Re: AW: AW: encrypted password
Hi, Running 1.1.6 now. Crypt-Local works ok now. I would like to know if it is possible to have both User-Password and Crypt-Local Auth-Types for sql users. Now I need to disable the current System (/etc/passwd) users to Crypt-Local, and also have users with cleartext passwords. Thank you, Felipe Ceglia Rascher, Markus wrote:
If u use the db for user authentication, then db, here is my db-content:
select * from radcheck; +----+----------+---------------+----+---------------+ | id | UserName | Attribute | op | Value | +----+----------+---------------+----+---------------+ | 1 | testuser | Crypt-Password| := | oV9XYXNTx4awE | +----+----------+---------------+----+---------------+
select * from radgroupcheck; +----+-----------+-----------+----+---------------+ | id | GroupName | Attribute | op | Value | +----+-----------+-----------+----+---------------+ | 1 | testgroup | Auth-Type | := | Crypt-Local | +----+-----------+-----------+----+---------------+ 1 row in set (0.01 sec)
If it works with cleartext pwd's and the auth-type Local then it will work with Crypt-Local and the crypted pwd in the radcheck table
For encrypting the pwd use the encrypt("pwd") function in sql
Do you have any further questions?
regards Markus
-----Ursprüngliche Nachricht----- Von: Felipe Ceglia [mailto:felipeceglia@gmail.com] Im Auftrag von Felipe Ceglia - PY1NB Gesendet: Mittwoch, 13. Juni 2007 13:54 An: Rascher, Markus Betreff: Re: AW: encrypted password
Hi Markus,
Where should I try it? users file, or as an attribute on the db?
Thank you,
Felipe
Rascher, Markus wrote:
Did you try Crypt-Local auth-Type?
-----Ursprüngliche Nachricht----- Von: freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org] Im Auftrag von Felipe Ceglia - PY1NB Gesendet: Mittwoch, 13. Juni 2007 00:26 An: FreeRadius users mailing list Betreff: Re: encrypted password
Hi Arran,
Thank you for your reply.
I tried Crypt-Password := "9D8wtP7DGqgCg", but then the debug says:
(...) modcall[authorize]: module "sql" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [anavc/2572ava] (from client localhost port 0) Delaying request 2 for 2 seconds
When I try with a clear text password user, it says:
(...) modcall[authorize]: module "sql" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password (...)
Thank you,
Felipe
Arran Cudbard-Bell wrote:
Felipe Ceglia - PY1NB wrote:
Hi again,
I need to migrate my users from plain old unix passwd file to sql.
How do I have the user information in the radcheck table?
Encrypted-Password == 9D8wtP7DGqgCg ?
My passwd file looks like: anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd
This password seems not to be MD5.
Any guesses?
Thank you again,
Felipe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That would be unix crypt.
The attribute in radcheck is
Crypt-Password := "9D8wtP7DGqgCg" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Felipe Ceglia - PY1NB wrote:
Running 1.1.6 now. Crypt-Local works ok now.
In 1.1.6, you don't have to do that.
I would like to know if it is possible to have both User-Password and Crypt-Local Auth-Types for sql users.
No. Stop trying to set Auth-Type. It's not necessary. In 1.1.6, with the *default* configuration, all you need to do is to set Crypt-Password in the "users" file, or in SQL. Then, authentication will work. Do NOT set Auth-Type. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan Dekok -
Felipe Ceglia - PY1NB