On 04/30/2013 06:11 AM, Alberto Aldrigo wrote:
Hi Everybody,
I'm trying to setup a PPTPD server which would authenticate users using
my openLDAP user database, in doing so I need freeradius.
By now the only setup that actually works is: users in LDAP with clear
text password.
Obviously I want to
Alberto Aldrigo wrote:
> I'm trying to setup a PPTPD server which would authenticate users using
> my openLDAP user database, in doing so I need freeradius.
> By now the only setup that actually works is: users in LDAP with clear
> text password.
What kind of authentication method is PPTPD using
Hi Everybody,
I'm trying to setup a PPTPD server which would authenticate users using
my openLDAP user database, in doing so I need freeradius.
By now the only setup that actually works is: users in LDAP with clear
text password.
Obviously I want to use some kind of encryption for passwords and
Yes. All clients will have a place where the shared secret is configured EVEN
if the target is the locahost (that doesn't change the spec!) Check the seagull
docs and XML profile
Alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am using seagull to send messages to freeradius . Is there any place I need
to set shared secret in seagull also .
I have installed seagull in the same machine as freeradius.
Thanks & Regards,
Yashaswini | Prod Engg | Tech Mahindra Ltd.
9 / 7 Hosur Road, Bangalore - 560029, India.
(Office: +91
I am using seagull to send messages to freeradius. seagull and freeradius are
in same machine.
I am not clear about how to set password in nas?? Please help.
Thanks & Regards,
Yashaswini | Prod Engg | Tech Mahindra Ltd.
9 / 7 Hosur Road, Bangalore - 560029, India.
(Office: +91 80 40243000, Extn:
On 20/12/12 11:50, Yashaswini Sathyanarayana wrote:
WARNING: Unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
This message is accurate. You have a typo, or the NAS is buggy.
Re-set the shared secret to something VERY SIMPLE e.g. abc123 - no
Yashaswini Sathyanarayana wrote:
> User-Password = "\311~B]\021\267\332i\217"
> This part of message is not right.
> The shared secret is same in both system.
Either (a) it's not the same, or (b) the client has a bug.
And don't argue over this. I've been doing RADIUS for ~1
Hi ,
User-Password = "\311~B]\021\267\332i\217"
This part of message is not right.
The shared secret is same in both system.
Thanks & Regards,
Yashaswini | Prod Engg | Tech Mahindra Ltd.
9 / 7 Hosur Road, Bangalore - 560029, India.
(Office: +91 80 40243000, Extn: 3
Yashaswini Sathyanarayana wrote:
> Every time I am sending a message from seagull to freeradius ,it is decode
> the password differently. I am also getting the following error in Radius
> debug mode .
...
> WARNING: Unprintable characters in the password. Double-check the shared
> secret on th
us-users-bounces+ys0072917=techmahindra@lists.freeradius.org]
On Behalf Of a.l.m.bu...@lboro.ac.uk
Sent: 20 December 2012 16:16
To: FreeRadius users mailing list
Subject: Re: freeradius query on password encryption and decryption
Hi,
>I am using seagull testing tool to send messages
Hi,
>I am using seagull testing tool to send messages to free
>radius. I am running seagull with "radius protocol ".
>When i send messages from seagull to freeradius , the
>password is not getting decrypted properly on radius side.
>
HI,
I am using seagull testing tool to send messages to free
radius. I am running seagull with "radius protocol ".
When i send messages from seagull to freeradius , the
password is not getting decrypted properly on radius side.
Can you please tel
Hi,
>tool. I have two different machines with freeradius installed on them. In
>one of them the test is going well for now, but in the other (where I'm
>more interested on) the test fails with the following error:
>rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=5
I'm trying to do some performance tests with FR 2.1.10. I'm using radperf
tool. I have two different machines with freeradius installed on them. In
one of them the test is going well for now, but in the other (where I'm
more interested on) the test fails with the following error:
rad_recv: Access-
Jim Whitescarver wrote:
> Freeradius reports "Sending Access-Accept " (see log below) but we are
> getting the message on our Cisco VPN box
>
> "Radius: Invalid reply digest received; the shared-secret may be incorrect"
Then the shared secret is wrong, or one end doesn't implement RADIUS
correc
Freeradius reports "Sending Access-Accept " (see log below) but we are
getting the message on our Cisco VPN box
"Radius: Invalid reply digest received; the shared-secret may be incorrect"
We have triple checked the shared secrete and it is correct. With the
wrong secrete it does not authenticate
?
