Freeradius 2.1.9 digest authentication problem
Hello,
trying to test digest authentication (freeradius 2.1.9). After
uncommenting 'digest' in sites-available/default 'radiusd -X'
starts fine. but after I added (according to 'man rlm_digest')
to users file:
testAuth-Type := Digest, User-Password = test
Reply-Message = Hello, test with digest
'radius -X' shows
[r...@host raddb]# /usr/local/sbin/radiusd -X
FreeRADIUS Version 2.1.9, for host i686-pc-linux-gnu, built on Aug 3 2010 at
18:19:48
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
main {
user = radiusd
group = radiusd
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
Re: Freeradius 2.1.9 digest authentication problem
Am 03.08.2010 um 13:23 schrieb al...@arctel.ru: Hello, trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest Please try using Cleartext-Password := test instead of User-password = test [...] Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
On Tue, Aug 03, 2010 at 01:26:25PM +0200, Nicolas Goutte wrote: Am 03.08.2010 um 13:23 schrieb al...@arctel.ru: Hello, trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest Please try using Cleartext-Password := test instead of User-password = test Tried Cleartext-Password := test, Cleartext-Password == test, Cleartext-Password = test, result is the same. Thank You -- Alexander Belov - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
al...@arctel.ru wrote: trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest (1) Don't force Auth-Type (2) Use: Cleartext-Password := 'test Not: User-Password = test (3) search for digest in raddb/sites-available/default (4) READ the comments (5) enable digest as instructed Maybe, I missed something? You need to enable digest authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Hi, Tried Cleartext-Password := test, Cleartext-Password == test, Cleartext-Password = test, result is the same. why? why did you do that? Cleartext-Password := test is the only correct way. you just compl;eted ignored the information/help given by the actual author of FreeRADIUS. you dont trust him to know how the code works?? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Hi, Tried Cleartext-Password := test, Cleartext-Password == test, Cleartext-Password = test, result is the same. and remember - if you are changing the users file and not doing anything funky, you will have to restart the server! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Am 03.08.2010 um 14:25 schrieb Alan Buxey: Hi, Tried Cleartext-Password := test, Cleartext-Password == test, Cleartext-Password = test, result is the same. why? why did you do that? Cleartext-Password := test is the only correct way. you just compl;eted ignored the information/ help given by the actual author of FreeRADIUS. you dont trust him to know how the code works?? Alan Cox's email was sent only minutes later. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Have a nice day. Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Hi, Alan Cox's email was sent only minutes later. Alan Cox? wow. RedHat finally taking development to new levels.. you meant Alan DeKok I assume?Too many Alan's for you? ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
On Tue, Aug 03, 2010 at 01:56:48PM +0200, Alan DeKok wrote: al...@arctel.ru wrote: trying to test digest authentication (freeradius 2.1.9). After uncommenting 'digest' in sites-available/default 'radiusd -X' starts fine. but after I added (according to 'man rlm_digest') to users file: testAuth-Type := Digest, User-Password = test Reply-Message = Hello, test with digest (1) Don't force Auth-Type (2) Use: Cleartext-Password := 'test Not: User-Password = test Ok, it works as expected (according test procedure in 'man rlm_digest') with this config: test Cleartext-Password := test Reply-Message = Hello, test with digest i.e. without Auth-Type attrubute. I MUST NOT use Auth-Type? (3) search for digest in raddb/sites-available/default found and uncommented digest in authorize and authenticate sections already (before posting here). (4) READ the comments (5) enable digest as instructed Thank You -- Alexander Belov - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
al...@arctel.ru wrote: i.e. without Auth-Type attrubute. I MUST NOT use Auth-Type? No. It has VERY limited uses. Nearly everyone who tries to use it gets it wrong. Ignore all of the third-party web sites that say to set Auth-Type. They're wrong, and they've been wrong for about 5 years. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 digest authentication problem
Am 03.08.2010 um 15:24 schrieb Alan Buxey: Hi, Alan Cox's email was sent only minutes later. Alan Cox? wow. RedHat finally taking development to new levels.. you meant Alan DeKok I assume?Too many Alan's for you? ;-) Sorry for the mistyping. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
