Re: (RADIATOR) passwords
Hello - On Friday 21 September 2001 14:06, Tech wrote: > Hi Hugh, > We are just about there I am now returning the whole username with the > realm removed as a password but now have to bring this down to 6 places as > can be seen from the log below > Thanking you to date. > > Fri Sep 21 11:09:25 2001:1000861765:1234567890:1234567890:123456:FAIL > Fri Sep 21 11:38:21 2001:1000863501:1234567890:1234567890:123456:FAIL > # -*- mode: Perl -*- # addUsernameAsPassword # # PreAuthHook to add a Password attribute # to an Access-Request. # The User-Name is used for the Password. # Note that the Password must be encoded # with the shared secret of the original NAS. # # Author: Hugh Irvine ([EMAIL PROTECTED]) # Copyright (C) 2001 Open System Consultants # sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; # Get the request code and password. my $code = $p->code; my $password = $p->get_attr('User-Password'); if (($code eq 'Access-Request') && ($password eq "")) { my $secret = $p->{Client}->{Secret}; my $pw = substr($p->get_attr('User-Name'), 0, 6); $p->change_attr('User-Password', $p->encode_password($pw, $secret)); } return; } regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords
Hi Hugh, We are just about there I am now returning the whole username with the realm removed as a password but now have to bring this down to 6 places as can be seen from the log below Thanking you to date. Fri Sep 21 11:09:25 2001:1000861765:1234567890:1234567890:123456:FAIL Fri Sep 21 11:38:21 2001:1000863501:1234567890:1234567890:123456:FAIL Hugh Irvine wrote: > Hello - > > *sigh* > > One more time. > > :-/ > > # -*- mode: Perl -*- > # addUsernameAsPassword > # > # PreAuthHook to add a Password attribute > # to an Access-Request. > # The User-Name is used for the Password. > # Note that the Password must be encoded > # with the shared secret of the original NAS. > # > # Author: Hugh Irvine ([EMAIL PROTECTED]) > # Copyright (C) 2001 Open System Consultants > # > > sub > { > my $p = ${$_[0]}; > my $rp = ${$_[1]}; > > # Get the request code and password. > my $code = $p->code; > my $password = $p->get_attr('User-Password'); > > if (($code eq 'Access-Request') && ($password eq "")) > { > my $secret = $p->{Client}->{Secret}; > my $user = $p->get_attr('User-Name'); > > print "User-Name = $user, Secret = $secret \n"; > > $p->change_attr('User-Password', > $p->encode_password($user, $secret)); > } > return; > } > > Don't forget to remove the "print" statement when you are happy with the > operation of the hook (assuming we get it to work one day ...). > > BTW - I also modified the code to check for the existence of a valid password. > > My apologies - it hasn't been a good couple of weeks. > > regards > > Hugh > > > > > > > > -- > > > Radiator: the most portable, flexible and configurable RADIUS server > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > > - > > > Nets: internetwork inventory and management - graphical, extensible, > > > flexible with hardware, software, platform and database independence. > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords
Hello - *sigh* One more time. :-/ # -*- mode: Perl -*- # addUsernameAsPassword # # PreAuthHook to add a Password attribute # to an Access-Request. # The User-Name is used for the Password. # Note that the Password must be encoded # with the shared secret of the original NAS. # # Author: Hugh Irvine ([EMAIL PROTECTED]) # Copyright (C) 2001 Open System Consultants # sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; # Get the request code and password. my $code = $p->code; my $password = $p->get_attr('User-Password'); if (($code eq 'Access-Request') && ($password eq "")) { my $secret = $p->{Client}->{Secret}; my $user = $p->get_attr('User-Name'); print "User-Name = $user, Secret = $secret \n"; $p->change_attr('User-Password', $p->encode_password($user, $secret)); } return; } Don't forget to remove the "print" statement when you are happy with the operation of the hook (assuming we get it to work one day ...). BTW - I also modified the code to check for the existence of a valid password. My apologies - it hasn't been a good couple of weeks. regards Hugh On Friday 21 September 2001 08:14, Tech wrote: > Hi Hugh > > After making the changes as per last email I am now getting this in > logfile. > > Fri Sep 21 08:00:18 2001: ERR: Error in PreAuthHook(): Can't