Re: [RadiusNT] Encryption doesnot work

Dale E. Reed Jr. ( (no email) )
Wed, 18 Aug 1999 09:51:40 -0700

"S.Tumurbaatar" wrote:
>
> Even I placed needed value in registry and/or run RadiusNt with -E
> parameter,
> RadiusNt doesnot perform encryption to check passwords. There're
> accounts with encrypted password and I use radlogin.exe to test.
> When I sent normal password, RadiusNt rejected it. So I thought that
> may be my encryption function outputs invalid hashes, but before
> checking my program code, I sent to RadiusNt encrypted password
> (ie not real password, but its hash) and in this case server accepted it.
> It seems RadiusNt didnt do any coding. Why?
>
> PS: Does anybody can check this password/hash pairs. I want to check my
> crypt function. Salt is "psw":
> Org psw Hash
> t psMqH8I4PrMIo
> tt psRZQqleUgJH.
> ttt psVf7S7w7HA22
> tttt pseqh5XB2ZCz6
> ttttt pscJCHLE4W1Bc

First, the salt is the first two characters of the actuall password
itself, so its "ps", not "psw".

I'm running 2.5.175 and here are my results:

> C:\Emerald>radius -x255 -E
> ...
> Param: Encrypted Passwords: 3
> ...
> radrecv: Request from host 7f000001 code=1, id=234, length=80
> User-Name = "test6"
> NAS-Identifier = 127.0.0.1
> NAS-Identifier = "Localhost"
> NAS-Port = 0
> Caller-Id = "1115551212"
> Password = "\020'\020\306\010\353\350\022\026Q\012\345\255<\230\362"
> rad_authenticate_ODBC()
>...
> (UNIX) User Password: tttt DB Password: pseqh5XB2ZCz6 Encrypted Password: pseqh
> 5XB2ZCz6
>
> SQL Statement: RadGetConfigs 7
>
> SQL Statement: RadGetATConfigs 'PPP'
>
> Sending Ack of id 234 to 7f000001 (localhost)
> User-Service = Framed-User
> Framed-Protocol = PPP
> Resp Time: 1011 Auth: 1/0 -> 1 Acct: 0/0/0 -> 0

So my test worked fine with your data. The (UNIX) is because RadiusNT
is
using the same routine to auth the password as if it found UNIX as the
password
and looked it up in the passwd file. I used radlogin to test it with:

> C:\Emerald>radlogin test6 tttt
>
> Checking Radius user test6:
> User-Service = Framed-User
> Framed-Protocol = PPP
>
> Good: 1 Bad: 0 T/O: 0 Avg: 1001

-- 

Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com

For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart