Re: store encypted passwords
U should use crypt function on mysql when update crypt-password value
I.e: update radcheck set value=crypt('password') where
ATTRIBUTE='crypt-password' and USERNAME='foo';
Or maybe you mean stay plaintext is from debuged running freeradius? It
should be like that because pap auth, for make sure auth is using the
crypted password one just remove cleartext-password record for apropiate
user. I had use crypt password w ubuntu freeradius and workin good
Cmiiw and sorry for my bad english
Regards
Bandel
On Oct 9, 2012 9:10 PM, jon jon free9...@gmail.com wrote:
I was mixed up on what table I am talking about its the radcheck
table. I was using navicat to set the attribute to Crypt-Password and
refreshing the database. The password stayed in plain text.
On Mon, Oct 8, 2012 at 4:29 PM, Matthias Nagel
matthias.h.na...@gmail.com wrote:
Hello,
first, please use the correct way of quoting for mailing list. This is
to say, write your comments below the original text that it refers to. That
way readers who pick up a thread later can follow more easily. But now back
to topic.
Am Montag 08 Oktober 2012, 16:17:52 schrieb jon jon:
On Mon, Oct 8, 2012 at 4:02 PM, Matthias Nagel
matthias.h.na...@gmail.com wrote:
Hello,
I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04,
Mysql Server version: 5.5.24. Everything is up and running but the
users passwords are stored in plain text in raddacct. I tried changing
the attribute to Crypt-Password but it doesn't change anything.
What do you mean by doesn't change anything? If you have changed the
attribute name to Crypt-Password and you also modified the attribute's
value accordingly, what do you expect? If it still works, then be happy.
doesn't change anything = password is still showing as plain text. What
do mean by modified the attribute's value accordingly?
You wrote that you changed clear text passwords to crypt-passwords. This
means to me you updated your database, hence your database does not show
clear text passwords anymore. What exactly did you do, when you changed
from clear text to crypt-passwords?
I assumed to did something like this:
UPDATE radcheck set attribute = 'Crypt-Password', value =
SOME_FANCY_CONVERT_FUNCTION( value ) WHERE some_senseful_condition_here;
Anyway, I now notice that you were speaking of radacct. This table is
not to show any password at all.
Do I
need to make a change to a config file also? Not sure what type of
encryption would be best one that works MD5?
For a copatibilty of password encryption schemes and protocols, see
here:
http://deployingradius.com/documents/protocols/compatibility.html
Thanks,
Matthias
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: store encypted passwords
I was mixed up on what table I am talking about its the radcheck table. I was using navicat to set the attribute to Crypt-Password and refreshing the database. The password stayed in plain text. On Mon, Oct 8, 2012 at 4:29 PM, Matthias Nagel matthias.h.na...@gmail.com wrote: Hello, first, please use the correct way of quoting for mailing list. This is to say, write your comments below the original text that it refers to. That way readers who pick up a thread later can follow more easily. But now back to topic. Am Montag 08 Oktober 2012, 16:17:52 schrieb jon jon: On Mon, Oct 8, 2012 at 4:02 PM, Matthias Nagel matthias.h.na...@gmail.com wrote: Hello, I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04, Mysql Server version: 5.5.24. Everything is up and running but the users passwords are stored in plain text in raddacct. I tried changing the attribute to Crypt-Password but it doesn't change anything. What do you mean by doesn't change anything? If you have changed the attribute name to Crypt-Password and you also modified the attribute's value accordingly, what do you expect? If it still works, then be happy. doesn't change anything = password is still showing as plain text. What do mean by modified the attribute's value accordingly? You wrote that you changed clear text passwords to crypt-passwords. This means to me you updated your database, hence your database does not show clear text passwords anymore. What exactly did you do, when you changed from clear text to crypt-passwords? I assumed to did something like this: UPDATE radcheck set attribute = 'Crypt-Password', value = SOME_FANCY_CONVERT_FUNCTION( value ) WHERE some_senseful_condition_here; Anyway, I now notice that you were speaking of radacct. This table is not to show any password at all. Do I need to make a change to a config file also? Not sure what type of encryption would be best one that works MD5? For a copatibilty of password encryption schemes and protocols, see here: http://deployingradius.com/documents/protocols/compatibility.html Thanks, Matthias - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: store encypted passwords