call method > "authen > ticator" without a package or object reference at > /usr/local/lib/perl5/site_perl > /5.005/Radius/Radius.pm line 397. > > Hugh Irvine wrote: > > Hello - > > > > On Thursday 20 September 2001 15:59, Tech wrote: > > > > Hi Hugh > > > > > > I have made the changes to the hook file but am still getting reject > > > because of an empty password. > > > > > > Is there any way I can see what is happening as the hook is working > > > > Sure - just add a print statement and run radiusd from the command line > > so you can see what is printed. > > > > BTW - I apologise for dashing this off in a hurry, but there is another > > problem, see below. > > > > # -*- mode: Perl -*- > > # addUsernameAsPassword > > # > > # PreAuthHook to add a Password attribute > > # to an Access-Request. > > # The User-Name is used for the Password. > > # Note that the Password must be encoded > > # with the shared secret of the original NAS. > > # > > # Author: Hugh Irvine ([EMAIL PROTECTED]) > > # Copyright (C) 2001 Open System Consultants > > # > > > > sub > > { > > my $p = ${$_[0]}; > > my $rp = ${$_[1]}; > > > > # Get the request code. > > my $code = $p->code; > > > > if ($code eq 'Access-Request') > > { > > my $secret = $p->{Client}->{Secret}; > > my $user = $p->get_attr('User-Name'); > > > > print "User-Name = $user, Secret = $secret \n"; > > > > $password = &Radius::Radius::encode_password($user, $secret); > > $p->add_attr('User-Password', $password); > > } > > return; > > } > > > > As I mentioned, I hadn't tested it, sorry. > > > > Hopefully we will get there eventually. > > > > regards > > > > Hugh > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords
Hi Hugh After making the changes as per last email I am now getting this in logfile. Fri Sep 21 08:00:18 2001: ERR: Error in PreAuthHook(): Can't call method "authen ticator" without a package or object reference at /usr/local/lib/perl5/site_perl /5.005/Radius/Radius.pm line 397. Hugh Irvine wrote: > Hello - > > On Thursday 20 September 2001 15:59, Tech wrote: > > > > Hi Hugh > > > > I have made the changes to the hook file but am still getting reject > > because of an empty password. > > > > Is there any way I can see what is happening as the hook is working > > > > Sure - just add a print statement and run radiusd from the command line so > you can see what is printed. > > BTW - I apologise for dashing this off in a hurry, but there is another > problem, see below. > > # -*- mode: Perl -*- > # addUsernameAsPassword > # > # PreAuthHook to add a Password attribute > # to an Access-Request. > # The User-Name is used for the Password. > # Note that the Password must be encoded > # with the shared secret of the original NAS. > # > # Author: Hugh Irvine ([EMAIL PROTECTED]) > # Copyright (C) 2001 Open System Consultants > # > > sub > { > my $p = ${$_[0]}; > my $rp = ${$_[1]}; > > # Get the request code. > my $code = $p->code; > > if ($code eq 'Access-Request') > { > my $secret = $p->{Client}->{Secret}; > my $user = $p->get_attr('User-Name'); > > print "User-Name = $user, Secret = $secret \n"; > > $password = &Radius::Radius::encode_password($user, $secret); > $p->add_attr('User-Password', $password); > } > return; > } > > As I mentioned, I hadn't tested it, sorry. > > Hopefully we will get there eventually. > > regards > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords
Hello - On Thursday 20 September 2001 15:59, Tech wrote: > > Hi Hugh > > I have made the changes to the hook file but am still getting reject > because of an empty password. > > Is there any way I can see what is happening as the hook is working > Sure - just add a print statement and run radiusd from the command line so you can see what is printed. BTW - I apologise for dashing this off in a hurry, but there is another problem, see below. # -*- mode: Perl -*- # addUsernameAsPassword # # PreAuthHook to add a Password attribute # to an Access-Request. # The User-Name is used for the Password. # Note that the Password must be encoded # with the shared secret of the original NAS. # # Author: Hugh Irvine ([EMAIL PROTECTED]) # Copyright (C) 2001 Open System Consultants # sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; # Get the request code. my $code = $p->code; if ($code eq 'Access-Request') { my $secret = $p->{Client}->{Secret}; my $user = $p->get_attr('User-Name'); print "User-Name = $user, Secret = $secret \n"; $password = &Radius::Radius::encode_password($user, $secret); $p->add_attr('User-Password', $password); } return; } As I mentioned, I hadn't tested it, sorry. Hopefully we will get there eventually. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords
Hi Hugh I have made the changes to the hook file but am still getting reject because of an empty password. Is there any way I can see what is happening as the hook is working Hugh Irvine wrote: Hello - I have just noticed an error in the hook code: $p->add_attr('Password', $password); this line should be: $p->add_attr('User-Password', $password); my apologies Hugh On Thursday 20 September 2001 13:44, Tech wrote: > > Hugh > I have now added RejectEmptyPassword to the as can be > seen.Even now with using the hook it is being rejected for no password. > > > RewriteUsername s/^([^@]+).*/$1/ > PreAuthHook file:"%D/addUsernameAsPassword" > > RejectEmptyPassword > Host 202.182.128.33 > Secret 00keith111 > > AcctLogFileName %L/test.detail.%Y%m%d > > NEW LOG > > Code: Access-Request > Identifier: 226 > Authentic: <227><24><195><<254>(<3><144><151><180>hq+&Z<12> > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "" > NAS-IP-Address = 202.182.129.252 > NAS-Port = 20304 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "0298694580" > Called-Station-Id = "0282062000" > Framed-IP-Address = 202.182.129.73 > Acct-Session-Id = "321559701" > > Thu Sep 20 13:25:26 2001: DEBUG: Handling request with Handler > 'Realm=test.com' > Thu Sep 20 13:25:26 2001: DEBUG: Rewrote user name to 1234567890 > Thu Sep 20 13:25:26 2001: DEBUG: Deleting session for > [EMAIL PROTECTED], 202. > 182.129.252, 20304 > Thu Sep 20 13:25:26 2001: DEBUG: Handling with Radius::AuthRADIUS > Thu Sep 20 13:25:26 2001: DEBUG: AuthRADIUS rejected because of an empty > passwor > d > > > > > > > Request is being rejected because of no password or bad password as per > password log sent last time to you. > I have now also changed the end server > > the client Secret is milmax21817 > > > RewriteUsername s/^([^@]+).*/$1/ > PreAuthHook file:"%D/addUsernameAsPassword" > > Host 202.182.128.5 > Secret 00keith111 > > AcctLogFileName %L/test.detail.%Y%m%d > > > Hugh Irvine wrote: > > Hello - > > > > What are you seeing on the target radius server? Why is the request > > being > > rejected? And can you send me the shared secrets for the Client this > > request > > was received from and for the AuthBy RADIUS clause. > > > > thanks > > > > Hugh > > > > On Thursday 20 September 2001 08:38, Tech wrote: > > > > Dear Hugh > > > > > > Thank you for your time in this matter > > > > > > Yes I am using the hook below; > > > copy of logfile > > > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > > > *** Received from 202.182.129.252 port 1025 > > > Code: Access-Request > > > Identifier: 173 > > > Authentic: > > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > > > Attributes: > > > User-Name = "[EMAIL PROTECTED]" > > > User-Password = "" > > > NAS-IP-Address = 202.182.129.252 > > > NAS-Port = 20103 > > > NAS-Port-Type = Async > > > Service-Type = Framed-User > > > Framed-Protocol = PPP > > > State = "" > > > Calling-Station-Id = "0298694580" > > > Called-Station-Id = "0299962000" > > > Framed-IP-Address = 202.182.129.20 > > > Acct-Session-Id = "321559643" > > > > > > Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler > > > 'Realm=test.com' > > > > > > Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780 > > > Thu Sep 20 08:06:47 2001: DEBUG: Deleting session for > > > > [EMAIL PROTECTED], > > > > > 202.182.129.252, 20103 > > > Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS > > > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > > > *** Sending to 202.182.192.202 port 1645 > > > Code: Access-Request > > > Identifier: 1 > > > Authentic: > > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > > > Attributes: > > > User-Name = "123456780" > > > User-Password = > > > > "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>" > > > > > NAS-IP-Address = 202.182.129.252 > > > NAS-Port = 20103 > > > NAS-Port-Type = Async > > > Service-Type = Framed-User > > > Framed-Protocol = PPP > > > State = "" > > > Calling-Station-Id = "0298694580" > > > Called-Station-Id = "0299962000" > > > Framed-IP-Address = 202.182.129.20 > > > Acct-Session-Id = "321559643" > > > > > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: > > > *** Received from 202.182.192.202 port 1645 > > > Code: Access-Reject > > > Identifier: 1 > > > Authentic: <235>C<213>9h<148><204><143>ErMgg<9><11>j > > > Attributes: > > > Reply-Message = "Request Denied" > > > > > > Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for
