Freeradius-Users Digest, Vol 17, Issue 47

ego seek egoseek at gmail.com
Wed Sep 13 09:29:29 CEST 2006


thank you for yor reply.

do you know if i can use NT-PASSWORD using windowsXP client?

do I have only modify the table insert "NT-PASSWORD" instead "PASSWORD"?
how then I can make the sistem work? what I have to put in the radiusd.conf?

thank you.
Best regards

2006/9/12, freeradius-users-request at lists.freeradius.org <
freeradius-users-request at lists.freeradius.org>:
>
> Send Freeradius-Users mailing list submissions to
>         freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
>         freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
>         freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>    1. Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
>       comunication----------------------------------- (Rob Shepherd)
>    2. Re: FreeRadius suport IPv6 ??????????????/  (Alan DeKok)
>    3. Re: Probs with pppoe-server + radius  (Alan DeKok)
>    4. Re: rautmp not working..  (Alan DeKok)
>    5. Re: Question about rlm modules  (Alan DeKok)
>    6. Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
>       comunication-----------------------------------  (Alan DeKok)
>    7. Re: Question about rlm modules  (Alan DeKok)
>    8. Re: Re: Re: IAS e Openser (Artur Hayne)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 12 Sep 2006 15:09:46 +0100
> From: Rob Shepherd <rob at techniumcast.com>
> Subject: Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for      the
>         comunication-----------------------------------
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Message-ID: <4506BFAA.5060803 at techniumcast.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> ego seek wrote:
> >
> >
> > Does Anybody know HOW I can make radius WORK with md5-stored password in
> > the db?
> >
> > I use EAP-PEAP-MSCHAPv2, and if the system works great if the pwds are
> > in clear in the mysqlDB
> >
>
>
> You can't. See
> http://deployingradius.com/documents/protocols/compatibility.html
>
> Store an 'NT-Password' value as a config ':=' attribute in the radcheck
> table.
>
> NT password hashes can be generated in most programming languages.
>
> Rob
>
> --
> Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
> rob at techniumcast.com | 01248 675024 | 077988 72480
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 12 Sep 2006 10:21:38 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: FreeRadius suport IPv6 ??????????????/
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142138.F266216E1C at mail.nitros9.org>
>
> Christian Hahn <hahn at berkom.de> wrote:
> > Do you mean IPv6 transport or support for IPv6 attributes (RFC3162)?
> > RFC3162 is supported by freeradius 2.0.0-pre0 (CVS), IPv6 transport as
> > far as I know is not supported.
>
>   The CVS version also supports IPv6 transport.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 12 Sep 2006 10:23:15 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: Probs with pppoe-server + radius
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142315.586D516E31 at mail.nitros9.org>
>
> Ali Jawad <alijawad1 at gmail.com> wrote:
> > The info above is to help you guys in helping me pinpoint my prolem, my
> > real problem is that I can dial into my server using pppoe and simple
> > chap and/or pap authenication. However once I use radius to authenicate
> > the pppoe-dialup requests into the server. I get the following output in
> > pppd.log
>
>   And in all of this you are carefully avoiding the one tool that
> will help you solve the problem: running the server in debugging mode.
>
>   See the README, FAQ, INSTALL.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 12 Sep 2006 10:25:37 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: rautmp not working..
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142537.9FD8616E1C at mail.nitros9.org>
>
> Collen Blijenberg <collen at mail.hermanjordan.nl> wrote:
> > but no radutmp file is created, and if created by hand it stay's 0
> bytes...
> >
> > dunno my guesses tells me i forgot something... ???
>
>   Send the server accounting packets.  radutmp is created when the NAS
> agrees that the user has logged in, not when the server tells the NAS
> to let the user in.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 12 Sep 2006 10:26:24 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: Question about rlm modules
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142624.1F05B16E1C at mail.nitros9.org>
>
> Shankar Ganesh C <shankarganesh at tataelxsi.co.in> wrote:
> > Could you let me know how did u capture the vendor specfic attributes in
> the
> > rlm_module ?
>
>   Read the source code to rlm_files.  VSA's are just normal
> attributes.  You can refer to them by name.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 12 Sep 2006 10:27:33 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
>         comunication-----------------------------------
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142733.AC4BF16E1C at mail.nitros9.org>
>
> "ego seek" <egoseek at gmail.com> wrote:
> > Does Anybody know HOW I can make radius WORK with md5-stored password in
> the
> > db?
> >
> > I use EAP-PEAP-MSCHAPv2, and if the system works great if the pwds are
> in
> > clear in the mysqlDB
