(RADIATOR) Encrypted Password and Rad V2.18
Hugh Irvine
hugh at open.com.au
Sat May 27 19:21:53 CDT 2006
Hello Hisham -
You can only use encrypted passwords with PAP - you cannot use CHAP
or MS-CHAP.
BTW - the latest version is Radiator 3.14 (plus patches).
You can always download the latest version onto a test machine and do
some experiments.
regards
Hugh
On 27 May 2006, at 23:42, Hisham Al-Shiha wrote:
> Dear all,
>
> I have this small problem with my radiator 2.18. I know it's an old
> version :) but does it support encrypted password authentication?.
> I have
> iPlanet Directory Server 5.1 and I created user with unix
> encryption {crypt}
> but radiator couldn't't authenticate the user. I tried to use
> option1 and
> option2 as follows:
>
> Option1:
> <AuthBy LDAP2>
> AddToReply Service-Type = Framed-User,Framed-Protocol =
> PPP,Idle-Timeout = 1200
> AuthDN uid=abc, o=xxx
> AuthPassword xxx
> BaseDN o=xxx
> FailureBackoffTime 30
> Host 1.2.3.4
> Identifier xyz
> PasswordAttr userPassword
> Port 389
> UsernameAttr uid
> </AuthBy>
>
> Result:
> Sat May 27 16:22:33 2006: DEBUG: LDAP got result for uid=hshiha2,o=xxx
> Sat May 27 16:22:33 2006: DEBUG: LDAP got userPassword: {crypt}
> QGQB./X7xTVOM
> Sat May 27 16:22:33 2006: DEBUG: Radius::AuthLDAP2 looks for match
> with
> hshiha2
> Sat May 27 16:22:33 2006: DEBUG: Radius::AuthLDAP2 REJECT: Bad
> Password
> Sat May 27 16:22:33 2006: DEBUG: Connecting to 1.2.3.4, port 389
> Sat May 27 16:22:33 2006: DEBUG: No entries for DEFAULT found in LDAP
> database
> Sat May 27 16:22:33 2006: INFO: Access rejected for hshiha2: Bad
> Password
>
> Option2:
> <AuthBy LDAP2>
> AddToReply Service-Type = Framed-User,Framed-Protocol =
> PPP,Idle-Timeout = 1200
> AuthDN uid=abc, o=xxx
> AuthPassword xxx
> BaseDN o=xxx
> FailureBackoffTime 30
> Host 1.2.3.4
> Identifier xyz
> ### just changed this
> EncryptedPasswordAttr userPassword
> Port 389
> UsernameAttr uid
> </AuthBy>
>
> Result:
> Sat May 27 16:24:06 2006: DEBUG: LDAP got result for uid=hshiha2,o=xxx
> Sat May 27 16:24:06 2006: DEBUG: LDAP got userPassword: {crypt}
> QGQB./X7xTVOM
> Sat May 27 16:24:06 2006: DEBUG: Radius::AuthLDAP2 looks for match
> with
> hshiha2
> Sat May 27 16:24:06 2006: WARNING: Cant use encrypted passwords
> with CHAP
> Sat May 27 16:24:06 2006: DEBUG: Radius::AuthLDAP2 REJECT: Bad
> Encrypted
> password
> Sat May 27 16:24:06 2006: DEBUG: Connecting to 1.2.3.4, port 389
> Sat May 27 16:24:06 2006: DEBUG: No entries for DEFAULT found in LDAP
> database
> Sat May 27 16:24:06 2006: INFO: Access rejected for hshiha2: Bad
> Encrypted
> password
>
> So, I think radiator 2.18 doesn't support encrypted authentication?
> Is this correct?
>
> Best Regards,
> Hesham Alshehah
> Systems Engineer
> MeduNet
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list