password encryption problem

Hegedus Gabor hegedus.gabor at euroway.hu
Fri Jul 31 15:35:35 CEST 2009


Hegedus Gabor wrote:
> Nicolas Goutte wrote:
>>
>> Am 31.07.2009 um 15:13 schrieb Hegedus Gabor:
>>
>>> Hi all!
>>>
>>> I have a problem, I want to authenticate console users in cisco 
>>> switches.
>>> In the 2960, the switch send the password in cleartext, nothing 
>>> problem.
>>>
>>> User-Password="password"
>>
>> Please try using
>>
>> Cleartext-Password := "password"
>>
>> in the users file (or similarly in databases).
>>
>>
> as I said I tried clear text password in the ldap, and nothing 
> changed. My user is in the ldap and not in the users file.
>
>>>
>>> but int the 2950, the switch can only send in "crypted" version like 
>>> this:
>>>
>>> NAS-Port-Type = Virtual
>>> User-Name = "test"
>>> Calling-Station-Id = "192.168.***"
>>> User-Password = "\\342\455\325]̍\322\tM~\237\616}\266\426"
>>> Service-Type = Login-User
>>>
>>> In the ldap database I tried all of the encription type (clear, md5, 
>>> crypt, md5crypt) but every time reject the authentication:
>>>
>>> frad debug:
>>>
>>> Failed to authenticate the user.
>>> Login incorrect (rlm_ldap: Bind as user failed): 
>>> [test/\\_\266\065]�?\663\tM~\667\354}\126\316] (from client switch 
>>> port 1 cli 192.168.***
>>> WARNING: Unprintable characters in the password. Double-check the 
>>> shared secret on the server and the NAS!
>>>
>>>
>>> What can I do in the freeradius, what I forgot?
>>> Thanks! Gabor
>>> -
>>> List info/subscribe/unsubscribe? See 
>>> http://www.freeradius.org/list/users.html
>>
>>
>> Have a nice day!
>>
>> Nicolas Goutte
>>
>>
>> extragroup GmbH - Karlsruhe
>> Waldstr. 49
>> 76133 Karlsruhe
>> Germany
>>
>> Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
>> Registergericht: Amtsgericht Münster / HRB: 5624
>> Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
Sorry this was my fault the shared secret really was not the same.
ty



More information about the Freeradius-Users mailing list