[RADIATOR] Encrypted Password

Heikki Vatiainen hvn at open.com.au
Fri Jun 17 03:08:34 CDT 2011


On 06/16/2011 01:08 PM, Roy Abu Bakar wrote:

Hello,

> I really happy when I saw that option on the RAdmin configuration :)
> I have change the format to Unix Crypt and then change my user password.
> After that, I tried to logged in, but did not succeed.
> I check the log and it said "Bad Password".
> Is there any configuration that I have to configure after change the password 
> format?

You need to change the <AuthBy RADMIN> config and add this option:
EncryptedPassword

Please see the reference manual ref.pdf for version 4.8 section "5.30.12
EncryptedPassword" for more about this option.

Note that the chance will only affect new and changed passwords. If you
already have users, their passwords will not be encrypted automatically.

You should also install the patches for RAdmin. When the crypt option is
turned on, the RAdmin admin passwords will also be encrypted when new
admins are added or current admins change their passwords.

The latest RAdmin patch fixes a bug with admin password check where
admins can be locked out from the system when password encryption is
turned on and the admin password is changed.

Please do the following:
- download the latest RAdmin patches
- login to RAdmin
- install at least the patched CGIUtil.pm
- turn on password encryption if it is not on yet
- change your admin password before logging out with List Admin User ->
Search -> (select your admin and change the password)
- the admin password should now be encrypted matching RAdmin's
encryption settings

This will ensure that your admin password gets successfully encrypted in
sync with the RAdmin encryption settings.


> Here is the log:

This should be fixed once "EncryptedPassword" has been enabled.

Thanks!

> Thu Jun 16 12:53:21 2011: DEBUG: Handling with Radius::AuthRADMIN:
> Thu Jun 16 12:53:21 2011: DEBUG: Handling with Radius::AuthRADMIN:
> Thu Jun 16 12:53:21 2011: DEBUG: Query is: 'select PASS_WORD, STATICADDRESS, 
> TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS 
> where USERNAME='admin'':
> Thu Jun 16 12:53:21 2011: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, IVALUE, 
> SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Switches' order by ITEM_TYPE':
> Thu Jun 16 12:53:21 2011: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, IVALUE, 
> SVALUE, ITEM_TYPE from RADCONFIG where NAME='admin' order by ITEM_TYPE':
> Thu Jun 16 12:53:21 2011: DEBUG: Radius::AuthRADMIN looks for match with admin 
> [admin]
> Thu Jun 16 12:53:21 2011: DEBUG: do query is: 'update RADUSERS set 
> BADLOGINS=BADLOGINS+1 where USERNAME='admin'':
> Thu Jun 16 12:53:21 2011: DEBUG: Query is: 'select PASS_WORD, STATICADDRESS, 
> TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS 
> where USERNAME='DEFAULT'':
> Thu Jun 16 12:53:21 2011: DEBUG: AuthBy  result: REJECT, Bad Password
> Thu Jun 16 12:53:21 2011: INFO: Access rejected for admin: Bad Password
> Thu Jun 16 12:53:21 2011: DEBUG: Packet dump:
> *** Sending to 10.0.0.200 port 1645 ....
> Code:       Access-Reject
> Identifier: 14
> Authentic:  X<128>t<249><148>bc<16><27><172><153><160><133><128><2><162>
> Attributes:
>         Reply-Message = "Request Denied"


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list