[RADIATOR] MSCHAP-V2 and AuthBy FILE

Mike Newton mnewton at pofp.com
Sun Sep 18 19:36:55 CDT 2011 

How can this be done? It keeps complaining about an empty password, I guess because it's encrypted. This is what I have now; the next handler is an AuthBy SQL and it works just fine, after the user is rejected by the FILE handler. Thanks for any assistance.

<Handler Service-Type=Framed-User|Login-User|8744>
    AuthByPolicy ContinueWhileReject
    Identifier UserAuthenticationHandler
    <AuthBy FILE>
        CachePasswordExpiry 86400
        CachePasswords 1
        EAPAnonymous anonymous
        EAPContextTimeout 1000
        EAPType MSCHAP-V2
        Filename %D/users
        Identifier SpecialUserAuthenticationMethod
        IgnoreAccounting 1
        NoDefault 1
        PasswordPrompt password
        RejectEmptyPassword 1
    </AuthBy>
    <AuthBy SQL>
        …
    </AuthBy>

Sun Sep 18 20:23:44 2011: DEBUG: Packet dump:
*** Received from 209.115.176.75 port 32771 ....
Code:       Access-Request
Identifier: 119
Authentic:  <231><153>uw<12><180>wx4<26>(<18><246>=<18><255>
Attributes:
Acct-Session-Id = "5f0bb501"
NAS-Port = 13
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "0RESTRICTED"
MS-CHAP2-Response = w<0>Y<141> <175>G<198>1<147><221><250><154>L<7>A …
MS-CHAP-Challenge = <231><153>uw<12><180>wx4<26>(<18><246>=<18><255>
NAS-Identifier = "FOO"
Framed-MTU = 1496
Connect-Info = "HTTPS"
Framed-Protocol = PPP
Service-Type = Framed-User
Message-Authenticator = <175><189>i<150><16>{I\<29><29><197>$y<24><167><197>

Sun Sep 18 20:23:44 2011: DEBUG: Handling request with Handler 'Service-Type=Framed-User|Login-User|8744', Identifier 'UserAuthenticationHandler'
Sun Sep 18 20:23:44 2011: DEBUG:  Deleting session for 0RESTRICTED, 209.115.176.75, 13
Sun Sep 18 20:23:44 2011: DEBUG: Handling with Radius::AuthFILE: SpecialUserAuthenticationMethod
Sun Sep 18 20:23:44 2011: DEBUG: Radius::AuthFILE rejected 0RESTRICTED because of an empty password
Sun Sep 18 20:23:44 2011: DEBUG: AuthBy FILE result: REJECT, Empty password
Sun Sep 18 20:23:44 2011: DEBUG: Handling with Radius::AuthSQL: SQLUserAuthenticationMethod
Sun Sep 18 20:23:44 2011: DEBUG: Radius::AuthSQL looks for match with 0RESTRICTED [0RESTRICTED]
Sun Sep 18 20:23:44 2011: DEBUG: Radius::AuthSQL ACCEPT: : 0RESTRICTED [0RESTRICTED]
Sun Sep 18 20:23:44 2011: DEBUG: AuthBy SQL result: ACCEPT,
Sun Sep 18 20:23:44 2011: DEBUG: Access accepted for 0RESTRICTED


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110918/a8d2b8d9/attachment.html

More information about the radiator mailing list