Am 10.01.2018 um 04:39 schrieb RA:
> Hi.
>
> Thanks for your reply. 'NT-Password' isn't working with Strongswan
> though radtest is checking it just fine:
>
> # smbencrypt mypass
> LM Hash NT Hash
> --------------------------------
> --------------------------------92315C8B485693A7AAD3B435B51404EE
> E0C32CDA6F6ECC163F442D002BBA3DAF
>
> # INSERT INTO radcheck (username, attribute, op, VALUE) VALUES
> # ('mylogin', 'NT-Password', ':=', 'E0C32CDA6F6ECC163F442D002BBA3DAF');
>
> # radtest mylogin mypass my.radius.server 10 mysecret
> Sending Access-Request of id 237 to x.x.x.x port 1812
> User-Name = "mylogin"
> User-Password = "mypass"
> NAS-IP-Address = x.x.x.x
> NAS-Port = 10
> Message-Authenticator = 0x00000000000000000000000000000000
> rad_recv: Access-Accept packet from host x.x.x.x port 1812, id=237, length=20
> Do I need to make any changes on the radius or Strongswan side to make
> them work with NT-Password?
> Thanks & Regards,
> RonHi, this depends on your config. Does your client offer "ms-chapv2" as auth mech? Perhaps it is better to use EAP (eap-radius in strongswan). For debugging please look at the output of radiusd -X. Or paste the output here. > ----- Original message ----- > From: Giuseppe De Marco <[email protected]> > To: RA <[email protected]> > Cc: [email protected] > Subject: Re: [strongSwan] Strongswan + Radius + MySQL + Hashed Passwords: > Possible?Date: Tue, 9 Jan 2018 15:46:04 +0100 > > Hi RA, > Yes you can, I use NT-Password instead. > I get this working on LDAP and Freeradius > > 2018-01-09 14:07 GMT+01:00 RA <[email protected]>: >> Hi. >> >> I have been able to follow the guides and tutorials online and >> successfully setup a Strongswan IKEv2 server which authenticates with >> a Freeradius server with MySQL back-end. Everywhere I saw >> instructions like these only:> >> INSERT INTO radcheck (username, attribute, op, VALUE) VALUES ('test', >> 'Cleartext-Password', ':=', 'pass123');> >> Now this works just fine but I don't want to store plain text >> passwords in database and would prefer the "VALUE" column to be >> hashed in some way. But being new to this, I just don't know how & >> would be really glad if someone can provide pointers. Not sure >> whether its even possible or not.> >> Thanks in advance. >> >> Regards. >> Ron > Mit freundlichen Grüßen, -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: OpenPGP digital signature
