Re[4]: Problem: authenticate with /etc/passwd users
Dear Sarick, Any challenge-response based authentication can't work with crypted password. One and only exception is NT password which can be used for MS-CHAP v1/2 authentication. --Monday, November 25, 2002, 2:07:32 PM, you wrote to [EMAIL PROTECTED]: S> Hi, firstly thanks your quick response. :-) S> - Original Message - S> From: "3APA3A" <[EMAIL PROTECTED]> S> To: "Sarick" <[EMAIL PROTECTED]> S> Cc: <[EMAIL PROTECTED]> S> Sent: Monday, November 25, 2002 6:50 PM S> Subject: Re[2]: Problem: authenticate with /etc/passwd users >> Dear Sarick, >> >> In your case problem is you try to use crypyted passwords with EAP/md5. >> For EAP/md5 you need cleartext password. >> S> So, what should I do if I want to use the crypted passwords? S> Should I make the rlm_passwd module? S> How should I config it? S> My ambition is to make a 802.1x authentication. Authentication messages from S> authenticating S> supplicant (client) be in EAP format (I use /EAP-MD5). S> And user-names and user-passwords can be derived from the /etc/passwd file. S> Therefore, I don't have to maintain S> the ./raddb/users file too constantly. S> Below is my radiusd.conf for EAP section:-- S> # For all EAP related authentications S> eap { S> # Invoke the default supported EAP type when S> # EAP-Identity response is received S> default_eap_type = md5 S> # Default expiry time to clean the EAP list, S> # It is maintained to co-relate the S> # EAP-response for each EAP-request sent. S> timer_expire = 60 S> # Supported EAP-types S> md5 { S> } S> #Skip S> ## EAP-TLS is highly experimental EAP-Type at the moment. S> # Please give feedback on the mailing list. S> #tls { S> # private_key_password = password S> # private_key_file = /path/filename S> mschap { S> # Location of the SAMBA passwd file S> # passwd = /etc/smbpasswd S> # authtype value, if present, will be used S> # to overwrite (or add) Auth-Type during S> # authorization. Normally should be MS-CHAP S> authtype = MS-CHAP -- ~/ZARAZA Íåïðèÿòíîñòè íà÷íóòñÿ â âîñåìü. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: Problem: authenticate with /etc/passwd users
Hi, firstly thanks your quick response. :-) - Original Message - From: "3APA3A" <[EMAIL PROTECTED]> To: "Sarick" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, November 25, 2002 6:50 PM Subject: Re[2]: Problem: authenticate with /etc/passwd users > Dear Sarick, > > In your case problem is you try to use crypyted passwords with EAP/md5. > For EAP/md5 you need cleartext password. > So, what should I do if I want to use the crypted passwords? Should I make the rlm_passwd module? How should I config it? My ambition is to make a 802.1x authentication. Authentication messages from authenticating supplicant (client) be in EAP format (I use /EAP-MD5). And user-names and user-passwords can be derived from the /etc/passwd file. Therefore, I don't have to maintain the ./raddb/users file too constantly. Below is my radiusd.conf for EAP section:-- # For all EAP related authentications eap { # Invoke the default supported EAP type when # EAP-Identity response is received default_eap_type = md5 # Default expiry time to clean the EAP list, # It is maintained to co-relate the # EAP-response for each EAP-request sent. timer_expire = 60 # Supported EAP-types md5 { } #Skip ## EAP-TLS is highly experimental EAP-Type at the moment. # Please give feedback on the mailing list. #tls { # private_key_password = password # private_key_file = /path/filename mschap { # Location of the SAMBA passwd file # passwd = /etc/smbpasswd # authtype value, if present, will be used # to overwrite (or add) Auth-Type during # authorization. Normally should be MS-CHAP authtype = MS-CHAP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Problem: authenticate with /etc/passwd users
