(RADIATOR) Extended DES Password Support

Hugh Irvine hugh at open.com.au
Fri Mar 4 00:44:19 CST 2005 

Hello Derrin -

All of the password formats that Radiator currently understands are 
listed in section 13.1.1 in the Radiator 3.11 reference manual 
("doc/ref.html").

If you send us examples of the passwords you are working with we will 
look at adding support for them.

We will need the cleartext password, the corresponding encrypted 
password, and a reference to the encryption algorithm that is used.

Mike is copied on this mail so you can send him the information 
directly if you wish.

regards

Hugh


On 3 Mar 2005, at 22:37, Derrin Chong wrote:

> Greetings,
>
> Is there a way to authenticate users with passwords in extended
> DES (_J9...) format that are not in the UNIX passwd file, i.e.,
> using the AuthUNIX.pm module.
>
> I'm trying to setup Radiator on FreeBSD 4.11 to authenticate against
> a master.passwd file exported from another FreeBSD system.  The
> exported passwd file has passwords that are in extended DES format
> -- they were originally from a BSDI system.  I get a "Bad Encrypted
> password" error when trying to authenticate.
>
> However, if I change the password in the exported passwd file to
> MD5 format I am able to authenticate successfully.
>
> I have an entry in the radius.cfg as follows:
>
> <Realm>
>         <AuthBy UNIX>
>                 Filename        /usr/local/etc/raddb/passwd
>         </AuthBy>
>
>         # Be more verbose with errors
>         RejectHasReason
>
>         # Log accounting to the detail file in LogDir
>         AcctLogFileName %L/detail
> </Realm>
>
> When I attempt to authenticate against the extended DES password I
> get the following:
>
> Attributes:
>         User-Name = "joebogus"
>         User-Password = "<31>a<169><15><221><223><158><187>`<255><145>"
>         NAS-IP-Address = 64.65.64.43
>         NAS-Port = 20101
>         NAS-Port-Type = Async
>         State = ""
>         Token = ""
>         Calling-Station-Id = "8085233517"
>         Called-Station-Id = "5666101"
>         Acct-Session-Id = "357976393"
>
> Tue Mar  1 10:57:33 2005: DEBUG: Handling request with Handler 'Realm='
> Tue Mar  1 10:57:33 2005: DEBUG:  Deleting session for joebogus, 
> 64.65.64.43, 20101
> Tue Mar  1 10:57:33 2005: DEBUG: Handling with Radius::AuthUNIX:
> Tue Mar  1 10:57:33 2005: DEBUG: Radius::AuthUNIX looks for match with 
> joebogus
> Tue Mar  1 10:57:33 2005: DEBUG: Radius::AuthUNIX REJECT: Bad 
> Encrypted password
> Tue Mar  1 10:57:33 2005: INFO: Access rejected for joebogus: Bad 
> Encrypted password
> Tue Mar  1 10:57:33 2005: DEBUG: Packet dump:
> *** Sending to 64.65.64.43 port 1025 ....
> Code:       Access-Reject
>
> Thanks for any help you folks can give me.  I apologize if this has
> already been discussed.  I couldn't find anything in the archives.
>
> Sincerely,
> Derrin Chong
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list