Re: Crypt passwords doesn't work
It works!!! Thank you very much! Kevin Bonner wrote: html I almost ignored your message, as I don't parse HTML well. =) On Wednesday 18 April 2007 18:06:28 Sebastian Firpo wrote: Thank you Kevin, but it didn't work now my entire users file is: sebas Crypt-Password := "(!lGOOlHaBWoQ" Service-Type = Administrative-User, Cisco-AVPair = "shell:priv-lvl=15" and then the debug was: rad_recv: Access-Request packet from host 10.12.4.2:1645, id=103, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "sebas" Calling-Station-Id = "10.11.1.25" User-Password = "hello" Another idea?? Thanks a lot, any way. $ perl -e 'print crypt("hello","(!") . "\n";' (!BVoPlmea8cg Fix your Crypt-Password? How you are generating that encrypted string? -Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Crypt passwords doesn't work
On the topic of password encryption. Kevin would you know how to encode a password for windows 2003 active directory server. I need a user with permission to do active directory searchs, it tries atm but fails because the password is not encrypted. Even if you know what the encryption they use is it would be a big help thanks. On 4/19/07, Sebastian Firpo [EMAIL PROTECTED] wrote: It works!!! Thank you very much! Kevin Bonner wrote: html I almost ignored your message, as I don't parse HTML well. =) On Wednesday 18 April 2007 18:06:28 Sebastian Firpo wrote: Thank you Kevin, but it didn't work now my entire users file is: sebas Crypt-Password := (!lGOOlHaBWoQ Service-Type = Administrative-User, Cisco-AVPair = shell:priv-lvl=15 and then the debug was: rad_recv: Access-Request packet from host 10.12.4.2:1645, id=103, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = sebas Calling-Station-Id = 10.11.1.25 User-Password = hello Another idea?? Thanks a lot, any way. $ perl -e 'print crypt(hello,(!) . \n;' (!BVoPlmea8cg Fix your Crypt-Password? How you are generating that encrypted string? -Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Crypt passwords doesn't work
On Thursday 19 April 2007 10:42:30 Jacob Jarick wrote: On the topic of password encryption. Kevin would you know how to encode a password for windows 2003 active directory server. I need a user with permission to do active directory searchs, it tries atm but fails because the password is not encrypted. Even if you know what the encryption they use is it would be a big help thanks. Win2k3? Never used it before. Active Directory? Ditto. =-) Maybe [1] or [2] will help push you in the right direction. Kevin Bonner [1] http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO [2] http://lists.cistron.nl/pipermail/freeradius-devel/2006-January/009250.html pgpr1TWIInq7Y.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Crypt passwords doesn't work
Hi, I migrated a freeradius server from version 0.6 to 1.5. I'm using a users file for authorize. The server don't authorize and when a do a debug (radiusd -X) I saw the User-password in clear text. If I modify the User-password in the users file by the clear text one it works. Here are the debug and an entry of the users file: Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.12.4.2:1645, id=91, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = sebas Calling-Station-Id = 10.11.1.25 User-Password = hello Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 users: Matched entry sebas at line 50 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 0 for 1 seconds users file sebas Auth-Type := Local, Crypt-Password == (!lGOOlHaBWoQ Service-Type = Administrative-User, Cisco-AVPair = shell:priv-lvl=15 Thanks very much!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Crypt passwords doesn't work
Sebastian Firpo wrote: sebas Auth-Type := Local, Crypt-Password == (!lGOOlHaBWoQ Remove the Auth-Type := Local. Let FR decide on what the auth type is. It knows better than you. ;) If you search the list archives, this comes up about once a week. Don't set Auth-Type unless you really know what you are doing. Also, I think you want := instead of ==. There is no Crypt-Password attribute in the request, so you can't compare them. Use := to set Crypt-Password and then let FR do its magic. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Crypt passwords doesn't work
