[Jradius] JRadius Proxy mangles User-Password

wlanmac wlan at mac.com
Thu Aug 19 17:04:57 UTC 2010 

The shared secret from CoovaChilli(UAM) to JRadius should be "radsec" 

On Thu, 2010-08-19 at 10:49 +0200, Murray Long wrote:
> Oh interesting, so it's only the password field that gets hashed by
> shared secret?
> 
> At the moment I have:
> UAM --(radsec) --> Jradius ---(radius)--> freeradius
> 
> I defiantly got the same secret between Jradius and freeradius ( set
> in radSecProxyHander.sharedSecret ) 
> But I haven't told Jradius about the shared secret being used by the
> UAM, and I'm not sure where to set this.  Can someone point me in the
> right direction?
> 
> Thanks Murray
> 
> On Thu, Aug 19, 2010 at 8:21 AM, wlanmac <wlan at mac.com> wrote:
>         Hello,
>         
>         The User-Password is always encoded ("encrypted") with the
>         shared secret
>         on the wire. Changes are that there is a shared secret mix up
>         somewhere.
>         
>         David
>         
>         
>         
>         On Wed, 2010-08-18 at 17:31 +0200, Murray Long wrote:
>         > Hi Everyone,
>         >
>         > I'm trying to set up JRadius to accept Radsec connections
>         and proxy
>         > them onto freeradius.
>         >
>         > I've set up jardius as described on coova.org, and it seems
>         to work
>         > well, except the User-Password is encrypted by the time it
>         reaches
>         > freeradius
>         >
>         > I get the following reported on the freeradius side:
>         >
>         >     User-Name = "testuser"
>         >     User-Password = "\212\230\306\310\313}\010\231\257\211F
>         \237.l
>         > \365JJ\2173\240b\367\215+ҵu\177=\237\304\001"
>         >
>         > My NAS is sending plaintext passwords so I'm pretty sure
>         Jradius is
>         > mangling the User-Password somehow.
>         >
>         > Does anyone know why this would be happening and how to
>         prevent it?
>         >
>         > I did notice "dictionary.rfc2865" had a line:
>         > User-Password                2    string encrypt=1
>         > but setting encrypt=0 dosn't seem to make a difference.
>         >
>         > Thanks,
>         > Murray
>         >
>         >
>         >
>         >
>         >
>         
>         > _______________________________________________
>         > Jradius mailing list
>         > Jradius at coova.org
>         > http://lists.coova.org/cgi-bin/mailman/listinfo/jradius
>         
>         
> 
> _______________________________________________
> Jradius mailing list
> Jradius at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/jradius

More information about the Jradius mailing list