(RADIATOR) Re: NAS control

Hugh Irvine hugh at open.com.au
Thu May 16 19:18:20 CDT 2002 

Hello Tunde -

On Fri, 17 May 2002 06:37, Tunde Itayemi wrote:
> Hi Hugh,
>
> Well, I guess I will have to stick to CHAP, PAP OR MSCHAPv1 - which may not
> necessarily be a bad thing based on some other things I found out recently.
> My (new) problems are:
>
> 1. Does anyone have a program that can be called from radwho.cgi that can
> be used to KICK OUT (disconnect) a user from a session on a Windows 2000
> server?
>

I don't know about this - anyone else?

> 2. Does anyone have experience with the Patton model 2960 RAS? Special
> configuration options, does and don't, and especially if it offers any
> "low-level" support for (2) above.
>

We have many customers using Patton RAS's with no problems.

> 3. Hugh, does it mean radiator can only "decrypt" passwords sent by users
> who connect using only PAP - and store this in the password.log file? What
> happens to users that connect with CHAP and possibly MSCHAPv1 - is there no
> hope of getting radaitor to put the password sent by the user (client) into
> the password.log file - in "decrypted" text format?
>

PAP sends a reversibly encrypted form of the password that Radiator can 
decrypt and then do the same encryption as has been used on the stored 
encrypted password and compare the results. If the two encrypted passwords 
match then the password is correct.

CHAP (and its variants) sends an encrypted password in the radius request and 
Radiator must have access to the plaintext password in the user database so 
it can perform the same encryption as the NAS and compare the results. If the 
results match then the password is correct.

Note that when using CHAP (and its variants), you must already have the 
cleartext passwords available by definition.

regards

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list