AW: AW: using encrypted passwords in users file or sql-radcheck table

Rascher, Markus markus.mr.rascher at siemens.com
Wed May 30 15:55:10 CEST 2007


I'm using version 1.1.3 on redhat fc6.
Yum says, 1.1.3 is the newest version, it can install.
To get 1.1.6 I have to compile the sources?

-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org [mailto:freeradius-users-bounces+markus.mr.rascher=siemens.com at lists.freeradius.org] Im Auftrag von Alan Dekok
Gesendet: Mittwoch, 30. Mai 2007 14:47
An: FreeRadius users mailing list
Betreff: Re: AW: using encrypted passwords in users file or sql-radcheck table

Rascher, Markus wrote:
> With pap I'm running into problems...
> Can u give me an example config?
> 
> In users-File I have: (Password is 'testpwd')
> testuser        Auth-Type = PAP, MD5-Password == "$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0"

  Don't set Auth-Type.  I have NO idea why so many people are fascinated
with setting it.

  Use ":=" for the MD5-Password, not "==".  See "man users" for why.

> modules {
>         pap {
>              encryption_scheme = MD5

  Why?  If you're using the most recent version, the documentation in
"man rlm_pap", and the comments in radiusd.conf make it clear that the
"encryption_scheme" configuration option shouldn't be used.

> authorize {
> #       preprocess
>         files
> }

  Why?  You've gone to a lot of trouble to remove everything from the
"authorize" section.  The documentation in "radiusd.conf" at the end of
the "authorize" section says you should list "pap".  The documentation
in "man rlm_pap" says the same thing.

...
> modcall: entering group authorize for request 0
>     users: Matched entry DEFAULT at line 184

  i.e. it didn't match the entry you posted above.  It didn't match
because the format of the entry was wrong.

> Problem: the entry in the users-File for testuser doesn't match..
> Whats my mistake?

  You haven't read the documentation.  You haven't read the comments in
the config files you're editing.  You've done a LOT of work to break the
default configuration.

  FreeRADIUS ships with a default configuration that works in the widest
possible set of circumstances.  If you don't understand the
configuration, CHANGE AS LITTLE AS POSSIBLE.

  I will also not you're either running an older version, which is not
recommended, or you didn't follow my previous recommendation to read
"man rlm_pap"

  Read the documentation.  Don't destroy the default configuration.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list