Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Jun 1997 19:40:10 -0400
From:      Chris Shenton <chris@absinthe.i3inc.com>
To:        tomthai@future.net
Cc:        freebsd-isp@freebsd.org, linuxisp@friendly.jeffnet.org
Subject:   Re: system passwd to RADIUS
Message-ID:  <199706262340.TAA06164@absinthe.i3inc.com>
In-Reply-To: Your message of "Wed, 25 Jun 1997 18:50:18 -0500 (CDT)"
References:  <Pine.BSD.3.91.970625184623.237A-100000@dream.future.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 25 Jun 1997 18:50:18 -0500 (CDT)
"Tom T. Thai" <tomthai@future.net> wrote:

tomthai> Any one know how to convert a unix password file to RADIUS? I think doing 
tomthai> a few thousand by had is very tedious :< Also, anyway to decrypt the 
tomthai> password with SU access?

Why are you doing this? If you goal is to allow users to dial in and
auth using RADIUS and their normal UNIX password, just tell RADIUS to
use it. 

If you're assigning all (or a vast majority) of the users alike, then
set the DEFAULT user. Example:

    # Validate normal (dynamic) users via UNIX /etc/passwd and /etc/shadow.
    # Time-outs: log them out after this many *seconds* if they are:
    # -  idle too long:     30 minutes.
    # -  connected over 8 hours solid.

    DEFAULT         Auth-Type               = System
		    Service-Type            = Framed-User,
		    Framed-Protocol         = PPP,
		    Idle-Timeout            = 1800,
		    Session-Timeout         = 28800


We precede this with non-DEFAULT users -- users with dedicated IP
addresses, routed subnets, etc.

But perhaps this isn't what you want. Be ware that if you do *copy*
/etc/passwd stuff into the RADIUS users file, it will get out of sync
when the user changes their normal passwd -- very confusing.

BTW: I hacked Ascend's RADIUS to treat the password entry listed in
RADIUS users file as a crypted passwd. I think all I had to to was run
what the RADIUS client sent to the server through crypt() then let it
compare with what RADIUS parsed from the user file. You could get
clever and evan modify it to use forms like

	Password = crypt."cx19azPss3v97"

in addition to normal clear-text ones. I don't like cleartext
passwords, so I didn't bother. The code was for Ascend's RADIUS so
posting it here probably wouldn't help. Just look where it does the
compare with what the client (comm server) sent with what's in the
users file.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706262340.TAA06164>