I installed the freeradius package on Ubuntu 18.04.
The version of freeradius was installed with 3.0.16. And database installed mariaDB.
The contents of the 'mods-enabled/sql' file:
...
server = "localhost"
port = 3306
login = "radius"
password = "mypassword" #I want to encrypt this.
...
Is there a way to encrypt "mypassword"?
No. FreeRADIUS provides no support for encrypted passwords in configuration files. This is the same as the majority of other daemons.
Related
I'm migrating a functioning freeradius install version 2.2.8 on ubuntu 16.04 LTS to version 3.0.16 on ubuntu 18.04 LTS
I setup daloradius this time.
I've setup my clients
I've setup my users
I deliver DSL and do auth and assign static IP addresses
I need radius to return the Framed-IP-Address attribute if required
This is all in mysql and I need accounting to be stored in mysql also.
So far I'm getting this:
Auth: (24) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [test#xxx.xxxx.xx/!yyyyyyyy!] (from client 999.888.777.666 port 268439551 cli xxxxxxadsfad-47:621)
Any suggestions?
Thank you.
G
I try to set up Amazon EC2 with Vagrant and Chef-zero. Chef contains only one receipt for the installation of Nginx, Ruby, PostgreSQL, that is those utilities that are necessary for a Ruby on Rails stack. For PostgreSQL installation I use this cookbook https://supermarket.chef.io/cookbooks/postgresql. It automatically adds “local all all peer” to the end of pg_hba.conf. If I run Chef on my local machine in VirtualBox, everything is OK. But if I run it on Amazon, PostgreSQL gives an error “invalid authentication method "peer”. What is the reason? Maybe, I should use Amazon RDS instead of running the Ruby stack and PostgreSQL on the same machine? Locally, I use Centos 7.2, but on Amazon EC2 - Amazon Linux AMI 2016.09.0.
/var/lib/pgsql/9.2/data/pg_hba.conf
# This file was automatically generated and dropped off by Chef!
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.
# TYPE DATABASE USER ADDRESS METHOD
###########
# Other authentication configurations taken from chef node defaults:
###########
local all postgres ident
local all all ident
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
# "local" is for Unix domain socket connections only
local all all peer
logfile:
LOG: invalid authentication method "peer"
CONTEXT: line 24 of configuration file "/var/lib/pgsql/9.2/data/pg_hba.conf"
FATAL: could not load pg_hba.conf
PG 9.4
Centos 6.7
I successfully installed Postgres 9.4 on Centos. I am checking my authentication through pgAdmin. I can create new users etc with the Centos terminal.
However, after the user and passwords are created, I can't use them to access localhost on Postgres. I get the error: 'FATAL: Ident authentication failed for user "pguser"'
The weird thing is, I can login using my linux username and NO password. However, as soon as I create a new username and password, it doesn't work.
/var/lib/pgsql/9.4/data/pg_hba.conf file as in password authentication failed for user "postgres":
# Database administrative login by UNIX sockets
local all postgres ident
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
How do I set up a new superuser and password that will properly authenticate? (This user is going to be used to read/write to pg in a ruby on rails app)
Edit: the answer provided below works. You may have to restart your computer or find a good way to kill/restart pg, looks like sometimes the changes to the pg_hba.conf file don't take.
You need to configure your pg_hba.conf file to accept password as the METHOD to get in. If I am reading this correctly, you are attempting to log in to postgres locally with a user and password you configured. So you should configure pg_hba.conf as such:
# Database administrative login by UNIX sockets
local all postgres ident
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all password
After this is done, you should be able to log in locally with the username and password.
I'm having issues setting up my rails app on a Windows 8.1 machine with Ubuntu through VirtualBox. I've done the following in attempts to try and connect my Ubuntu Guest Rails app to my Windows 8.1 SQL Server Express database.
Setup a Bridged Connection on my Virtual Box network adapter
I've installed my rails application and freetds on my ubuntu guest.
In SQL Server Configuration Manager I enabled TCP/IP under SQL Server Network Configuration
I also setup the correct login users for my database after creating it.
I am able to run my rails application on ubuntu with rails s and it runs fine. When I try to access it from my windows host or ubuntu guest it originally shows a GET until it finally errors and presents me with this message Unable to connect: Adaptive Server is unavailable or does not exist. I'm unsure what to try next. I was looking for a way to test the connection to the database outside of rails in just terminal to see if I could get a connection first but my attempts so far haven't produced anything. Below is my database.yml. The ip address I'm using is the ip address I get for windows host.
development:
adapter: sqlserver
dataserver: 192.168.1.114:1433
host: 192.168.1.114
port: 1433
database: borneo
username: marvin
password: my_password
pool: 5
timeout: 5000
So I found a solution. After I had turned off the firewall I assumed that the firewall wouldn't be blocking anymore traffic; however, seems that I didn't turn it off properly I guess. The following method solved my problem.
Go to Windows Firewall and Advanced Security
Create an Inbound Rule for the Ubuntu Guest ip address for port 1433 using TCP.
After I did that it worked.
I have a PostgreSQL DB on a remote VPS server (CentOS 5) and I'd like to connect to have a Rails application connect to it from my local Mac laptop. On my laptop, I have the ActiveRecord PostgreSQL adapter installed -- postgres (0.7.9.2008.01.28).
I read in the PostgreSQL docs:
The password-based authentication methods are md5, crypt, and password. These methods operate similarly except for the way that the password is sent across the connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
[...]
If you are at all concerned about password "sniffing" attacks then md5 is preferred...Plain password should be avoided especially for connections over the open Internet (unless you use SSL, SSH, or another communications security wrapper around the connection).
In a standard Rails database.yml would have something like this for a localhost connection...
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
But there's nothing in there about the authentication method discussed in the PostgreSQL docs. Is there as option to have something like "auth_method: md5"?
Regardless of whether Postgres allows this functionality, you can enable a secure connection to a remote database by using SSH tunneling. Here's the gratuitous Stack Overflow paste-in from the Web docs:
First make sure that an SSH server is
running properly on the same machine
as the PostgreSQL server and that you
can log in using ssh as some user.
Then you can establish a secure tunnel
with a command like this from the
client machine:
ssh -L 3333:foo.com:5432 joe#foo.com
The first number in the -L argument,
3333, is the port number of your end
of the tunnel; it can be chosen
freely. The second number, 5432, is
the remote end of the tunnel: the port
number your server is using. The name
or IP address between the port numbers
is the host with the database server
you are going to connect to. In order
to connect to the database server
using this tunnel, you connect to port
3333 on the local machine:
psql -h localhost -p 3333 postgres To
the database server it will then look
as though you are really user
joe#foo.com and it will use whatever
authentication procedure was
configured for connections from this
user and host. Note that the server
will not think the connection is
SSL-encrypted, since in fact it is not
encrypted between the SSH server and
the PostgreSQL server. This should not
pose any extra security risk as long
as they are on the same machine.
In case you want more, you can find it online by searching for "SSL tunnel" or "postgres SSL tunnel". Here's the Postgres site where I got the above:
http://www.postgresql.org/docs/current/static/ssh-tunnels.html
To summarize for Rails, you would then do the following:
1) In a terminal window, run the first ssh command above to establish the tunnel.
2) Set your database props like so:
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
port: 3333
I had a look online and there doesn't seem to be an option for what you're looking for and in fact the client library, libpq doesn't mention this either.
My guess is that this is negotiated on your behalf within libpq. In any case, md5 is likely to be the default authentication method.
If you connect to a PostgreSQL server over insecure channel you need to encrypt your communication with SSL or (as runako has explained) SSH Tunneling.