Am Dienstag 09 Oktober 2012, 09:10:15 schrieben Sie: I was mixed up on what table I am talking about its the radcheck table. I was using navicat to set the attribute to Crypt-Password and refreshing the database. The password stayed in plain text. I do not use MySQL a lot and I have never used Navicat before, but what I can see from the homepage, that this only is a GUI to administrate MySQL by wrapping SQL statements into a user-friendly interface. Hence, I assume all what you essentially did is to perform a statement like: UPDATE radcheck set attribute = 'Crypt-Password' WHERE attribute = 'Cleartext-Password' Of course this does not change the value in the column 'value'. Why should it be otherwise? MySQL (and Navicat) does not know anything about FreeRadius. If you only update the column attribute nothing else will be modified. This is normal SQL behaviour. You are also responsible to modify the column attribute accordingly. This means you have to fill in the encrypted version of the password. No one else will do this for you. As I said before you must use something like UPDATE radcheck set attribute = 'Crypt-Password', value = SOME_FANCY_CONVERT_FUNCTION( value ) WHERE some_senseful_condition_here; where SOME_FANCY_CONVERT_FUNCTION takes the cleartext and converts it into the encrypted version. I have never used FreeRadius with MySQL, so I cannot be more specific on SOME_FANCY_CONVERT_FUNCTION. But I am astonished on some other fact. If you changed 'Cleartext-Password' to 'Crypt-Password' but did not change the value attribute, authentication must fail. Because FreeRadius now treats the value as the encrypted version which it is not. How can it be that you wrote nothing changed? To be absolutely clear, the possible values for the 'attribute' column to specify a password are: Cleartext-Password Crypt-Password MD5-Password SMD5-Password SHA-Password SSHA-Password NT-Password LM-Password The value of the 'value' column must be the correctly encrypted password with reference to what kind of password you use. That is what I meant by change accordingly. And secondly everything must support the authentication protocol. On Mon, Oct 8, 2012 at 4:29 PM, Matthias Nagel matthias.h.na...@gmail.com wrote: Hello, first, please use the correct way of quoting for mailing list. This is to say, write your comments below the original text that it refers to. That way readers who pick up a thread later can follow more easily. But now back to topic. Am Montag 08 Oktober 2012, 16:17:52 schrieb jon jon: On Mon, Oct 8, 2012 at 4:02 PM, Matthias Nagel matthias.h.na...@gmail.com wrote: Hello, I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04, Mysql Server version: 5.5.24. Everything is up and running but the users passwords are stored in plain text in raddacct. I tried changing the attribute to Crypt-Password but it doesn't change anything. What do you mean by doesn't change anything? If you have changed the attribute name to Crypt-Password and you also modified the attribute's value accordingly, what do you expect? If it still works, then be happy. doesn't change anything = password is still showing as plain text. What do mean by modified the attribute's value accordingly? You wrote that you changed clear text passwords to crypt-passwords. This means to me you updated your database, hence your database does not show clear text passwords anymore. What exactly did you do, when you changed from clear text to crypt-passwords? I assumed to did something like this: UPDATE radcheck set attribute = 'Crypt-Password', value = SOME_FANCY_CONVERT_FUNCTION( value ) WHERE some_senseful_condition_here; Anyway, I now notice that you were speaking of radacct. This table is not to show any password at all. Do I need to make a change to a config file also? Not sure what type of encryption would be best one that works MD5? For a copatibilty of password encryption schemes and protocols, see here: http://deployingradius.com/documents/protocols/compatibility.html Thanks, Matthias - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Matthias Nagel Willy-Andreas-Allee 1, Zimmer 506 76131 Karlsruhe Telefon: +49-721-8695-1506 Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
store encypted passwords
Hello, I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04, Mysql Server version: 5.5.24. Everything is up and running but the users passwords are stored in plain text in raddacct. I tried changing the attribute to Crypt-Password but it doesn't change anything. Do I need to make a change to a config file also? Not sure what type of encryption would be best one that works MD5? Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: store encypted passwords
