[RADIATOR] PAP and CHAP

M P antmtp at hotmail.com
Fri Oct 21 04:18:28 CDT 2011 

Hello Heikki,
Thank you very much! I will try modifying my script then to look for the presence of the CHAP-Password attribute.
Cheers!

> Date: Fri, 21 Oct 2011 11:35:58 +0300
> From: hvn at open.com.au
> To: antmtp at hotmail.com
> CC: radiator at open.com.au
> Subject: Re: [RADIATOR] PAP and CHAP
> 
> On 10/21/2011 11:21 AM, M P wrote:
> 
> > May I know how to determine the incoming Access-Request is whether a PAP
> > or CHAP? What are the things to consider in CHAP?
> 
> You check for the presence of CHAP-Password attribute. Here's an example
> showing the difference between PAP and CHAP.
> 
> % ./radpwtst -trace 4 -noacct
> Fri Oct 21 11:32:49 2011: DEBUG: Reading dictionary file './dictionary'
> sending Access-Request...
> Fri Oct 21 11:32:49 2011: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1645 ....
> Code:       Access-Request
> Identifier: 79
> Authentic:  L}!<139><26>/<14>mC<27><229>S"\<<252>
> Attributes:
> 	User-Name = "mikem"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Identifier = "203.63.154.1"
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password = Pdr<243><193><25>,<128><198><183>=.<130><211>s$
> 
> 
> % ./radpwtst -trace 4 -noacct -chap
> Fri Oct 21 11:32:52 2011: DEBUG: Reading dictionary file './dictionary'
> sending Access-Request...
> Fri Oct 21 11:32:52 2011: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1645 ....
> Code:       Access-Request
> Identifier: 82
> Authentic:  ^<146>+<222><249><213><128>K;<171><148>0<218><241>X<158>
> Attributes:
> 	User-Name = "mikem"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Identifier = "203.63.154.1"
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	CHAP-Password =
> 5S<170><235><146><30><135><252><190><135><244>.cx<249><173>~
> 	CHAP-Challenge = 1234567890123456
> 
> 
> > I am currently using an AuthBy EXTERNAL for PAP with the following
> > configuration:
> > 
> > <Handler Realm=testing>
> >     <AuthBy EXTERNAL>
> >         RejectEmptyPassword
> >         DecryptPassword
> >         Command /usr/local/sbin/radiator-auth
> >         Fork
> >     </AuthBy>
> >     RejectHasReason
> > </Handler>
> > 
> > Now, I want the external command to support both PAP and CHAP. Right
> > now, PAP works fine already. I'm not sure yet how to extend the support
> > for CHAP that will co-exist on the same script as on the current one.
> 
> Try extending your external command to watch for CHAP-Password and then
> act accordingly for CHAP authentication if the attribute is present.
> 
> Thanks!
> Heikki
> 
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20111021/b8fdb15d/attachment.html

More information about the radiator mailing list