Hello Heikki, Thank you very much! I will try modifying my script then to look for the presence of the CHAP-Password attribute. Cheers!
> Date: Fri, 21 Oct 2011 11:35:58 +0300 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: [RADIATOR] PAP and CHAP > > On 10/21/2011 11:21 AM, M P wrote: > > > May I know how to determine the incoming Access-Request is whether a PAP > > or CHAP? What are the things to consider in CHAP? > > You check for the presence of CHAP-Password attribute. Here's an example > showing the difference between PAP and CHAP. > > % ./radpwtst -trace 4 -noacct > Fri Oct 21 11:32:49 2011: DEBUG: Reading dictionary file './dictionary' > sending Access-Request... > Fri Oct 21 11:32:49 2011: DEBUG: Packet dump: > *** Sending to 127.0.0.1 port 1645 .... > Code: Access-Request > Identifier: 79 > Authentic: L}!<139><26>/<14>mC<27><229>S"\<<252> > Attributes: > User-Name = "mikem" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Identifier = "203.63.154.1" > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = Pdr<243><193><25>,<128><198><183>=.<130><211>s$ > > > % ./radpwtst -trace 4 -noacct -chap > Fri Oct 21 11:32:52 2011: DEBUG: Reading dictionary file './dictionary' > sending Access-Request... > Fri Oct 21 11:32:52 2011: DEBUG: Packet dump: > *** Sending to 127.0.0.1 port 1645 .... > Code: Access-Request > Identifier: 82 > Authentic: ^<146>+<222><249><213><128>K;<171><148>0<218><241>X<158> > Attributes: > User-Name = "mikem" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Identifier = "203.63.154.1" > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > CHAP-Password = > 5S<170><235><146><30><135><252><190><135><244>.cx<249><173>~ > CHAP-Challenge = 1234567890123456 > > > > I am currently using an AuthBy EXTERNAL for PAP with the following > > configuration: > > > > <Handler Realm=testing> > > <AuthBy EXTERNAL> > > RejectEmptyPassword > > DecryptPassword > > Command /usr/local/sbin/radiator-auth > > Fork > > </AuthBy> > > RejectHasReason > > </Handler> > > > > Now, I want the external command to support both PAP and CHAP. Right > > now, PAP works fine already. I'm not sure yet how to extend the support > > for CHAP that will co-exist on the same script as on the current one. > > Try extending your external command to watch for CHAP-Password and then > act accordingly for CHAP authentication if the attribute is present. > > Thanks! > Heikki > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc.
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