Re: (RADIATOR) passwords
Hello - I have just noticed an error in the hook code: $p->add_attr('Password', $password); this line should be: $p->add_attr('User-Password', $password); my apologies Hugh On Thursday 20 September 2001 13:44, Tech wrote: > > Hugh > I have now added RejectEmptyPassword to the as can be > seen.Even now with using the hook it is being rejected for no password. > > > RewriteUsername s/^([^@]+).*/$1/ > PreAuthHook file:"%D/addUsernameAsPassword" > > RejectEmptyPassword > Host 202.182.128.33 > Secret 00keith111 > > AcctLogFileName %L/test.detail.%Y%m%d > > NEW LOG > > Code: Access-Request > Identifier: 226 > Authentic: <227><24><195><<254>(<3><144><151><180>hq+&Z<12> > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "" > NAS-IP-Address = 202.182.129.252 > NAS-Port = 20304 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "0298694580" > Called-Station-Id = "0282062000" > Framed-IP-Address = 202.182.129.73 > Acct-Session-Id = "321559701" > > Thu Sep 20 13:25:26 2001: DEBUG: Handling request with Handler > 'Realm=test.com' > Thu Sep 20 13:25:26 2001: DEBUG: Rewrote user name to 1234567890 > Thu Sep 20 13:25:26 2001: DEBUG: Deleting session for > [EMAIL PROTECTED], 202. > 182.129.252, 20304 > Thu Sep 20 13:25:26 2001: DEBUG: Handling with Radius::AuthRADIUS > Thu Sep 20 13:25:26 2001: DEBUG: AuthRADIUS rejected because of an empty > passwor > d > > > > > > > Request is being rejected because of no password or bad password as per > password log sent last time to you. > I have now also changed the end server > > the client Secret is milmax21817 > > > RewriteUsername s/^([^@]+).*/$1/ > PreAuthHook file:"%D/addUsernameAsPassword" > > Host 202.182.128.5 > Secret 00keith111 > > AcctLogFileName %L/test.detail.%Y%m%d > > > Hugh Irvine wrote: > > Hello - > > > > What are you seeing on the target radius server? Why is the request > > being > > rejected? And can you send me the shared secrets for the Client this > > request > > was received from and for the AuthBy RADIUS clause. > > > > thanks > > > > Hugh > > > > On Thursday 20 September 2001 08:38, Tech wrote: > > > > Dear Hugh > > > > > > Thank you for your time in this matter > > > > > > Yes I am using the hook below; > > > copy of logfile > > > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > > > *** Received from 202.182.129.252 port 1025 > > > Code: Access-Request > > > Identifier: 173 > > > Authentic: > > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > > > Attributes: > > > User-Name = "[EMAIL PROTECTED]" > > > User-Password = "" > > > NAS-IP-Address = 202.182.129.252 > > > NAS-Port = 20103 > > > NAS-Port-Type = Async > > > Service-Type = Framed-User > > > Framed-Protocol = PPP > > > State = "" > > > Calling-Station-Id = "0298694580" > > > Called-Station-Id = "0299962000" > > > Framed-IP-Address = 202.182.129.20 > > > Acct-Session-Id = "321559643" > > > > > > Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler > > > 'Realm=test.com' > > > > > > Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780 > > > Thu Sep 20 08:06:47 2001: DEBUG: Deleting session for > > > > [EMAIL PROTECTED], > > > > > 202.182.129.252, 20103 > > > Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS > > > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > > > *** Sending to 202.182.192.202 port 1645 > > > Code: Access-Request > > > Identifier: 1 > > > Authentic: > > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > > > Attributes: > > > User-Name = "123456780" > > > User-Password = > > > > "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>" > > > > > NAS-IP-Address = 202.182.129.252 > > > NAS-Port = 20103 > > > NAS-Port-Type = Async > > > Service-Type = Framed-User > > > Framed-Protocol = PPP > > > State = "" > > > Calling-Station-Id = "0298694580" > > > Called-Station-Id = "0299962000" > > > Framed-IP-Address = 202.182.129.20 > > > Acct-Session-Id = "321559643" > > > > > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: > > > *** Received from 202.182.192.202 port 1645 > > > Code: Access-Reject > > > Identifier: 1 > > > Authentic: <235>C<213>9h<148><204><143>ErMgg<9><11>j > > > Attributes: > > > Reply-Message = "Request Denied" > > > > > > Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for > > > > req 1 > > > > > from 202.182.192.202:1645 > > > Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780: > > > > Proxied > > > > > Thu Sep 20 08:06:48 2001: DEBUG: Packet du
