Howdy, Building new radius setup, and in test bed using freeradius at present, I see v3 uses SHA-2, great, it's what we are trying, but when inserting into mariadb $6$salt$foobarqwerty.... does not seems not to work (clear text of course does but thats not an option in 2015) does it expect it in some other format? Our systems use perl and systems crypt to generate sha512 for database thats used by dovecot, pureftpd and apache etc for long time, is there a trick to get sha512 and freeradius to play nice? Cheers
On 28 Aug 2015, at 00:54, Noel Butler <noel.butler@ausics.net> wrote:
Howdy,
Building new radius setup, and in test bed using freeradius at present, I see v3 uses SHA-2, great, it's what we are trying, but when inserting into mariadb $6$salt$foobarqwerty.... does not seems not to work (clear text of course does but thats not an option in 2015) does it expect it in some other format?
FreeRADIUS doesn't need to support SHA2 for this, you just need to put the password in the right control attribute, so FreeRADIUS will treat it as a crypt password. update control { &Crypt-Password := "<value from db or other attribute>" } pap FreeRADIUS will then call crypt(), and if your system's crypt function understands the format, it should all work fine. If your systems crypt function does not support SHA2-512 then you need to break out the components. if ("<sql query/password attr>" =~ /\$6\$([^$]+)\$(.*)/) { update control { SSHA2-512-Password := "%{2}%{1}" } } -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
On 28/08/2015 22:10, Arran Cudbard-Bell wrote:
On 28 Aug 2015, at 00:54, Noel Butler <noel.butler@ausics.net> wrote:
Howdy,
Building new radius setup, and in test bed using freeradius at present, I see v3 uses SHA-2, great, it's what we are trying, but when inserting into mariadb $6$salt$foobarqwerty.... does not seems not to work (clear text of course does but thats not an option in 2015) does it expect it in some other format?
FreeRADIUS doesn't need to support SHA2 for this, you just need to put the password in the right control attribute, so FreeRADIUS will treat it as a crypt password.
update control { &Crypt-Password := "<value from db or other attribute>" } pap
FreeRADIUS will then call crypt(), and if your system's crypt function understands the format, it should all work fine.
Thanks, yes it does support it, now I have a good starting point to follow. Cheers
participants (2)
-
Arran Cudbard-Bell -
Noel Butler