Joseph Showalter wrote: > What we would like to do is this: > > Take this request: > > User-Name = "[email protected]" > CHAP-Password = 0x59db2896a9629a7a1296e8e3dc7751da58 > NAS-IP-Address = 10.130.2.1 > CHAP-Challenge = 0x022074534be2e8405c867f676b46b432 > 3GPP2-Attr-60 = 0x00000001 > 3GPP2-Attr-61 = 0x0106000000010209a0000029275c41
That looks like a series of TLVs to me. i.e. not a password. There seems to be a 32-bit integer, followed by a 64-bit integer. > And instead of using chap to authenticate the user, we take the > 3GPP2-Attr-61, convert it to the password we want, set it into the > cleartext-password, and have the sql module query the DB for that new > password. I'm not sure what that means. "convert it to the password we want"? > Here is the perl code that we run prior to the pap module: > > > $retattr .= "Cleartext-Password := $meid"; > $retattr .= ", CHAP-Password :=\"\" , CHAP-Challenge :=\"\" "; > $retattr .= ", Auth-Type := PAP "; Well, that won't work. The Cleartext-Password is the *known good* password. The PAP module needs a User-Password, too. The User-Password is the password as entered by the user. If you're going to force authentication success, why not just set "Auth-Type := Accept"? That avoids all of the mangling of passwords (chap and pap) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
