(RADIATOR) Encrypted Password and Rad V2.18

Hugh Irvine hugh at open.com.au
Sun May 28 02:47:28 CDT 2006


Hello Hisham -

As usual I will need to see a copy of your configuration file and a  
trace 4 debug showing what is happening.

I suggest you try using a plaintext password first before trying to  
use encrypted passwords.

regards

Hugh


On 28 May 2006, at 16:52, Hisham Al-Shiha wrote:

> Hi Hugh,
>
> 	Ok I tried first to treat it normally without specifying that it's
> encrypted (EncryptedPasswordAttr) and it didn't work. The warning you
> mentioned didn't appear in option1 which I think is the correct way  
> to do
> it.The manual 6.36.12 it clearly said:
>
> 	[Hint: If your passwords are in the form
> {crypt}1xMKc0GIVUNbE,{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= or
> {SSHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= you should be using  
> PasswordAttr, not
> EncryptedPasswordAttr. Only use EncryptedPasswordAttr if the your  
> password
> are plain old Unix crypt format, like: 1xMKc0GIVUNbE.]
>
> 	And my unix password is in the form {crypt}. My NAS tries first CHAP
> and if fails then tries PAP.
>
> Regards,
> Hisham
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner- 
> radiator at open.com.au] On
> Behalf Of Hugh Irvine
> Sent: Sunday, May 28, 2006 3:22 AM
> To: Hisham Al-Shiha
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Encrypted Password and Rad V2.18
>
>
>
> Hello Hisham -
>
> You can only use encrypted passwords with PAP - you cannot use CHAP
> or MS-CHAP.
>
> BTW - the latest version is Radiator 3.14 (plus patches).
>
> You can always download the latest version onto a test machine and do
> some experiments.
>
> regards
>
> Hugh
>
>
> On 27 May 2006, at 23:42, Hisham Al-Shiha wrote:
>
>> Dear all,
>>
>> 	I have this small problem with my radiator 2.18. I know it's an old
>> version :) but does it support encrypted password authentication?.
>> I have
>> iPlanet Directory Server 5.1 and I created user with unix
>> encryption {crypt}
>> but radiator couldn't't authenticate the user. I tried to use
>> option1 and
>> option2 as follows:
>>
>> Option1:
>> <AuthBy LDAP2>
>>    	AddToReply Service-Type = Framed-User,Framed-Protocol =
>> PPP,Idle-Timeout = 1200
>>    	AuthDN uid=abc, o=xxx
>>    	AuthPassword xxx
>>    	BaseDN o=xxx
>>    	FailureBackoffTime 30
>>    	Host 1.2.3.4
>>    	Identifier xyz
>>    	PasswordAttr userPassword
>>    	Port 389
>> 	UsernameAttr uid
>> </AuthBy>
>>
>> Result:
>> Sat May 27 16:22:33 2006: DEBUG: LDAP got result for  
>> uid=hshiha2,o=xxx
>> Sat May 27 16:22:33 2006: DEBUG: LDAP got userPassword: {crypt}
>> QGQB./X7xTVOM Sat May 27 16:22:33 2006: DEBUG: Radius::AuthLDAP2  
>> looks
>> for match
>> with
>> hshiha2
>> Sat May 27 16:22:33 2006: DEBUG: Radius::AuthLDAP2 REJECT: Bad
>> Password
>> Sat May 27 16:22:33 2006: DEBUG: Connecting to 1.2.3.4, port 389
>> Sat May 27 16:22:33 2006: DEBUG: No entries for DEFAULT found in LDAP
>> database
>> Sat May 27 16:22:33 2006: INFO: Access rejected for hshiha2: Bad
>> Password
>>
>> Option2:
>> <AuthBy LDAP2>
>>    	AddToReply Service-Type = Framed-User,Framed-Protocol =
>> PPP,Idle-Timeout = 1200
>>    	AuthDN uid=abc, o=xxx
>>    	AuthPassword xxx
>>    	BaseDN o=xxx
>>    	FailureBackoffTime 30
>>    	Host 1.2.3.4
>>    	Identifier xyz
>> ### just changed this
>>    	EncryptedPasswordAttr userPassword
>>    	Port 389
>> 	UsernameAttr uid
>> </AuthBy>
>>
>> Result:
>> Sat May 27 16:24:06 2006: DEBUG: LDAP got result for  
>> uid=hshiha2,o=xxx
>> Sat May 27 16:24:06 2006: DEBUG: LDAP got userPassword: {crypt}
>> QGQB./X7xTVOM Sat May 27 16:24:06 2006: DEBUG: Radius::AuthLDAP2  
>> looks
>> for match
>> with
>> hshiha2
>> Sat May 27 16:24:06 2006: WARNING: Cant use encrypted passwords
>> with CHAP
>> Sat May 27 16:24:06 2006: DEBUG: Radius::AuthLDAP2 REJECT: Bad
>> Encrypted
>> password
>> Sat May 27 16:24:06 2006: DEBUG: Connecting to 1.2.3.4, port 389
>> Sat May 27 16:24:06 2006: DEBUG: No entries for DEFAULT found in LDAP
>> database
>> Sat May 27 16:24:06 2006: INFO: Access rejected for hshiha2: Bad
>> Encrypted
>> password
>>
>> 	So, I think radiator 2.18 doesn't support encrypted authentication?
>> Is this correct?
>>
>> Best Regards,
>>    Hesham Alshehah
>>    Systems Engineer
>>    MeduNet
>>
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe
>> radiator' in the body of the message.
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),  
> together
> with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list