Re: FreeRADIUS without Universal Password
I had to ask, I have people telling me that this is a limitation of only FreeRADIUS and not all RADIUS servers in general. There is a concern that the UP is being stored in clear text in Novell and we need to turn off that service and only use simple password. Since I am no Novell admin I really do not have a clue if we can encrypt the UP that is stored on the server or what other implications there are in turning off UP. Jason Brown - RHCT, Security+, Linux+, Network+ Systems Administrator Enterprise Technology Services Ferris State University (231) 591-2687 On Feb 5, 2009, at 1:48 AM, Alan DeKok wrote: Jason C Brown wrote: Do you by chance know if every RADIUS server acts the same way? For instance would Steel Belted RADIUS require the use of UP as well? Please read this explanation again: The Novell password is not stored as an attribute unless Universal password is enabled. It exists in eDirectory, can be created/ modified by ldap as userpassword but cannot be returned in an ldap search. The password can't be seen by *any* RADIUS server until it's stored as a Universal password. This is a limitation of Novell's LDAP server, and applies to all LDAP clients, whether they are RADIUS servers, command-line clients, web servers, or anything else. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS without Universal Password
Do you by chance know if every RADIUS server acts the same way? For instance would Steel Belted RADIUS require the use of UP as well? Thanks Jason Brown - RHCT, Security+, Linux+, Network+ Systems Administrator Enterprise Technology Services Ferris State University (231) 591-2687 On Feb 4, 2009, at 6:15 PM, Danner, Mearl wrote: In a word no. The Novell password is not stored as an attribute unless Universal password is enabled. It exists in eDirectory, can be created/ modified by ldap as userpassword but cannot be returned in an ldap search. Otherwise you'd have to create an attribute and store the password in it as an nt hash or something and decrypt it to provide it to freeradius. Mearl -Original Message- From: freeradius-users- bounces+jmdanner=samford@lists.freeradius.org [mailto:freeradius- users-bounces+jmdanner=samford@lists.freeradius.org] On Behalf Of Jason C Brown Sent: Wednesday, February 04, 2009 4:42 PM To: FreeRadius users mailing list Subject: FreeRADIUS without Universal Password Is there a way to integrate FreeRADIUS without having to use the universal password in Novell? Jason Brown - RHCT, Security+, Linux+, Network+ Systems Administrator Enterprise Technology Services Ferris State University (231) 591-2687 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS without Universal Password
Is there a way to integrate FreeRADIUS without having to use the universal password in Novell? Jason Brown - RHCT, Security+, Linux+, Network+ Systems Administrator Enterprise Technology Services Ferris State University (231) 591-2687 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html