Hi Hecker, I do know that EAP-MD5 is only capable of authenticating with plain text info. And now I know that to authenticate with the accounts on Linux server will need additional database setup for users. It is impossible to obtain user info from original Linux server. Thanks
Sarick ----- Original Message ----- From: "Artur Hecker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 05, 2002 7:20 PM Subject: Re: (2) Can LDAP be used to authenticate /etc/passwd ? > one more time: eap/md5 will not (can not) work with the information > available in the /etc/passwd and shadow. > > > > Sarick wrote: > > Hi, > > Thanks all of the advice. Now I know what LDAP does. :-) > > Basically, my ambition is to make a 802.1x EAP-MD5 authentication. > > And the users info required for authentication (i.e., username and passwd) > > can correspond to the accounts on my Linux server. > > Therefore, I won't need to key in all of the users info again but just > > obtained from Linux. (my original thought is to obtain from /etc/passwd and > > /etc/shadow) > > But I have no idea whether I can do it or how I can do it. > > Can I just convert the /etc/passwd and /etc/shadow into LDAP database? How? > > Or it is no way to do this? > > > > Sarick > > > > ----- Original Message ----- > > From: "Artur Hecker" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, December 05, 2002 8:56 AM > > Subject: Re: (2) Can LDAP be used to authenticate /etc/passwd ? > > > > > > > >>hi > >> > >>evren: all that is useless - EAP-MD5 will need clear-text passwords. > >>/etc/passwd or shadow or whatsoever only stores a hash of it. it is not > >>going to work anyway. > >> > >>a propos, sarick: the original question is a big strange mixture of > >>available incompatible techniques. you store your radius-related users > >>EITHER in the LDAP OR in the /etc/passwd OR somewhere else, and not just > >>somewhere. an LDAP database is NOT a text file which /etc/passwd > >>obviously is. and ming-bogglingly enough all this has nothing to do with > >>radius! and even more confusing: the EAP-MD5 is pretty much CHAP in its > >>centralized EAP form and CHAP needs clear-text passwords and exactly > >>those are actually hashed (=not clear-text) in the file you are talking > >>about. > >> > >>what the hell do you want to do? > >> > >> > >>ciao > >>artur > >> > >> > >>ps your question basically was: "can i buy a cadillac that knows how to > >>drive a chevy? and can all this fly to the moon?" > >> > >> > >> > >> > >>Evren Yurtesen wrote: > >> > >>>or actually if you can keep the /etc/passwd /etc/shadow syncronised with > >>>LDAP that would also do the trick. Perhaps with a script you can convert > >>>/etc/passwd /etc/shadow into LDAP or only the changed accounts etc. or > >>>even syncronise the add/remove user functions both in LDAP and in system > >>>files. > >>> > >>>Evren > >>> > >>>On Wed, 4 Dec 2002, Simon White wrote: > >>> > >>> > >>>>04-Dec-02 at 20:23, jmc_cs ([EMAIL PROTECTED]) wrote : > >>>> > >>>>> > >>>>>Hi Simon, > >>>>>----- Original Message ----- > >>>>>From: "Simon White" <[EMAIL PROTECTED]> > >>>>>To: <[EMAIL PROTECTED]> > >>>>>Sent: Wednesday, December 04, 2002 7:23 PM > >>>>>Subject: Re: Can LDAP be used to authenticate /etc/passwd ? > >>>>> > >>>>> > >>>>> > >>>>>>04-Dec-02 at 19:12, Sarick ([EMAIL PROTECTED]) wrote : > >>>>>> > >>>>>>>Hi all, > >>>>>>>Can the LDAP be used to authenticate a user whose username and > >>>>>> > > password > > > >>>>>is > >>>>> > >>>>>>>stored in /etc/passwd?? > >>>>>> > >>>>>>How is the LDAP server going to read the username in /etc/passwd? > >>>>>> > >>>>>>Passwords are not stored in /etc/passwd, just usernames. > >>>>>>Passwords are usually in /etc/shadow, YMMV > >>>>> > >>>>>yes. My question is, can I use LDAP to authenticate the users who > >>>> > > having the > > > >>>>>accounts on Linux , with EAP-MD5 authentication? > >>>>>That is, to read the usernames from /etc/passwd and passwords from > >>>>>/etc/shadow. > >>>>>How? > >>>> > >>>>You can't. You can store the hashes that are in shadow in LDAP > >>> > > probably. > > > >>>>I think, however, that your approach is probably wrong. > >>>> > >>>>-- > >>>>|-Simon White, Internet Services Manager, Certified Check Point CCSA. > >>>>|-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. > >>>>|-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. > >>>>|-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 > >>>> > >>>>- > >>>>List info/subscribe/unsubscribe? See > >>> > > http://www.freeradius.org/list/users.html > > > >>>- > >>>List info/subscribe/unsubscribe? See > >> > > http://www.freeradius.org/list/users.html > > > >>-- > >>Artur Hecker > >>artur[at]hecker.info > >> > >>- > >>List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > >> > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > -- > Artur Hecker Groupe Accès et Mobilité > hecker[at]enst[dot]fr Département Informatique et Réseaux > +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 > http://www.infres.enst.fr ENST Paris > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html