(RADIATOR) Auth protocol branch
Hugh Irvine
hugh at open.com.au
Thu May 15 17:37:27 CDT 2003
Hello James -
Sorry - my fault.
/.*/ will match anything (including nothing)
/./ will match any single character (including the first of a string)
/.+/ will match any number of characters
As usual, you should check with your Perl book and do some experiments.
regards
Hugh
On Friday, May 16, 2003, at 08:08 Australia/Melbourne, James Nelson
wrote:
> Another update (sorry for the flooding :).
>
> Looks like:
> <Handler CHAP-Password = /./>
> works also. I think this should be fine for what I need. Also, after
> making a few changes, I have been unable to recreate the Null password
> problem mentioned. I probably had something screwed up and didn't
> notice
> it.
>
> Thanks for the help so far. If you can think of any reason the /./
> might
> cause problems or why /.*/ would be better, let me know.
> ::James Nelson
>
> ----- Original Message -----
> From: "James Nelson" <radiator at isleofatlantis.net>
> To: "Hugh Irvine" <hugh at open.com.au>
> Cc: <radiator at open.com.au>
> Sent: Thursday, May 15, 2003 4:20 PM
> Subject: Re: (RADIATOR) Auth protocol branch
>
>
>> Did some more troubleshooting, and found if I change the first
>> Handler to:
>> <Handler CHAP-Password = /[^a-zA-Z0-9]/>, it will work. Perhaps
>> something
>> doesn't like the "/.*/". I'm not a Perl guru, so I'm not sure what it
> could
>> be.
>>
>> ::James Nelson
>>
>> ----- Original Message -----
>> From: "James Nelson" <radiator at isleofatlantis.net>
>> To: "Hugh Irvine" <hugh at open.com.au>
>> Cc: <radiator at open.com.au>
>> Sent: Thursday, May 15, 2003 4:08 PM
>> Subject: Re: (RADIATOR) Auth protocol branch
>>
>>
>>> I've tried this and now everything is being handled by the CHAP
>>> handler,
>>> regardless of the authentication method. Here's what I've got:
>>>
>>> <Handler CHAP-Password = /.*/>
>>> # deal with CHAP
>>> <AuthBy SQL>
>>> DBSource ***
>>> ...
>>> AuthSelect select CONCAT('{rcrypt}',txtPassword) from Customers
>>> where
>>> UserName=%0
>>> </AuthBy>
>>>
>>> <AuthLog SQL>
>>> DBSource ***
>>> ...
>>> SuccessQuery insert into RadAcct values
>>> ('%l','Success(CHAP)','%U','%N',%1)
>>> FailureQuery insert into RadAcct values
>>> ('%l','Failure(CHAP)','%U','%N',%1)
>>> LogSuccess 1
>>> </AuthLog>
>>> </Handler>
>>>
>>> <Handler>
>>> # deal with PAP
>>> <AuthBy SQL>
>>> DBSource ***
>>> ...
>>> AuthSelect select CONCAT('{MD5}',Password) from Customers where
>>> UserName=%0
>>> </AuthBy>
>>>
>>> <AuthLog SQL>
>>> DBSource ***
>>> ...
>>> SuccessQuery insert into RadAcct values
>> ('%l','Success(PAP)','%U','%N',%1)
>>> FailureQuery insert into RadAcct values
>> ('%l','Failure(PAP)','%U','%N',%1)
>>> LogSuccess 1
>>> </AuthLog>
>>> </Handler>
>>>
>>> All my logs: successes, failures, PAP or CHAP show the (CHAP) note
>>> that
> I
>>> placed. Also, I'm noticing that if it tries to authenticate when SQL
> has
>> a
>>> "Null" entry where it's Rcrypted password would be, it authenticates
>>> regardless of what is entered in the password field. Is that normal?
>>>
>>> Thanks,
>>> ::James Nelson
>>>
>>> ----- Original Message -----
>>> From: "Hugh Irvine" <hugh at open.com.au>
>>> To: "James Nelson" <radiator at isleofatlantis.net>
>>> Cc: <radiator at open.com.au>
>>> Sent: Wednesday, May 14, 2003 5:12 PM
>>> Subject: Re: (RADIATOR) Auth protocol branch
>>>
>>>
>>>>
>>>>
>>>> Hello James -
>>>>
>>>> You can do this with Handlers:
>>>>
>>>> <Handler CHAP-Password = /.*/>
>>>> # deal with CHAP
>>>> ....
>>>> </Handler>
>>>>
>>>> <Handler>
>>>> # deal with others
>>>> ....
>>>> </Handler>
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On Thursday, May 15, 2003, at 07:42 Australia/Melbourne, James
>>>> Nelson
>>>> wrote:
>>>>
>>>>
>>>>> Is there a way to set the radius.cfg file to branch based on what
>>>>> Authentication protocol (PAP or CHAP) is being used? Example:
>>>>>
>>>>> If Auth-Proto = PAP then
>>>>> AuthSelect 1
>>>>> else
>>>>> AuthSelect 2
>>>>>
>>>>> Since I primarily use PAP (so I can create non-reversible hashs on
> my
>>>>> server), but still need to support a few NAS's (that I don't
> control)
>>>>> who absolutely demand the use of CHAP. I was originally thinking
>>>>> of
>>>>> splitting this by realms, but this is no longer an option.
>>>>>
>>>>> Thanks for your help,
>>>>> ::James Nelson
>>>>>
>>>>>
>>>>>
>>>> NB: have you included a copy of your configuration file (no
>>>> secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database
>>>> independence.
>>>>
>>>>
>>>
>>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list