What we would like to do is this:
Take this request:
User-Name = 6064191...@evdo.myawi.net
CHAP-Password = 0x59db2896a9629a7a1296e8e3dc7751da58
NAS-IP-Address = 10.130.2.1
CHAP-Challenge = 0x022074534be2e8405c867f676b46b432
3GPP2-Attr-60 = 0x0001
Joseph Showalter wrote:
What we would like to do is this:
Take this request:
User-Name = 6064191...@evdo.myawi.net
CHAP-Password = 0x59db2896a9629a7a1296e8e3dc7751da58
NAS-IP-Address = 10.130.2.1
CHAP-Challenge = 0x022074534be2e8405c867f676b46b432
Thanks so much for taking a look...
See comments below:
On Jan 18, 2013, at 3:04 PM, Alan DeKok al...@deployingradius.com
wrote:
Joseph wrote:
What we would like to do is this:
Take this request:
User-Name = 6064191...@evdo.myawi.net
CHAP-Password =
Joseph Showalter wrote:
Instead of using Chap which we are getting above, we want to use the
3GPP2-Attr-61 = 0x010600010209a029275c41 value which we can convert
to the device serial number.
OK.
In our DB we store the device serial number. The devices chap info most of
them time
On Jan 18, 2013, at 3:34 PM, Alan DeKok al...@deployingradius.com wrote:
authorize {
...
if (! %{sql:SELECT ... }) {
reject
}
Can I use a userdefined variable in the select statement that the EXEC perl
script returns:
I would like to use the User-Password
Joseph Showalter wrote:
Can I use a userdefined variable in the select statement that the EXEC perl
script returns:
Only if it's returned in the Perl script.
I would like to use the User-Password below:
[evdoesn] expand: %{User-Name} - 6064191...@evdo.myawi.net
Exec-Program output:
Forget the user-password. You are not using it, you are trying to kludge it.
Just use the variable you have, or the facsimile you are making.
This is freeradius, there are at least a dozen ways of doing what you want,
Alan has given you a fine method
alan
-
List info/subscribe/unsubscribe?
:= ...
It's in the FAQ.
Modified clients.conf as
10.89.49.1 {
That won't work. It's not the documented format,
Can anybody tell me how to support, EAP-TTLS, CHAP/PAP... I mean
second level protocol inside TTLS should be chap/pap/mschap
Dnia Śr Września 26 2007, 2:26 am, Alan DeKok napisał(a):
Wojciech Ziniewicz wrote:
Now , after deleting theese lines :
...
I've got the following :
rlm_sql (sql): No matching entry in the database for request from user
[TEST]
modcall[authorize]: module sql returns notfound for request 0
Wojciech Ziniewicz wrote:
Maybe i do something uncorrect with the operators ? or there are too few
attributes/values in my radcheck/radreply ?
No.
As I understand for now - My client gives me the password md5'ed with the
challenge , then my server compares the client's string with
Dnia Śr Września 26 2007, 11:57 am, Alan DeKok napisał(a):
Try also with ntradping, or another non-FreeRADIUS client. If CHAP
works for those clients, then the CHAP code in PPPoE is broken.
Alan DeKok.
Alan, probably you were right.
Testing CHAP auth locally with ntradping (runs easily
Dnia Śr Września 26 2007, 2:51 pm, Wojciech Ziniewicz napisał(a):
Dnia Śr Września 26 2007, 11:57 am, Alan DeKok napisał(a):
Try also with ntradping, or another non-FreeRADIUS client. If CHAP
works for those clients, then the CHAP code in PPPoE is broken.
Alan DeKok.
Alan, probably you
Hello all,
I have a small (about 400 users) network based on pppoe with freeradius
authentication.
For the last few days I am trying to switch to CHAP authentication.
I've made proper changes to radiusd.conf and pppoe-server to demand CHAP
auth from users and here's what I get.
Here's what we've
Wojciech Ziniewicz wrote:
For the last few days I am trying to switch to CHAP authentication.
I've made proper changes to radiusd.conf and pppoe-server to demand CHAP
auth from users and here's what I get.
Here's what we've got in the database :
RADCHECK :
TEST
Hi again!
Now , after deleting theese lines :
(
TEST Auth-Type := CHAP
TEST Password== TEST987
)
I've got the following :
rlm_sql (sql): No matching entry in the database for request from user [TEST]
modcall[authorize]: module sql returns notfound
Wojciech Ziniewicz wrote:
Now , after deleting theese lines :
...
I've got the following :
rlm_sql (sql): No matching entry in the database for request from user [TEST]
modcall[authorize]: module sql returns notfound for request 0
Then you did something else, or your configuration is
.
And it will still use CHAP for the PC users.
BIG THANKS to you Mike. And a BIG THANKS to you Alan
for your input also.
Joel
- Original Message -
From: Joel Eddy [EMAIL PROTECTED]
To: Joel Eddy [EMAIL PROTECTED]
Sent: Thursday, February 17, 2005 10:28 PM
Subject: Fw: CHAP / PAP ?
try
Stupid question.
Is it possible to do CHAP for some accounts and PAP for others?
