RE: Passwords
Let me rephrase that, it didn’t come out at all like I wanted. I want to store a Crypt-Password in the DB, but I would like to have a web based front end that will allow customers to just enter plain text passwords. Is there a simple way to accomplish that? Example: abC6Def is what would be entered in the interface, and what a dialup user would type in. In the DB, I would like Crypt-Password == “fd6rkdObsV8yw” Sorry for the stupid first mail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anson Rinesmith Sent: Friday, February 06, 2004 12:35 PM To: [EMAIL PROTECTED] Subject: Passwords I’ve got a working MySQL/freeRadius setup working. However, a possible customer, that wants to switch to us, only has access to unix style encrypted passwords. Is there a way I can put them in as encrypted, but still be able to login with the unencrypted password? Or to decrypt the passwords into cleartext ( I don’t think is possible without knowing the key)? Anson Rinesmith
Re: passwords
Dean Mumby wrote: Hi all , firstly I installed 1.0.1-1 for centos 3.4 and then downloaded the latest 1.0.3 tar ball and installed dialup_admin. I am able to add users but when I test a password it always says failed. Is there a setting that I have missed somewhere that controls whether the pasword are crypt or not ? I intend to have all auth and acc configured in mysql. OK forget about the other questions. All I need is to know where to start looking for the problem. If I create a user using the dialup admin , the user is created. If I search I can find it but no matter what I do I cannot get it to check the password and tell me its correct. It always says its wrong. Even with simple 1234 passwords. Could it be a problem with the encryption routines ? Is it a php problem. This is an up2date centos 3.4 box. Any Ideas ? Regards Dean -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 2005/06/04 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: passwords
check admin.conf # # can be one of crypt,md5,clear # general_encryption_method: clear ^ Dean Mumby wrote: Dean Mumby wrote: Hi all , firstly I installed 1.0.1-1 for centos 3.4 and then downloaded the latest 1.0.3 tar ball and installed dialup_admin. I am able to add users but when I test a password it always says failed. Is there a setting that I have missed somewhere that controls whether the pasword are crypt or not ? I intend to have all auth and acc configured in mysql. OK forget about the other questions. All I need is to know where to start looking for the problem. If I create a user using the dialup admin , the user is created. If I search I can find it but no matter what I do I cannot get it to check the password and tell me its correct. It always says its wrong. Even with simple 1234 passwords. Could it be a problem with the encryption routines ? Is it a php problem. This is an up2date centos 3.4 box. Any Ideas ? Regards Dean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: passwords
Sarkis Gabriel wrote: check admin.conf # # can be one of crypt,md5,clear # general_encryption_method: clear ^ Dean Mumby wrote: Dean Mumby wrote: Hi all , firstly I installed 1.0.1-1 for centos 3.4 and then downloaded the latest 1.0.3 tar ball and installed dialup_admin. I am able to add users but when I test a password it always says failed. Is there a setting that I have missed somewhere that controls whether the pasword are crypt or not ? I intend to have all auth and acc configured in mysql. OK forget about the other questions. All I need is to know where to start looking for the problem. If I create a user using the dialup admin , the user is created. If I search I can find it but no matter what I do I cannot get it to check the password and tell me its correct. It always says its wrong. Even with simple 1234 passwords. Could it be a problem with the encryption routines ? Is it a php problem. This is an up2date centos 3.4 box. Any Ideas ? Regards Dean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks for this I had actually found it already and I am now able to test the password using the facility in the show section of the user_info the actual radius authentication test fails . I will keep looking to see why. Thanks again. Dean -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 2005/06/04 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passwords for PEAP from AD-based LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert E. Toense wrote: > I am attempting to setup EAP-PEAP authentication via FreeRadius and a > Windows-based LDAP backend. The users accounts are in AD. After making > it past a number of obstacles, I am communicating with the LDAP server, > but found that neither LM-Passwords nor NT-Passwords are loaded into the > LDAP. "Clear-text" is NOT an option, and is not available either, > anyway. This problem must have been encountered by others. Assuming > that it can be done, how do you get the password information out of AD > and into LDAP in an appropriate format? > > Yes, I could use ntlm_auth and probably get it working, but this is > supposed to be LDAP-based, not SAMBA. The LDAP could move to a > different environment. Use of standards is important to us. PEAP uses MS-CHAPv2, which requires knowledge of some form of the clear-text password. LDAP does not give you clear-text password, therefore you must use ntlm_auth, it works well. - -- == +-+ Martin Gadbois | "Please answer by yes or no.| Sr. SW Designer| Uncooperative user waste precious CPU time" | Colubris Networks Inc. | -- The Andromeda Strain, M. Crichton, 1969 | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlkba9Y3/iTTCEDkRAoiFAKCIgcVFpTK+T5WrsQBUqR0OnPMv2wCgxYyX 0TeTG+F6jBU9mkq85HAPst4= =qKq7 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passwords for PEAP from AD-based LDAP
Robert E. Toense wrote: > This may be on the fringes of the scope of this group, but any pointers > would be appreciated. > > I am attempting to setup EAP-PEAP authentication via FreeRadius and a > Windows-based LDAP backend. The users accounts are in AD. After making > it past a number of obstacles, I am communicating with the LDAP server, > but found that neither LM-Passwords nor NT-Passwords are loaded into the > LDAP. "Clear-text" is NOT an option, and is not available either, Oh, they're in AD, but they're not available through LDAP. See: http://deployingradius.com/documents/configuration/active_directory.html > Yes, I could use ntlm_auth and probably get it working, but this is > supposed to be LDAP-based, not SAMBA. The LDAP could move to a > different environment. Use of standards is important to us. 1) Ask Microsoft to expose the password through LDAP. 2) Use Samba. 3) Use a real LDAP server. Those are your choices. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Passwords for PEAP from AD-based LDAP
Alan DeKok said: >Robert E. Toense wrote: >> Yes, I could use ntlm_auth and probably get it working, but this is >> supposed to be LDAP-based, not SAMBA. The LDAP could move to a >> different environment. Use of standards is important to us. Robert ... unfortunately, Microsoft doesn't take standards as seriously as you or I do. When they say something is "standards based", what they actually mean is they cherry picked the parts they liked, tweaked other parts to make it work with Windows, and flat out made up the rest as they went along. Almost any "standards based" interoperability with Windows will require that you sacrifice some of your principles. In this case that sacrifice is ntlm-auth. Accept it into your life. Think it as the Yin to AD's LDAP Yang. If the feelings of violation don't get better over time, do what I do and scrub your hands until they bleed every time you start thinking about Microsoft too hard. Or, as Alan said: > 1) Ask Microsoft to expose the password through LDAP. LMAO!! Alan, good to see you've recovered your sense of humor. Things were getting way too serious for a while, there. > Alan DeKok. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
