Hi Alan, Thanks for the feedback / input! I've sent you the complete output for -X (not to flood the list).
I'm not to sure where this is coming from either, frankly, it might be one of my SQL Queries, I'm simply not sure, and I don't know enough about Radius afaik. It would seem to me though, that there are some sort of a cache-like issue going here. My first authentication request (correct password) will go through, and successfully authenticate. If I send the same username with the wrong password to the same radius server in a matter of seconds (so far it would seem the limit is about 10 seconds), Freeradius would accept the username with the wrong password (even a blank password). After a few seconds has past, it will once again deny the authentication request, stating that the password was not found / invalid. I have not yet checked if the same happens on freeradius-0.8, but these logs are from 0.7.1 -- me ----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, December 07, 2002 8:03 PM Subject: Re: Confused... > "Chris Knipe" <[EMAIL PROTECTED]> wrote: > > I only realised after I posted. Basically, both of them are authorised if > > they happen within a short period of time after each other... > > Ok... > > > rlm_pap: login attempt by "user@realm" with password fl4shp1x13 > > rlm_pap: Using password 6e8a104e79c05453663713d06b797611 for user user@realm > > authentication. > ... > > rlm_pap: login attempt by "user@realm" with password fl4shp1x131 > > rlm_pap: Using password for user user@realm authentication. > > And that's probably the cause of the problem. The passwords in the > RADIUS requests are different (the second one has an additional '1'), > but the second time, the *configured* password to check against is > empty. > > It's a bug in rlm_pap, and I'll go fix it. > > My question then is where does the empty password come from? The > PAP module is trying to compare the user-supplied password with an > *empty*, but not non-existent password taken from some database, by > another module. > > So the fix to rlm_pap is NOT sufficient here. We need to know which > other module you're using to get the MD5 password, and why it returns > an empty password. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
