Re: (RADIATOR) rcrypt passwords when using AuthBy SQL

Tue, 25 Nov 2003 00:38:51 -0800


Hello Bill -

Yes you should be able to do what you show below.

How have you generated the password string in the database, and how is the password column defined?

Please send me the plaintext password, the command you used to rcrypt it, the encrypted string and the SQL table definition.

I have seen problems like this when the password column is fixed width and padded with spaces or NULLs, instead of being defined as varchar.

regards

Hugh


On 25/11/2003, at 5:27 AM, William Holmes wrote:

Hello,

I have the following AuthBy SQL clause setup. The passwords in the
PASSWORD colunm
have the following format: {rcrypt}somehasvalue123456

I am unable to authenticate. According to 6.28.6 in the config guide it
should be
possible to use rcrypted passwords. What might I be missing.

Thanks

Bill

# This will authenticate users from SUBSCRIBERS
<Realm DEFAULT>
    <AuthBy SQL>
        # Adjust DBSource, DBUsername, DBAuth to suit your DB
        DBSource        dbi:mysql:radius:localhost
        DBUsername      afakeusername
        DBAuth  afakepassword

# Use Rcrypt passwords ....

RcryptKey afakercryptkey.

        # You may want to tailor these for your ACCOUNTING table
        # You can add your own columns to store whatever you like
        AccountingTable ACCOUNTING
        AcctColumnDef   USERNAME,User-Name
        AcctColumnDef   TIME_STAMP,Timestamp,integer
        AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
        AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
        AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
        AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
        AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
        AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
        AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
        AcctColumnDef   NASIDENTIFIER,NAS-Identifier
        AcctColumnDef   NASPORT,NAS-Port,integer
        AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address

        # You can arrange to log accounting to a file if the
        # SQL insert fails with AcctFailedLogFileName
        # That way you could recover from a broken SQL
        # server
        #AcctFailedLogFileName %D/missedaccounting



    </AuthBy>
</Realm>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to