Security issues with 1.1.3 flatfile
Sallee, Stephen (Jake)
Jake.Sallee at umhb.edu
Mon Aug 1 23:50:38 CEST 2011
> Because that is what is installed when you do 'yum -y install freeradius' on the CentOS 5.x PBX-in-a-Flash (PiaF) platform.
That is a fair statement, however I will say the installing FR from source is the easiest source installation I have ever done. And as for staying up to date, a two line script can pull the latest source and build the new version, and if you're really crazy a third line can restart the service with your new binary.
Sorry, didn't mean to hijack your thread.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of d.tom.schmitt at L-3com.com
Sent: Monday, August 01, 2011 4:45 PM
To: FreeRadius users mailing list
Subject: RE: Security issues with 1.1.3 flatfile
Because that is what is installed when you do 'yum -y install freeradius' on the CentOS 5.x PBX-in-a-Flash (PiaF) platform.
Otherwise, you have to explain to everyone how to manually install 2.1.7.
Does the problem not exist in 2.1.7?
Also, that was the How-To for MySQL that I was able to find.
Do you have a newer link to a How-To?
What is the latest release of freeRADIUS that I should try to use and is it already configured to run MySQL?
Thanks,
Tom Schmitt
Senior IT Staff - R&D
L-3 Communication Systems West
640 North 2200 West
P.O. Box 16850
Salt Lake City, UT 84116
Phone (801) 594-3030
Cell (801) 231-7230
From: freeradius-users-bounces+d.tom.schmitt=l-3com.com at lists.freeradius.org [mailto:freeradius-users-bounces+d.tom.schmitt=l-3com.com at lists.freeradius.org] On Behalf Of Sallee, Stephen (Jake)
Sent: Monday, August 01, 2011 3:16 PM
To: FreeRadius users mailing list
Subject: RE: Security issues with 1.1.3 flatfile
> So my questions are:
There REALLY needs to be a good reason that you are running any 1.X version or else your question should be, Why haven't I upgraded to the latest and most secure FreeRADIUS release.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of d.tom.schmitt at L-3com.com
Sent: Monday, August 01, 2011 4:09 PM
To: freeradius-users at lists.freeradius.org
Subject: Security issues with 1.1.3 flatfile
Currently running 1.1.3 on CentOS 5.x.
I am currently using the flat file option and it works just fine as long as the permissions on the file are:
664 RW-RW-R-
Record in the file looks like:
Tom <tab> Auth-Type := Local, User-Password := "tompass"
This allows everyone to read the file - not good security.
If I change the permissions to 660 RW-RW---- then freeRADIUS will not restart.
I started setting up freeRADIUS to use MySQL DB for access but I must have something setup incorrectly.
I tried to follow the How-To but still must be missing something in the setup.
I have inserted a record into DB=radius and TALBE=radcheck where:
Id = selected by the MySQL as the next index number
UserName = tom
Attribute = 'Cleartext-Password'
Op = ':='
Value = tompass is the password
So my questions are:
1. Is there a way to just secure the flatfile permissions?
2. Is there a complete How-To for using MySQL with freeRADIUS?
Thanks,
Tom Schmitt
Senior IT Staff - R&D
L-3 Communication Systems West
Phone (801) 594-3030
\\\\||////
\ ~ ~ /
| @ @ |
--oOo---(_)---oOo--
Have A Nice Day !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110801/f732c48f/attachment.html>
More information about the Freeradius-Users
mailing list