the web access.

If I use the hash as password, both the policy simulation and web access works fine. Can md5 hash be used to authenticate Guest Device Operator roles?

Thank you

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: