Hi again, I need to migrate my users from plain old unix passwd file to sql. How do I have the user information in the radcheck table? Encrypted-Password == 9D8wtP7DGqgCg ? My passwd file looks like: anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd This password seems not to be MD5. Any guesses? Thank you again, Felipe
Felipe Ceglia - PY1NB wrote:
Hi again,
I need to migrate my users from plain old unix passwd file to sql.
How do I have the user information in the radcheck table?
Encrypted-Password == 9D8wtP7DGqgCg ?
My passwd file looks like: anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd
This password seems not to be MD5.
Any guesses?
Thank you again,
Felipe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That would be unix crypt. The attribute in radcheck is Crypt-Password := "9D8wtP7DGqgCg"
Hi Arran, Thank you for your reply. I tried Crypt-Password := "9D8wtP7DGqgCg", but then the debug says: (...) modcall[authorize]: module "sql" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [anavc/2572ava] (from client localhost port 0) Delaying request 2 for 2 seconds When I try with a clear text password user, it says: (...) modcall[authorize]: module "sql" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password (...) Thank you, Felipe Arran Cudbard-Bell wrote:
Felipe Ceglia - PY1NB wrote:
Hi again,
I need to migrate my users from plain old unix passwd file to sql.
How do I have the user information in the radcheck table?
Encrypted-Password == 9D8wtP7DGqgCg ?
My passwd file looks like: anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd
This password seems not to be MD5.
Any guesses?
Thank you again,
Felipe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That would be unix crypt.
The attribute in radcheck is
Crypt-Password := "9D8wtP7DGqgCg" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Did you try Crypt-Local auth-Type? -----Ursprüngliche Nachricht----- Von: freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org] Im Auftrag von Felipe Ceglia - PY1NB Gesendet: Mittwoch, 13. Juni 2007 00:26 An: FreeRadius users mailing list Betreff: Re: encrypted password Hi Arran, Thank you for your reply. I tried Crypt-Password := "9D8wtP7DGqgCg", but then the debug says: (...) modcall[authorize]: module "sql" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [anavc/2572ava] (from client localhost port 0) Delaying request 2 for 2 seconds When I try with a clear text password user, it says: (...) modcall[authorize]: module "sql" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password (...) Thank you, Felipe Arran Cudbard-Bell wrote:
Felipe Ceglia - PY1NB wrote:
Hi again,
I need to migrate my users from plain old unix passwd file to sql.
How do I have the user information in the radcheck table?
Encrypted-Password == 9D8wtP7DGqgCg ?
My passwd file looks like: anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd
This password seems not to be MD5.
Any guesses?
Thank you again,
Felipe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That would be unix crypt.
The attribute in radcheck is
Crypt-Password := "9D8wtP7DGqgCg" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Did you put "9D8wtP7DGqgCg" or 9D8wtP7DGqgCg into the database? Use crypt and check if that is the crypted password you think it should be. Ivan Kalik Kalik Informatika ISP Dana 12/6/2007, "Felipe Ceglia - PY1NB" <felipe-listas@terenet.com.br> piše:
Hi Arran,
Thank you for your reply.
I tried Crypt-Password := "9D8wtP7DGqgCg", but then the debug says:
(...) modcall[authorize]: module "sql" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [anavc/2572ava] (from client localhost port 0) Delaying request 2 for 2 seconds
When I try with a clear text password user, it says:
(...) modcall[authorize]: module "sql" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password (...)
Thank you,
Felipe
Arran Cudbard-Bell wrote:
Felipe Ceglia - PY1NB wrote:
Hi again,
I need to migrate my users from plain old unix passwd file to sql.
How do I have the user information in the radcheck table?
Encrypted-Password == 9D8wtP7DGqgCg ?
My passwd file looks like: anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd
This password seems not to be MD5.
Any guesses?
Thank you again,
Felipe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
That would be unix crypt.
The attribute in radcheck is
Crypt-Password := "9D8wtP7DGqgCg" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tnt@kalik.co.yu wrote:
Did you put "9D8wtP7DGqgCg" or 9D8wtP7DGqgCg into the database? Use crypt and check if that is the crypted password you think it should be.
Ivan Kalik Kalik Informatika ISP
Dana 12/6/2007, "Felipe Ceglia - PY1NB" <felipe-listas@terenet.com.br> piše:
Hi Arran,
Thank you for your reply.
I tried Crypt-Password := "9D8wtP7DGqgCg", but then the debug says:
(...) modcall[authorize]: module "sql" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [anavc/2572ava] (from client localhost port 0) Delaying request 2 for 2 seconds
When I try with a clear text password user, it says:
(...) modcall[authorize]: module "sql" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password (...)
Thank you,
Felipe
Arran Cudbard-Bell wrote:
Felipe Ceglia - PY1NB wrote:
Hi again,
I need to migrate my users from plain old unix passwd file to sql.
How do I have the user information in the radcheck table?
Encrypted-Password == 9D8wtP7DGqgCg ?
My passwd file looks like: anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd
This password seems not to be MD5.
Any guesses?
Thank you again,
Felipe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
That would be unix crypt.
The attribute in radcheck is
Crypt-Password := "9D8wtP7DGqgCg" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Hmm, You are sending the users password as plaintext or something reversible like GTC ?
You can only use crypted passwords if the pass-phrase is being sent in the clear... Oh and you'd also need the PAP module uncommented in authorise and authenticate, as it's the one that deals with calculating hashes for comparison. -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900
Hi there, Thank you for your replies, but I cannot manage to make this crypt thing work. I dont have the " on the databse, it looks like: mysql> select * from radcheck where username = 'anavc'; +----+----------+----------------+---------------+----+ | id | UserName | Attribute | Value | op | +----+----------+----------------+---------------+----+ | 4 | anavc | Crypt-Password | 9D8wtP7DGqgCg | := | +----+----------+----------------+---------------+----+ This crypted passwd string is the same which works on /etc/passwd. I just copied/pasted it to ensure it was ok. --------------------------------------------------------------- If you would like to see my radiusd.conf, please go to: http://pastebin.ca/563974 --------------------------------------------------------------- When I try to put "pap" on the authorize section, server dies: radiusd.conf: "PAP" modules aren't allowed in 'authorize' sections -- they have no such method. ---------------------------------------------------------------- I **think** I am sending the password string as clear text, as I am trying it via radtest. It seems like it first try to send cleartext password, and then it truncates it in someway: radtest anavc 2572ava localhost:1645 0 teste Sending Access-Request of id 216 to 127.0.0.1:1645 User-Name = "anavc" User-Password = "2572ava" NAS-IP-Address = intranet NAS-Port = 0 Re-sending Access-Request of id 216 to 127.0.0.1:1645 User-Name = "anavc" User-Password = "\336P\325\315C\261{<j\336\346\3725\203\np" NAS-IP-Address = intranet NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1645, id=216, length=20 ----------------------------------------------------------------- Thank you for being nice, Felipe
Hmm, You are sending the users password as plaintext or something reversible like GTC ?
You can only use crypted passwords if the pass-phrase is being sent in the clear...
Oh and you'd also need the PAP module uncommented in authorise and authenticate, as it's the one that deals with calculating hashes for comparison.
Felipe Ceglia - PY1NB wrote:
When I try to put "pap" on the authorize section, server dies: radiusd.conf: "PAP" modules aren't allowed in 'authorize' sections -- they have no such method.
Install 1.1.6. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
radiusd.conf.in,v 1.123 2002/11/12 20:22:48
What server version is this? Install current version (1.1.6) and it will work with default configuration. Ivan Kalik Kalik Informatika ISP Dana 13/6/2007, "Felipe Ceglia - PY1NB" <felipe-listas@terenet.com.br> piše:
Hi there,
Thank you for your replies, but I cannot manage to make this crypt thing work.
I dont have the " on the databse, it looks like:
mysql> select * from radcheck where username = 'anavc'; +----+----------+----------------+---------------+----+ | id | UserName | Attribute | Value | op | +----+----------+----------------+---------------+----+ | 4 | anavc | Crypt-Password | 9D8wtP7DGqgCg | := | +----+----------+----------------+---------------+----+
This crypted passwd string is the same which works on /etc/passwd. I just copied/pasted it to ensure it was ok.
---------------------------------------------------------------
If you would like to see my radiusd.conf, please go to: http://pastebin.ca/563974
---------------------------------------------------------------
When I try to put "pap" on the authorize section, server dies: radiusd.conf: "PAP" modules aren't allowed in 'authorize' sections -- they have no such method.
----------------------------------------------------------------
I **think** I am sending the password string as clear text, as I am trying it via radtest. It seems like it first try to send cleartext password, and then it truncates it in someway:
radtest anavc 2572ava localhost:1645 0 teste Sending Access-Request of id 216 to 127.0.0.1:1645 User-Name = "anavc" User-Password = "2572ava" NAS-IP-Address = intranet NAS-Port = 0 Re-sending Access-Request of id 216 to 127.0.0.1:1645 User-Name = "anavc" User-Password = "\336P\325\315C\261{<j\336\346\3725\203\np" NAS-IP-Address = intranet NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1645, id=216, length=20
-----------------------------------------------------------------
Thank you for being nice,
Felipe
Hmm, You are sending the users password as plaintext or something reversible like GTC ?
You can only use crypted passwords if the pass-phrase is being sent in the clear...
Oh and you'd also need the PAP module uncommented in authorise and authenticate, as it's the one that deals with calculating hashes for comparison.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (5)
-
Alan Dekok -
Arran Cudbard-Bell -
Felipe Ceglia - PY1NB -
Rascher, Markus -
tnt@kalik.co.yu