passwd encrypted in user file

vazoumana fofana zoumlander at hotmail.com
Fri Apr 20 16:27:25 CEST 2012 



> Date: Fri, 20 Apr 2012 15:47:28 +0200
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: passwd encrypted in user file
> 
> vazoumana fofana wrote:
> > i want to use encrypted passwd in "users" file without using unix files.
> > So, i have to write :
> > 
> > username Crypt-Password := "$1$5oVGRb3C$PCKT5Fv7d81NZTmzEm83e0".
> > 
> > How does Freeradius link the encrypted  password with password ?
> 
>   The PAP module does this.  It sees the Crypt-Password as one of the
> formats supported for "known good" passwords.  It then uses
> User-Password from the packet, and compares the two.
> 
> > I want to run a command wich crypt password. Wich command could i use ?
> > My system is unix-like.
> 
>   See "radcrypt", which comes with the server.
I use radcrypt but i note that for the same passwd , the encrypted passwd changes everytime. It it right ?
How does freeradius link passwd and encrypt-passwd if this last changes at each run ?

I try to connect a client with encrypted passwd. I used radcrypt without option. I inserted result in users file.
Here s the debug :

[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: vazou
[mschap] Told to do MS-CHAPv2 for vazou with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject

To configure windows client, i use PEAP with mschap V2. Is it right ? I don't find other ways to connect windows client with login/passwd.


> 
> > Then, i want to store this encrypted password in "users" file ?
> 
>   Yes.
> 
> > i look
> > to man  rlm_pap and i set yes to auto_header.
> 
>   You don't need to set that.  Leave it as the default.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120420/2f92df8c/attachment.html>

More information about the Freeradius-Users mailing list