Re: Using encrypted passwords in users file
Hey, thanks, I get it. But could you detail in a few steps the procedure of generating the hash from a new password, so I could change it ? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-encrypted-passwords-in-users-file-tp4758890p4761351.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using encrypted passwords in users file
Hello, I'm new to FreeRadius and to linux. Maybe this question will sound stupid, but I really need you help. I have a server running freeradius. These are some outputs of the configuration: *etc/freeradius/radiusd.conf* # passwd = /etc/passwd shadow = /etc/shadow # group = /etc/group */etc/freeradius/users* test1 Auth-Type := Crypt-Local, User-Password := $1$NzW2iwkn$ygDcJgb4WhAEqQYfySFkj/ Service-Type = Administrative-User, Cajun-Service-Type := 3, */etc/shadow* test1:$1$cnEh49V6$Q.68mw.3P5rgmsfhbo/iC1:15217:0:9:7::: I would like to change the password for the user test1. But in the users file I see only the encrypted password. Where is the original password stored ? How do I change it ? Thanks a lot for your help. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-encrypted-passwords-in-users-file-tp4758890p4758890.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using encrypted passwords in users file
that is the hashed password. You can change it by generating a hash of your new password... you would probably use crypt(3) to do that... The original password was never stored in cleartext form. You could store a cleartext password if you really wanted to, but that is less than secure. On Thu, Sep 1, 2011 at 8:57 AM, sundoo sandu_nas...@yahoo.com wrote: Hello, I'm new to FreeRadius and to linux. Maybe this question will sound stupid, but I really need you help. I have a server running freeradius. These are some outputs of the configuration: *etc/freeradius/radiusd.conf* # passwd = /etc/passwd shadow = /etc/shadow # group = /etc/group */etc/freeradius/users* test1 Auth-Type := Crypt-Local, User-Password := $1$NzW2iwkn$ygDcJgb4WhAEqQYfySFkj/ Service-Type = Administrative-User, Cajun-Service-Type := 3, */etc/shadow* test1:$1$cnEh49V6$Q.68mw.3P5rgmsfhbo/iC1:15217:0:9:7::: I would like to change the password for the user test1. But in the users file I see only the encrypted password. Where is the original password stored ? How do I change it ? Thanks a lot for your help. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-encrypted-passwords-in-users-file-tp4758890p4758890.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote: Hi all, cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work? Yes. See man rlm_pap. another question: can i use symmetric password encryption in users-File or radcheck table? No. They're useless. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: using encrypted passwords in users file or sql-radcheck table
With pap I'm running into problems... Can u give me an example config? In users-File I have: (Password is 'testpwd') testuserAuth-Type = PAP, MD5-Password == $1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0 Service-Type = Login-User In radiusd.conf I have: modules { pap { encryption_scheme = MD5 } ... authorize { # preprocess files } authenticate { Auth-Type PAP { pap } } - Radiusd says: - rad_recv: Access-Request packet from host 10.1.1.1:1645, id=239, length=82 NAS-IP-Address = 10.1.1.1 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = testuser Calling-Station-Id = 1.2.3.4 User-Password = testpwd Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 184 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Login incorrect: [testuser/testpwd] (from client Testclient port 1 cli 1.2.3.4) Delaying request 0 for 1 seconds Finished request 0 Problem: the entry in the users-File for testuser doesn't match.. Whats my mistake? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan Dekok Gesendet: Mittwoch, 30. Mai 2007 11:42 An: FreeRadius users mailing list Betreff: Re: using encrypted passwords in users file or sql-radcheck table Rascher, Markus wrote: Hi all, cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work? Yes. See man rlm_pap. another question: can i use symmetric password encryption in users-File or radcheck table? No. They're useless. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote: With pap I'm running into problems... Can u give me an example config? In users-File I have: (Password is 'testpwd') testuserAuth-Type = PAP, MD5-Password == $1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0 Don't set Auth-Type. I have NO idea why so many people are fascinated with setting it. Use := for the MD5-Password, not ==. See man users for why. modules { pap { encryption_scheme = MD5 Why? If you're using the most recent version, the documentation in man rlm_pap, and the comments in radiusd.conf make it clear that the encryption_scheme configuration option shouldn't be used. authorize { # preprocess files } Why? You've gone to a lot of trouble to remove everything from the authorize section. The documentation in radiusd.conf at the end of the authorize section says you should list pap. The documentation in man rlm_pap says the same thing. ... modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 184 i.e. it didn't match the entry you posted above. It didn't match because the format of the entry was wrong. Problem: the entry in the users-File for testuser doesn't match.. Whats my mistake? You haven't read the documentation. You haven't read the comments in the config files you're editing. You've done a LOT of work to break the default configuration. FreeRADIUS ships with a default configuration that works in the widest possible set of circumstances. If you don't understand the configuration, CHANGE AS LITTLE AS POSSIBLE. I will also not you're either running an older version, which is not recommended, or you didn't follow my previous recommendation to read man rlm_pap Read the documentation. Don't destroy the default configuration. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: using encrypted passwords in users file or sql-radcheck table
There is a DEFAULT entry in users file forcing Auth-Type System. Comment it out. And you don't need that Auth-Type PAP in user config. Ivan Kalik Kalik Informatika ISP Dana 30/5/2007, Rascher, Markus [EMAIL PROTECTED] piše: With pap I'm running into problems... Can u give me an example config? In users-File I have: (Password is 'testpwd') testuserAuth-Type = PAP, MD5-Password == $1$agSvn0WL$6GaCc0qz5RHu8PySNauf0 Service-Type = Login-User In radiusd.conf I have: modules { pap { encryption_scheme = MD5 } authorize { # preprocess files } authenticate { Auth-Type PAP { pap } } - Radiusd says: - rad_recv: Access-Request packet from host 10.1.1.1:1645, id=239, length=82 NAS-IP-Address = 10.1.1.1 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = testuser Calling-Station-Id = 1.2.3.4 User-Password = testpwd Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 184 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Login incorrect: [testuser/testpwd] (from client Testclient port 1 cli 1.2.34) Delaying request 0 for 1 seconds Finished request 0 Problem: the entry in the users-File for testuser doesn't match.. Whats my mistake? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan Dekok Gesendet: Mittwoch, 30. Mai 2007 11:42 An: FreeRadius users mailing list Betreff: Re: using encrypted passwords in users file or sql-radcheck table Rascher, Markus wrote: Hi all, cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work? Yes. See man rlm_pap. another question: can i use symmetric password encryption in users-File or radcheck table? No. They're useless. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: using encrypted passwords in users file or sql-radcheck table
I'm using version 1.1.3 on redhat fc6. Yum says, 1.1.3 is the newest version, it can install. To get 1.1.6 I have to compile the sources? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan Dekok Gesendet: Mittwoch, 30. Mai 2007 14:47 An: FreeRadius users mailing list Betreff: Re: AW: using encrypted passwords in users file or sql-radcheck table Rascher, Markus wrote: With pap I'm running into problems... Can u give me an example config? In users-File I have: (Password is 'testpwd') testuserAuth-Type = PAP, MD5-Password == $1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0 Don't set Auth-Type. I have NO idea why so many people are fascinated with setting it. Use := for the MD5-Password, not ==. See man users for why. modules { pap { encryption_scheme = MD5 Why? If you're using the most recent version, the documentation in man rlm_pap, and the comments in radiusd.conf make it clear that the encryption_scheme configuration option shouldn't be used. authorize { # preprocess files } Why? You've gone to a lot of trouble to remove everything from the authorize section. The documentation in radiusd.conf at the end of the authorize section says you should list pap. The documentation in man rlm_pap says the same thing. ... modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 184 i.e. it didn't match the entry you posted above. It didn't match because the format of the entry was wrong. Problem: the entry in the users-File for testuser doesn't match.. Whats my mistake? You haven't read the documentation. You haven't read the comments in the config files you're editing. You've done a LOT of work to break the default configuration. FreeRADIUS ships with a default configuration that works in the widest possible set of circumstances. If you don't understand the configuration, CHANGE AS LITTLE AS POSSIBLE. I will also not you're either running an older version, which is not recommended, or you didn't follow my previous recommendation to read man rlm_pap Read the documentation. Don't destroy the default configuration. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote: I'm using version 1.1.3 on redhat fc6. Yum says, 1.1.3 is the newest version, it can install. To get 1.1.6 I have to compile the sources? Yes. Or find a better repository. Or find someone who has created rpm's that you can download and install outside of yum. Or yell at Fedora until they update their repository. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
using encrypted passwords in users file or sql-radcheck table
Hi all, cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work? another question: can i use symmetric password encryption in users-File or radcheck table? thx for your help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html