(RADIATOR) CHAP with AuthbyPAM Question

Hugh Irvine hugh at open.com.au
Tue Oct 29 16:41:11 CST 2002 

Hello Mike -

It depends on what format the stored passwords are that PAM is refering 
to.

If the passwords are encrypted, you cannot use CHAP.

regards

Hugh


On Wednesday, October 30, 2002, at 07:45 AM, Forbes Mike wrote:

>
> I am testing chap authentication with Radiator.  Currently I do the
> following:
>
> <Handler Realm=Backbone_Devices,Framed-Protocol=PPP>
> RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy GROUP>
>                 <AuthBy PAM>
>                         Fork
>                         Service radiusd
>                 </AuthBy>
>         </AuthBy>
>         AuthLog DSL_PPP_Login_Failures
>        # Log accounting to a detail file
>         AcctLogFileName %L/dsl_ppp_users
> </Handler>
>
> This works for pap, but not for chap. Is this because CHAP is encytped 
> and
> PAM needs the unecrypted? There is no note that says PAM cannot do 
> chap.
>
> Thanks,
>
> Mike Forbes
>
>
> For chap I get the following output:
>
>
>
> Tue Oct 29 13:05:38 2002: DEBUG: Packet dump:
> *** Received from x.y.z.v port 1645 ....
> Code:       Access-Request
> Identifier: 103
> Authentic:  A:
> Attributes:
>         Framed-Protocol = PPP
>         User-Name = "fred"
>         CHAP-Password = ]b%
>         NAS-Port = 1
>         NAS-Port-Type = Virtual
>         Service-Type = Framed-User
>         NAS-IP-Address = x.y.z.v
>
> Tue Oct 29 13:05:38 2002: DEBUG: Handling request with Handler
> 'Realm=Backbone_Devices,Framed-Protocol=PPP'
> Tue Oct 29 13:05:38 2002: DEBUG: Rewrote user name to fred
> Tue Oct 29 13:05:38 2002: DEBUG:  Deleting session for fred,
> 128.138.82.198, 1
> Tue Oct 29 13:05:38 2002: DEBUG: Handling with Radius::AuthGROUP
> Tue Oct 29 13:05:38 2002: DEBUG: Handling with PAM service radiusd
> Tue Oct 29 13:05:38 2002: DEBUG: PAM is asking for 1: 'Password'
> Tue Oct 29 13:05:38 2002: DEBUG: PAM is asking for 1: 'Password for
> fred at COLORADO.EDU'
> Tue Oct 29 13:05:38 2002: DEBUG: PAM is asking for 1: 'Password for
> fred at COLORADO.EDU'
> Tue Oct 29 13:05:38 2002: INFO: Access rejected for fred:
> Authentication failure:
> Tue Oct 29 13:05:38 2002: DEBUG: Packet dump:
> *** Sending to x.y.z.v port 1645 ....
> Code:       Access-Reject
> Identifier: 103
> Authentic:  A:
> Attributes:
>         Reply-Message = "Request Denied"
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list