(RADIATOR) Auth protocol branch

James Nelson radiator at isleofatlantis.net
Thu May 15 16:08:19 CDT 2003 

I've tried this and now everything is being handled by the CHAP handler,
regardless of the authentication method.  Here's what I've got:

<Handler CHAP-Password = /.*/>
# deal with CHAP
 <AuthBy SQL>
  DBSource  ***
  ...
  AuthSelect select CONCAT('{rcrypt}',txtPassword) from Customers where
UserName=%0
 </AuthBy>

 <AuthLog SQL>
  DBSource  ***
  ...
  SuccessQuery insert into RadAcct values
('%l','Success(CHAP)','%U','%N',%1)
  FailureQuery insert into RadAcct values
('%l','Failure(CHAP)','%U','%N',%1)
  LogSuccess 1
 </AuthLog>
</Handler>

<Handler>
# deal with PAP
 <AuthBy SQL>
  DBSource  ***
  ...
  AuthSelect select CONCAT('{MD5}',Password) from Customers where
UserName=%0
 </AuthBy>

 <AuthLog SQL>
  DBSource  ***
  ...
  SuccessQuery insert into RadAcct values ('%l','Success(PAP)','%U','%N',%1)
  FailureQuery insert into RadAcct values ('%l','Failure(PAP)','%U','%N',%1)
  LogSuccess 1
 </AuthLog>
</Handler>

All my logs: successes, failures, PAP or CHAP show the (CHAP) note that I
placed.  Also, I'm noticing that if it tries to authenticate when SQL has a
"Null" entry where it's Rcrypted password would be, it authenticates
regardless of what is entered in the password field.  Is that normal?

Thanks,
::James Nelson

----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "James Nelson" <radiator at isleofatlantis.net>
Cc: <radiator at open.com.au>
Sent: Wednesday, May 14, 2003 5:12 PM
Subject: Re: (RADIATOR) Auth protocol branch


>
>
> Hello James -
>
> You can do this with Handlers:
>
> <Handler CHAP-Password = /.*/>
> # deal with CHAP
> ....
> </Handler>
>
> <Handler>
> # deal with others
> ....
> </Handler>
>
> regards
>
> Hugh
>
>
> On Thursday, May 15, 2003, at 07:42 Australia/Melbourne, James Nelson
> wrote:
>
>
> > Is there a way to set the radius.cfg file to branch based on what
> > Authentication protocol (PAP or CHAP) is being used?  Example:
> >
> > If Auth-Proto = PAP then
> >   AuthSelect 1
> > else
> >   AuthSelect 2
> >
> > Since I primarily use PAP (so I can create non-reversible hashs on my
> > server), but still need to support a few NAS's (that I don't control)
> > who absolutely demand the use of CHAP.  I was originally thinking of
> > splitting this by realms, but this is no longer an option.
> >
> > Thanks for your help,
> > ::James Nelson
> >
> >
> >
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list