[Jradius] JRadius Proxy mangles User-Password

Murray Long murray at skyrove.com
Fri Aug 20 08:38:28 UTC 2010


Yes, I am using "radsec" as the shared secret between UAM and Jradius

The thing is, if I intentionally set an incorrect shared secret on either
side I get an appropriate error message.  Where as if I use the correct
secrets I get no error messages only mangled passwords.

Is it possible there is something wrong with the shared secret that is not
being picked up by the error checking?



On Thu, Aug 19, 2010 at 7:04 PM, wlanmac <wlan at mac.com> wrote:

> The shared secret from CoovaChilli(UAM) to JRadius should be "radsec"
>
> On Thu, 2010-08-19 at 10:49 +0200, Murray Long wrote:
> > Oh interesting, so it's only the password field that gets hashed by
> > shared secret?
> >
> > At the moment I have:
> > UAM --(radsec) --> Jradius ---(radius)--> freeradius
> >
> > I defiantly got the same secret between Jradius and freeradius ( set
> > in radSecProxyHander.sharedSecret )
> > But I haven't told Jradius about the shared secret being used by the
> > UAM, and I'm not sure where to set this.  Can someone point me in the
> > right direction?
> >
> > Thanks Murray
> >
> > On Thu, Aug 19, 2010 at 8:21 AM, wlanmac <wlan at mac.com> wrote:
> >         Hello,
> >
> >         The User-Password is always encoded ("encrypted") with the
> >         shared secret
> >         on the wire. Changes are that there is a shared secret mix up
> >         somewhere.
> >
> >         David
> >
> >
> >
> >         On Wed, 2010-08-18 at 17:31 +0200, Murray Long wrote:
> >         > Hi Everyone,
> >         >
> >         > I'm trying to set up JRadius to accept Radsec connections
> >         and proxy
> >         > them onto freeradius.
> >         >
> >         > I've set up jardius as described on coova.org, and it seems
> >         to work
> >         > well, except the User-Password is encrypted by the time it
> >         reaches
> >         > freeradius
> >         >
> >         > I get the following reported on the freeradius side:
> >         >
> >         >     User-Name = "testuser"
> >         >     User-Password = "\212\230\306\310\313}\010\231\257\211F
> >         \237.l
> >         > \365JJ\2173\240b\367\215+ҵu\177=\237\304\001"
> >         >
> >         > My NAS is sending plaintext passwords so I'm pretty sure
> >         Jradius is
> >         > mangling the User-Password somehow.
> >         >
> >         > Does anyone know why this would be happening and how to
> >         prevent it?
> >         >
> >         > I did notice "dictionary.rfc2865" had a line:
> >         > User-Password                2    string encrypt=1
> >         > but setting encrypt=0 dosn't seem to make a difference.
> >         >
> >         > Thanks,
> >         > Murray
> >         >
> >         >
> >         >
> >         >
> >         >
> >
> >         > _______________________________________________
> >         > Jradius mailing list
> >         > Jradius at coova.org
> >         > http://lists.coova.org/cgi-bin/mailman/listinfo/jradius
> >
> >
> >
> > _______________________________________________
> > Jradius mailing list
> > Jradius at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/jradius
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/jradius/attachments/20100820/40121c9f/attachment.htm>


More information about the Jradius mailing list