On Wednesday 18 April 2007 16:39:27 Sebastian Firpo wrote: Hi, I migrated a freeradius server from version 0.6 to 1.5. I'm using a users file for authorize. Wow, that's quite a leap. I assume from 0.6 to 1.1.5? The server don't authorize and when a do a debug (radiusd -X) I saw the User-password in clear text. If I modify the User-password in the users file by the clear text one it works. Here are the debug and an entry of the users file: Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.12.4.2:1645, id=91, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = sebas Calling-Station-Id = 10.11.1.25 User-Password = hello Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 users: Matched entry sebas at line 50 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 0 for 1 seconds users file sebas Auth-Type := Local, Crypt-Password == (!lGOOlHaBWoQ Service-Type = Administrative-User, Cisco-AVPair = shell:priv-lvl=15 Thanks very much!! Don't set Auth-Type, the server will figure it out. The operator for Crypt-Password should be changed to := as well. Kevin Bonner pgpsPajLfZa7I.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Crypt passwords doesn't work
Thank you Kevin, but it didn't work now my entire users file is: sebas Crypt-Password := "(!lGOOlHaBWoQ" Service-Type = Administrative-User, Cisco-AVPair = "shell:priv-lvl=15" and then the debug was: rad_recv: Access-Request packet from host 10.12.4.2:1645, id=103, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "sebas" Calling-Station-Id = "10.11.1.25" User-Password = "hello" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched entry sebas at line 1 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Crypt auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 103 to 10.12.4.2 port 1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 103 with timestamp 4626942f Nothing to do. Sleeping until we see a request. Another idea?? Thanks a lot, any way. Kevin Bonner wrote: On Wednesday 18 April 2007 16:39:27 Sebastian Firpo wrote: Hi, I migrated a freeradius server from version 0.6 to 1.5. I'm using a users file for authorize. Wow, that's quite a leap. I assume from 0.6 to 1.1.5? The server don't authorize and when a do a debug (radiusd -X) I saw the User-password in clear text. If I modify the User-password in the users file by the clear text one it works. Here are the debug and an entry of the users file: Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.12.4.2:1645, id=91, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "sebas" Calling-Station-Id = "10.11.1.25" User-Password = "hello" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched entry sebas at line 50 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 0 for 1 seconds users file sebas Auth-Type := Local, Crypt-Password == "(!lGOOlHaBWoQ" Service-Type = Administrative-User, Cisco-AVPair = "shell:priv-lvl=15" Thanks very much!! Don't set Auth-Type, the server will figure it out. The operator for Crypt-Password should be changed to := as well. Kevin Bonner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Crypt passwords doesn't work
Thank you Dennis, but it didn't work now my entire users file is: sebas Crypt-Password := "(!lGOOlHaBWoQ" Service-Type = Administrative-User, Cisco-AVPair = "shell:priv-lvl=15" and then the debug was: rad_recv: Access-Request packet from host 10.12.4.2:1645, id=103, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "sebas" Calling-Station-Id = "10.11.1.25" User-Password = "hello" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched entry sebas at line 1 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Crypt auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 103 to 10.12.4.2 port 1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 103 with timestamp 4626942f Nothing to do. Sleeping until we see a request. Another idea?? Thanks a lot, any way. Dennis Skinner wrote: Sebastian Firpo wrote: sebas Auth-Type := Local, Crypt-Password == "(!lGOOlHaBWoQ" Remove the Auth-Type := Local. Let FR decide on what the auth type is. It knows better than you. ;) If you search the list archives, this comes up about once a week. Don't set Auth-Type unless you really know what you are doing. Also, I think you want := instead of ==. There is no Crypt-Password attribute in the request, so you can't compare them. Use := to set Crypt-Password and then let FR do its magic. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Crypt passwords doesn't work
html I almost ignored your message, as I don't parse HTML well. =) On Wednesday 18 April 2007 18:06:28 Sebastian Firpo wrote: Thank you Kevin, but it didn't work now my entire users file is: sebas Crypt-Password := (!lGOOlHaBWoQ Service-Type = Administrative-User, Cisco-AVPair = shell:priv-lvl=15 and then the debug was: rad_recv: Access-Request packet from host 10.12.4.2:1645, id=103, length=75 NAS-IP-Address = 10.12.4.2 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = sebas Calling-Station-Id = 10.11.1.25 User-Password = hello Another idea?? Thanks a lot, any way. $ perl -e 'print crypt(hello,(!) . \n;' (!BVoPlmea8cg Fix your Crypt-Password? How you are generating that encrypted string? -Kevin pgp07VlZL3nEM.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html