AW: AW: encrypted password

Felipe Ceglia - PY1NB felipe-listas at terenet.com.br
Fri Jun 15 20:38:45 CEST 2007


Hi,

Running 1.1.6 now. Crypt-Local works ok now.

I would like to know if it is possible to have both User-Password and 
Crypt-Local Auth-Types for sql users.

Now I need to disable the current System (/etc/passwd) users to 
Crypt-Local, and also have users with cleartext passwords.

Thank you,

Felipe Ceglia



Rascher, Markus wrote:
> If u use the db for user authentication, then db, here is my db-content:
> 
>  select * from radcheck;
> +----+----------+---------------+----+---------------+
> | id | UserName | Attribute     | op | Value         |
> +----+----------+---------------+----+---------------+
> |  1 | testuser | Crypt-Password| := | oV9XYXNTx4awE | 
> +----+----------+---------------+----+---------------+
> 
> 
> select * from radgroupcheck;
> +----+-----------+-----------+----+---------------+
> | id | GroupName | Attribute | op | Value         |
> +----+-----------+-----------+----+---------------+
> |  1 | testgroup | Auth-Type | := | Crypt-Local   | 
> +----+-----------+-----------+----+---------------+
> 1 row in set (0.01 sec)
> 
> 
> If it works with cleartext pwd's and the auth-type Local then it will work with Crypt-Local and the crypted pwd in the radcheck table
> 
> For encrypting the pwd use the encrypt("pwd") function in sql
> 
> Do you have any further questions?
> 
> 
> regards
> Markus
> 
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Felipe Ceglia [mailto:felipeceglia at gmail.com] Im Auftrag von Felipe Ceglia - PY1NB
> Gesendet: Mittwoch, 13. Juni 2007 13:54
> An: Rascher, Markus
> Betreff: Re: AW: encrypted password
> 
> Hi Markus,
> 
> Where should I try it? users file, or as an attribute on the db?
> 
> Thank you,
> 
> Felipe
> 
> Rascher, Markus wrote:
>> Did you try Crypt-Local auth-Type?
>>
>> -----Ursprüngliche Nachricht-----
>> Von: freeradius-users-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org] Im Auftrag von Felipe Ceglia - PY1NB
>> Gesendet: Mittwoch, 13. Juni 2007 00:26
>> An: FreeRadius users mailing list
>> Betreff: Re: encrypted password
>>
>> Hi Arran,
>>
>> Thank you for your reply.
>>
>> I tried Crypt-Password := "9D8wtP7DGqgCg", but then the debug says:
>>
>> (...)
>> modcall[authorize]: module "sql" returns ok for request 2
>> modcall: group authorize returns ok for request 2
>> rad_check_password:  Found Auth-Type Local
>> auth: type Local
>> auth: user supplied User-Password does NOT match local User-Password
>> auth: Failed to validate the user.
>> Login incorrect: [anavc/2572ava] (from client localhost port 0)
>> Delaying request 2 for 2 seconds
>>
>> When I try with a clear text password user, it says:
>>
>> (...)
>> modcall[authorize]: module "sql" returns ok for request 3
>> modcall: group authorize returns ok for request 3
>> rad_check_password:  Found Auth-Type Local
>> auth: type Local
>> auth: user supplied User-Password matches local User-Password
>> (...)
>>
>>
>> Thank you,
>>
>> Felipe
>>
>>
>>
>> Arran Cudbard-Bell wrote:
>>> Felipe Ceglia - PY1NB wrote:
>>>> Hi again,
>>>>
>>>> I need to migrate my users from plain old unix passwd file to sql.
>>>>
>>>> How do I have the user information in the radcheck table?
>>>>
>>>> Encrypted-Password == 9D8wtP7DGqgCg ?
>>>>
>>>> My passwd file looks like:
>>>> anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd
>>>>
>>>> This password seems not to be MD5.
>>>>
>>>> Any guesses?
>>>>
>>>> Thank you again,
>>>>
>>>> Felipe
>>>>
>>>> - 
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>   
>>> That would be unix crypt.
>>>
>>> The attribute in radcheck is
>>>
>>> Crypt-Password := "9D8wtP7DGqgCg"
>>> - 
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>> - 
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
> 



More information about the Freeradius-Users mailing list