Re: (RADIATOR) passwords
Hugh I have now added RejectEmptyPassword to the as can be seen.Even now with using the hook it is being rejected for no password. RewriteUsername s/^([^@]+).*/$1/ PreAuthHook file:"%D/addUsernameAsPassword" RejectEmptyPassword Host 202.182.128.33 Secret 00keith111 AcctLogFileName %L/test.detail.%Y%m%d NEW LOG Code: Access-Request Identifier: 226 Authentic: <227><24><195><<254>(<3><144><151><180>hq+&Z<12> Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "" NAS-IP-Address = 202.182.129.252 NAS-Port = 20304 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "0298694580" Called-Station-Id = "0282062000" Framed-IP-Address = 202.182.129.73 Acct-Session-Id = "321559701" Thu Sep 20 13:25:26 2001: DEBUG: Handling request with Handler 'Realm=test.com' Thu Sep 20 13:25:26 2001: DEBUG: Rewrote user name to 1234567890 Thu Sep 20 13:25:26 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 202. 182.129.252, 20304 Thu Sep 20 13:25:26 2001: DEBUG: Handling with Radius::AuthRADIUS Thu Sep 20 13:25:26 2001: DEBUG: AuthRADIUS rejected because of an empty passwor d Request is being rejected because of no password or bad password as per password log sent last time to you. I have now also changed the end server the client Secret is milmax21817 RewriteUsername s/^([^@]+).*/$1/ PreAuthHook file:"%D/addUsernameAsPassword" Host 202.182.128.5 Secret 00keith111 AcctLogFileName %L/test.detail.%Y%m%d Hugh Irvine wrote: Hello - What are you seeing on the target radius server? Why is the request being rejected? And can you send me the shared secrets for the Client this request was received from and for the AuthBy RADIUS clause. thanks Hugh On Thursday 20 September 2001 08:38, Tech wrote: > > Dear Hugh > > Thank you for your time in this matter > > Yes I am using the hook below; > copy of logfile > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > *** Received from 202.182.129.252 port 1025 > Code: Access-Request > Identifier: 173 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "" > NAS-IP-Address = 202.182.129.252 > NAS-Port = 20103 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "0298694580" > Called-Station-Id = "0299962000" > Framed-IP-Address = 202.182.129.20 > Acct-Session-Id = "321559643" > > Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler > 'Realm=test.com' > > Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780 > Thu Sep 20 08:06:47 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > 202.182.129.252, 20103 > Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > *** Sending to 202.182.192.202 port 1645 > Code: Access-Request > Identifier: 1 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > User-Name = "123456780" > User-Password = "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>" > NAS-IP-Address = 202.182.129.252 > NAS-Port = 20103 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "0298694580" > Called-Station-Id = "0299962000" > Framed-IP-Address = 202.182.129.20 > Acct-Session-Id = "321559643" > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: > *** Received from 202.182.192.202 port 1645 > Code: Access-Reject > Identifier: 1 > Authentic: <235>C<213>9h<148><204><143>ErMgg<9><11>j > Attributes: > Reply-Message = "Request Denied" > > Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for req 1 > from 202.182.192.202:1645 > Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780: Proxied > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: > *** Sending to 202.182.129.252 port 1025 > Code: Access-Reject > Identifier: 173 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > Reply-Message = "Request Denied" > Reply-Message = "Request Denied" > copy of config file > > RewriteUsername s/^([^@]+).*/$1/ > PreAuthHook file:"%D/addUsernameAsPassword" > > Host 202.182.192.202 > Secret > > AcctLogFileName %L/test.detail.%Y%m%d > > > Hugh Irvine wrote: > > Hello - > > > > Have you tried the hook code that I sent you, shown in my message below? > > > > What you show below will definitely not work.
