RE: Problem with MD5 Authentication and PAP
Thanks for the fast reply. Out of curiosity, why is it processing the password as a text string and not an MD5 hash? Was my radiusd.conf setting misconfigured? Or was there a bug in the 1.1.4 release? In any case, I will upgrade my version and my dictionaries. Thanks! Jonathan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Saturday, November 10, 2007 12:37 AM To: FreeRadius users mailing list Subject: Re: Problem with MD5 Authentication and PAP Jonathan Wong wrote: I am running Freeradius 1.1.4, MySQL, MD5, and PAP. Upgrade to 1.1.7. Another weird thing is when I have PAP and MD5 set, and I do not have a radgroupcheck entry for my group, I can get authenticated by putting the MD5 Hash as my password. For example, if my MD5 hash was abcd..., I would have to use abcd... as my password, and I would get an access-accept. Because it's not processing the password as an MD5 hash. It's processing the password as a text string. Upgrade to 1.1.7, and make sure you have the *correct* configuration for the pap module. There are some new configuration items, so go read the comments in radiusd.conf. Also make sure that pap is listed *last* in the authorize section, just like with the default radiusd.conf in 1.1.7. Then, update your DB: ++--+---++--+ | 36 | stryker8 | Password | := | 5f4dcc3b5aa765d61d8327deb882cf99 | ++--+---++--+ Change Password to MD5-Password. rlm_sql: Failed to create the pair: Unknown attribute MD5-Password You upgraded to 1.1.4 from an older version, and aren't using the new dictionaries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with MD5 Authentication and PAP
Wong, Jonathan wrote: Thanks for the fast reply. Out of curiosity, why is it processing the password as a text string and not an MD5 hash? No idea, sorry. I don't spend a lot of time on configurations that don't work. The default configuration works, so I use it. Was my radiusd.conf setting misconfigured? Or was there a bug in the 1.1.4 release? In any case, I will upgrade my version and my dictionaries. In 1.1.4 and later, the pap module should not be used with encryption_scheme. See man rlm_pap for details. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with ldap/checkitem
i STILL don't get the attribute...so clearly i am doing something VERY wrong, is anyone able to send me in the right direction? The users file consists of entries of the form: username|DEFAULT list reply1, reply2 list consists of a comma-separated sequence of *either*: * comparisons against items in the request * setting or re-setting of check items You *cannot* compare against a check item already set by an earlier module or earlier entry in the users file. I suggest you investigate the user of LDAP groups. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius auto-vlan 3com switch 4500G
Krzysztof what attributes are you using? Krzysztof Olędzki wrote: On 2007-11-09 20:52, Philippe Breton wrote: HI, Hi, Has anyone successfully implemented auto-vlan with 3Com switch 4500G? Successfully implemented with 5500G :) I am using the following tunneling attributes: ATTRIBUTETunnel-Type 64integerhas_tag ATTRIBUTETunnel-Medium-Type65integerhas_tag ATTRIBUTETunnel-Private-Group-Id 81stringhas_tag VALUETunnel-Type VLAN13 VALUETunnel-Medium-TypeTMT8026 No need to. Freeradius comes with very decent dictionary. The node is declared as followed: ##IT Dell Inspiron 4000 laptop -- DHCP 00-09-5b-61-52-0d Auth-Type := Local, User-Password == 00-09-5b-61-52-0d Tunnel-Medium-Type = TMT802, Tunnel-Private-Group-id = 2, Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802 I did this correction but not to avail! Although my radius access request shows that the access has been granted and the VLAN 2 assigned, the switch 4500G does not open its port on VLAN 2. I changed the tunnel-medium-type between TMT802 and 802, but that did not change anything. I am currently doing auto-vlan with 3com 4400 with the same configuration and it is working like a charm. Any idea why the switch does automatically adjust? 4400 and 4500G models have completely different hardware and software. Have I had realized those differences I would have had spend an extra $200 for the 3870! Any beginning of information is welcome. Did you setup your switch properly: domain (...) vlan-assignment-mode string Hard to give a 100% answer on this question. I believe I did with the help of 3com support. Tunnel-Private-Group-Id:0 = 2u AFAIK u tagging does not work with this model. Drop it. I did! But that too did not change anything Best regards, Krzysztof Olędzki -- Philippe Breton Systems Manager Dpt. of Molecular Biology Pharmacology Washington University School of Medicine 314-747-2968 (office) 314-419-2124 (pager) [EMAIL PROTECTED] begin:vcard fn:Philippe Breton n:Breton;Philippe org:Washington Univ. in St. Louis;Molecular Biology Pharmacology adr;dom:Campus Box 8103;;660 S. Euclid Ave.;St. Louis;MO;63110 email;internet:[EMAIL PROTECTED] title:Systems Manager tel;work:314-747-2968 tel;pager:314-419-2124 or [EMAIL PROTECTED] x-mozilla-html:TRUE version:2.1 end:vcard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: help with ldap/checkitem
I suggest you investigate the user of LDAP groups. thanks for the suggestion, I did that last night and it worked well for me. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html