--
View this message in context:
http://old.nabble.com/Password-Encryption-tp29393526p29395757.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rrperez wrote:
> Thanks for the response David,
>
> Now, I have solved the problem locally by putting an attribute in the
> ldap.attrmap but then another problem appears through the wireless network,
> MSCHAPv2 fails.
...
> Is there a way for me to solve the mschapv2 error?
Store the passwords
sage-Authenticator = 0x0000
Waking up in 3.8 seconds.
Cleaning up request 23 ID 0 with timestamp +766
Cleaning up request 24 ID 0 with timestamp +766
Cleaning up request 25 ID 0 with timestamp +766
Cleaning up request 26 ID 0 with timestamp +766
Cleaning up request 27 ID 0 with timestamp +766
Cleaning up request 28 ID 0 with timestamp +766
Cleaning up request 29 ID 0 with timestamp +766
Cleaning up request 30 ID 0 with timestamp +766
Waking up in 1.0 seconds.
Cleaning up request 31 ID 0 with timestamp +766
Ready to process requests.
Is there a way for me to solve the mschapv2 error?
--
View this message in context:
http://old.nabble.com/Password-Encryption-tp29393526p29394307.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[mailto:freeradius-users-bounces+david.peterson=acc-corp@lists.freeradiu
s.org] On Behalf Of rrperez
Sent: Monday, August 09, 2010 9:23 PM
To: freeradius-users@lists.freeradius.org
Subject: Password Encryption
Freeradius2 + OpenLDAP for Wifi Authentication
I'm having a problem with the password decry
thenticate the user.
how can i fix this problem?
--
View this message in context:
http://old.nabble.com/Password-Encryption-tp29393526p29393585.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ntext:
http://old.nabble.com/Password-Encryption-tp29393526p29393526.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hegedus Gabor wrote:
Nicolas Goutte wrote:
Am 31.07.2009 um 15:13 schrieb Hegedus Gabor:
Hi all!
I have a problem, I want to authenticate console users in cisco
switches.
In the 2960, the switch send the password in cleartext, nothing
problem.
User-Password="password"
Please try using
Nicolas Goutte wrote:
Am 31.07.2009 um 15:13 schrieb Hegedus Gabor:
Hi all!
I have a problem, I want to authenticate console users in cisco
switches.
In the 2960, the switch send the password in cleartext, nothing problem.
User-Password="password"
Please try using
Cleartext-Password :=
Am 31.07.2009 um 15:13 schrieb Hegedus Gabor:
Hi all!
I have a problem, I want to authenticate console users in cisco
switches.
In the 2960, the switch send the password in cleartext, nothing
problem.
User-Password="password"
Please try using
Cleartext-Password := "password"
in the u
Hi all!
I have a problem, I want to authenticate console users in cisco switches.
In the 2960, the switch send the password in cleartext, nothing problem.
User-Password="password"
but int the 2950, the switch can only send in "crypted" version like this:
NAS-Port-Type = Virtual
User-Name = "te
On Aug 18, 2008, at 12:32 PM, Alan DeKok wrote:
You've been posting tiny pieces of the debug output. The whole debug
output includes things like the configuration for the PAP module.
Sorry about that, in looking at the debugging output myself, I did not
see any PAP module configuration.
Phillip Heller wrote:
> Ok, I added that in, but now:
You've been posting tiny pieces of the debug output. The whole debug
output includes things like the configuration for the PAP module.
> rlm_pap: login attempt with password "fnord"
> rlm_pap: Using clear text password
> "{SSHA}uNexfodOuLt4
On Aug 18, 2008, at 12:03 PM, Alan DeKok wrote:
Phillip Heller wrote:
rlm_ldap: Added User-Password =
{SSHA}aZj99e5gRcpUEv26zXq7VvTa2apMdKBY44sVyg== in check items
That should work
!!!
!!!Replacing User-Pas
Phillip Heller wrote:
> rlm_ldap: Added User-Password =
> {SSHA}aZj99e5gRcpUEv26zXq7VvTa2apMdKBY44sVyg== in check items
That should work
> !!!
> !!!Replacing User-Password in config items with
> Cleartext-Passwor
On Aug 18, 2008, at 10:41 AM, Alan DeKok wrote:
In the LDAP module? That configuration is deprecated, and isn't even
documented in 2.0.5.
Ok, I've removed that configuration bit.
What is the output of debugging mode?
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap:
Phillip Heller wrote:
> I'm using the Centos Directory Server, which defaults to SSHA encryption
> on the userPassword attribute.
That should work.
> It would seem that freeradius does not authenticate against SSHA. I did
> try a few other encryption policies (crypt, md5) and set the
> passwor
Hello,
Relatively new to both freeradius and ldap here.
