(RADIATOR) CHAP with AuthbyPAM Question

Forbes Mike Mike.Forbes at Colorado.EDU
Tue Oct 29 14:45:22 CST 2002 

I am testing chap authentication with Radiator.  Currently I do the
following:

<Handler Realm=Backbone_Devices,Framed-Protocol=PPP>
RewriteUsername s/^([^@]+).*/$1/
        <AuthBy GROUP>
                <AuthBy PAM>
                        Fork
                        Service radiusd
                </AuthBy>
        </AuthBy>
        AuthLog DSL_PPP_Login_Failures
       # Log accounting to a detail file
        AcctLogFileName %L/dsl_ppp_users
</Handler>

This works for pap, but not for chap. Is this because CHAP is encytped and
PAM needs the unecrypted? There is no note that says PAM cannot do chap.

Thanks,

Mike Forbes


For chap I get the following output:



Tue Oct 29 13:05:38 2002: DEBUG: Packet dump:
*** Received from x.y.z.v port 1645 ....
Code:       Access-Request
Identifier: 103
Authentic:  A:
Attributes:
        Framed-Protocol = PPP
        User-Name = "fred"
        CHAP-Password = ]b%
        NAS-Port = 1
        NAS-Port-Type = Virtual
        Service-Type = Framed-User
        NAS-IP-Address = x.y.z.v

Tue Oct 29 13:05:38 2002: DEBUG: Handling request with Handler
'Realm=Backbone_Devices,Framed-Protocol=PPP'
Tue Oct 29 13:05:38 2002: DEBUG: Rewrote user name to fred
Tue Oct 29 13:05:38 2002: DEBUG:  Deleting session for fred,
128.138.82.198, 1
Tue Oct 29 13:05:38 2002: DEBUG: Handling with Radius::AuthGROUP
Tue Oct 29 13:05:38 2002: DEBUG: Handling with PAM service radiusd
Tue Oct 29 13:05:38 2002: DEBUG: PAM is asking for 1: 'Password'
Tue Oct 29 13:05:38 2002: DEBUG: PAM is asking for 1: 'Password for
fred at COLORADO.EDU'
Tue Oct 29 13:05:38 2002: DEBUG: PAM is asking for 1: 'Password for
fred at COLORADO.EDU'
Tue Oct 29 13:05:38 2002: INFO: Access rejected for fred:
Authentication failure:
Tue Oct 29 13:05:38 2002: DEBUG: Packet dump:
*** Sending to x.y.z.v port 1645 ....
Code:       Access-Reject
Identifier: 103
Authentic:  A:
Attributes:
        Reply-Message = "Request Denied"


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list