Freeradius-Users Digest, Vol 17, Issue 47
ego seek
egoseek at gmail.com
Wed Sep 13 09:29:29 CEST 2006
thank you for yor reply.
do you know if i can use NT-PASSWORD using windowsXP client?
do I have only modify the table insert "NT-PASSWORD" instead "PASSWORD"?
how then I can make the sistem work? what I have to put in the radiusd.conf?
thank you.
Best regards
2006/9/12, freeradius-users-request at lists.freeradius.org <
freeradius-users-request at lists.freeradius.org>:
>
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
> comunication----------------------------------- (Rob Shepherd)
> 2. Re: FreeRadius suport IPv6 ??????????????/ (Alan DeKok)
> 3. Re: Probs with pppoe-server + radius (Alan DeKok)
> 4. Re: rautmp not working.. (Alan DeKok)
> 5. Re: Question about rlm modules (Alan DeKok)
> 6. Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
> comunication----------------------------------- (Alan DeKok)
> 7. Re: Question about rlm modules (Alan DeKok)
> 8. Re: Re: Re: IAS e Openser (Artur Hayne)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 12 Sep 2006 15:09:46 +0100
> From: Rob Shepherd <rob at techniumcast.com>
> Subject: Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
> comunication-----------------------------------
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <4506BFAA.5060803 at techniumcast.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> ego seek wrote:
> >
> >
> > Does Anybody know HOW I can make radius WORK with md5-stored password in
> > the db?
> >
> > I use EAP-PEAP-MSCHAPv2, and if the system works great if the pwds are
> > in clear in the mysqlDB
> >
>
>
> You can't. See
> http://deployingradius.com/documents/protocols/compatibility.html
>
> Store an 'NT-Password' value as a config ':=' attribute in the radcheck
> table.
>
> NT password hashes can be generated in most programming languages.
>
> Rob
>
> --
> Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
> rob at techniumcast.com | 01248 675024 | 077988 72480
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 12 Sep 2006 10:21:38 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: FreeRadius suport IPv6 ??????????????/
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142138.F266216E1C at mail.nitros9.org>
>
> Christian Hahn <hahn at berkom.de> wrote:
> > Do you mean IPv6 transport or support for IPv6 attributes (RFC3162)?
> > RFC3162 is supported by freeradius 2.0.0-pre0 (CVS), IPv6 transport as
> > far as I know is not supported.
>
> The CVS version also supports IPv6 transport.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 12 Sep 2006 10:23:15 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: Probs with pppoe-server + radius
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142315.586D516E31 at mail.nitros9.org>
>
> Ali Jawad <alijawad1 at gmail.com> wrote:
> > The info above is to help you guys in helping me pinpoint my prolem, my
> > real problem is that I can dial into my server using pppoe and simple
> > chap and/or pap authenication. However once I use radius to authenicate
> > the pppoe-dialup requests into the server. I get the following output in
> > pppd.log
>
> And in all of this you are carefully avoiding the one tool that
> will help you solve the problem: running the server in debugging mode.
>
> See the README, FAQ, INSTALL.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 12 Sep 2006 10:25:37 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: rautmp not working..
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142537.9FD8616E1C at mail.nitros9.org>
>
> Collen Blijenberg <collen at mail.hermanjordan.nl> wrote:
> > but no radutmp file is created, and if created by hand it stay's 0
> bytes...
> >
> > dunno my guesses tells me i forgot something... ???
>
> Send the server accounting packets. radutmp is created when the NAS
> agrees that the user has logged in, not when the server tells the NAS
> to let the user in.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 12 Sep 2006 10:26:24 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: Question about rlm modules
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142624.1F05B16E1C at mail.nitros9.org>
>
> Shankar Ganesh C <shankarganesh at tataelxsi.co.in> wrote:
> > Could you let me know how did u capture the vendor specfic attributes in
> the
> > rlm_module ?
>
> Read the source code to rlm_files. VSA's are just normal
> attributes. You can refer to them by name.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 12 Sep 2006 10:27:33 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
> comunication-----------------------------------
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142733.AC4BF16E1C at mail.nitros9.org>
>
> "ego seek" <egoseek at gmail.com> wrote:
> > Does Anybody know HOW I can make radius WORK with md5-stored password in
> the
> > db?
> >
> > I use EAP-PEAP-MSCHAPv2, and if the system works great if the pwds are
> in
> > clear in the mysqlDB
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
> What you want to do is impossible.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 12 Sep 2006 10:28:08 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: Question about rlm modules
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142808.646DA16E1C at mail.nitros9.org>
>
> "Ali Majdzadeh" <ali.majdzadeh at gmail.com> wrote:
> > What is(are) the coresponding function pointer(s) for start and stop
> packets
> > in an rlm module? (Something like xxx_authenticate)
>
> The "accounting" sections handle accounting packets.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 12 Sep 2006 11:41:22 -0300 (ART)
> From: Artur Hayne <arturhayne at yahoo.com.br>
> Subject: Re: Re: Re: IAS e Openser
> To: freeradius-users at lists.freeradius.org
> Message-ID: <20060912144122.13065.qmail at web61213.mail.yahoo.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Olá a todos,
>
> Como faço para transformar o Freeradius num cliente do IAS? Existe algum
> tutorial, ou artigo?
