Re: Using encrypted passwords in users file
Hey, thanks, I get it. But could you detail in a few steps the procedure of generating the hash from a new password, so I could change it ? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-encrypted-passwords-in-users-file-tp4758890p4761351.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using encrypted passwords in users file
Hello, I'm new to FreeRadius and to linux. Maybe this question will sound stupid, but I really need you help. I have a server running freeradius. These are some outputs of the configuration: *etc/freeradius/radiusd.conf* # passwd = /etc/passwd shadow = /etc/shadow # group = /etc/group */etc/freeradius/users* test1 Auth-Type := Crypt-Local, User-Password := $1$NzW2iwkn$ygDcJgb4WhAEqQYfySFkj/ Service-Type = Administrative-User, Cajun-Service-Type := 3, */etc/shadow* test1:$1$cnEh49V6$Q.68mw.3P5rgmsfhbo/iC1:15217:0:9:7::: I would like to change the password for the user test1. But in the users file I see only the encrypted password. Where is the original password stored ? How do I change it ? Thanks a lot for your help. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-encrypted-passwords-in-users-file-tp4758890p4758890.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using encrypted passwords in users file
that is the hashed password. You can change it by generating a hash of your new password... you would probably use crypt(3) to do that... The original password was never stored in cleartext form. You could store a cleartext password if you really wanted to, but that is less than secure. On Thu, Sep 1, 2011 at 8:57 AM, sundoo sandu_nas...@yahoo.com wrote: Hello, I'm new to FreeRadius and to linux. Maybe this question will sound stupid, but I really need you help. I have a server running freeradius. These are some outputs of the configuration: *etc/freeradius/radiusd.conf* # passwd = /etc/passwd shadow = /etc/shadow # group = /etc/group */etc/freeradius/users* test1 Auth-Type := Crypt-Local, User-Password := $1$NzW2iwkn$ygDcJgb4WhAEqQYfySFkj/ Service-Type = Administrative-User, Cajun-Service-Type := 3, */etc/shadow* test1:$1$cnEh49V6$Q.68mw.3P5rgmsfhbo/iC1:15217:0:9:7::: I would like to change the password for the user test1. But in the users file I see only the encrypted password. Where is the original password stored ? How do I change it ? Thanks a lot for your help. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-encrypted-passwords-in-users-file-tp4758890p4758890.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote: Hi all, cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work? Yes. See man rlm_pap. another question: can i use symmetric password encryption in users-File or radcheck table? No. They're useless. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: using encrypted passwords in users file or sql-radcheck table
With pap I'm running into problems...
Can u give me an example config?
In users-File I have: (Password is 'testpwd')
testuserAuth-Type = PAP, MD5-Password ==
$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0
Service-Type = Login-User
In radiusd.conf I have:
modules {
pap {
encryption_scheme = MD5
}
...
authorize {
# preprocess
files
}
authenticate {
Auth-Type PAP {
pap
}
}
-
Radiusd says:
-
rad_recv: Access-Request packet from host 10.1.1.1:1645, id=239, length=82
NAS-IP-Address = 10.1.1.1
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = testuser
Calling-Station-Id = 1.2.3.4
User-Password = testpwd
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
users: Matched entry DEFAULT at line 184
modcall[authorize]: module files returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type System
ERROR: Unknown value specified for Auth-Type. Cannot perform requested
action.
auth: Failed to validate the user.
Login incorrect: [testuser/testpwd] (from client Testclient port 1 cli 1.2.3.4)
Delaying request 0 for 1 seconds
Finished request 0
Problem: the entry in the users-File for testuser doesn't match..
Whats my mistake?
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan Dekok
Gesendet: Mittwoch, 30. Mai 2007 11:42
An: FreeRadius users mailing list
Betreff: Re: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote:
Hi all,
cleartext, unix crypt and MD5 - Passwords work fine in both, users file
and db.
does sha1-hashed pwds work?
Yes. See man rlm_pap.
another question:
can i use symmetric password encryption in users-File or radcheck table?
No. They're useless.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote:
With pap I'm running into problems...
Can u give me an example config?
In users-File I have: (Password is 'testpwd')
testuserAuth-Type = PAP, MD5-Password ==
$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0
Don't set Auth-Type. I have NO idea why so many people are fascinated
with setting it.
Use := for the MD5-Password, not ==. See man users for why.
modules {
pap {
encryption_scheme = MD5
Why? If you're using the most recent version, the documentation in
man rlm_pap, and the comments in radiusd.conf make it clear that the
encryption_scheme configuration option shouldn't be used.
authorize {
# preprocess
files
}
Why? You've gone to a lot of trouble to remove everything from the
authorize section. The documentation in radiusd.conf at the end of
the authorize section says you should list pap. The documentation
in man rlm_pap says the same thing.
...
modcall: entering group authorize for request 0
users: Matched entry DEFAULT at line 184
i.e. it didn't match the entry you posted above. It didn't match
because the format of the entry was wrong.