Re: (RADIATOR) passwords
Request is being rejected because of no password or bad password as per password log sent last time to you. I have now also changed the end server the client Secret is milmax21817 RewriteUsername s/^([^@]+).*/$1/ PreAuthHook file:"%D/addUsernameAsPassword" Host 202.182.128.5 Secret 00keith111 AcctLogFileName %L/test.detail.%Y%m%d Hugh Irvine wrote: Hello - What are you seeing on the target radius server? Why is the request being rejected? And can you send me the shared secrets for the Client this request was received from and for the AuthBy RADIUS clause. thanks Hugh On Thursday 20 September 2001 08:38, Tech wrote: > > Dear Hugh > > Thank you for your time in this matter > > Yes I am using the hook below; > copy of logfile > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > *** Received from 202.182.129.252 port 1025 > Code: Access-Request > Identifier: 173 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "" > NAS-IP-Address = 202.182.129.252 > NAS-Port = 20103 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "0298694580" > Called-Station-Id = "0299962000" > Framed-IP-Address = 202.182.129.20 > Acct-Session-Id = "321559643" > > Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler > 'Realm=test.com' > > Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780 > Thu Sep 20 08:06:47 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > 202.182.129.252, 20103 > Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > *** Sending to 202.182.192.202 port 1645 > Code: Access-Request > Identifier: 1 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > User-Name = "123456780" > User-Password = "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>" > NAS-IP-Address = 202.182.129.252 > NAS-Port = 20103 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "0298694580" > Called-Station-Id = "0299962000" > Framed-IP-Address = 202.182.129.20 > Acct-Session-Id = "321559643" > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: > *** Received from 202.182.192.202 port 1645 > Code: Access-Reject > Identifier: 1 > Authentic: <235>C<213>9h<148><204><143>ErMgg<9><11>j > Attributes: > Reply-Message = "Request Denied" > > Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for req 1 > from 202.182.192.202:1645 > Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780: Proxied > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: > *** Sending to 202.182.129.252 port 1025 > Code: Access-Reject > Identifier: 173 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > Reply-Message = "Request Denied" > Reply-Message = "Request Denied" > copy of config file > > RewriteUsername s/^([^@]+).*/$1/ > PreAuthHook file:"%D/addUsernameAsPassword" > > Host 202.182.192.202 > Secret > > AcctLogFileName %L/test.detail.%Y%m%d > > > Hugh Irvine wrote: > > Hello - > > > > Have you tried the hook code that I sent you, shown in my message below? > > > > What you show below will definitely not work. > > > > In any case, a copy of your configuration file (no secrets) and a trace 4 > > debug from Radiator showing what is happening are what I need to be able > > to help you. > > > > regards > > > > Hugh > > > > On Wednesday 19 September 2001 14:41, Tech wrote: > > > > Thank you for your help in this matter but I am still having the same > > > > > > problem as can be seen from the password log I am still returning no > > > password > > > Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL > > > Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL > > > this was working on local > > > PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);} > > > > > > Hugh Irvine wrote: > > > > Hello - > > > > > > > > On Tuesday 18 September 2001 12:46, Tech wrote: > > > > > I am using radiator as a proxy only, but I have a problem, one of > > > > > my > > > > > > > > > > logins never has a password and I have to roll part of the username > > > > > > > > to > > > > > > > > > %P this is ok for local use but not when ongoing presentation to > > > > > the > > > > > > > > > > proxy. > > > > > > > > > > Suggestions or specific examples would be appreciated. > > > > > > > > I think you will have to do this with a PreAuthHook, something like > > > > this: > > > > > > > > # -*- mode: Perl -*- > > > > # addUsername
Re: (RADIATOR) passwords