I'm using the Centos Directory Server, which defaults to SSHA
encryption on the userPassword attribute.
I'm using freeradius to authenticate unix logins (via
pam_radius_auth), VPN (cisco asa) logins, and router/switch vty logins.
derwerp: Re: PAP what password encryption is used?
>
>
>
>
> Nicolas Goutte-2 wrote:
> >
> > PAP needs cleartext passwords
> >
> > See: http://en.wikipedia.org/wiki/Password_authentication_protocol
> >
> >
>
> Yes, I know. But in order
what encryption is used.
Sorry, I have answered too quickly. It is not PAP that needs
cleartext passwords on the server.
Rg,
Arnaud Loonstra
--
View this message in context: http://www.nabble.com/PAP-what-
password-encryption-is-used--tp18887393p18890180.html
Sent from the FreeRadius - User
sed.
Rg,
Arnaud Loonstra
--
View this message in context:
http://www.nabble.com/PAP-what-password-encryption-is-used--tp18887393p18890180.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
but I
can't
figure what password encryption is used. So I had hoped somebody
with some
more password encryption experience could shine a light here :)
In the database I've set a password to 'testing' which results in the
database as:
DC724AF18FBDD4E59189F5FE768A5F83115270
Using SHA1 encryption.
rlm_pap: Normalizing SHA-Password from hex encoding
rlm_pap: User authenticated successfully
Great, now some good config practicing
Thanks for all help :P
Arnaud
--
View this message in context:
http://www.nabble.com/PAP-what-password-encryption-is-used--tp18887393p18887899
Hello,
I've been asked to setup freeradius to talk to a SQL Server database which
contains users and passwords. This was not so much of a pain but I can't
figure what password encryption is used. So I had hoped somebody with some
more password encryption experience could shine a
Hi,
I am looking for information on hot
to implement password encryption through Freeradius using a mysql database and
Apache 2 I have also installed OpenSSL.
I have setup Apache, FreeRadius and
mysql and can access the user information but I am looking to encrypt the
password at this
over flow <[EMAIL PROTECTED]> wrote:
> How about putting ntpassord and lmpassword in sql?
>
> Does it work with CHAP?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How about putting ntpassord and lmpassword in sql?
Does it work with CHAP?
Thanks
On Thu, 21 Oct 2004 12:33:34 -0400, Alan DeKok <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > I'm working with PPP Dial-In connections to a Cisco box with CHAP
> > authentication. My users are authentic
[EMAIL PROTECTED] wrote:
> I'm working with PPP Dial-In connections to a Cisco box with CHAP
> authentication. My users are authenticated through Radius server
> (freeradius 1.0.1) and the user profiles are load in a MySQL
> database created with the script provided in a freeradius.tar.gz
> file. A
clear text?. Any ideas?
Thank you.
EDWIN LIMACHI N.
ENTEL - Operaciones y Mantenimiento
Regional La Paz
TSE - INFONET BOLIVIA
Phone. 591-2-2123978
Movil: 591-715-29967
Fax: 591-2-2123975
Dustin Doris <[EMAIL PROTECTED]>
Enviado por: [EMAIL PROTECTED]
21/10/2004 10:31
Por fa
Hi,
(snipp)
> > CHAP
(snipp)
> > Encrypted password.
(snipp)
It's impossible to combine CHAP and "encrypted" (hashed!) passwords,
see my other mail with the subject
Re: problem authenticating to passwd/shadow files
HTH,
Stefan
-
List info/subscribe/unsubscribe
> Dera list:
>
> I´m working with PPP Dial-In connections to a Cisco box with CHAP
> authentication. My users are authenticated through Radius server
> (freeradius 1.0.1) and the user profiles are load in a MySQL database
> created with the script provided in a freeradius.tar.gz file. All is
> wor
Dera list:
I´m working with PPP Dial-In connections
to a Cisco box with CHAP authentication. My users are authenticated through
Radius server (freeradius 1.0.1) and the user profiles are load in a MySQL
database created with the script provided in a freeradius.tar.gz file.
All is working fine. Ho
Hi Every One
I have just complied free radius.So you can guess my
situation , specially when there is not a lot of
things avilable collectivly to read out.Goolge search
is ending so bothering you hope you mind, In future
you ll find me asking quite sensible questions so
sorry for this time.
I have
Hello all,
I have searched the mailing list archived and have failed to find a solution
to my particular problem.
I am trying to switch the entries in our users file from Unix crypt to MD5
encryption. My entry in the users file looks like this:
mikelampson Auth-Type := PAP, Crypt-Password =
50 matches
Mail list logo