encrypted password

tnt at kalik.co.yu tnt at kalik.co.yu
Wed Jun 13 14:11:25 CEST 2007


>radiusd.conf.in,v 1.123 2002/11/12 20:22:48

What server version is this? Install current version (1.1.6) and it will
work with default configuration.

Ivan Kalik
Kalik Informatika ISP


Dana 13/6/2007, "Felipe Ceglia - PY1NB" <felipe-listas at terenet.com.br>
piše:

>Hi there,
>
>Thank you for your replies, but I cannot manage to make this crypt thing
>work.
>
>
>I dont have the " on the databse, it looks like:
>
>mysql> select * from radcheck where username = 'anavc';
>+----+----------+----------------+---------------+----+
>| id | UserName | Attribute      | Value         | op |
>+----+----------+----------------+---------------+----+
>|  4 | anavc    | Crypt-Password | 9D8wtP7DGqgCg | := |
>+----+----------+----------------+---------------+----+
>
>This crypted passwd string is the same which works on /etc/passwd. I
>just copied/pasted it to ensure it was ok.
>
>---------------------------------------------------------------
>
>If you would like to see my radiusd.conf, please go to:
>http://pastebin.ca/563974
>
>---------------------------------------------------------------
>
>When I try to put "pap" on the authorize section, server dies:
>radiusd.conf: "PAP" modules aren't allowed in 'authorize' sections --
>they have no such method.
>
>----------------------------------------------------------------
>
>I **think** I am sending the password string as clear text, as I am
>trying it via radtest. It seems like it first try to send cleartext
>password, and then it truncates it in someway:
>
>radtest anavc 2572ava localhost:1645 0 teste
>Sending Access-Request of id 216 to 127.0.0.1:1645
>         User-Name = "anavc"
>         User-Password = "2572ava"
>         NAS-IP-Address = intranet
>         NAS-Port = 0
>Re-sending Access-Request of id 216 to 127.0.0.1:1645
>         User-Name = "anavc"
>         User-Password = "\336P\325\315C\261{<j\336\346\3725\203\np"
>         NAS-IP-Address = intranet
>         NAS-Port = 0
>rad_recv: Access-Reject packet from host 127.0.0.1:1645, id=216, length=20
>
>-----------------------------------------------------------------
>
>
>Thank you for being nice,
>
>Felipe
>
>
>
>
>
>> Hmm,
>> You are sending the users password as plaintext or something reversible
>> like GTC ?
>>
>> You can only use crypted passwords if the pass-phrase is being sent in
>> the clear...
>>
>> Oh and you'd also need the PAP module uncommented in authorise and
>> authenticate, as it's the one that deals with calculating hashes for
>> comparison.
>>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list