Security issues with 1.1.3 flatfile

d.tom.schmitt at L-3com.com d.tom.schmitt at L-3com.com
Mon Aug 1 23:45:23 CEST 2011 

Because that is what is installed when you do 'yum -y install
freeradius' on the CentOS 5.x PBX-in-a-Flash (PiaF) platform.

Otherwise, you have to explain to everyone how to manually install
2.1.7.

Does the problem not exist in 2.1.7?

 

Also, that was the How-To for MySQL that I was able to find.

Do you have a newer link to a How-To?

 

What is the latest release of freeRADIUS that I should try to use and is
it already configured to run MySQL?

 

Thanks,

 

Tom Schmitt

Senior IT Staff - R&D

L-3 Communication Systems West

640 North 2200 West

P.O. Box 16850

Salt Lake City, UT  84116

Phone (801) 594-3030

Cell  (801) 231-7230

 

From:
freeradius-users-bounces+d.tom.schmitt=l-3com.com at lists.freeradius.org
[mailto:freeradius-users-bounces+d.tom.schmitt=l-3com.com at lists.freeradi
us.org] On Behalf Of Sallee, Stephen (Jake)
Sent: Monday, August 01, 2011 3:16 PM
To: FreeRadius users mailing list
Subject: RE: Security issues with 1.1.3 flatfile

 

> So my questions are:

 

There REALLY needs to be a good reason that you are running any 1.X
version or else your question should be, Why haven't I upgraded to the
latest and most secure FreeRADIUS release.

 

Jake Sallee

Godfather of Bandwidth

System Engineer

University of Mary Hardin-Baylor

900 College St.

Belton, Texas

76513

Fone: 254-295-4658

Phax: 254-295-4221

 

From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
rg] On Behalf Of d.tom.schmitt at L-3com.com
Sent: Monday, August 01, 2011 4:09 PM
To: freeradius-users at lists.freeradius.org
Subject: Security issues with 1.1.3 flatfile

 

Currently running 1.1.3 on CentOS 5.x.

 

I am currently using the flat file option and it works just fine as long
as the permissions on the file are:

      664   RW-RW-R-

      Record in the file looks like:

            Tom <tab> Auth-Type := Local, User-Password := "tompass"

This allows everyone to read the file - not good security.

If I change the permissions to 660 RW-RW---- then freeRADIUS will not
restart.

 

I started setting up freeRADIUS to use MySQL DB for access but I must
have something setup incorrectly.

 

I tried to follow the How-To but still must be missing something in the
setup.

I have inserted a record into DB=radius and TALBE=radcheck where:

      Id = selected by the MySQL as the next index number

      UserName = tom

      Attribute = 'Cleartext-Password' 

      Op = ':='

      Value = tompass   is the password

 

So my questions are:

1.   Is there a way to just secure the flatfile permissions?

2.   Is there a complete How-To for using MySQL with freeRADIUS?

 

 

Thanks,

 

Tom Schmitt

Senior IT Staff - R&D

L-3 Communication Systems West

Phone (801) 594-3030

            \\\\||////

               \ ~  ~ /  

               | @  @ |

--oOo---(_)---oOo--

Have A Nice Day !

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110801/b76e901c/attachment.html>

More information about the Freeradius-Users mailing list