encrypted password

Felipe Ceglia - PY1NB felipe-listas at terenet.com.br
Wed Jun 13 13:50:10 CEST 2007 

Hi there,

Thank you for your replies, but I cannot manage to make this crypt thing 
work.


I dont have the " on the databse, it looks like:

mysql> select * from radcheck where username = 'anavc';
+----+----------+----------------+---------------+----+
| id | UserName | Attribute      | Value         | op |
+----+----------+----------------+---------------+----+
|  4 | anavc    | Crypt-Password | 9D8wtP7DGqgCg | := |
+----+----------+----------------+---------------+----+

This crypted passwd string is the same which works on /etc/passwd. I 
just copied/pasted it to ensure it was ok.

---------------------------------------------------------------

If you would like to see my radiusd.conf, please go to:
http://pastebin.ca/563974

---------------------------------------------------------------

When I try to put "pap" on the authorize section, server dies:
radiusd.conf: "PAP" modules aren't allowed in 'authorize' sections -- 
they have no such method.

----------------------------------------------------------------

I **think** I am sending the password string as clear text, as I am 
trying it via radtest. It seems like it first try to send cleartext 
password, and then it truncates it in someway:

radtest anavc 2572ava localhost:1645 0 teste
Sending Access-Request of id 216 to 127.0.0.1:1645
         User-Name = "anavc"
         User-Password = "2572ava"
         NAS-IP-Address = intranet
         NAS-Port = 0
Re-sending Access-Request of id 216 to 127.0.0.1:1645
         User-Name = "anavc"
         User-Password = "\336P\325\315C\261{<j\336\346\3725\203\np"
         NAS-IP-Address = intranet
         NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1645, id=216, length=20

-----------------------------------------------------------------


Thank you for being nice,

Felipe





> Hmm,
> You are sending the users password as plaintext or something reversible 
> like GTC ?
> 
> You can only use crypted passwords if the pass-phrase is being sent in 
> the clear...
> 
> Oh and you'd also need the PAP module uncommented in authorise and 
> authenticate, as it's the one that deals with calculating hashes for 
> comparison.
>

More information about the Freeradius-Users mailing list