Joseph Showalter wrote:
What we would like to do is this:
Take this request:
User-Name = 6064191...@evdo.myawi.net
CHAP-Password = 0x59db2896a9629a7a1296e8e3dc7751da58
NAS-IP-Address = 10.130.2.1
CHAP-Challenge = 0x022074534be2e8405c867f676b46b432
Thanks so much for taking a look...
See comments below:
On Jan 18, 2013, at 3:04 PM, Alan DeKok al...@deployingradius.com
wrote:
Joseph wrote:
What we would like to do is this:
Take this request:
User-Name = 6064191...@evdo.myawi.net
CHAP-Password =
Joseph Showalter wrote:
Instead of using Chap which we are getting above, we want to use the
3GPP2-Attr-61 = 0x010600010209a029275c41 value which we can convert
to the device serial number.
OK.
In our DB we store the device serial number. The devices chap info most of
them time
On Jan 18, 2013, at 3:34 PM, Alan DeKok al...@deployingradius.com wrote:
authorize {
...
if (! %{sql:SELECT ... }) {
reject
}
Can I use a userdefined variable in the select statement that the EXEC perl
script returns:
I would like to use the User-Password
Joseph Showalter wrote:
Can I use a userdefined variable in the select statement that the EXEC perl
script returns:
Only if it's returned in the Perl script.
I would like to use the User-Password below:
[evdoesn] expand: %{User-Name} - 6064191...@evdo.myawi.net
Exec-Program output:
Forget the user-password. You are not using it, you are trying to kludge it.
Just use the variable you have, or the facsimile you are making.
This is freeradius, there are at least a dozen ways of doing what you want,
Alan has given you a fine method
alan
-
List info/subscribe/unsubscribe?
this on freeradius to auth PAP
- Original Message -
From: Michael Mitchell [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Thursday, February 17, 2005 7:06 PM
Subject: Re: CHAP / PAP ?
Hi Joel,
Yep, the default users file sets Auth-Type := System by default. The
order
Stupid question.
Is it possible to do CHAP for some accounts and PAP for others?
I'm using CHAP and it works great for PC users. But I have some WebTV
receivers that
as far as I can tell only do PAP. And they aren't getting connected through
my 3COM Total Control 1000's.
Would it work it I
Thor Spruyt wrote:
PAP can work with unencrypted passwords in the backend.
CHAP cannot.
I think you mean the other way around ;-)
CHAP *requires* clear text passwords in the backend. PAP can work with
either encrypted or clear text passwords in the backend.
Don't want to confuse people ;-)
-
You can add to the same user entry an encrypted password (eg: SHA) for
PAP authentication and a NTPassword por CHAP authentication (both would
be different attribs of the same entry). You can use smbencrypt en
freeradius distrtribution to get the NTPassword encryption.
J.M.
Thor Spruyt wrote:
Michael Mitchell wrote:
Thor Spruyt wrote:
PAP can work with unencrypted passwords in the backend.
CHAP cannot.
I think you mean the other way around ;-)
Not exactly the other way around, but I didn't explain correctly.
CHAP *requires* clear text passwords in the backend. PAP can work with
either
Joel Eddy [EMAIL PROTECTED] wrote:
In MySql the passwords are in plain text.
When I use NTRADPING to check authentication
it will only give me an accept if I have the check mark in CHAP.
If I remove the check it won't authenticate.
Why are you looking at the client, when the server debug
wont. At least
that was my experience with NTRADPING.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Joel Eddy
Sent: Friday, 18 February 2005 11:15 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: CHAP / PAP ?
Okay,
In MySql the passwords
more reading in the Radius book.
Joel
- Original Message -
From: Mitchell, Michael J [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Thursday, February 17, 2005 6:20 PM
Subject: RE: CHAP / PAP ?
Run the server in debug mode (radiusd -X) and you'll see EXACTLY why its
Hi Joel,
Yep, the default users file sets Auth-Type := System by default. The order, and
behaviour of the modules in your 'authorize' section of radiusd.conf which
Auth-Type is eventually used. I believe that each module will set the Auth-Type
appropriate, *IF* the Auth-Type hasn't already
Michael Mitchell [EMAIL PROTECTED] wrote:
DEFAULT Auth-Type = PAP
Fall-Through = 1
That should still let CHAP work when specified, but will default to PAP if no
other method of authentication has already been specified.
This is untested of course, so please report back to me if
may benefit from it's results.
Joel
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Thursday, February 17, 2005 7:12 PM
Subject: Re: CHAP / PAP ?
Michael Mitchell [EMAIL PROTECTED] wrote:
DEFAULT Auth-Type = PAP
Fall-Through
message --
From: Alan DeKok [EMAIL PROTECTED]
Date: Sat, 11 Sep 2004 09:21:56 -0400
Subject: Re: CHAP PAP
To:
William [EMAIL PROTECTED] wrote:
Fri Sep 10 17:04:54 2004 : Auth: rlm_unix: Attribute User-Password is
required for authentication. Cannot use CHAP-Password.
Please read the FAQ
William [EMAIL PROTECTED] wrote:
I did read the FAQ. Now that I have CHAP working for a specific
huntgroup, I can't get PAP working locally. It does not even hit the
rlm_unix during debug (Below). I do not know what is missing.
...
Mon Sep 13 11:02:46 2004 : Debug: auth: No authenticate
William [EMAIL PROTECTED] wrote:
Fri Sep 10 17:04:54 2004 : Auth: rlm_unix: Attribute User-Password is required for
authentication. Cannot use CHAP-Password.
Please read the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
20 matches
Mail list logo
