(RADIATOR) Encrypted Password and Rad V2.18

Hisham Al-Shiha hshiha at medu.net.sa
Sun May 28 01:52:55 CDT 2006


Hi Hugh,

	Ok I tried first to treat it normally without specifying that it's
encrypted (EncryptedPasswordAttr) and it didn't work. The warning you
mentioned didn't appear in option1 which I think is the correct way to do
it.The manual 6.36.12 it clearly said:

	[Hint: If your passwords are in the form
{crypt}1xMKc0GIVUNbE,{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= or
{SSHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= you should be using PasswordAttr, not
EncryptedPasswordAttr. Only use EncryptedPasswordAttr if the your password
are plain old Unix crypt format, like: 1xMKc0GIVUNbE.]

	And my unix password is in the form {crypt}. My NAS tries first CHAP
and if fails then tries PAP.

Regards,
Hisham

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Sunday, May 28, 2006 3:22 AM
To: Hisham Al-Shiha
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Encrypted Password and Rad V2.18



Hello Hisham -

You can only use encrypted passwords with PAP - you cannot use CHAP  
or MS-CHAP.

BTW - the latest version is Radiator 3.14 (plus patches).

You can always download the latest version onto a test machine and do  
some experiments.

regards

Hugh


On 27 May 2006, at 23:42, Hisham Al-Shiha wrote:

> Dear all,
>
> 	I have this small problem with my radiator 2.18. I know it's an old 
> version :) but does it support encrypted password authentication?.
> I have
> iPlanet Directory Server 5.1 and I created user with unix  
> encryption {crypt}
> but radiator couldn't't authenticate the user. I tried to use  
> option1 and
> option2 as follows:
>
> Option1:
> <AuthBy LDAP2>
>    	AddToReply Service-Type = Framed-User,Framed-Protocol = 
> PPP,Idle-Timeout = 1200
>    	AuthDN uid=abc, o=xxx
>    	AuthPassword xxx
>    	BaseDN o=xxx
>    	FailureBackoffTime 30
>    	Host 1.2.3.4
>    	Identifier xyz
>    	PasswordAttr userPassword
>    	Port 389
> 	UsernameAttr uid
> </AuthBy>
>
> Result:
> Sat May 27 16:22:33 2006: DEBUG: LDAP got result for uid=hshiha2,o=xxx 
> Sat May 27 16:22:33 2006: DEBUG: LDAP got userPassword: {crypt} 
> QGQB./X7xTVOM Sat May 27 16:22:33 2006: DEBUG: Radius::AuthLDAP2 looks 
> for match
> with
> hshiha2
> Sat May 27 16:22:33 2006: DEBUG: Radius::AuthLDAP2 REJECT: Bad  
> Password
> Sat May 27 16:22:33 2006: DEBUG: Connecting to 1.2.3.4, port 389
> Sat May 27 16:22:33 2006: DEBUG: No entries for DEFAULT found in LDAP
> database
> Sat May 27 16:22:33 2006: INFO: Access rejected for hshiha2: Bad  
> Password
>
> Option2:
> <AuthBy LDAP2>
>    	AddToReply Service-Type = Framed-User,Framed-Protocol = 
> PPP,Idle-Timeout = 1200
>    	AuthDN uid=abc, o=xxx
>    	AuthPassword xxx
>    	BaseDN o=xxx
>    	FailureBackoffTime 30
>    	Host 1.2.3.4
>    	Identifier xyz
> ### just changed this
>    	EncryptedPasswordAttr userPassword
>    	Port 389
> 	UsernameAttr uid
> </AuthBy>
>
> Result:
> Sat May 27 16:24:06 2006: DEBUG: LDAP got result for uid=hshiha2,o=xxx 
> Sat May 27 16:24:06 2006: DEBUG: LDAP got userPassword: {crypt} 
> QGQB./X7xTVOM Sat May 27 16:24:06 2006: DEBUG: Radius::AuthLDAP2 looks 
> for match
> with
> hshiha2
> Sat May 27 16:24:06 2006: WARNING: Cant use encrypted passwords  
> with CHAP
> Sat May 27 16:24:06 2006: DEBUG: Radius::AuthLDAP2 REJECT: Bad  
> Encrypted
> password
> Sat May 27 16:24:06 2006: DEBUG: Connecting to 1.2.3.4, port 389
> Sat May 27 16:24:06 2006: DEBUG: No entries for DEFAULT found in LDAP
> database
> Sat May 27 16:24:06 2006: INFO: Access rejected for hshiha2: Bad  
> Encrypted
> password
>
> 	So, I think radiator 2.18 doesn't support encrypted authentication? 
> Is this correct?
>
> Best Regards,
>    Hesham Alshehah
>    Systems Engineer
>    MeduNet
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe 
> radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), together
with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list