Free Radius 2.1.1 showing clear text password at the debug mode

Danny Kurniawan danny.kurniawan at fairchildsemi.com
Thu Feb 21 10:15:30 CET 2013 

Hello,

I'm new to Radius. So basically i tried to setup 2 Radius server, one runs
on our SLES 10 PROD (Radius and Novell LDAP sit on the same server) - this
is works fine using eap_mschapv2 authentication. Radius version is 1.X. We
use Radius to authenticate our wireless and get LDAP authentication. So no
issue with this.

Second server - SLES 11 ; i get the installer directly from Novell and its
use version 2.1.1. So it seems the config way is different but i did try
match with the Radius 1.X config (just a dffierent module i guess).
Everything works fine, except 1 things.

In Radius 1.x - SLES 10 when i run radiusd -X ; i don't see the user
password (which is good). but in Radius 2.1.1 i can see it clearly ... how
can i eliminate this cleartext password being showed there? I'm new to this
authentication method or eap_mschap protocol, so please bear with me :)

*[peap] Got tunnled request
        EAP-Message = 0x020a00061a03
server (null) {
  PEAP: Setting User-Name to sdholakia2
Sending tunneled request
        EAP-Message = 0x020a00061a03
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "sdholakia2"
        State = 0xf32f92c4f22588e5c2ccbfc052ff2f65
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[control] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 10 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for sdholakia2
[ldap]  expand: (uid=%u) -> (uid=sdholakia2)
[ldap]  expand: ou=Active,ou=Users,o=FSID -> ou=Active,ou=Users,o=FSID
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Active,ou=Users,o=FSID, with filter
(uid=sdhoakia2)
[ldap] Added the eDirectory password Test in check items as
Cleartext-Passwrd
[ldap] looking for check items in directory...*


While at radiusd -X of the radius 1.X i can only see
*Added the eDirectory password *
*[ldap] looking for check items in directory...


*
Best Regards,
Danny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130221/07ae4ef2/attachment-0001.html>

More information about the Freeradius-Users mailing list