(RADIATOR) rcrypt passwords when using AuthBy SQL

Hugh Irvine hugh at open.com.au
Tue Nov 25 01:27:18 CST 2003 

Hello Bill -

Yes you should be able to do what you show below.

How have you generated the password string in the database, and how is 
the password column defined?

Please send me the plaintext password, the command you used to rcrypt 
it, the encrypted string and the SQL table definition.

I have seen problems like this when the password column is fixed width 
and padded with spaces or NULLs, instead of being defined as varchar.

regards

Hugh


On 25/11/2003, at 5:27 AM, William Holmes wrote:

> Hello,
>
> I have the following AuthBy SQL clause setup. The passwords in the
> PASSWORD colunm
> have the following format: {rcrypt}somehasvalue123456
>
> I am unable to authenticate. According to 6.28.6 in the config guide it
> should be
> possible to use rcrypted passwords. What might I be missing.
>
> Thanks
>
> Bill
>
> # This will authenticate users from SUBSCRIBERS
> <Realm DEFAULT>
>     <AuthBy SQL>
> 	# Adjust DBSource, DBUsername, DBAuth to suit your DB
> 	DBSource	dbi:mysql:radius:localhost
> 	DBUsername	afakeusername
> 	DBAuth	afakepassword
>
> 	# Use Rcrypt passwords ....
>
> 	RcryptKey afakercryptkey.
>
> 	# You may want to tailor these for your ACCOUNTING table
> 	# You can add your own columns to store whatever you like
> 	AccountingTable	ACCOUNTING
> 	AcctColumnDef	USERNAME,User-Name
> 	AcctColumnDef	TIME_STAMP,Timestamp,integer
> 	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
> 	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
> 	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
> 	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> 	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
> 	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
> 	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
> 	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
> 	AcctColumnDef	NASPORT,NAS-Port,integer
> 	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
>
> 	# You can arrange to log accounting to a file if the
> 	# SQL insert fails with AcctFailedLogFileName
> 	# That way you could recover from a broken SQL
> 	# server
> 	#AcctFailedLogFileName %D/missedaccounting
>
> 	
>
>     </AuthBy>
> </Realm>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list