my dialupadmin page can't connect to sql
i'm running a fedora core 4 linux box on which i have installed freeradius 1.1.6 when i try to test the dialupadmin i receive the message "can't connect to sql server". help
Hi all, cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work? another question: can i use symmetric password encryption in users-File or radcheck table? thx for your help
Rascher, Markus wrote:
Hi all,
cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work?
Yes. See "man rlm_pap".
another question: can i use symmetric password encryption in users-File or radcheck table?
No. They're useless. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
With pap I'm running into problems... Can u give me an example config? In users-File I have: (Password is 'testpwd') testuser Auth-Type = PAP, MD5-Password == "$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0" Service-Type = Login-User In radiusd.conf I have: modules { pap { encryption_scheme = MD5 } ... authorize { # preprocess files } authenticate { Auth-Type PAP { pap } } --------------------- Radiusd says: --------------------- rad_recv: Access-Request packet from host 10.1.1.1:1645, id=239, length=82 NAS-IP-Address = 10.1.1.1 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "testuser" Calling-Station-Id = "1.2.3.4" User-Password = "testpwd" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 184 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Login incorrect: [testuser/testpwd] (from client Testclient port 1 cli 1.2.3.4) Delaying request 0 for 1 seconds Finished request 0 Problem: the entry in the users-File for testuser doesn't match.. Whats my mistake? -----Ursprüngliche Nachricht----- Von: freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org] Im Auftrag von Alan Dekok Gesendet: Mittwoch, 30. Mai 2007 11:42 An: FreeRadius users mailing list Betreff: Re: using encrypted passwords in users file or sql-radcheck table Rascher, Markus wrote:
Hi all,
cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work?
Yes. See "man rlm_pap".
another question: can i use symmetric password encryption in users-File or radcheck table?
No. They're useless. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rascher, Markus wrote:
With pap I'm running into problems... Can u give me an example config?
In users-File I have: (Password is 'testpwd') testuser Auth-Type = PAP, MD5-Password == "$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0"
Don't set Auth-Type. I have NO idea why so many people are fascinated with setting it. Use ":=" for the MD5-Password, not "==". See "man users" for why.
modules { pap { encryption_scheme = MD5
Why? If you're using the most recent version, the documentation in "man rlm_pap", and the comments in radiusd.conf make it clear that the "encryption_scheme" configuration option shouldn't be used.
authorize { # preprocess files }
Why? You've gone to a lot of trouble to remove everything from the "authorize" section. The documentation in "radiusd.conf" at the end of the "authorize" section says you should list "pap". The documentation in "man rlm_pap" says the same thing. ...
modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 184
i.e. it didn't match the entry you posted above. It didn't match because the format of the entry was wrong.
Problem: the entry in the users-File for testuser doesn't match.. Whats my mistake?
You haven't read the documentation. You haven't read the comments in the config files you're editing. You've done a LOT of work to break the default configuration. FreeRADIUS ships with a default configuration that works in the widest possible set of circumstances. If you don't understand the configuration, CHANGE AS LITTLE AS POSSIBLE. I will also not you're either running an older version, which is not recommended, or you didn't follow my previous recommendation to read "man rlm_pap" Read the documentation. Don't destroy the default configuration. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
I'm using version 1.1.3 on redhat fc6. Yum says, 1.1.3 is the newest version, it can install. To get 1.1.6 I have to compile the sources? -----Ursprüngliche Nachricht----- Von: freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org] Im Auftrag von Alan Dekok Gesendet: Mittwoch, 30. Mai 2007 14:47 An: FreeRadius users mailing list Betreff: Re: AW: using encrypted passwords in users file or sql-radcheck table Rascher, Markus wrote:
With pap I'm running into problems... Can u give me an example config?
In users-File I have: (Password is 'testpwd') testuser Auth-Type = PAP, MD5-Password == "$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0"
Don't set Auth-Type. I have NO idea why so many people are fascinated with setting it. Use ":=" for the MD5-Password, not "==". See "man users" for why.
modules { pap { encryption_scheme = MD5
Why? If you're using the most recent version, the documentation in "man rlm_pap", and the comments in radiusd.conf make it clear that the "encryption_scheme" configuration option shouldn't be used.
authorize { # preprocess files }
Why? You've gone to a lot of trouble to remove everything from the "authorize" section. The documentation in "radiusd.conf" at the end of the "authorize" section says you should list "pap". The documentation in "man rlm_pap" says the same thing. ...
modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 184
i.e. it didn't match the entry you posted above. It didn't match because the format of the entry was wrong.
Problem: the entry in the users-File for testuser doesn't match.. Whats my mistake?
You haven't read the documentation. You haven't read the comments in the config files you're editing. You've done a LOT of work to break the default configuration. FreeRADIUS ships with a default configuration that works in the widest possible set of circumstances. If you don't understand the configuration, CHANGE AS LITTLE AS POSSIBLE. I will also not you're either running an older version, which is not recommended, or you didn't follow my previous recommendation to read "man rlm_pap" Read the documentation. Don't destroy the default configuration. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rascher, Markus wrote:
I'm using version 1.1.3 on redhat fc6. Yum says, 1.1.3 is the newest version, it can install. To get 1.1.6 I have to compile the sources?
Yes. Or find a better repository. Or find someone who has created rpm's that you can download and install outside of yum. Or yell at Fedora until they update their repository. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com
There is a DEFAULT entry in users file forcing Auth-Type System. Comment it out. And you don't need that Auth-Type PAP in user config. Ivan Kalik Kalik Informatika ISP Dana 30/5/2007, "Rascher, Markus" <markus.mr.rascher@siemens.com> piše:
With pap I'm running into problems... Can u give me an example config?
In users-File I have: (Password is 'testpwd') testuser Auth-Type = PAP, MD5-Password == "$1$agSvn0WL$6GaCc0qz5RHu8PySNauf0" Service-Type = Login-User
In radiusd.conf I have:
modules { pap { encryption_scheme = MD5 } ....
authorize { # preprocess files }
authenticate { Auth-Type PAP { pap } }
--------------------- Radiusd says: --------------------- rad_recv: Access-Request packet from host 10.1.1.1:1645, id=239, length=82 NAS-IP-Address = 10.1.1.1 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "testuser" Calling-Station-Id = "1.2.3.4" User-Password = "testpwd" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 184 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Login incorrect: [testuser/testpwd] (from client Testclient port 1 cli 1.2.34) Delaying request 0 for 1 seconds Finished request 0
Problem: the entry in the users-File for testuser doesn't match.. Whats my mistake?
-----Ursprüngliche Nachricht----- Von: freeradius-users-bounces+markus.mr.rascher=siemens.com@lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com@listsfreeradius.org] Im Auftrag von Alan Dekok Gesendet: Mittwoch, 30. Mai 2007 11:42 An: FreeRadius users mailing list Betreff: Re: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote:
Hi all,
cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work?
Yes. See "man rlm_pap".
another question: can i use symmetric password encryption in users-File or radcheck table?
No. They're useless.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (5)
-
Alan Dekok -
Carl aniams -
Dennis Skinner -
Rascher, Markus -
tnt@kalik.co.yu