(RADIATOR) AuthBy URL - not getting password in clear text

Simon Gray simong at desktop-guardian.com
Tue Feb 10 03:52:08 CST 2004 

Bingo, changed the shared secret all works fine.

Should have realised this earlier, makes sense now.

Thank you.

Simon

> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
> Behalf Of Mike McCauley
> Sent: 09 February 2004 23:16
> To: Simon Gray; radiator at open.com.au
> Subject: Re: (RADIATOR) AuthBy URL - not getting password in clear text
> 
> Hello Simon,
> 
> The most likely explanation is that the shared secret that NTRadPing is
> using
> to encrypt the password is not 'mysecret', which is the shared secret
> configured into your Radiator Client clause.
> 
> I dont know what the default secret that NTRadPing uses, but I would be
> surprised if it is 'mysecret'.
> 
> Cheers.
> 
> On Mon, 9 Feb 2004 10:27 pm, Simon Gray wrote:
> > Hi,
> >
> > I've searched through the mailing lists, google and the source code by
> > hand. Still having problems getting the password through in clear text.
> >
> > I'm using NTRadPing as the radius client, using pap (tried chap as
> well).
> > (NTRadPing works perfectly fine under freeradius, so I know the client
> > isn't the problem).
> >
> > Have setup a simple webpage which simply logs to a text file so I can
> see
> > what's being passed.
> >
> > Here is an output I've what data I've collected from the sample webpage.
> >
> > <snip>
> > u=simon&c=q%DA%8B%E4%7C%EC%1C$%0E%0Em)f%DE%A4%8B
> > u=simon&c=H%a%06%8A'W%B6%20%87nj%A7%92%91
> > u=simon&c=%FC%AF%B3%C3%B0dg%80%14c%DB%BE3h~(
> > u=simon&c=Y%CC%A2z9%C0%E2%1E%93%DD%D0g%8CW%85
> > u=simon&c=rG%EF%D6]%7F%EA%90%0A,7[%07%D4%C6%C7
> > u=simon&c=%E3?%AB%B0%83%D2x%C5%20%DC%CC%CCl%8E%DD.
> > **u=simon&c=%B4Q%1A%92%99%F0%D9F%FB'.%1C1%B1N%12
> > **u=simon&c=)%B69Q%E3%D2d%0CT%C8%B9;%E2G%D5%11
> > </snip>
> >
> > My radius.cfg contains:
> >
> > <snip>
> > <Client DEFAULT>
> > 	Secret	mysecret
> > 	DupInterval 0
> > </Client>
> > <AuthBy URL>
> >     Identifier AURL
> >     Debug 1
> >     #AuthUrl http://localhost/radius/test_url.cgi
> >     AuthUrl http://localhost/radius/index.asp
> >     Timeout 5
> >     UserParam u
> >     PasswordParam c
> >     UrlMethod GET
> >     BadPasswordKeyword "wrong pass"
> >     BadUserKeyword "wrong user"
> >     AuthOKKeyword "all ok"
> >     PasswordEncryption Clear
> > </AuthBy>
> > <Handler>
> > 	RewriteUsername	s/^([^@]+).*/$1/
> > 	RejectHasReason
> > 	PasswordLogFileName %L\password.log
> > 	AuthBy AURL
> > </Handler>
> > </snip>
> >
> > The password.log file contains:
> >
> > <snip>
> > Fri Feb  6 16:38:14 2004:1076085494:simon:YÌ¢z9Àâ“ÝÐgŒW…:URL:PASS
> > Fri Feb  6 16:49:45 2004:1076086185:simon:rGïÖ]ê,7[
> > ÔÆÇ:URL:PASS
> > Mon Feb  9 10:46:07 2004:1076323567:simon:ã?«°ƒÒxÅ ÜÌÌlŽÝ.:URL:PASS
> > Mon Feb  9 11:07:49 2004:1076324869:simon:´Q’™ðÙFû'.1±N:URL:PASS
> > Mon Feb  9 11:08:12 2004:1076324892:simon:)¶9QãÒdTȹ;âGÕ:URL:PASS
> > </snip>
> >
> > I've also tried modifying the AuthURL.pm module by changing as suggested
> > from the mailing list archives:
> >
> > <snip>
> > #my $pass = $p->decodedPassword();
> > my $pass = &Radius::Util::format_special('%P', $p);
> > </snip>
> >
> > Also the radiusd debug output comes through as:
> >
> > <snip>
> > User-Name = "simon"
> > User-Password = "{<237><192><250><227><219>;<156><234>p_<240>G<3><15>r"
> > </snip>
> >
> > Any thoughts? Any suggestions?
> >
> > Am I missing something simple?
> >
> > TIA
> >
> > Simon
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> 
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> http://www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
> 
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list