> Se for sem passar pelo servidor freeradius eu já configurei o radiusclient
> para ir direto ao IAS, mas não deu certo, nada acontece, e o pior de tudo
> que não tenho nem como debugar o problema e o arquivo de log do IAS é muito
> fraco.
>
> |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|
> Da pra fazer isso? Como faço isso?
>
> Alguma idéia?
>
> Obrigado.
> -----------------------------
>
> Marcos escreveu:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Pessoal, facam o seguinte:
>
> - instale o IAS no windows - esse software atua como
> um radius server
> - configure o freeradius para atuar como um radius
> client, usando o IAS como radius server.
>
> pronto, assim fica mais facil.
> infelizmente o windows nao eh 100% LDAP.
> o AD do windows 2003 eh mais LDAP que o AD do windows
> 2000, mas mesmo assim nao sao 100% compativeis com o
> padrao LDAP.
>
> []s
>
> Marcos
>
> --- Marcelo Costa escreveu:
>
> > Arthur,
> >
> > qual ? a pesquisa que o freeradius est? fazendo no
> > ldap?
> > o que tem no users.conf?
> >
> > eu f? utilizei freeradius+ldap sem problemas.
> >
> > []s
> > Marcelo Costa
> >
> > Em 20/8/2006, "Artur Hayne"
> > escreveu:
> >
> > >Ol? a todos,
> > >
> > > Eu tenho um problema que parece n?o haver
> > solu??o. Tenho um servidor openser que deve
> > autenticar os usu?rios no servidor ldap Active
> > Directory atrav?s do FreeRadius. Consigo estabelecer
> > uma se??o do Freeradius com o AD, porem quando o
> > usu?rio tenta se autenticar atraves de um
> > softphone, passando pelo FreeRadius, aparece um
> > erro.
> > >
> > > Vejam aqui o debug do Radius:
> > >
> > > radius_xlat: 'ou=bli,dc=blo,dc=blu,dc=br'
> > > rlm_ldap: ldap_get_conn: Checking Id: 0
> > > rlm_ldap: ldap_get_conn: Got Id: 0
> > > rlm_ldap: performing search in
> > ou=bli,dc=blo,dc=blu,dc=br, with filter (uid=jab)
> > > rlm_ldap: object not found or got ambiguous
> > search result <---------- essa linha!!!
> > > rlm_ldap: search failed <---------- essa linha!!!
> > > rlm_ldap: ldap_release_conn: Release Id: 0
> > > modcall[authorize]: module "ldap" returns
> > notfound for request 47 <---------- essa linha!!!
> > > modcall: leaving group authorize (returns ok) for
> > request 47
> > > rad_check_password: Found Auth-Type DIGEST
> > > auth: type "digest"
> > > Processing the authenticate section of
> > radiusd.conf
> > > modcall: entering group authenticate for request
> > 47
> > > rlm_digest: Configuration item "User-Password" or
> > MD5-Password is required for authentication.
> > <---------- essa linha!!!
> > > modcall[authenticate]: module "digest" returns
> > invalid for request 47 <---------- essa linha!!!
> > > modcall: leaving group authenticate (returns
> > invalid) for request 47
> > > auth: Failed to validate the user. <----------
> > essa linha!!!
> > >
> > > Eu vi alguns tutoriais mostrando como autenticar
> > no dominio utilizando a ferramneta ntlm_auth, mas
> > ela parece que so funciona com o protocolo mschap,
> > sendo que o Openser utiliza o digest para
> > autenticar.
> > > No radiusd.conf o digest e o ldap est?o
> > descomentados tanto para autentica??o como para
> > autoriza??o.
> > > ? necess?rio fazer alguma configura??o nos
> > aquivos users ou em outro?
> > > Eu ainda estou tentando entender um pouco mais do
> > Freeradius.
> > >
> > > Obrigado.
> > >
> > >
> > >
> > >---------------------------------
> > > O Yahoo! est? de cara nova. Venha conferir!
> > >__
> > >masoch-l list
> > >https://eng.registro.br/mailman/listinfo/masoch-l
> > __
> > masoch-l list
> > https://eng.registro.br/mailman/listinfo/masoch-l
> >
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------
> Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu
> celular. Registre seu aparelho agora!
>
>
> ---------------------------------
> Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular.
> Registre seu aparelho agora!
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060912/524c80c1/attachment.html
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 17, Issue 47
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060913/6641a95c/attachment.html>
More information about the Freeradius-Users
mailing list