Hello - What are you seeing on the target radius server? Why is the request being rejected? And can you send me the shared secrets for the Client this request was received from and for the AuthBy RADIUS clause. thanks Hugh On Thursday 20 September 2001 08:38, Tech wrote: > > Dear Hugh > > Thank you for your time in this matter > > Yes I am using the hook below; > copy of logfile > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > *** Received from 202.182.129.252 port 1025 > Code: Access-Request > Identifier: 173 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "" > NAS-IP-Address = 202.182.129.252 > NAS-Port = 20103 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "0298694580" > Called-Station-Id = "0299962000" > Framed-IP-Address = 202.182.129.20 > Acct-Session-Id = "321559643" > > Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler > 'Realm=test.com' > > Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780 > Thu Sep 20 08:06:47 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > 202.182.129.252, 20103 > Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: > *** Sending to 202.182.192.202 port 1645 > Code: Access-Request > Identifier: 1 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > User-Name = "123456780" > User-Password = "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>" > NAS-IP-Address = 202.182.129.252 > NAS-Port = 20103 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "0298694580" > Called-Station-Id = "0299962000" > Framed-IP-Address = 202.182.129.20 > Acct-Session-Id = "321559643" > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: > *** Received from 202.182.192.202 port 1645 > Code: Access-Reject > Identifier: 1 > Authentic: <235>C<213>9h<148><204><143>ErMgg<9><11>j > Attributes: > Reply-Message = "Request Denied" > > Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for req 1 > from 202.182.192.202:1645 > Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780: Proxied > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: > *** Sending to 202.182.129.252 port 1025 > Code: Access-Reject > Identifier: 173 > Authentic: > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> > Attributes: > Reply-Message = "Request Denied" > Reply-Message = "Request Denied" > copy of config file > > RewriteUsername s/^([^@]+).*/$1/ > PreAuthHook file:"%D/addUsernameAsPassword" > > Host 202.182.192.202 > Secret > > AcctLogFileName %L/test.detail.%Y%m%d > > > Hugh Irvine wrote: > > Hello - > > > > Have you tried the hook code that I sent you, shown in my message below? > > > > What you show below will definitely not work. > > > > In any case, a copy of your configuration file (no secrets) and a trace 4 > > debug from Radiator showing what is happening are what I need to be able > > to help you. > > > > regards > > > > Hugh > > > > On Wednesday 19 September 2001 14:41, Tech wrote: > > > > Thank you for your help in this matter but I am still having the same > > > > > > problem as can be seen from the password log I am still returning no > > > password > > > Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL > > > Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL > > > this was working on local > > > PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);} > > > > > > Hugh Irvine wrote: > > > > Hello - > > > > > > > > On Tuesday 18 September 2001 12:46, Tech wrote: > > > > > I am using radiator as a proxy only, but I have a problem, one of > > > > > my > > > > > > > > > > logins never has a password and I have to roll part of the username > > > > > > > > to > > > > > > > > > %P this is ok for local use but not when ongoing presentation to > > > > > the > > > > > > > > > > proxy. > > > > > > > > > > Suggestions or specific examples would be appreciated. > > > > > > > > I think you will have to do this with a PreAuthHook, something like > > > > this: > > > > > > > > # -*- mode: Perl -*- > > > > # addUsernameAsPassword > > > > # > > > > # PreAuthHook to add a Password attribute > > > > # to an Access-Request. > > > > # The User-Name is used for the Password. > > > > # Note that the Password must be encoded > > > > # with the shared secret of the original NAS. > > > > # > > > > # Author: Hugh Irvine ([EMAIL PROTECTED]) > > > > # Copyright (C) 2001 Open Sys
Re: (RADIATOR) passwords
Dear Hugh Thank you for your time in this matter Yes I am using the hook below; copy of logfile Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: *** Received from 202.182.129.252 port 1025 Code: Access-Request Identifier: 173 Authentic: <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "" NAS-IP-Address = 202.182.129.252 NAS-Port = 20103 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "0298694580" Called-Station-Id = "0299962000" Framed-IP-Address = 202.182.129.20 Acct-Session-Id = "321559643" Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler 'Realm=test.com' Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780 Thu Sep 20 08:06:47 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 202.182.129.252, 20103 Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS Thu Sep 20 08:06:47 2001: DEBUG: Packet dump: *** Sending to 202.182.192.202 port 1645 Code: