Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MariaDB Hash Authentication

This thread has been viewed 2 times

  • 1.  MariaDB Hash Authentication

    Posted Aug 12, 2019 04:20 PM

    Hi, I have set up an authentication source using external MariaDB.

    I can test this authentication succesfully using clear text passwords with the policy simulation tool

    When I tried to change the password type to any kind of hash (md5, sha or sha256), the policy simulation fails with user reject message

    The filter query I am using is:

    SELECT username as UserName, password AS User_Password, perfil, descripcion, estado FROM usuarios WHERE username = '%{Authentication:Username}';

     

    Is there any different keyword instead of User_Password to be used with hashed passwords?

    I read an article using Hash_Password but in that case I receive an error indicating wrong filter query

    Thanks in advance

    Regards



  • 2.  RE: MariaDB Hash Authentication

    EMPLOYEE
    Posted Aug 13, 2019 04:38 AM

    Would this video on how to configure ClearPass with MySQL (compatible with MariaDB) help?

     

    And it's part of a playlist on setting up MySQL and PostgreSQL for integration with ClearPass.



  • 3.  RE: MariaDB Hash Authentication

    Posted Aug 13, 2019 08:10 AM

    Dear Herman, thanks for your answer. I've already configured the authentication source as indicated in all your tutorial videos. It works fine with cleartext passwords, but I can not make it work with hashed passwords.

    I am using CPPM 6.8.1.109777

    Thanks in advance

    Regards



  • 4.  RE: MariaDB Hash Authentication

    EMPLOYEE
    Posted Aug 13, 2019 10:34 AM

    I just tried with the same ClearPass version and it works for me with a PAP authentication and a SHA256 hashed password. 

     

    Do you have an authentication selected that provides the cleartext password to ClearPass, like PAP or captive portal? You can not run this with MSCHAPv2 for example, unless the hash is NT Hash.

     

    What does the Alert tab give as a reason for the failed authentication in Access Tracker?



  • 5.  RE: MariaDB Hash Authentication

    Posted Aug 15, 2019 11:24 AM

    Dear Herman, I solved the problem. It was not a issue with the connection with the database, but a problem with database itself. It has defined case sensivity, so the query for hashes was faling

    After changing the DB, the policy simulation was succesfull

    Now, I configure a Guest Device Operator, as mentioned in your tutorial video, using the authentication source already mentioned.

    When I do a policy simulation which mathces the corresponding service for device operator login, it fails. So the web access.

    If I use the hash as password, both the policy simulation and web access works fine. Can md5 hash be used to authenticate Guest Device Operator roles?

    Thank you



  • 6.  RE: MariaDB Hash Authentication

    EMPLOYEE
    Posted Sep 03, 2019 12:03 PM

    MD5 hash should work for Operator Login to your ClearPass /guest.