[strongSwan] Strongswan + Radius + MySQL + Hashed Passwords: Possible?
Giuseppe De Marco
giuseppe.demarco at unical.it
Wed Jan 10 09:35:52 CET 2018
It depends by your configuration
You have to enable eap-radius as well
2018-01-10 4:39 GMT+01:00 RA <ss17 at fea.st>:
> Thanks for your reply. 'NT-Password' isn't working with Strongswan though
> radtest is checking it just fine:
> # smbencrypt mypass
> LM Hash NT Hash
> -------------------------------- --------------------------------
> 92315C8B485693A7AAD3B435B51404EE E0C32CDA6F6ECC163F442D002BBA3DAF
> # INSERT INTO radcheck (username, attribute, op, VALUE) VALUES ('mylogin',
> 'NT-Password', ':=', 'E0C32CDA6F6ECC163F442D002BBA3DAF');
> # radtest mylogin mypass my.radius.server 10 mysecret
> Sending Access-Request of id 237 to x.x.x.x port 1812
> User-Name = "mylogin"
> User-Password = "mypass"
> NAS-IP-Address = x.x.x.x
> NAS-Port = 10
> Message-Authenticator = 0x00000000000000000000000000000000
> rad_recv: Access-Accept packet from host x.x.x.x port 1812, id=237,
> Do I need to make any changes on the radius or Strongswan side to make
> them work with NT-Password?
> Thanks & Regards,
> ----- Original message -----
> From: Giuseppe De Marco <giuseppe.demarco at unical.it>
> To: RA <ss17 at fea.st>
> Cc: users at lists.strongswan.org
> Subject: Re: [strongSwan] Strongswan + Radius + MySQL + Hashed Passwords:
> Date: Tue, 9 Jan 2018 15:46:04 +0100
> Hi RA,
> Yes you can, I use NT-Password instead.
> I get this working on LDAP and Freeradius
> 2018-01-09 14:07 GMT+01:00 RA <ss17 at fea.st>:
> I have been able to follow the guides and tutorials online and
> successfully setup a Strongswan IKEv2 server which authenticates with a
> Freeradius server with MySQL back-end. Everywhere I saw instructions like
> these only:
> INSERT INTO radcheck (username, attribute, op, VALUE) VALUES ('test',
> 'Cleartext-Password', ':=', 'pass123');
> Now this works just fine but I don't want to store plain text passwords in
> database and would prefer the "VALUE" column to be hashed in some way. But
> being new to this, I just don't know how & would be really glad if someone
> can provide pointers. Not sure whether its even possible or not.
> Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users