(RADIATOR) DecryptPassword

[Hugh Irvine]

Hello Zak -

Could you please tell me the name of the registered company that has  
purchased this copy of Radiator?

Please reply to me directly.

In answer to your question, you should use a ReplyHook in the AuthBy  
RADIUS clause to do whatever you need to do when the proxy reply  
comes back from the remote radius server. There is an example showing  
how to do this in "goodies/hooks.txt" in the Radiator 3.15 distribution.

regards

Hugh


On 13 Oct 2006, at 20:32, Zak McGregor wrote:

> Hi all
>
> I have the following specified in my config file:
> LogDir          /var/log/radius
> DbDir           /etc/radiator
> Trace           4
> BindAddress *********,127.0.0.1
> DictionaryFile /etc/radiator/dictionary
> AuthPort 1812
> AcctPort 1813
> <Client 127.0.0.1>
>         Secret ********
> </Client>
> <AuthBy FILE>
>         Identifier RejectUser
>         Filename /etc/radiator/reject.user
> </AuthBy>
> <Handler NAS-Port-Type=ISDN>
>         AuthBy RejectUser
> </Handler>
> <Handler Realm=********>
>         AuthByPolicy ContinueWhileReject
>        <AuthBy EXTERNAL>
>                DecryptPassword
>                Command /usr/local/bin/AuthCGPExt.pl
>        </AuthBy>	
>         <AuthBy RADIUS>
>                 Synchronous
>                 Host 196.37.50.98
>                 Secret x-streamsucks!
>                 AuthPort 1888
>                 NoForwardAccounting
>                 DefaultReply NAS-Port-Type=Async
>                 DefaultSimultaneousUse 1
>         </AuthBy>
> </Handler>
>
> I have replaced potentially sensitive information with "*****", but
> realm is fine & ip address info is all working correctly.  
> Currently, we
> are proxying through to another radius server on a custom port. I am
> trying to implement an external auth program to verify users using
> different criteria than the radius server on port 1888 can currently
> handle. Unfortunately, the DecryptPassword declaration doesn't seem to
> be working, as the external authprogram still gets
> User-Password="<nnn><nnn><nnn>....|" (always seems to end with a  
> pipe).
> How can I get the plaintext password to the external program OR how  
> can
> I make Radiator require both AuthBy declarations to be satisfied  
> before
> allowing access? I could then leave the proxied server to handle the
> actual password verification, and just use my external program to
> verify other user details and fail  on things like when the user's
> subscription expired.
>
> Thanks!
>
> Cheers
>
> Zak
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.