I'm using CHAP and it works great for PC users. But I have some WebTV
receivers that
as far as I can tell only do PAP. And they aren't getting connected through
my 3COM Total Control 1000's.
Would it work it I
Thor Spruyt wrote:
PAP can work with unencrypted passwords in the backend.
CHAP cannot.
I think you mean the other way around ;-)
CHAP *requires* clear text passwords in the backend. PAP can work with
either encrypted or clear text passwords in the backend.
Don't want to confuse people ;-)
-
You can add to the same user entry an encrypted password (eg: SHA) for
PAP authentication and a NTPassword por CHAP authentication (both would
be different attribs of the same entry). You can use smbencrypt en
freeradius distrtribution to get the NTPassword encryption.
J.M.
Thor Spruyt wrote:
Michael Mitchell wrote:
Thor Spruyt wrote:
PAP can work with unencrypted passwords in the backend.
CHAP cannot.
I think you mean the other way around ;-)
Not exactly the other way around, but I didn't explain correctly.
CHAP *requires* clear text passwords in the backend. PAP can work with
either
Joel Eddy [EMAIL PROTECTED] wrote:
In MySql the passwords are in plain text.
When I use NTRADPING to check authentication
it will only give me an accept if I have the check mark in CHAP.
If I remove the check it won't authenticate.
Why are you looking at the client, when the server debug
wont. At least
that was my experience with NTRADPING.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Joel Eddy
Sent: Friday, 18 February 2005 11:15 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: CHAP / PAP ?
Okay,
In MySql the passwords
more reading in the Radius book.
Joel
- Original Message -
From: Mitchell, Michael J [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Thursday, February 17, 2005 6:20 PM
Subject: RE: CHAP / PAP ?
Run the server in debug mode (radiusd -X) and you'll see EXACTLY why its
Hi Joel,
Yep, the default users file sets Auth-Type := System by default. The order, and
behaviour of the modules in your 'authorize' section of radiusd.conf which
Auth-Type is eventually used. I believe that each module will set the Auth-Type
appropriate, *IF* the Auth-Type hasn't already
Michael Mitchell [EMAIL PROTECTED] wrote:
DEFAULT Auth-Type = PAP
Fall-Through = 1
That should still let CHAP work when specified, but will default to PAP if no
other method of authentication has already been specified.
This is untested of course, so please report back to me if
may benefit from it's results.
Joel
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Thursday, February 17, 2005 7:12 PM
Subject: Re: CHAP / PAP ?
Michael Mitchell [EMAIL PROTECTED] wrote:
DEFAULT Auth-Type = PAP
Fall-Through
message --
From: Alan DeKok [EMAIL PROTECTED]
Date: Sat, 11 Sep 2004 09:21:56 -0400
Subject: Re: CHAP PAP
To:
William [EMAIL PROTECTED] wrote:
Fri Sep 10 17:04:54 2004 : Auth: rlm_unix: Attribute User-Password is
required for authentication. Cannot use CHAP-Password.
Please read the FAQ
William [EMAIL PROTECTED] wrote:
I did read the FAQ. Now that I have CHAP working for a specific
huntgroup, I can't get PAP working locally. It does not even hit the
rlm_unix during debug (Below). I do not know what is missing.
...
Mon Sep 13 11:02:46 2004 : Debug: auth: No authenticate
William [EMAIL PROTECTED] wrote:
Fri Sep 10 17:04:54 2004 : Auth: rlm_unix: Attribute User-Password is required for
authentication. Cannot use CHAP-Password.
Please read the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Greetings,
I have a problem with FR1.0.0 and chap/pap.
Knowns:
FreeBSD 4.7-RELEASE
FreeRadius 1.0.0 (downloaded today, not CVS)
National dialup provider sending both PAP CHAP requests.
Problem:
I have 2 types of authentication... those in the users file (for chap and
locl
gentoo and the source from freeradius.org.
2) Since I authenticate thru MySql, do I need CHAP,
PAP or EAP?
If you need PAP, CHAP or EAP depends on the type of
auth you want to do, not on the type of storage
backend...
The passwords are unix encrypted passwords which sit
in the MySql DB
on Gentoo).
Authentication is done with encrypted passwords in
MySql.
did you use the 0.9.3 ebuild or did you do it on your own? I made the
ebuild, and I see no problems on any of my systems, so a more complete
description would be helpful.
2) Since I authenticate thru MySql, do I need CHAP,
PAP
the secret...
the secret word is given or I have to create it on my own...
and if I have have to create it or declare it...
where... there are some particular suggestions in how to create a secret
key...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sun, Jan 25, 2004 at 03:24:50PM +0100, Ciolo_-^DusT^-_WebMaster wrote:
the secret...
the secret word is given or I have to create it on my own...
and if I have have to create it or declare it...
where... there are some particular suggestions in how to create a secret
key...
Well... Let
passwords in
MySql.
I have 2 important questions:
1) Is rlm_unix only used for unix password
authentication?
2) Since I authenticate thru MySql, do I need CHAP,
PAP or EAP?
Please help!
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try
36 matches
Mail list logo
