Trying to allow all user name and password
Hello, How are you ? I am trying to find a way to allow every user name and password to connect to my wifi network. I tried to put : DEFAULT Auth-Type := Accept in the /etc/raddb/users file and I change also the source code file : cryptpasswd like this : sub main { Getopt::Long::Configure("no_ignore_case", "bundling"); my @options = ( "des|d+", "md5|m+", "check|c+" ); usage() unless (eval { Getopt::Long::GetOptions(@options) } ); if ($opt_check) { usage unless ($#ARGV == 1); if (crypt($ARGV[0], $ARGV[1]) ne $ARGV[1]) { print "Password BAD\n"; return 1; # 0 } else { print "Password OK\n"; return 1; } } $opt_des = 1 unless ($opt_des || $opt_md5); usage() unless ($#ARGV == 0); die "DES password hashing not available\n" if ($opt_des && !check_des()); die "MD5 password hashing not available\n" if ($opt_md5 && !check_md5()); $salt = ($opt_md5 ? '$1$' : ''); for ($i = 0; $i < ($opt_md5 ? 8 : 2); $i++) { $salt .= $saltc[rand 64]; } $salt .= '$' if ($opt_md5); print crypt($ARGV[0], $salt), "\n"; 1; } But it still doesn't work, does anyone have any idea of where to change the code to accept password matching ? Thank you ! David
I forgot to say, the version that i am using is freeradius-server-2.2.6 Sorry Le 27 sept. 2017 à 11:21, David David <davidcarter1990@hotmail.com<mailto:davidcarter1990@hotmail.com>> a écrit : Hello, How are you ? I am trying to find a way to allow every user name and password to connect to my wifi network. I tried to put : DEFAULT Auth-Type := Accept in the /etc/raddb/users file and I change also the source code file : cryptpasswd like this : sub main { Getopt::Long::Configure("no_ignore_case", "bundling"); my @options = ( "des|d+", "md5|m+", "check|c+" ); usage() unless (eval { Getopt::Long::GetOptions(@options) } ); if ($opt_check) { usage unless ($#ARGV == 1); if (crypt($ARGV[0], $ARGV[1]) ne $ARGV[1]) { print "Password BAD\n"; return 1; # 0 } else { print "Password OK\n"; return 1; } } $opt_des = 1 unless ($opt_des || $opt_md5); usage() unless ($#ARGV == 0); die "DES password hashing not available\n" if ($opt_des && !check_des()); die "MD5 password hashing not available\n" if ($opt_md5 && !check_md5()); $salt = ($opt_md5 ? '$1$' : ''); for ($i = 0; $i < ($opt_md5 ? 8 : 2); $i++) { $salt .= $saltc[rand 64]; } $salt .= '$' if ($opt_md5); print crypt($ARGV[0], $salt), "\n"; 1; } But it still doesn't work, does anyone have any idea of where to change the code to accept password matching ? Thank you ! David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 27, 2017, at 5:21 AM, David David <davidcarter1990@hotmail.com> wrote:
I am trying to find a way to allow every user name and password to connect to my wifi network.
It's impossible. The WiFi protocols were *designed* to make this impossible. The only thing you can do is to give everyone a well-known name / password, like "guest / guest". You then authenticate them as any other normal user with names && passwords. Alan DeKok.
Thanks Alan for your answer, I read also on some forum that it's not possible in wifi, but I don't understand why ? Even if I change the source code when it tried to match the password and the username to return like true ? ________________________________ De : Freeradius-Users <freeradius-users-bounces+davidcarter1990=hotmail.com@lists.freeradius.org> de la part de Alan DeKok <aland@deployingradius.com> Envoyé : mercredi 27 septembre 2017 14:18 À : FreeRadius users mailing list Objet : Re: Trying to allow all user name and password On Sep 27, 2017, at 5:21 AM, David David <davidcarter1990@hotmail.com> wrote:
I am trying to find a way to allow every user name and password to connect to my wifi network.
It's impossible. The WiFi protocols were *designed* to make this impossible. The only thing you can do is to give everyone a well-known name / password, like "guest / guest". You then authenticate them as any other normal user with names && passwords. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 27, 2017, at 8:28 AM, David David <davidcarter1990@hotmail.com> wrote:
Thanks Alan for your answer,
I read also on some forum that it's not possible in wifi, but I don't understand why ?
Because of various magic crypto things which take years to understand.
Even if I change the source code when it tried to match the password and the username to return like true ?
What part of "impossible" do you not understand? Alan DeKok.
On 27 Sep 2017, at 13:28, David David <davidcarter1990@hotmail.com> wrote:
I read also on some forum that it's not possible in wifi, but I don't understand why ?
It's a gross simplification, but: The access point needs some information that is only available once the EAP exchange has completed. Generating the information requires the client and server to co-operate so if you short circuit the process, the information is never generated and the connection fails. EAP is mandatory on WiFi, but only optional on wired connections, which is why this kind of trickery works for wired .1x Regards, Adam Bishop gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460 jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
participants (3)
-
Adam Bishop -
Alan DeKok -
David David