Hello, I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04, Mysql Server version: 5.5.24. Everything is up and running but the users passwords are stored in plain text in raddacct. I tried changing the attribute to Crypt-Password but it doesn't change anything. What do you mean by doesn't change anything? If you have changed the attribute name to Crypt-Password and you also modified the attribute's value accordingly, what do you expect? If it still works, then be happy. Do I need to make a change to a config file also? Not sure what type of encryption would be best one that works MD5? For a copatibilty of password encryption schemes and protocols, see here: http://deployingradius.com/documents/protocols/compatibility.html Thanks, Matthias -- Matthias Nagel Willy-Andreas-Allee 1, Zimmer 506 76131 Karlsruhe Telefon: +49-721-8695-1506 Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: store encypted passwords
doesn't change anything = password is still showing as plain text What do mean by modified the attribute's value accordingly? On Mon, Oct 8, 2012 at 4:02 PM, Matthias Nagel matthias.h.na...@gmail.com wrote: Hello, I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04, Mysql Server version: 5.5.24. Everything is up and running but the users passwords are stored in plain text in raddacct. I tried changing the attribute to Crypt-Password but it doesn't change anything. What do you mean by doesn't change anything? If you have changed the attribute name to Crypt-Password and you also modified the attribute's value accordingly, what do you expect? If it still works, then be happy. Do I need to make a change to a config file also? Not sure what type of encryption would be best one that works MD5? For a copatibilty of password encryption schemes and protocols, see here: http://deployingradius.com/documents/protocols/compatibility.html Thanks, Matthias -- Matthias Nagel Willy-Andreas-Allee 1, Zimmer 506 76131 Karlsruhe Telefon: +49-721-8695-1506 Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: store encypted passwords
Hello, first, please use the correct way of quoting for mailing list. This is to say, write your comments below the original text that it refers to. That way readers who pick up a thread later can follow more easily. But now back to topic. Am Montag 08 Oktober 2012, 16:17:52 schrieb jon jon: On Mon, Oct 8, 2012 at 4:02 PM, Matthias Nagel matthias.h.na...@gmail.com wrote: Hello, I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04, Mysql Server version: 5.5.24. Everything is up and running but the users passwords are stored in plain text in raddacct. I tried changing the attribute to Crypt-Password but it doesn't change anything. What do you mean by doesn't change anything? If you have changed the attribute name to Crypt-Password and you also modified the attribute's value accordingly, what do you expect? If it still works, then be happy. doesn't change anything = password is still showing as plain text. What do mean by modified the attribute's value accordingly? You wrote that you changed clear text passwords to crypt-passwords. This means to me you updated your database, hence your database does not show clear text passwords anymore. What exactly did you do, when you changed from clear text to crypt-passwords? I assumed to did something like this: UPDATE radcheck set attribute = 'Crypt-Password', value = SOME_FANCY_CONVERT_FUNCTION( value ) WHERE some_senseful_condition_here; Anyway, I now notice that you were speaking of radacct. This table is not to show any password at all. Do I need to make a change to a config file also? Not sure what type of encryption would be best one that works MD5? For a copatibilty of password encryption schemes and protocols, see here: http://deployingradius.com/documents/protocols/compatibility.html Thanks, Matthias - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: store encypted passwords
Hi,
I have set up FreeRADIUS Version 2.1.10 on an Ubuntu server 12.04,
Mysql Server version: 5.5.24. Everything is up and running but the
users passwords are stored in plain text in raddacct. I tried changing
the attribute to Crypt-Password but it doesn't change anything. Do I
need to make a change to a config file also? Not sure what type of
encryption would be best one that works MD5?
what you say radacct you really mean the radacct table? in which case
you mean that the accounting module is storing the passwords? if you dont
want the passwords stored, then ensure that you are either NOT storing them
(eg uncomment
#suppress {
# User-Password
#}
in the detail module)
and/or alter the SQL commands in sql/mysql/dialup.conf to not record them...or
to obfuscate
them...eg SHA1(%{%{User-Password}:-%{Chap-Password}}) or
MD5(%{%{User-Password}:-%{Chap-Password}}
if you mean the radauth table...then thats up to you to populate properly...and
to ensure
that whatever you are filling it with is setting the right crypto type.
is your mysql on a remote server...or same box as FR? If on same box, does it
need to
be accessed from off the box? for it not, if MySQL is only local and only
accessible
from FR, then if someones able to read your tables you have a far bigger
problem anyway ;-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
