(RADIATOR) Auth protocol branch

Hugh Irvine hugh at open.com.au
Thu May 15 17:37:27 CDT 2003 

Hello James -

Sorry - my fault.

/.*/ will match anything (including nothing)

/./ will match any single character (including the first of a string)

/.+/ will match any number of characters

As usual, you should check with your Perl book and do some experiments.

regards

Hugh


On Friday, May 16, 2003, at 08:08 Australia/Melbourne, James Nelson 
wrote:

> Another update (sorry for the flooding :).
>
> Looks like:
> <Handler CHAP-Password = /./>
> works also.  I think this should be fine for what I need.  Also, after
> making a few changes, I have been unable to recreate the Null password
> problem mentioned.  I probably had something screwed up and didn't 
> notice
> it.
>
> Thanks for the help so far.  If you can think of any reason the /./ 
> might
> cause problems or why /.*/ would be better, let me know.
> ::James Nelson
>
> ----- Original Message -----
> From: "James Nelson" <radiator at isleofatlantis.net>
> To: "Hugh Irvine" <hugh at open.com.au>
> Cc: <radiator at open.com.au>
> Sent: Thursday, May 15, 2003 4:20 PM
> Subject: Re: (RADIATOR) Auth protocol branch
>
>
>> Did some more troubleshooting, and found if I change the first 
>> Handler to:
>> <Handler CHAP-Password = /[^a-zA-Z0-9]/>, it will work.  Perhaps 
>> something
>> doesn't like the "/.*/".  I'm not a Perl guru, so I'm not sure what it
> could
>> be.
>>
>> ::James Nelson
>>
>> ----- Original Message -----
>> From: "James Nelson" <radiator at isleofatlantis.net>
>> To: "Hugh Irvine" <hugh at open.com.au>
>> Cc: <radiator at open.com.au>
>> Sent: Thursday, May 15, 2003 4:08 PM
>> Subject: Re: (RADIATOR) Auth protocol branch
>>
>>
>>> I've tried this and now everything is being handled by the CHAP 
>>> handler,
>>> regardless of the authentication method.  Here's what I've got:
>>>
>>> <Handler CHAP-Password = /.*/>
>>> # deal with CHAP
>>>  <AuthBy SQL>
>>>   DBSource  ***
>>>   ...
>>>   AuthSelect select CONCAT('{rcrypt}',txtPassword) from Customers 
>>> where
>>> UserName=%0
>>>  </AuthBy>
>>>
>>>  <AuthLog SQL>
>>>   DBSource  ***
>>>   ...
>>>   SuccessQuery insert into RadAcct values
>>> ('%l','Success(CHAP)','%U','%N',%1)
>>>   FailureQuery insert into RadAcct values
>>> ('%l','Failure(CHAP)','%U','%N',%1)
>>>   LogSuccess 1
>>>  </AuthLog>
>>> </Handler>
>>>
>>> <Handler>
>>> # deal with PAP
>>>  <AuthBy SQL>
>>>   DBSource  ***
>>>   ...
>>>   AuthSelect select CONCAT('{MD5}',Password) from Customers where
>>> UserName=%0
>>>  </AuthBy>
>>>
>>>  <AuthLog SQL>
>>>   DBSource  ***
>>>   ...
>>>   SuccessQuery insert into RadAcct values
>> ('%l','Success(PAP)','%U','%N',%1)
>>>   FailureQuery insert into RadAcct values
>> ('%l','Failure(PAP)','%U','%N',%1)
>>>   LogSuccess 1
>>>  </AuthLog>
>>> </Handler>
>>>
>>> All my logs: successes, failures, PAP or CHAP show the (CHAP) note 
>>> that
> I
>>> placed.  Also, I'm noticing that if it tries to authenticate when SQL
> has
>> a
>>> "Null" entry where it's Rcrypted password would be, it authenticates
>>> regardless of what is entered in the password field.  Is that normal?
>>>
>>> Thanks,
>>> ::James Nelson
>>>
>>> ----- Original Message -----
>>> From: "Hugh Irvine" <hugh at open.com.au>
>>> To: "James Nelson" <radiator at isleofatlantis.net>
>>> Cc: <radiator at open.com.au>
>>> Sent: Wednesday, May 14, 2003 5:12 PM
>>> Subject: Re: (RADIATOR) Auth protocol branch
>>>
>>>
>>>>
>>>>
>>>> Hello James -
>>>>
>>>> You can do this with Handlers:
>>>>
>>>> <Handler CHAP-Password = /.*/>
>>>> # deal with CHAP
>>>> ....
>>>> </Handler>
>>>>
>>>> <Handler>
>>>> # deal with others
>>>> ....
>>>> </Handler>
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On Thursday, May 15, 2003, at 07:42 Australia/Melbourne, James 
>>>> Nelson
>>>> wrote:
>>>>
>>>>
>>>>> Is there a way to set the radius.cfg file to branch based on what
>>>>> Authentication protocol (PAP or CHAP) is being used?  Example:
>>>>>
>>>>> If Auth-Proto = PAP then
>>>>>   AuthSelect 1
>>>>> else
>>>>>   AuthSelect 2
>>>>>
>>>>> Since I primarily use PAP (so I can create non-reversible hashs on
> my
>>>>> server), but still need to support a few NAS's (that I don't
> control)
>>>>> who absolutely demand the use of CHAP.  I was originally thinking 
>>>>> of
>>>>> splitting this by realms, but this is no longer an option.
>>>>>
>>>>> Thanks for your help,
>>>>> ::James Nelson
>>>>>
>>>>>
>>>>>
>>>> NB: have you included a copy of your configuration file (no 
>>>> secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database 
>>>> independence.
>>>>
>>>>
>>>
>>
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list