Need help

Frank Winkler frank at riess.de
Wed Oct 31 17:14:59 CET 2007 

Hi there !

Could someone please assisst me in configuring FreeRADIUS? I'm quite new to
FR and migrated a server from 0.6 on Solaris 8/SPARC to 1.1.7 on Solaris
10/x64.

On the old server, the users were authenticated by regular /etc/passwd
means. I got this working on the new server. As there are some new features
in the later versions, I'd prefer to move the RADIUS users to a separate
smbpasswd-like file but I can't get the authentication to work.

Some questions:

The old server querying itself for a /etc/passwd user:
root at old # ./radtest frank XXX localhost 10 test123
Sending Access-Request of id 161 to 127.0.0.1:1812
         User-Name = "frank"
         User-Password = "D[\326<\255h\016A\275\357"%\367\027_y"
         NAS-IP-Address = XXX
         NAS-Port-Id = "10"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=161, length=20
root at old #

The old server querying the new one for a /etc/passwd user:
root at old # ./radtest frank XXX new 10 test123
Sending Access-Request of id 216 to 10.1.1.12:1812
         User-Name = "frank"
         User-Password = "T)n\244Lec\226\246)U@\366\217&%"
         NAS-IP-Address = XXX
         NAS-Port-Id = "10"
rad_recv: Access-Accept packet from host 10.1.1.12:1812, id=216, length=20
root at old #

The new server querying itself for the exact same user as above:
root at new# ./radtest frank XXX localhost 10 test123
Sending Access-Request of id 177 to 127.0.0.1 port 1812
         User-Name = "frank"
         User-Password = "XXX"
         NAS-IP-Address = 255.255.255.255
         NAS-Port = 10
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=177, length=20
root at new#

Why is the password displayed in plain text instead of hashed as on the old
server?

And how do I configure a separate user file? Currently, I have

   passwd radpasswd {
     filename = /opt/freeradius/etc/radpasswd
     #format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
     format = "*User-Name:LM-Password:NT-Password:"
     delimiter = ":"
     # authtype = MS-CHAP
     authtype = PAP
     hashsize = 0
     ignorenislike = yes
     allowmultiplekeys = no
   }

with radpasswd looking like

frank:A:B:Frank Winkler

with A and B created by "smbencrypt".

I'm pretty unsure about the "authtype". I can post debug outout of radiusd
but it looks like it finds the user in the file but cannot authenticate the
password.

TIA

	fw

More information about the Freeradius-Users mailing list