Thanks a lot for the reply. Removing RejectEmptyPassword did fix it; I thought I had commented it during testing and still received an Access-Reject but I guess I was mistaken.
-- Michael Newton Manager, Information Systems Point of Presence Technologies You manage your business. We’ll manage your network. 3406-2371 Lam Circle, Victoria BC V8N 6K8 T: 250-412-6688 x 7040 [email protected]<mailto:[email protected]> | www.pofp.com<http://www.pofp.com/> This document and all of its contents are intended only for the party to whom it is addressed, and may contain information which is privileged or confidential. Any other delivery, distribution, copying, or disclosure is strictly prohibited and is not a waiver of privilege or confidentiality. If you have received this telecommunication in error, please notify the sender immediately by return electronic mail, and destroy the message. On 19 Sep 2011, at 10:36, Heikki Vatiainen wrote: On 09/19/2011 03:36 AM, Mike Newton wrote: Hello Mike, How can this be done? It keeps complaining about an empty password, I guess because it's encrypted. This is what I have now; the next handler is an AuthBy SQL and it works just fine, after the user is rejected by the FILE handler. Thanks for any assistance. It should work once you remove RejectEmptyPassword. The reason Radiator complains is this setting. Check the reference manual to verify if you need this option or not. The problem here is there is no password that can be decoded. With MS-CHAP-V2 you get a challange that is calculated using the password, but not the password itself in any form that can be decrypted. Thanks! Heikki <Handler Service-Type=Framed-User|Login-User|8744> AuthByPolicy ContinueWhileReject Identifier UserAuthenticationHandler <AuthBy FILE> CachePasswordExpiry 86400 CachePasswords 1 EAPAnonymous anonymous EAPContextTimeout 1000 EAPType MSCHAP-V2 Filename %D/users Identifier SpecialUserAuthenticationMethod IgnoreAccounting 1 NoDefault 1 PasswordPrompt password RejectEmptyPassword 1 </AuthBy> <AuthBy SQL> … </AuthBy> Sun Sep 18 20:23:44 2011: DEBUG: Packet dump: *** Received from 209.115.176.75 port 32771 .... Code: Access-Request Identifier: 119 Authentic: <231><153>uw<12><180>wx4<26>(<18><246>=<18><255> Attributes: Acct-Session-Id = "5f0bb501" NAS-Port = 13 NAS-Port-Type = Wireless-IEEE-802-11 User-Name = "0RESTRICTED" MS-CHAP2-Response = w<0>Y<141> <175>G<198>1<147><221><250><154>L<7>A … MS-CHAP-Challenge = <231><153>uw<12><180>wx4<26>(<18><246>=<18><255> NAS-Identifier = "FOO" Framed-MTU = 1496 Connect-Info = "HTTPS" Framed-Protocol = PPP Service-Type = Framed-User Message-Authenticator = <175><189>i<150><16>{I\<29><29><197>$y<24><167><197> Sun Sep 18 20:23:44 2011: DEBUG: Handling request with Handler 'Service-Type=Framed-User|Login-User|8744', Identifier 'UserAuthenticationHandler' Sun Sep 18 20:23:44 2011: DEBUG: Deleting session for 0RESTRICTED, 209.115.176.75, 13 Sun Sep 18 20:23:44 2011: DEBUG: Handling with Radius::AuthFILE: SpecialUserAuthenticationMethod Sun Sep 18 20:23:44 2011: DEBUG: Radius::AuthFILE rejected 0RESTRICTED because of an empty password Sun Sep 18 20:23:44 2011: DEBUG: AuthBy FILE result: REJECT, Empty password Sun Sep 18 20:23:44 2011: DEBUG: Handling with Radius::AuthSQL: SQLUserAuthenticationMethod Sun Sep 18 20:23:44 2011: DEBUG: Radius::AuthSQL looks for match with 0RESTRICTED [0RESTRICTED] Sun Sep 18 20:23:44 2011: DEBUG: Radius::AuthSQL ACCEPT: : 0RESTRICTED [0RESTRICTED] Sun Sep 18 20:23:44 2011: DEBUG: AuthBy SQL result: ACCEPT, Sun Sep 18 20:23:44 2011: DEBUG: Access accepted for 0RESTRICTED _______________________________________________ radiator mailing list [email protected]<mailto:[email protected]> http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <[email protected]<mailto:[email protected]>> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
