(RADIATOR) Encrypted Password and Rad V2.18

Hugh Irvine hugh at open.com.au
Tue May 30 12:52:06 CDT 2006 

Hello Hisham -

The debug appears to show that you are trying to do CHAP which will  
not work with encrypted passwords:

	Sat May 27 16:24:06 2006: WARNING: Cant use encrypted passwords with  
CHAP

As mentioned previously you cannot use encrypted passwords with CHAP  
- you can only use PAP.

regards

Hugh


On 29 May 2006, at 16:05, Hisham Al-Shiha wrote:

> Dear Hugh,
> 	We are already using plaintext for passwords but we wanted to change
> that for our new security policy. Regarding the configuration file you
> requested, I believe if I write to you the handler that handles the  
> request
> will be enough since we have big configuration file. I didn't copy  
> from the
> trace 4 log all the access request but I copied the part that is  
> relevant to
> our problem. Believe me the below handler cought the request.
>
> 	To make things clear, all I'm doing is to test the ability of
> Radiator 2.18 to authenticate a user with an encrypted password. So, I
> created one user (hshiha2) with UNIX encryption in iPlanet  
> Directory Server
> 5.1 and in Radiator I created this handler to catch him. That's the  
> whole
> story :)
>
> Conf file:
>
> OPTION1
>
> <Handler User-Name = /hshiha2/, Realm = x.x.x.x>
>    AcctLogFileName %L/detail.log
>    <AuthBy LDAP2>
>    	AddToReply Service-Type = Framed-User,Framed-Protocol =
> PPP,Idle-Timeout = 1200
>    	AuthDN uid=abc, o=xxx
>    	AuthPassword xxx
>    	BaseDN o=xxx
>    	FailureBackoffTime 30
>    	Host 1.2.3.4
>    	Identifier xyz
>    	PasswordAttr userPassword
>    	Port 389
> 	UsernameAttr uid
>    </AuthBy>
>    AuthByPolicy ContinueAlways
>    MaxSessions 1
>    PasswordLogFileName %L/password.log
>    RejectHasReason
>    RewriteUsername s/^([^@]+).*/$1/
>    SessionDatabase SDB.medu
> </Handler>
>
> OPTION2
>
> <Handler User-Name = /hshiha2/, Realm = x.x.x.x>
>    AcctLogFileName %L/detail.log
>    <AuthBy LDAP2>
>    	AddToReply Service-Type = Framed-User,Framed-Protocol =
> PPP,Idle-Timeout = 1200
>    	AuthDN uid=abc, o=xxx
>    	AuthPassword xxx
>    	BaseDN o=xxx
>    	FailureBackoffTime 30
>    	Host 1.2.3.4
>    	Identifier xyz
> ### just changed this
>    	EncryptedPasswordAttr userPassword
>    	Port 389
> 	UsernameAttr uid
>    </AuthBy>
>    AuthByPolicy ContinueAlways
>    MaxSessions 1
>    PasswordLogFileName %L/password.log
>    RejectHasReason
>    RewriteUsername s/^([^@]+).*/$1/
>    SessionDatabase SDB.medu
> </Handler>
> <trace4.txt>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list