Community discussions

 
User avatar
luqasz
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

freeradius login users. cleartext passwords

Mon Dec 19, 2011 5:21 pm

hi

i have noticed that if i have password stored in database in md5 or sha user can not use/authenticate using:
* bandwidth test
* winbox
* mac-telnet
things taht only work are:
* telnet
* ssh
* ftp

if i have password in clear text format all above works

freeradius -X returns:

without clear text login via winbox/mac-telnet/bw test:
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "*****" with CHAP password
[chap] Cleartext-Password is required for authentication
with sha or md5 password login via ssh/telnet:
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "*******"
[pap] Using SHA1 encryption.
[pap] User authenticated successfully
++[pap] returns ok

 
User avatar
luqasz
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

Re: freeradius login users. cleartext passwords

Mon Dec 19, 2011 10:03 pm

i have found that when logging via ssh/telnet mikrotik sends password in clear text. when logging via winbox/mac-telnet/bw-test mikrotik sens password in chap-password format. it is now obvious why radius fails to "transform" chap password into sha-password.


i am asking why it is different in winbox/mac-telnet/bw-test ?
 
Turbid
just joined
Posts: 4
Joined: Thu Jun 19, 2014 2:35 pm

Re: freeradius login users. cleartext passwords

Thu Jun 19, 2014 2:44 pm

I confirm this problem. Is there any description of the cause?

Also the same case: http://forum.mikrotik.com/viewtopic.php?f=10&t=46982
 
kgblaster
just joined
Posts: 1
Joined: Sat Sep 17, 2016 1:13 am

Re: freeradius login users. cleartext passwords

Sat Sep 17, 2016 1:14 am

Any solution for this problem? I'm facing the same thing here.
 
total13
newbie
Posts: 34
Joined: Fri Jul 08, 2016 2:29 pm

Re: freeradius login users. cleartext passwords

Fri Aug 04, 2017 3:59 pm

Same problem here, any solution?
 
mehdisadighian
just joined
Posts: 8
Joined: Sun Oct 30, 2016 12:28 pm

Re: freeradius login users. cleartext passwords

Mon Oct 02, 2017 12:52 pm

HI
I had the same problem before, my problem solved by moving some lines in /usr/local/etc/raddb/sites-enabled/default
i'm using SQL so i load SQL module and pap,chap

I've changed the lines from

chap
sql
pap

to:

sql
pap
chap

so freeradius first loads the sql and then loads the chap, so it could locate password in SQL.
 
jkliachev
just joined
Posts: 1
Joined: Thu Nov 22, 2018 9:36 pm

Re: freeradius login users. cleartext passwords

Thu Nov 22, 2018 9:58 pm

I have the same issue. If user has configured password in database with attribute "Cleartext-Password" everything is fine but I would like to know what other attribute and hash should put to store so all password are encrypted and winbox/ssh/telnet to works. In this days is very very unacceptable to store whatever password in clear text format. In our company we have a lot of mikrotik routers and would like to have centralized user control with freeradius server. I have read that latest versions of Winbox supports PAP as authentication mechanism but I didn't managed to find any information how to configure.

I would really highly appreciate if someone help us with the config. Thanks in advance.
 
kdavid
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Jul 03, 2005 8:11 pm

Re: freeradius login users. cleartext passwords

Sun Jan 06, 2019 9:51 pm

I have the same issue. If user has configured password in database with attribute "Cleartext-Password" everything is fine but I would like to know what other attribute and hash should put to store so all password are encrypted and winbox/ssh/telnet to works. In this days is very very unacceptable to store whatever password in clear text format. In our company we have a lot of mikrotik routers and would like to have centralized user control with freeradius server. I have read that latest versions of Winbox supports PAP as authentication mechanism but I didn't managed to find any information how to configure.

I would really highly appreciate if someone help us with the config. Thanks in advance.
Hi my MK version is 6.43.8. Have you any idea how to solve it? Probabli i neet to tine the eadius config file via ssh on synology right?

Who is online

Users browsing this forum: MSN [Bot] and 94 guests