Freeradius doesn't support SSHA512. How can I change default zimbra hash back to SSHA?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
rahmanduran
Posts: 2
Joined: Mon Feb 02, 2015 1:57 am

Freeradius doesn't support SSHA512. How can I change default zimbra hash back to SSHA?

Postby rahmanduran » Mon Feb 02, 2015 2:01 am

Hi,



With Zimbra 8.5 update new users and users that change password has SSHA512 hash in Zimbra LDAP. The problem is Freeradius does not support SSHA512 so these users can't authenticate with 802.1x wireless network (EAP-TTLS).



So How can I change the default zimbra hash back to SSHA?



metux
Advanced member
Advanced member
Posts: 146
Joined: Mon Jul 28, 2014 6:21 pm

Freeradius doesn't support SSHA512. How can I change default zimbra hash back to SSHA?

Postby metux » Wed Feb 04, 2015 4:13 pm

Havent checked freeradius, whether it really doesnt support sha512. But it really should do - so, it the correct way is to fix it.
rahmanduran
Posts: 2
Joined: Mon Feb 02, 2015 1:57 am

Freeradius doesn't support SSHA512. How can I change default zimbra hash back to SSHA?

Postby rahmanduran » Thu Feb 05, 2015 12:04 am

It does support SHA512 but zimbra uses SSHA512 witch freeradius does not support.

> But it really should do - so, it the correct way is to fix it.

Really? We have a problem now. So it is not an option to wait for freeradius to support SSHA512. We need to fix it right now and only option is to make zimbra use SSHA hash.



Does Zimbra team hardcoded it in their code? If not why don't they provide a workaround or why they did not make it optional and break working systems.
dlane.ire
Posts: 2
Joined: Wed Feb 18, 2015 6:19 am

Freeradius doesn't support SSHA512. How can I change default zimbra hash back to SSHA?

Postby dlane.ire » Wed Feb 18, 2015 6:21 am

We are also facing a problem where SSHA512 is breaking existing systems. Is it possible to configure the password encoding in Zimbra? I can't find anything in the docs.
Klug
Elite member
Elite member
Posts: 2369
Joined: Mon Dec 16, 2013 11:35 am
Contact:

Freeradius doesn't support SSHA512. How can I change default zimbra hash back to SSHA?

Postby Klug » Wed Feb 18, 2015 6:55 am

Actually (there are a couple of threads in the last weeks about this iirc), you should not authenticate other apps/services against Zimbra's LDAP.

If you want to authenticate several things against a single directory, you should setup a a standalone LDAP server, create your users in this directory and authenticate everything (including Zimbra) against it.

dlane.ire
Posts: 2
Joined: Wed Feb 18, 2015 6:19 am

Freeradius doesn't support SSHA512. How can I change default zimbra hash back to SSHA?

Postby dlane.ire » Wed Feb 18, 2015 7:42 am

Thanks for the reply. This is something I will take on board and try to put in place in the future. But for right now we have users unable to login to a system that only supports {sha} and {ssha}, the {ssha512} is breaking the auth process. Is it possible to change the password encoding via config so I can get the users back in? I can look at an LDAP re-org afterwards.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 19 guests