(RADIATOR) AuthBy URL - not getting password in clear text

Mike McCauley mikem at open.com.au
Mon Feb 9 17:15:53 CST 2004


Hello Simon,

The most likely explanation is that the shared secret that NTRadPing is using 
to encrypt the password is not 'mysecret', which is the shared secret 
configured into your Radiator Client clause.

I dont know what the default secret that NTRadPing uses, but I would be 
surprised if it is 'mysecret'.

Cheers.

On Mon, 9 Feb 2004 10:27 pm, Simon Gray wrote:
> Hi,
>
> I've searched through the mailing lists, google and the source code by
> hand. Still having problems getting the password through in clear text.
>
> I'm using NTRadPing as the radius client, using pap (tried chap as well).
> (NTRadPing works perfectly fine under freeradius, so I know the client
> isn't the problem).
>
> Have setup a simple webpage which simply logs to a text file so I can see
> what's being passed.
>
> Here is an output I've what data I've collected from the sample webpage.
>
> <snip>
> u=simon&c=q%DA%8B%E4%7C%EC%1C$%0E%0Em)f%DE%A4%8B
> u=simon&c=H%a%06%8A'W%B6%20%87nj%A7%92%91
> u=simon&c=%FC%AF%B3%C3%B0dg%80%14c%DB%BE3h~(
> u=simon&c=Y%CC%A2z9%C0%E2%1E%93%DD%D0g%8CW%85
> u=simon&c=rG%EF%D6]%7F%EA%90%0A,7[%07%D4%C6%C7
> u=simon&c=%E3?%AB%B0%83%D2x%C5%20%DC%CC%CCl%8E%DD.
> **u=simon&c=%B4Q%1A%92%99%F0%D9F%FB'.%1C1%B1N%12
> **u=simon&c=)%B69Q%E3%D2d%0CT%C8%B9;%E2G%D5%11
> </snip>
>
> My radius.cfg contains:
>
> <snip>
> <Client DEFAULT>
> 	Secret	mysecret
> 	DupInterval 0
> </Client>
> <AuthBy URL>
>     Identifier AURL
>     Debug 1
>     #AuthUrl http://localhost/radius/test_url.cgi
>     AuthUrl http://localhost/radius/index.asp
>     Timeout 5
>     UserParam u
>     PasswordParam c
>     UrlMethod GET
>     BadPasswordKeyword "wrong pass"
>     BadUserKeyword "wrong user"
>     AuthOKKeyword "all ok"
>     PasswordEncryption Clear
> </AuthBy>
> <Handler>
> 	RewriteUsername	s/^([^@]+).*/$1/
> 	RejectHasReason
> 	PasswordLogFileName %L\password.log
> 	AuthBy AURL
> </Handler>
> </snip>
>
> The password.log file contains:
>
> <snip>
> Fri Feb  6 16:38:14 2004:1076085494:simon:YÌ¢z9Àâ“ÝÐgŒW…:URL:PASS
> Fri Feb  6 16:49:45 2004:1076086185:simon:rGïÖ]ê,7[
> ÔÆÇ:URL:PASS
> Mon Feb  9 10:46:07 2004:1076323567:simon:ã?«°ƒÒxÅ ÜÌÌlŽÝ.:URL:PASS
> Mon Feb  9 11:07:49 2004:1076324869:simon:´Q’™ðÙFû'.1±N:URL:PASS
> Mon Feb  9 11:08:12 2004:1076324892:simon:)¶9QãÒdTȹ;âGÕ:URL:PASS
> </snip>
>
> I've also tried modifying the AuthURL.pm module by changing as suggested
> from the mailing list archives:
>
> <snip>
> #my $pass = $p->decodedPassword();
> my $pass = &Radius::Util::format_special('%P', $p);
> </snip>
>
> Also the radiusd debug output comes through as:
>
> <snip>
> User-Name = "simon"
> User-Password = "{<237><192><250><227><219>;<156><234>p_<240>G<3><15>r"
> </snip>
>
> Any thoughts? Any suggestions?
>
> Am I missing something simple?
>
> TIA
>
> Simon
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list