Freeradius 2.1.9 digest authentication problem
Hello, trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest 'radius -X' shows [r...@host raddb]# /usr/local/sbin/radiusd -X FreeRADIUS Version 2.1.9, for host i686-pc-linux-gnu, built on Aug 3 2010 at 18:19:48 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { user = radiusd group = radiusd allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { prefix = /usr/local localstatedir = /usr/local/var logdir = /usr/local/var/log/radius libdir = /usr/local/lib radacctdir = /usr/local/var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = /usr/local/var/run/radiusd/radiusd.pid checkrad = /usr/local/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no
Re: Freeradius 2.1.9 digest authentication problem
Am 03.08.2010 um 13:23 schrieb al...@arctel.ru: Hello, trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest Please try using Cleartext-Password := test instead of User-password = test [...] Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
On Tue, Aug 03, 2010 at 01:26:25PM +0200, Nicolas Goutte wrote: Am 03.08.2010 um 13:23 schrieb al...@arctel.ru: Hello, trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest Please try using Cleartext-Password := test instead of User-password = test Tried Cleartext-Password := test, Cleartext-Password == test, Cleartext-Password = test, result is the same. Thank You -- Alexander Belov - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
al...@arctel.ru wrote: trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest (1) Don't force Auth-Type (2) Use: Cleartext-Password := 'test Not: User-Password = test (3) search for digest in raddb/sites-available/default (4) READ the comments (5) enable digest as instructed Maybe, I missed something? You need to enable digest authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Hi, Tried Cleartext-Password := test, Cleartext-Password == test, Cleartext-Password = test, result is the same. why? why did you do that? Cleartext-Password := test is the only correct way. you just compl;eted ignored the information/help given by the actual author of FreeRADIUS. you dont trust him to know how the code works?? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Hi, Tried Cleartext-Password := test, Cleartext-Password == test, Cleartext-Password = test, result is the same. and remember - if you are changing the users file and not doing anything funky, you will have to restart the server! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Am 03.08.2010 um 14:25 schrieb Alan Buxey: Hi, Tried Cleartext-Password := test, Cleartext-Password == test, Cleartext-Password = test, result is the same. why? why did you do that? Cleartext-Password := test is the only correct way. you just compl;eted ignored the information/ help given by the actual author of FreeRADIUS. you dont trust him to know how the code works?? Alan Cox's email was sent only minutes later. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Have a nice day. Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Hi, Alan Cox's email was sent only minutes later. Alan Cox? wow. RedHat finally taking development to new levels.. you meant Alan DeKok I assume?Too many Alan's for you? ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
On Tue, Aug 03, 2010 at 01:56:48PM +0200, Alan DeKok wrote: al...@arctel.ru wrote: trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest (1) Don't force Auth-Type (2) Use: Cleartext-Password := 'test Not: User-Password = test Ok, it works as expected (according test procedure in 'man rlm_digest') with this config: test Cleartext-Password := test Reply-Message = Hello, test with digest i.e. without Auth-Type attrubute. I MUST NOT use Auth-Type? (3) search for digest in raddb/sites-available/default found and uncommented digest in authorize and authenticate sections already (before posting here). (4) READ the comments (5) enable digest as instructed Thank You -- Alexander Belov - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
al...@arctel.ru wrote: i.e. without Auth-Type attrubute. I MUST NOT use Auth-Type? No. It has VERY limited uses. Nearly everyone who tries to use it gets it wrong. Ignore all of the third-party web sites that say to set Auth-Type. They're wrong, and they've been wrong for about 5 years. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Am 03.08.2010 um 15:24 schrieb Alan Buxey: Hi, Alan Cox's email was sent only minutes later. Alan Cox? wow. RedHat finally taking development to new levels.. you meant Alan DeKok I assume?Too many Alan's for you? ;-) Sorry for the mistyping. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html