(RADIATOR) Auth protocol branch
James Nelson
radiator at isleofatlantis.net
Thu May 15 16:20:18 CDT 2003
Did some more troubleshooting, and found if I change the first Handler to:
<Handler CHAP-Password = /[^a-zA-Z0-9]/>, it will work. Perhaps something
doesn't like the "/.*/". I'm not a Perl guru, so I'm not sure what it could
be.
::James Nelson
----- Original Message -----
From: "James Nelson" <radiator at isleofatlantis.net>
To: "Hugh Irvine" <hugh at open.com.au>
Cc: <radiator at open.com.au>
Sent: Thursday, May 15, 2003 4:08 PM
Subject: Re: (RADIATOR) Auth protocol branch
> I've tried this and now everything is being handled by the CHAP handler,
> regardless of the authentication method. Here's what I've got:
>
> <Handler CHAP-Password = /.*/>
> # deal with CHAP
> <AuthBy SQL>
> DBSource ***
> ...
> AuthSelect select CONCAT('{rcrypt}',txtPassword) from Customers where
> UserName=%0
> </AuthBy>
>
> <AuthLog SQL>
> DBSource ***
> ...
> SuccessQuery insert into RadAcct values
> ('%l','Success(CHAP)','%U','%N',%1)
> FailureQuery insert into RadAcct values
> ('%l','Failure(CHAP)','%U','%N',%1)
> LogSuccess 1
> </AuthLog>
> </Handler>
>
> <Handler>
> # deal with PAP
> <AuthBy SQL>
> DBSource ***
> ...
> AuthSelect select CONCAT('{MD5}',Password) from Customers where
> UserName=%0
> </AuthBy>
>
> <AuthLog SQL>
> DBSource ***
> ...
> SuccessQuery insert into RadAcct values
('%l','Success(PAP)','%U','%N',%1)
> FailureQuery insert into RadAcct values
('%l','Failure(PAP)','%U','%N',%1)
> LogSuccess 1
> </AuthLog>
> </Handler>
>
> All my logs: successes, failures, PAP or CHAP show the (CHAP) note that I
> placed. Also, I'm noticing that if it tries to authenticate when SQL has
a
> "Null" entry where it's Rcrypted password would be, it authenticates
> regardless of what is entered in the password field. Is that normal?
>
> Thanks,
> ::James Nelson
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "James Nelson" <radiator at isleofatlantis.net>
> Cc: <radiator at open.com.au>
> Sent: Wednesday, May 14, 2003 5:12 PM
> Subject: Re: (RADIATOR) Auth protocol branch
>
>
> >
> >
> > Hello James -
> >
> > You can do this with Handlers:
> >
> > <Handler CHAP-Password = /.*/>
> > # deal with CHAP
> > ....
> > </Handler>
> >
> > <Handler>
> > # deal with others
> > ....
> > </Handler>
> >
> > regards
> >
> > Hugh
> >
> >
> > On Thursday, May 15, 2003, at 07:42 Australia/Melbourne, James Nelson
> > wrote:
> >
> >
> > > Is there a way to set the radius.cfg file to branch based on what
> > > Authentication protocol (PAP or CHAP) is being used? Example:
> > >
> > > If Auth-Proto = PAP then
> > > AuthSelect 1
> > > else
> > > AuthSelect 2
> > >
> > > Since I primarily use PAP (so I can create non-reversible hashs on my
> > > server), but still need to support a few NAS's (that I don't control)
> > > who absolutely demand the use of CHAP. I was originally thinking of
> > > splitting this by realms, but this is no longer an option.
> > >
> > > Thanks for your help,
> > > ::James Nelson
> > >
> > >
> > >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> >
> >
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list