[strongSwan] Strongswan + Radius + MySQL + Hashed Passwords: Possible?

RA ss17 at fea.st
Wed Jan 10 04:39:35 CET 2018


Hi.

Thanks for your reply.  'NT-Password'  isn't working with Strongswan
though radtest is checking it just fine:

# smbencrypt mypass
LM Hash                                 NT Hash
--------------------------------        --------------------------------92315C8B485693A7AAD3B435B51404EE        E0C32CDA6F6ECC163F442D002BBA3DAF

# INSERT INTO radcheck (username, attribute, op, VALUE) VALUES
# ('mylogin', 'NT-Password', ':=', 'E0C32CDA6F6ECC163F442D002BBA3DAF');

# radtest mylogin mypass my.radius.server 10 mysecret
Sending Access-Request of id 237 to x.x.x.x port 1812
        User-Name = "mylogin"
        User-Password = "mypass"
        NAS-IP-Address = x.x.x.x
        NAS-Port = 10
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host x.x.x.x port 1812, id=237, length=20
Do I need to make any changes on the radius or Strongswan side to make
them work with NT-Password?
Thanks & Regards,
Ron


----- Original message -----
From: Giuseppe De Marco <giuseppe.demarco at unical.it>
To: RA <ss17 at fea.st>
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Strongswan + Radius + MySQL + Hashed Passwords: Possible?Date: Tue, 9 Jan 2018 15:46:04 +0100

Hi RA,
Yes you can, I use NT-Password instead.
I get this working on LDAP and Freeradius 

2018-01-09 14:07 GMT+01:00 RA <ss17 at fea.st>:
> Hi.
> 
>  I have been able to follow the guides and tutorials online and
>  successfully setup a Strongswan IKEv2 server which authenticates with
>  a Freeradius server with MySQL back-end. Everywhere I saw
>  instructions like these only:> 
>  INSERT INTO radcheck (username, attribute, op, VALUE) VALUES ('test',
>  'Cleartext-Password', ':=', 'pass123');> 
>  Now this works just fine but I don't want to store plain text
>  passwords in database and would prefer the "VALUE" column to be
>  hashed in some way. But being new to this, I just don't know how &
>  would be really glad if someone can provide pointers. Not sure
>  whether its even possible or not.> 
>  Thanks in advance.
> 
>  Regards.
>  Ron

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180110/24746276/attachment.html>


More information about the Users mailing list