Fwd: (RADIATOR) Password length

Hugh Irvine hugh at open.com.au
Thu Apr 4 17:09:53 CST 2002 

Hello Tony -

If you only have a couple of these Clients, you could always define them 
directly in the configuration file instead of in ClientListSQL.

regards

Hugh


On Fri, 5 Apr 2002 07:20, Mike McCauley wrote:
> Hi Tony,
>
> Unfortunately, the default behaviour of ClientListSQL does not include
> UseOldAscendPasswords.
> I think the only way forward for you is to modify the ClientListSQL.pm
> code.
>
> Cheers.
>
> On Fri, 5 Apr 2002 01:11, Tony Bunce wrote:
> > How do I use UseOldAscendPasswords with ClientListSQL?
> >
> > Here is part of my conf:
> > <ClientListSQL>
> >                 DBSource DBI:Sybase:database=XXXXXXX;server=XXXXXX
> >                 DBUsername XXXXXXX
> >                 DBAuth XXXXXXXX
> >                 GetClientQuery select
> > NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,DEFAULTREALM,NASTYP
> > E,SNMPCOMMUNITY,LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS,FRAMEDGROUPMAXPORT
> > SPERCLASSC,REWRITEUSERNAME,NOIGNOREDUPLICATES,PREHANDLERHOOK from
> > NASClients
> > </ClientListSQL>
> >
> > Thanks,
> > Tony B, CCNA, Network+
> > Systems Administration
> > GO Concepts, Inc. / www.go-concepts.com
> > Are you on the GO yet?
> > What about those you know, are they on the GO?
> > 513.934.2800
> > 1.888.ON.GO.YET
> >
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Thursday, April 04, 2002 12:44 AM
> > To: Tony Bunce
> > Cc: radiator at open.com.au
> > Subject: Re: Fwd: (RADIATOR) Password length
> >
> > Hi Tony,
> >
> > On Thu, 4 Apr 2002 14:14, Tony Bunce wrote:
> > > Thanks for the help.
> > >
> > > What will the UseOldAscendPasswords do to passwords under 16
> >
> > characters?
> >
> > No effect.
> >
> > > I would try it right now but I'm currently dialed up and not at the
> > > office so if I break anything I wouldn't be able to fix it.
> >
> > OK, let us know how you go.
> > What sort of NASs do you have?
> >
> > Cheers.
> >
> > > Thanks,
> > > Tony
> > >
> > > -----Original Message-----
> > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > Sent: Wednesday, April 03, 2002 7:53 PM
> > > To: Tony.B" <tonyb at go-concepts.com>"@oscar.open.com.au
> > > Cc: radiator at open.com.au
> > > Subject: Re: Fwd: (RADIATOR) Password length
> > >
> > > Hello Tony,
> > >
> > > > ----------  Forwarded Message  ----------
> > > >
> > > > Subject: (RADIATOR) Password length
> > > > Date: Wed, 3 Apr 2002 14:02:08 -0500
> > > > From: "Tony B" <tonyb at go-concepts.com>
> > > > To: <radiator at open.com.au>
> > > >
> > > > Hello,
> > > >
> > > >             We have been testing radiator for a while now and just
> > >
> > > moved
> > >
> > > > it to our live environment.  The transaction was very smooth except
> > >
> > > for
> > >
> > > > two things.
> > > >
> > > > Does radiator limit the size of the password that the user is aloud
> >
> > to
> >
> > > > use?  We have one customer that has a 22 character password and we
> >
> > are
> >
> > > > unable to get radiator to let the user connect.  We can reproduce
> >
> > the
> >
> > > > error.  We are using AuthBy SQL and when I run the sql command it
> > > > returns the correct value.  I can authenticate from the command line
> > > > using radpwtst.  I want to blame it on the NAS but the user was able
> > >
> > > to
> > >
> > > > connect fine with our old radius server. I turned on password
> >
> > logging
> >
> > > > and it looks like it is not decrypting the password correctly.
> >
> > Below
> >
> > > is
> > >
> > > > the line from the password log (the actual password is half xed
> >
> > out).
> >
> > > Some NASs (in particular, old Ascends) implement a broken encryption
> >
> > for
> >
> > > passwords longer than 16 chars. There is a per client parameter that
> >
> > you
> >
> > > can
> > > enable to work around this. See UseOldAscendPasswords in the ref
> >
> > manual.
> >
> > > If that does not fix the problem, please send to me (privately) a
> >
> > level
> >
> > > 5
> > > dump of the incoming request, along with the type/model of your NAS,
> >
> > the
> >
> > > correct passwrod and your shared secret.
> > >
> > > Cheers.
> > >
> > > ....
> > >
> > > > Thanks,
> > > > Tony B, CCNA, Network+
> > > > Systems Administration
> > > > GO Concepts, Inc. / www.go-concepts.com
> > > > Are you on the GO yet?
> > > > What about those you know, are they on the GO?
> > > > 513.934.2800
> > > > 1.888.ON.GO.YET
> > > >
> > > > -------------------------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list