Need help

Frank Winkler Wed, 31 Oct 2007 08:19:56 -0800

Hi there !

Could someone please assisst me in configuring FreeRADIUS? I'm quite new to
FR and migrated a server from 0.6 on Solaris 8/SPARC to 1.1.7 on Solaris
10/x64.


On the old server, the users were authenticated by regular /etc/passwd
means. I got this working on the new server. As there are some new features
in the later versions, I'd prefer to move the RADIUS users to a separate
smbpasswd-like file but I can't get the authentication to work.

Some questions:

The old server querying itself for a /etc/passwd user:
[EMAIL PROTECTED] # ./radtest frank XXX localhost 10 test123
Sending Access-Request of id 161 to 127.0.0.1:1812
        User-Name = "frank"
        User-Password = "D[\326<\255h\016A\275\357"%\367\027_y"
        NAS-IP-Address = XXX
        NAS-Port-Id = "10"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=161, length=20
[EMAIL PROTECTED] #

The old server querying the new one for a /etc/passwd user:
[EMAIL PROTECTED] # ./radtest frank XXX new 10 test123
Sending Access-Request of id 216 to 10.1.1.12:1812
        User-Name = "frank"
        User-Password = "T)n\244Lec\226\246)[EMAIL PROTECTED]&%"
        NAS-IP-Address = XXX
        NAS-Port-Id = "10"
rad_recv: Access-Accept packet from host 10.1.1.12:1812, id=216, length=20
[EMAIL PROTECTED] #

The new server querying itself for the exact same user as above:
[EMAIL PROTECTED] ./radtest frank XXX localhost 10 test123
Sending Access-Request of id 177 to 127.0.0.1 port 1812
        User-Name = "frank"
        User-Password = "XXX"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 10
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=177, length=20
[EMAIL PROTECTED]

Why is the password displayed in plain text instead of hashed as on the old
server?

And how do I configure a separate user file? Currently, I have

  passwd radpasswd {
    filename = /opt/freeradius/etc/radpasswd
    #format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
    format = "*User-Name:LM-Password:NT-Password:"
    delimiter = ":"
    # authtype = MS-CHAP
    authtype = PAP
    hashsize = 0
    ignorenislike = yes
    allowmultiplekeys = no
  }

with radpasswd looking like

frank:A:B:Frank Winkler

with A and B created by "smbencrypt".

I'm pretty unsure about the "authtype". I can post debug outout of radiusd
but it looks like it finds the user in the file but cannot authenticate the
password.

TIA

        fw
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need help

Reply via email to