Dear Sarick, In your case problem is you try to use crypyted passwords with EAP/md5. For EAP/md5 you need cleartext password. --Monday, November 25, 2002, 1:30:10 PM, you wrote to [EMAIL PROTECTED]: S> Hi: S> I am using Linux RedHat 7.3. S> Did I make the configuration wrong? S> Regards S> Sarick S> - Original Message - S> From: "3APA3A" <[EMAIL PROTECTED]> S> To: "Sarick" <[EMAIL PROTECTED]> S> Cc: <[EMAIL PROTECTED]> S> Sent: Monday, November 25, 2002 6:15 PM S> Subject: Re: Problem: authenticate with /etc/passwd users >> Dear Sarick, >> >> If you use BSD style OS this configuration is incorrect. >> >> See doc/rlm_passwd on how to use password files in general case. >> >> --Monday, November 25, 2002, 1:01:18 PM, you wrote to S> [EMAIL PROTECTED]: >> >> S> Hi, >> S> Since I want to allow the users in the /etc/passwd file to authenticate S> with >> S> this radius server. >> S> Below is my radiusd.conf:-- >> S> unix { >> S> #. >> S> # Cache /etc/passwd, /etc/shadow, and /etc/group >> S> # allowed values: {no, yes} >> S> cache = yes >> S> # >> S> # Reload the cache every 600 seconds (10mins). 0 to S> disable. >> S> cache_reload = 600 >> S> #. >> S> # This is required for some systems, like FreeBSD, >> S> # and Mac OSX. >> S> # >> S> passwd = /etc/passwd >> S> shadow = /etc/shadow >> S> group = /etc/group >> S> authenticate { >> S> # password can be clear-text, or encrypted... >> S> authtype PAP { >> S> pap >> S> } >> S> # Most people want CHAP authentication... >> S> authtype CHAP { >> S> chap >> S> } >> S> # MSCHAP authentication. >> S> authtype MS-CHAP { >> S> mschap >> S> } >> S> # pam >> S> # against /etc/passwd! See the FAQ for details. >> S> # >> S> unix >> S> >> S> Then, I try to authenticate the radius server, but failed with the S> followin >> S> messages: >> S> >> S> modcall: entering group authenticate >> S> rlm_eap: Request found, released from the list >> S> rlm_eap: EAP_TYPE - md5 >> S> rlm_eap: processing type md5 >> S> rlm_eap_md5: No password configured for this user >> S> modcall[authenticate]: module "eap" returns invalid >> S> modcall: group authenticate returns invalid >> S> auth: Failed to validate the user. >> S> --- >> S> I did add the user in the /etc/passwd by "useradd" and "passwd" S> command. >> S> Please help me. How can I solve this problem? >> S> (I can successfully authenticate with the users in ./raddb/users.) >> S> How can I authenticate the users in /etc/passwd? >> >> >> >> S> - >> S> List info/subscribe/unsubscribe? See S> http://www.freeradius.org/list/users.html >> >> >> -- >> ~/ZARAZA >> ÝÍÈÀÊàì - ïî ìîðäå! (Ëåì) >> >> >> -- ~/ZARAZA Æàëî ìíå íå ïîíàäîáèòñÿ (Ñ. Ëåì) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: authenticate with /etc/passwd users
Hi: I am using Linux RedHat 7.3. Did I make the configuration wrong? Regards Sarick - Original Message - From: "3APA3A" <[EMAIL PROTECTED]> To: "Sarick" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, November 25, 2002 6:15 PM Subject: Re: Problem: authenticate with /etc/passwd users > Dear Sarick, > > If you use BSD style OS this configuration is incorrect. > > See doc/rlm_passwd on how to use password files in general case. > > --Monday, November 25, 2002, 1:01:18 PM, you wrote to [EMAIL PROTECTED]: > > S> Hi, > S> Since I want to allow the users in the /etc/passwd file to authenticate with > S> this radius server. > S> Below is my radiusd.conf:-- > S> unix { > S> #. > S> # Cache /etc/passwd, /etc/shadow, and /etc/group > S> # allowed values: {no, yes} > S> cache = yes > S> # > S> # Reload the cache every 600 seconds (10mins). 0 to disable. > S> cache_reload = 600 > S> #. > S> # This is required for some systems, like FreeBSD, > S> # and Mac OSX. > S> # > S> passwd = /etc/passwd > S> shadow = /etc/shadow > S> group = /etc/group > S> authenticate { > S> # password can be clear-text, or encrypted... > S> authtype PAP { > S> pap > S> } > S> # Most people want CHAP authentication... > S> authtype CHAP { > S> chap > S> } > S> # MSCHAP authentication. > S> authtype MS-CHAP { > S> mschap > S> } > S> # pam > S> # against /etc/passwd! See the FAQ for details. > S> # > S> unix > S> > S> Then, I try to authenticate the radius server, but failed with the followin > S> messages: > S> > S> modcall: entering group authenticate > S> rlm_eap: Request found, released from the list > S> rlm_eap: EAP_TYPE - md5 > S> rlm_eap: processing type md5 > S> rlm_eap_md5: No password configured for this user > S> modcall[authenticate]: module "eap" returns invalid > S> modcall: group authenticate returns invalid > S> auth: Failed to validate the user. > S> --- > S> I did add the user in the /etc/passwd by "useradd" and "passwd" command. > S> Please help me. How can I solve this problem? > S> (I can successfully authenticate with the users in ./raddb/users.) > S> How can I authenticate the users in /etc/passwd? > > > > S> - > S> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > -- > ~/ZARAZA > ÝÍÈÀÊàì - ïî ìîðäå! (Ëåì) > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: authenticate with /etc/passwd users
Dear Sarick, If you use BSD style OS this configuration is incorrect. See doc/rlm_passwd on how to use password files in general case. --Monday, November 25, 2002, 1:01:18 PM, you wrote to [EMAIL PROTECTED]: S> Hi, S> Since I want to allow the users in the /etc/passwd file to authenticate with S> this radius server. S> Below is my radiusd.conf:-- S> unix { S> #. S> # Cache /etc/passwd, /etc/shadow, and /etc/group S> # allowed values: {no, yes} S> cache = yes S> # S> # Reload the cache every 600 seconds (10mins). 0 to disable. S> cache_reload = 600 S> #. S> # This is required for some systems, like FreeBSD, S> # and Mac OSX. S> # S> passwd = /etc/passwd S> shadow = /etc/shadow S> group = /etc/group S> authenticate { S> # password can be clear-text, or encrypted... S> authtype PAP { S> pap S> } S> # Most people want CHAP authentication... S> authtype CHAP { S> chap S> } S> # MSCHAP authentication. S> authtype MS-CHAP { S> mschap S> } S> # pam S> # against /etc/passwd! See the FAQ for details. S> # S> unix S> S> Then, I try to authenticate the radius server, but failed with the followin S> messages: S> S> modcall: entering group authenticate S> rlm_eap: Request found, released from the list S> rlm_eap: EAP_TYPE - md5 S> rlm_eap: processing type md5 S> rlm_eap_md5: No password configured for this user S> modcall[authenticate]: module "eap" returns invalid S> modcall: group authenticate returns invalid S> auth: Failed to validate the user. S> --- S> I did add the user in the /etc/passwd by "useradd" and "passwd" command. S> Please help me. How can I solve this problem? S> (I can successfully authenticate with the users in ./raddb/users.) S> How can I authenticate the users in /etc/passwd? S> - S> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA ÝÍÈÀÊàì - ïî ìîðäå! (Ëåì) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem: authenticate with /etc/passwd users
Hi, Since I want to allow the users in the /etc/passwd file to authenticate with this radius server. Below is my radiusd.conf:-- unix { #. # Cache /etc/passwd, /etc/shadow, and /etc/group # allowed values: {no, yes} cache = yes # # Reload the cache every 600 seconds (10mins). 0 to disable. cache_reload = 600 #. # This is required for some systems, like FreeBSD, # and Mac OSX. # passwd = /etc/passwd shadow = /etc/shadow group = /etc/group authenticate { # password can be clear-text, or encrypted... authtype PAP { pap } # Most people want CHAP authentication... authtype CHAP { chap } # MSCHAP authentication. authtype MS-CHAP { mschap } # pam # against /etc/passwd! See the FAQ for details. # unix Then, I try to authenticate the radius server, but failed with the followin messages: modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rlm_eap_md5: No password configured for this user modcall[authenticate]: module "eap" returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. --- I did add the user in the /etc/passwd by "useradd" and "passwd" command. Please help me. How can I solve this problem? (I can successfully authenticate with the users in ./raddb/users.) How can I authenticate the users in /etc/passwd? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html