(RADIATOR) PAP and CHAP in the same realm

terry at ccis.net terry at ccis.net
Wed Jan 22 12:59:30 CST 2003 

We are currently authenticating via Unix-encrypted passwords stored locally
on the radiator server. We're signing up with a nationwide service that
uses Qwest as one of their providers, and therefore requires us to use both
PAP and CHAP authentication. I have access to the plaintext
username/password pairs in a MySQL database, but I have no idea how to set
up for CHAP or possibly PAP in the same realm. Is anybody else set up using
a similar mechanism, and could you give me an idea how you addressed the
problem? Here is what we currently use, if that is of any help: (the new
MySQL database is "plat_rpl", and the table is "customer", in case it
matters)

 <Handler>
        # remove the "@domain" part (if it exists)
        RewriteUsername s/^([^@]+).*/$1/
        # remove spaces
        RewriteUsername s/\s//g
        AuthByPolicy ContinueAlways
        AcctLogFileName %L/detail
        AuthLog logger1
        <AuthBy SQL>
                # AuthSelect with empty string means dont do auth
                AuthSelect
                DBSource        dbi:mysql:radius
                DBUsername      XXXXXXX
                DBAuth          XXXXXXX
                AccountingTable ACCOUNTING
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
                AcctColumnDef
ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause
                AcctColumnDef   ASCENDDATARATE,Ascend-Data-Rate
                AcctColumnDef   ASCENDXMITRATE,Ascend-Xmit-Rate
                AcctColumnDef
ASCENDCONNECTPROGRESS,Ascend-Connect-Progress
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASPORT,NAS-Port,integer
                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
                AcctColumnDef   NASIPADDRESS,NAS-IP-Address
                AcctColumnDef   CALLEDSTATIONID,Called-Station-Id
                AcctColumnDef   CALLINGSTATIONID,Calling-Station-Id
                AcctColumnDef   CONNECTINFO,Connect-Info
        </AuthBy>
        # Make sure they appear in the users2 file
        # Anyone with Auth-Type=UNIX in the users2 file will be
        # authenticated with the AuthBy UNIX above
        <AuthBy FILE>
                Filename        %D/users2
        </AuthBy>

</Handler>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list