subject:"how to set crypted password in 'users' file\?"

SV: how to set crypted password in 'users' file?

2006-01-27 Thread Torkel Mathisen

 Min Qiu [EMAIL PROTECTED] wrote:
  However, cut and past the crypted password from /etc/shadow to 
  the entry failed:
  
mqiuAuth-Type := Local, User-Password ==
$1$CWOjXm2v$dzjrc385t1iQXMN0
 
   UseL Crypt-Password := $1$CWOjXm...


I'm using PEAP/MS-CHAPv2 for authentication. In the users file I only
got the login name and a clear-text password. 

I really want to start using Crypt-Password, but didn't quite get that
to work.

Do I understand it correctly you only need to take you standard unix
password from /etc/shadow and use that in users with Crypt-Password?

# more /etc/shadow
tom:jYyrl:13112::

In users file I got:

tom Crypt-Password :=  jYyrl

I didn't get that to work.

What am I missing here?  Couldn't really find much info on it out there.

This is the debug log I got:

rad_recv: Access-Request packet from host 192.168.2.4:21654, id=120,
length=126
User-Name = tom
Framed-MTU = 1400
Called-Station-Id = 000e.8401.cd50
Calling-Station-Id = 0015.0015.adaa
Message-Authenticator = 0xca4c7181b9338edb3e176297682f33f7
EAP-Message = 0x0201000801746f6d
NAS-Port-Type = Wireless-802.11
NAS-Port = 268
Service-Type = Framed-User
NAS-IP-Address = 192.168.2.4
NAS-Identifier = AP1100-D2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
  modcall[authorize]: module preprocess returns ok for request 16
  modcall[authorize]: module mschap returns noop for request 16
rlm_realm: No '@' in User-Name = tom, looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module suffix returns noop for request 16
  rlm_eap: EAP packet type response id 1 length 8
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module eap returns updated for request 16
users: Matched entry tom at line 91
  modcall[authorize]: module files returns ok for request 16
modcall: group authorize returns updated for request 16
  rad_check_password:  Found Auth-Type EAP
auth: type EAP
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module eap returns handled for request 16
modcall: group authenticate returns handled for request 16 Sending
Access-Challenge of id 120 to 192.168.2.4:21654
EAP-Message = 0x010200061920
Message-Authenticator = 0x
State = 0x01f769bbe79093c3c406a98a01294187
Finished request 16
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=121,
length=238
User-Name = tom
Framed-MTU = 1400
Called-Station-Id = 000e.8401.cd50
Calling-Station-Id = 0015.0015.adaa
Message-Authenticator = 0xcccf1d38bc8d263feddbb303acbdcb41
EAP-Message =
0x020200661900160301005b0157030143da12d4d113043b760adb7ce542b365f5d8
806e659d5eb591e677044dd072b03000390038003500160013000a00330032002f00
66000500040065006400630062006000150012000900140011000800030100
NAS-Port-Type = Wireless-802.11
NAS-Port = 268
State = 0x01f769bbe79093c3c406a98a01294187
Service-Type = Framed-User
NAS-IP-Address = 192.168.2.4
NAS-Identifier = AP1100-D2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
  modcall[authorize]: module preprocess returns ok for request 17
  modcall[authorize]: module mschap returns noop for request 17
rlm_realm: No '@' in User-Name = tom, looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module suffix returns noop for request 17
  rlm_eap: EAP packet type response id 2 length 102
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module eap returns updated for request 17
users: Matched entry tom at line 91
  modcall[authorize]: module files returns ok for request 17
modcall: group authorize returns updated for request 17
  rad_check_password:  Found Auth-Type EAP
auth: type EAP
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
(other): before/accept initialization
TLS_accept: before/accept initialization
  rlm_eap_tls:  TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
  rlm_eap_tls:  TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
  rlm_eap_tls:  TLS 1.0 Handshake [length 0654], Certificate
TLS_accept:

Re: SV: how to set crypted password in 'users' file?

2006-01-27 Thread A . L . M . Buxey

hi,

the interesting part of the log posted is:

  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 22
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for tom with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module mschap returns reject for request 22
modcall: group Auth-Type returns reject for request 22
  rlm_eap: Freeing handler
  modcall[authenticate]: module eap returns reject for request 22
modcall: group authenticate returns reject for request 22
auth: Failed to validate the user.


this would suggest that you havent configured the mschapv2 part correctly
or that you havent defined a password attribute for 'tom' correctly
in your users.conf file. have you defined a Crypt-Local  eg (and I'm not
going to be 100% accurate here because I havent had a setup done this way
for a long time)

USER   Auth-Type := Crypt-Local, Password == CRYPTEDPASSWORD 


Alan

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SV: how to set crypted password in 'users' file?

2006-01-27 Thread Phil Mayers


Torkel Mathisen wrote:

Min Qiu [EMAIL PROTECTED] wrote:
However, cut and past the crypted password from /etc/shadow to 
the entry failed:


  mqiuAuth-Type := Local, User-Password ==

$1$CWOjXm2v$dzjrc385t1iQXMN0

  UseL Crypt-Password := $1$CWOjXm...



I'm using PEAP/MS-CHAPv2 for authentication. In the users file I only
got the login name and a clear-text password. 


I really want to start using Crypt-Password, but didn't quite get that
to work.




You cannot use the unix crypt password value for the MS-CHAP algorithm. 
The MS-CHAP module requires either the MD4-based NT password hash,  the 
plaintext password from which it can derive the NT has, or callout to 
Samba  domain membership.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

how to set crypted password in 'users' file?

2006-01-19 Thread Min Qiu

Hi all,

I'm able to make clear text password work by adding entry in 
'users' file:

  mqiuAuth-Type := Local, User-Password == clear-text

However, cut and past the crypted password from /etc/shadow to 
the entry failed:

  mqiuAuth-Type := Local, User-Password == $1$CWOjXm2v$dzjrc385t1iQXMN0

Change above Auth-Type to pam or unix does not work.  My
question is how to set an crypted password in 'users' file?  In 
addition, how to set different passwords for the same user in
different hosts? something like:

  [EMAIL PROTECTED]/24Auth-Type := Local, User-Password == pass1
  [EMAIL PROTECTED]/24Auth-Type := Local, User-Password == pass2
  ...
  [EMAIL PROTECTED]/24Auth-Type := Local, User-Password == passN

I have freeradius-1.0.4-1.FC4.1 installed.

Thanks a lot,

Min

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to set crypted password in 'users' file?

2006-01-19 Thread Alan DeKok

Min Qiu [EMAIL PROTECTED] wrote:
 However, cut and past the crypted password from /etc/shadow to 
 the entry failed:
 
   mqiuAuth-Type := Local, User-Password == $1$CWOjXm2v$dzjrc385t1iQXMN0

  UseL Crypt-Password := $1$CWOjXm...

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SV: how to set crypted password in 'users' file?

Re: SV: how to set crypted password in 'users' file?

Re: SV: how to set crypted password in 'users' file?

how to set crypted password in 'users' file?

Re: how to set crypted password in 'users' file?

5 matches

Site Navigation

Mail list logo

Footer information