[Jradius] JRadius Proxy mangles User-Password

Murray Long murray at skyrove.com
Thu Aug 19 08:49:06 UTC 2010


Oh interesting, so it's only the password field that gets hashed by shared
secret?

At the moment I have:
UAM --(radsec) --> Jradius ---(radius)--> freeradius

I defiantly got the same secret between Jradius and freeradius ( set in
radSecProxyHander.sharedSecret )
But I haven't told Jradius about the shared secret being used by the UAM,
and I'm not sure where to set this.  Can someone point me in the right
direction?

Thanks Murray

On Thu, Aug 19, 2010 at 8:21 AM, wlanmac <wlan at mac.com> wrote:

> Hello,
>
> The User-Password is always encoded ("encrypted") with the shared secret
> on the wire. Changes are that there is a shared secret mix up
> somewhere.
>
> David
>
>
> On Wed, 2010-08-18 at 17:31 +0200, Murray Long wrote:
> > Hi Everyone,
> >
> > I'm trying to set up JRadius to accept Radsec connections and proxy
> > them onto freeradius.
> >
> > I've set up jardius as described on coova.org, and it seems to work
> > well, except the User-Password is encrypted by the time it reaches
> > freeradius
> >
> > I get the following reported on the freeradius side:
> >
> >     User-Name = "testuser"
> >     User-Password = "\212\230\306\310\313}\010\231\257\211F\237.l
> > \365JJ\2173\240b\367\215+ҵu\177=\237\304\001"
> >
> > My NAS is sending plaintext passwords so I'm pretty sure Jradius is
> > mangling the User-Password somehow.
> >
> > Does anyone know why this would be happening and how to prevent it?
> >
> > I did notice "dictionary.rfc2865" had a line:
> > User-Password                2    string encrypt=1
> > but setting encrypt=0 dosn't seem to make a difference.
> >
> > Thanks,
> > Murray
> >
> >
> >
> >
> >
> > _______________________________________________
> > Jradius mailing list
> > Jradius at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/jradius
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/jradius/attachments/20100819/d7e75ff7/attachment.htm>


More information about the Jradius mailing list