AW: using encrypted passwords in users file or sql-radcheck table

tnt at kalik.co.yu tnt at kalik.co.yu
Wed May 30 14:52:23 CEST 2007


There is a DEFAULT entry in users file forcing Auth-Type System. Comment
it out. And you don't need that Auth-Type PAP in user config.

Ivan Kalik
Kalik Informatika ISP


Dana 30/5/2007, "Rascher, Markus" <markus.mr.rascher at siemens.com> piše:

>With pap I'm running into problems...
>Can u give me an example config?
>
>In users-File I have: (Password is 'testpwd')
>testuser        Auth-Type = PAP, MD5-Password == "$1$agSvn0WL$6GaCc0qz5RHu8PySNauf0"
>                Service-Type = Login-User
>
>
>In radiusd.conf I have:
>
>modules {
>        pap {
>             encryption_scheme = MD5
>        }
>....
>
>authorize {
>#       preprocess
>        files
>}
>
>authenticate {
>        Auth-Type PAP {
>                pap
>        }
>}
>
>---------------------
>Radiusd says:
>---------------------
>rad_recv: Access-Request packet from host 10.1.1.1:1645, id=239, length=82
>        NAS-IP-Address = 10.1.1.1
>        NAS-Port = 1
>        NAS-Port-Type = Virtual
>        User-Name = "testuser"
>        Calling-Station-Id = "1.2.3.4"
>        User-Password = "testpwd"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>    users: Matched entry DEFAULT at line 184
>  modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns ok) for request 0
>  rad_check_password:  Found Auth-Type System
>auth: type "System"
>  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested action.
>auth: Failed to validate the user.
>Login incorrect: [testuser/testpwd] (from client Testclient port 1 cli 1.2.34)
>Delaying request 0 for 1 seconds
>Finished request 0
>
>
>Problem: the entry in the users-File for testuser doesn't match..
>Whats my mistake?
> 
>
>
>
>-----Ursprüngliche Nachricht-----
>Von: freeradius-users-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com at listsfreeradius.org] Im Auftrag von Alan Dekok
>Gesendet: Mittwoch, 30. Mai 2007 11:42
>An: FreeRadius users mailing list
>Betreff: Re: using encrypted passwords in users file or sql-radcheck table
>
>Rascher, Markus wrote:
>> Hi all,
>>  
>> cleartext, unix crypt and MD5 - Passwords work fine in both, users file
>> and db.
>> does sha1-hashed pwds work?
>
>  Yes.  See "man rlm_pap".
>
>> another question:
>> can i use symmetric password encryption in users-File or radcheck table?
>
>  No.  They're useless.
>
>  Alan DeKok.
>--
>  http://deployingradius.com       - The web site of the book
>  http://deployingradius.com/blog/ - The blog
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list