(RADIATOR) AuthType Problem

Hugh Irvine hugh at open.com.au
Thu Aug 2 07:14:59 CDT 2001 

Hello Usman -

You do not have to check the password in the AuthBy SQL clause, you 
just have to get the check items and the reply items. Then the AuthBy 
UNIX checks the password.

regards

Hugh


At 14:23 -0700 01/8/2, usman tahir wrote:
>Hi Hugh
>
>thanx for your help  , i have a couple of questions though ..
>
>>  This is very easy to do by chaining two AuthBy clauses, like this:
>>
>>  # define Authby clauses
>>
>>  <AuthBy UNIX>
>>  Identifier CheckPassword
>>  Filename /etc/shadow
>>  </AuthBy>
>>
>>  <AuthBy SQL>
>>  Identifier CheckSQL
>>  .....
>>  </AuthBy>
>>
>>  # define Realms or Handlers
>>
>>  <Handler .....>
>>  AuthByPolicy ContinueWhileAccept
>>  AuthBy CheckSQL
>>  AuthBy CheckPassword
>>  .....
>>  </Handler>
>
>correct me if i am wrong but wont this check mysql database for
>authentication and if that doesnt authenticate it will check shadow file ?
>if that is the case it wont do what iam trying to acheive , let me explain ,
>i want to have a Radius system in which i have Mysql which contains a table
>RADUSERS with fields , Username , Check Attribute , reply Attributes etc
>"BUT" no password , now i cannot import passwords from shadow file due to
>certain problems like having email password requirement of beind same , so
>what i was thinking was that i have a following scenario if possible
>
>1. Have a Authby Sql statement
>2. When NAS sends the request , the usernames attributes are picked up from
>RADUSERS and the password is picked up from shadow.
>3. Reason why i want this whole thing is that AuthBy Mysql suits me just
>fine , i can have accounting database , session database , billing becomes
>easy as well , Reason why i dont use password in mysql is that iam yet to
>find a way to get radmin to insert encrypted password into mysql , plus
>there is always the issue of popper authetication because of which i will
>have to maintain two sets of passwords , so is there any soloution to that ,
>
>if what you wrote above will work will the request first go to SQL table
>pick up attributes , and because it wont find password therefore it`ll go to
>shadow ? i doubt that this a right assumtion on my part :)
>what happens if i set a check or reply item called Auth-Type=System , i have
>one extra field in RADUSERS which contains this  check/reply item , will
>radiator in that case get other attributes from RADUSERS and password from
>shadow ? if so how can i construct such an Authselect clause
>
>PS : Has anyone written a perl module that inetgrates into Radmin for
>entering password in encrypted form in mysql ?
>
>usman

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list