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
>   What you want to do is impossible.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 12 Sep 2006 10:28:08 -0400
> From: "Alan DeKok" <aland at deployingradius.com>
> Subject: Re: Question about rlm modules
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Message-ID: <20060912142808.646DA16E1C at mail.nitros9.org>
>
> "Ali Majdzadeh" <ali.majdzadeh at gmail.com> wrote:
> > What is(are) the coresponding function pointer(s) for start and stop
> packets
> > in an rlm module? (Something like xxx_authenticate)
>
>   The "accounting" sections handle accounting packets.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 12 Sep 2006 11:41:22 -0300 (ART)
> From: Artur Hayne <arturhayne at yahoo.com.br>
> Subject: Re: Re: Re: IAS e Openser
> To: freeradius-users at lists.freeradius.org
> Message-ID: <20060912144122.13065.qmail at web61213.mail.yahoo.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Olá a todos,
>
> Como faço para transformar o Freeradius num cliente do IAS? Existe algum
> tutorial, ou artigo?
> Se for sem passar pelo servidor freeradius eu já configurei o radiusclient
> para ir direto ao IAS, mas não deu certo, nada acontece, e o pior de tudo
> que não tenho nem como debugar o problema e o arquivo de log do IAS é muito
> fraco.
>
> |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|
> Da pra fazer isso? Como faço isso?
>
> Alguma idéia?
>
> Obrigado.
> -----------------------------
>
> Marcos escreveu:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Pessoal, facam o seguinte:
>
> - instale o IAS no windows - esse  software atua como
> um radius server
> - configure o freeradius para atuar como um radius
> client, usando o IAS como radius server.
>
> pronto, assim fica mais facil.
> infelizmente o windows nao eh 100% LDAP.
> o AD do windows 2003 eh mais LDAP que o AD do windows
> 2000, mas mesmo assim nao sao 100% compativeis com o
> padrao LDAP.
>
> []s
>
> Marcos
>
> --- Marcelo Costa  escreveu:
>
> > Arthur,
> >
> > qual ? a pesquisa que o freeradius est? fazendo no
> > ldap?
> > o que tem no users.conf?
> >
> > eu f? utilizei freeradius+ldap sem problemas.
> >
> > []s
> > Marcelo Costa
> >
> > Em 20/8/2006, "Artur Hayne"
> >  escreveu:
> >
> > >Ol? a todos,
> > >
> > >  Eu tenho um problema que parece n?o haver
> > solu??o. Tenho um servidor  openser que deve
> > autenticar os usu?rios no servidor ldap Active
> > Directory atrav?s do FreeRadius. Consigo estabelecer
> > uma se??o do  Freeradius com o AD, porem quando o
> > usu?rio tenta se autenticar atraves  de um
> > softphone, passando pelo FreeRadius, aparece um
> > erro.
> > >
> > >  Vejam aqui o debug do Radius:
> > >
> > >   radius_xlat:  'ou=bli,dc=blo,dc=blu,dc=br'
> > >  rlm_ldap: ldap_get_conn: Checking Id: 0
> > >  rlm_ldap: ldap_get_conn: Got Id: 0
> > >  rlm_ldap: performing search in
> > ou=bli,dc=blo,dc=blu,dc=br, with filter (uid=jab)
> > >  rlm_ldap: object not found or got ambiguous
> > search result <---------- essa linha!!!
> > >  rlm_ldap: search failed <---------- essa linha!!!
> > >  rlm_ldap: ldap_release_conn: Release Id: 0
> > >    modcall[authorize]: module "ldap" returns
> > notfound for request 47 <---------- essa linha!!!
> > >  modcall: leaving group authorize (returns  ok) for
> > request 47
> > >    rad_check_password:  Found Auth-Type DIGEST
> > >  auth: type "digest"
> > >    Processing the authenticate section of
> > radiusd.conf
> > >  modcall: entering group authenticate for request
> > 47
> > >  rlm_digest: Configuration item "User-Password" or
> > MD5-Password is required for authentication.
> > <---------- essa linha!!!
> > >    modcall[authenticate]: module "digest" returns
> > invalid for request 47 <---------- essa linha!!!
> > >  modcall: leaving group authenticate (returns
> > invalid) for request 47
> > >  auth: Failed to validate the user. <----------
> > essa linha!!!
> > >
> > >  Eu vi alguns tutoriais mostrando como autenticar
> > no dominio utilizando  a ferramneta ntlm_auth,  mas
> > ela parece que so funciona com o  protocolo mschap,
> > sendo que o Openser utiliza o digest para
> >  autenticar.
> > >  No radiusd.conf o digest e o ldap est?o
> > descomentados tanto para autentica??o como para
> > autoriza??o.
> > >  ? necess?rio fazer alguma configura??o nos
> > aquivos users ou em outro?
> > >  Eu ainda estou tentando entender um pouco mais do
> > Freeradius.
> > >
> > >  Obrigado.
> > >
> > >
> > >
> > >---------------------------------
> > > O Yahoo! est? de cara nova. Venha conferir!
> > >__
> > >masoch-l list
> > >https://eng.registro.br/mailman/listinfo/masoch-l
> > __
> > masoch-l list
> > https://eng.registro.br/mailman/listinfo/masoch-l
> >
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------
>   Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu
> celular. Registre seu aparelho agora!
>
>
> ---------------------------------
> Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular.
> Registre seu aparelho agora!
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060912/524c80c1/attachment.html
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 17, Issue 47
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060913/6641a95c/attachment.html>


More information about the Freeradius-Users mailing list