Problem: the entry in the users-File for testuser doesn't match..
Whats my mistake?
You haven't read the documentation. You haven't read the comments in
the config files you're editing. You've done a LOT of work to break the
default configuration.
FreeRADIUS ships with a default configuration that works in the widest
possible set of circumstances. If you don't understand the
configuration, CHANGE AS LITTLE AS POSSIBLE.
I will also not you're either running an older version, which is not
recommended, or you didn't follow my previous recommendation to read
man rlm_pap
Read the documentation. Don't destroy the default configuration.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: using encrypted passwords in users file or sql-radcheck table
There is a DEFAULT entry in users file forcing Auth-Type System. Comment
it out. And you don't need that Auth-Type PAP in user config.
Ivan Kalik
Kalik Informatika ISP
Dana 30/5/2007, Rascher, Markus [EMAIL PROTECTED] piše:
With pap I'm running into problems...
Can u give me an example config?
In users-File I have: (Password is 'testpwd')
testuserAuth-Type = PAP, MD5-Password ==
$1$agSvn0WL$6GaCc0qz5RHu8PySNauf0
Service-Type = Login-User
In radiusd.conf I have:
modules {
pap {
encryption_scheme = MD5
}
authorize {
# preprocess
files
}
authenticate {
Auth-Type PAP {
pap
}
}
-
Radiusd says:
-
rad_recv: Access-Request packet from host 10.1.1.1:1645, id=239, length=82
NAS-IP-Address = 10.1.1.1
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = testuser
Calling-Station-Id = 1.2.3.4
User-Password = testpwd
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
users: Matched entry DEFAULT at line 184
modcall[authorize]: module files returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type System
ERROR: Unknown value specified for Auth-Type. Cannot perform requested
action.
auth: Failed to validate the user.
Login incorrect: [testuser/testpwd] (from client Testclient port 1 cli 1.2.34)
Delaying request 0 for 1 seconds
Finished request 0
Problem: the entry in the users-File for testuser doesn't match..
Whats my mistake?
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan Dekok
Gesendet: Mittwoch, 30. Mai 2007 11:42
An: FreeRadius users mailing list
Betreff: Re: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote:
Hi all,
cleartext, unix crypt and MD5 - Passwords work fine in both, users file
and db.
does sha1-hashed pwds work?
Yes. See man rlm_pap.
another question:
can i use symmetric password encryption in users-File or radcheck table?
No. They're useless.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: using encrypted passwords in users file or sql-radcheck table
I'm using version 1.1.3 on redhat fc6.
Yum says, 1.1.3 is the newest version, it can install.
To get 1.1.6 I have to compile the sources?
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan Dekok
Gesendet: Mittwoch, 30. Mai 2007 14:47
An: FreeRadius users mailing list
Betreff: Re: AW: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote:
With pap I'm running into problems...
Can u give me an example config?
In users-File I have: (Password is 'testpwd')
testuserAuth-Type = PAP, MD5-Password ==
$1$agSvn0WL$6GaCc0qz.5RHu8PySNauf0
Don't set Auth-Type. I have NO idea why so many people are fascinated
with setting it.
Use := for the MD5-Password, not ==. See man users for why.
modules {
pap {
encryption_scheme = MD5
Why? If you're using the most recent version, the documentation in
man rlm_pap, and the comments in radiusd.conf make it clear that the
encryption_scheme configuration option shouldn't be used.
authorize {
# preprocess
files
}
Why? You've gone to a lot of trouble to remove everything from the
authorize section. The documentation in radiusd.conf at the end of
the authorize section says you should list pap. The documentation
in man rlm_pap says the same thing.
...
modcall: entering group authorize for request 0
users: Matched entry DEFAULT at line 184
i.e. it didn't match the entry you posted above. It didn't match
because the format of the entry was wrong.
Problem: the entry in the users-File for testuser doesn't match..
Whats my mistake?
You haven't read the documentation. You haven't read the comments in
the config files you're editing. You've done a LOT of work to break the
default configuration.
FreeRADIUS ships with a default configuration that works in the widest
possible set of circumstances. If you don't understand the
configuration, CHANGE AS LITTLE AS POSSIBLE.
I will also not you're either running an older version, which is not
recommended, or you didn't follow my previous recommendation to read
man rlm_pap
Read the documentation. Don't destroy the default configuration.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using encrypted passwords in users file or sql-radcheck table
Rascher, Markus wrote: I'm using version 1.1.3 on redhat fc6. Yum says, 1.1.3 is the newest version, it can install. To get 1.1.6 I have to compile the sources? Yes. Or find a better repository. Or find someone who has created rpm's that you can download and install outside of yum. Or yell at Fedora until they update their repository. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
using encrypted passwords in users file or sql-radcheck table
Hi all, cleartext, unix crypt and MD5 - Passwords work fine in both, users file and db. does sha1-hashed pwds work? another question: can i use symmetric password encryption in users-File or radcheck table? thx for your help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
