(RADIATOR) Auth protocol branch

James Nelson radiator at isleofatlantis.net
Thu May 15 17:08:41 CDT 2003 

Another update (sorry for the flooding :).

Looks like:
<Handler CHAP-Password = /./>
works also.  I think this should be fine for what I need.  Also, after
making a few changes, I have been unable to recreate the Null password
problem mentioned.  I probably had something screwed up and didn't notice
it.

Thanks for the help so far.  If you can think of any reason the /./ might
cause problems or why /.*/ would be better, let me know.
::James Nelson

----- Original Message -----
From: "James Nelson" <radiator at isleofatlantis.net>
To: "Hugh Irvine" <hugh at open.com.au>
Cc: <radiator at open.com.au>
Sent: Thursday, May 15, 2003 4:20 PM
Subject: Re: (RADIATOR) Auth protocol branch


> Did some more troubleshooting, and found if I change the first Handler to:
> <Handler CHAP-Password = /[^a-zA-Z0-9]/>, it will work.  Perhaps something
> doesn't like the "/.*/".  I'm not a Perl guru, so I'm not sure what it
could
> be.
>
> ::James Nelson
>
> ----- Original Message -----
> From: "James Nelson" <radiator at isleofatlantis.net>
> To: "Hugh Irvine" <hugh at open.com.au>
> Cc: <radiator at open.com.au>
> Sent: Thursday, May 15, 2003 4:08 PM
> Subject: Re: (RADIATOR) Auth protocol branch
>
>
> > I've tried this and now everything is being handled by the CHAP handler,
> > regardless of the authentication method.  Here's what I've got:
> >
> > <Handler CHAP-Password = /.*/>
> > # deal with CHAP
> >  <AuthBy SQL>
> >   DBSource  ***
> >   ...
> >   AuthSelect select CONCAT('{rcrypt}',txtPassword) from Customers where
> > UserName=%0
> >  </AuthBy>
> >
> >  <AuthLog SQL>
> >   DBSource  ***
> >   ...
> >   SuccessQuery insert into RadAcct values
> > ('%l','Success(CHAP)','%U','%N',%1)
> >   FailureQuery insert into RadAcct values
> > ('%l','Failure(CHAP)','%U','%N',%1)
> >   LogSuccess 1
> >  </AuthLog>
> > </Handler>
> >
> > <Handler>
> > # deal with PAP
> >  <AuthBy SQL>
> >   DBSource  ***
> >   ...
> >   AuthSelect select CONCAT('{MD5}',Password) from Customers where
> > UserName=%0
> >  </AuthBy>
> >
> >  <AuthLog SQL>
> >   DBSource  ***
> >   ...
> >   SuccessQuery insert into RadAcct values
> ('%l','Success(PAP)','%U','%N',%1)
> >   FailureQuery insert into RadAcct values
> ('%l','Failure(PAP)','%U','%N',%1)
> >   LogSuccess 1
> >  </AuthLog>
> > </Handler>
> >
> > All my logs: successes, failures, PAP or CHAP show the (CHAP) note that
I
> > placed.  Also, I'm noticing that if it tries to authenticate when SQL
has
> a
> > "Null" entry where it's Rcrypted password would be, it authenticates
> > regardless of what is entered in the password field.  Is that normal?
> >
> > Thanks,
> > ::James Nelson
> >
> > ----- Original Message -----
> > From: "Hugh Irvine" <hugh at open.com.au>
> > To: "James Nelson" <radiator at isleofatlantis.net>
> > Cc: <radiator at open.com.au>
> > Sent: Wednesday, May 14, 2003 5:12 PM
> > Subject: Re: (RADIATOR) Auth protocol branch
> >
> >
> > >
> > >
> > > Hello James -
> > >
> > > You can do this with Handlers:
> > >
> > > <Handler CHAP-Password = /.*/>
> > > # deal with CHAP
> > > ....
> > > </Handler>
> > >
> > > <Handler>
> > > # deal with others
> > > ....
> > > </Handler>
> > >
> > > regards
> > >
> > > Hugh
> > >
> > >
> > > On Thursday, May 15, 2003, at 07:42 Australia/Melbourne, James Nelson
> > > wrote:
> > >
> > >
> > > > Is there a way to set the radius.cfg file to branch based on what
> > > > Authentication protocol (PAP or CHAP) is being used?  Example:
> > > >
> > > > If Auth-Proto = PAP then
> > > >   AuthSelect 1
> > > > else
> > > >   AuthSelect 2
> > > >
> > > > Since I primarily use PAP (so I can create non-reversible hashs on
my
> > > > server), but still need to support a few NAS's (that I don't
control)
> > > > who absolutely demand the use of CHAP.  I was originally thinking of
> > > > splitting this by realms, but this is no longer an option.
> > > >
> > > > Thanks for your help,
> > > > ::James Nelson
> > > >
> > > >
> > > >
> > > NB: have you included a copy of your configuration file (no secrets),
> > > together with a trace 4 debug showing what is happening?
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > >
> > >
> >
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list