password is in Cleartext-Password and NOT in User-Password
Hello Dear, I use freeradius 3 and daloradius to manage the user on SQL. When I create manually the username and do a Password-Type in Cleartext-Password, The Acces request match the good password. When I create the users from Daloradius Batch User form, the Paswword-Type is in User-Password, and no option to change it, then the Acces Request doesn't match a good password. It show PAP warning below : ......................... .......................... (3) [sql] = ok (3) [expiration] = noop (3) [logintime] = noop (3) pap: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (3) pap: WARNING: !!! Ignoring control:User-Password. Update your !!! (3) pap: WARNING: !!! configuration so that the "known good" clear text !!! (3) pap: WARNING: !!! password is in Cleartext-Password and NOT in !!! (3) pap: WARNING: !!! User-Password. !!! (3) pap: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (3) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (3) pap: WARNING: Authentication will fail unless a "known good" password is available (3) [pap] = noop (3) } # authorize = ok (3) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (3) Failed to authenticate the user (3) Using Post-Auth-Type Reject ............................ .......................... Is this an issue on my freeradius seting ? Can I change the password type in Cleartext-Password somewhere ? How can I do to solve thie issues ? jmlz
Hello Dear, I use freeradius 3 and daloradius to manage the user on SQL. When I create manually the username and do a Password-Type in Cleartext-Password, The Acces request match the good password. When I create the users from Daloradius Batch User form, the Paswword-Type is in User-Password, and no option to change it, then the Acces Request doesn't match a good password. It show PAP warning below : ......................... .......................... (3) [sql] = ok (3) [expiration] = noop (3) [logintime] = noop (3) pap: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (3) pap: WARNING: !!! Ignoring control:User-Password. Update your !!! (3) pap: WARNING: !!! configuration so that the "known good" clear text !!! (3) pap: WARNING: !!! password is in Cleartext-Password and NOT in !!! (3) pap: WARNING: !!! User-Password. !!! (3) pap: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (3) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (3) pap: WARNING: Authentication will fail unless a "known good" password is available (3) [pap] = noop (3) } # authorize = ok (3) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (3) Failed to authenticate the user (3) Using Post-Auth-Type Reject ............................ .......................... Is this an issue on my freeradius seting ? Can I change the password type in Cleartext-Password somewhere ? How can I do to solve thie issues ? jmlz
On Jun 28, 2018, at 4:01 AM, Philemon Jaomalaza <philemon.jaomalaza@gmail.com> wrote:
When I create manually the username and do a Password-Type in Cleartext-Password, The Acces request match the good password.
When I create the users from Daloradius Batch User form, the Paswword-Type is in User-Password, and no option to change it, then the Acces Request doesn't match a good password.
We've recommended using Cleartext-Password for 10+ years. Sorry, but Daloradius is broken. You should be able to fix Daloradius. Just look for "User-Password" in the source code and change it to "Cleartext-Password".\
Is this an issue on my freeradius seeing ?
No.
Can I change the password type in Cleartext-Password somewhere ?
No. Daloradius is putting the wrong information into SQL.
How can I do to solve thie issues ?
Fix Daloradius. Alan DeKok.
participants (2)
-
Alan DeKok -
Philemon Jaomalaza