Access-Request Identifier: 1 Authentic: <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> Attributes: User-Name = "123456780" User-Password = "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>" NAS-IP-Address = 202.182.129.252 NAS-Port = 20103 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "0298694580" Called-Station-Id = "0299962000" Framed-IP-Address = 202.182.129.20 Acct-Session-Id = "321559643" Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: *** Received from 202.182.192.202 port 1645 Code: Access-Reject Identifier: 1 Authentic: <235>C<213>9h<148><204><143>ErMgg<9><11>j Attributes: Reply-Message = "Request Denied" Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for req 1 from 202.182.192.202:1645 Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780: Proxied Thu Sep 20 08:06:48 2001: DEBUG: Packet dump: *** Sending to 202.182.129.252 port 1025 Code: Access-Reject Identifier: 173 Authentic: <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11> Attributes: Reply-Message = "Request Denied" Reply-Message = "Request Denied" copy of config file RewriteUsername s/^([^@]+).*/$1/ PreAuthHook file:"%D/addUsernameAsPassword" Host 202.182.192.202 Secret AcctLogFileName %L/test.detail.%Y%m%d Hugh Irvine wrote: Hello - Have you tried the hook code that I sent you, shown in my message below? What you show below will definitely not work. In any case, a copy of your configuration file (no secrets) and a trace 4 debug from Radiator showing what is happening are what I need to be able to help you. regards Hugh On Wednesday 19 September 2001 14:41, Tech wrote: > > Thank you for your help in this matter but I am still having the same > problem as can be seen from the password log I am still returning no > password > Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL > Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL > this was working on local > PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);} > > Hugh Irvine wrote: > > Hello - > > > > On Tuesday 18 September 2001 12:46, Tech wrote: > > > I am using radiator as a proxy only, but I have a problem, one of my > > > > > > logins never has a password and I have to roll part of the username > > > > to > > > > > %P this is ok for local use but not when ongoing presentation to the > > > > > > proxy. > > > > > > Suggestions or specific examples would be appreciated. > > > > I think you will have to do this with a PreAuthHook, something like > > this: > > > > # -*- mode: Perl -*- > > # addUsernameAsPassword > > # > > # PreAuthHook to add a Password attribute > > # to an Access-Request. > > # The User-Name is used for the Password. > > # Note that the Password must be encoded > > # with the shared secret of the original NAS. > > # > > # Author: Hugh Irvine ([EMAIL PROTECTED]) > > # Copyright (C) 2001 Open System Consultants > > # > > > > sub > > { > > my $p = ${$_[0]}; > > my $rp = ${$_[1]}; > > > > # Get the request code. > > my $code = $p->code; > > > > if ($code eq 'Access-Request') > > { > > my $secret = $p->{Client}->{Secret}; > > $password = &Radius::Radius::encode_password > > ($p->{User-Name}, $secret); > > $p->add_attr('Password', $password); > > } > > return; > > } > > > > Your configuration file would look something like this: > > > > # define Realm(s) or Handler(s) > > > > > > . > > PreAuthHook file:"%D/addUsernameAsPassword" > > . > > > > >/Realm> > > > > I haven't tested
Re: (RADIATOR) passwords
Hello - Have you tried the hook code that I sent you, shown in my message below? What you show below will definitely not work. In any case, a copy of your configuration file (no secrets) and a trace 4 debug from Radiator showing what is happening are what I need to be able to help you. regards Hugh On Wednesday 19 September 2001 14:41, Tech wrote: > > Thank you for your help in this matter but I am still having the same > problem as can be seen from the password log I am still returning no > password > Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL > Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL > this was working on local > PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);} > > Hugh Irvine wrote: > > Hello - > > > > On Tuesday 18 September 2001 12:46, Tech wrote: > > > I am using radiator as a proxy only, but I have a problem, one of my > > > > > > logins never has a password and I have to roll part of the username > > > > to > > > > > %P this is ok for local use but not when ongoing presentation to the > > > > > > proxy. > > > > > > Suggestions or specific examples would be appreciated. > > > > I think you will have to do this with a PreAuthHook, something like > > this: > > > > # -*- mode: Perl -*- > > # addUsernameAsPassword > > # > > # PreAuthHook to add a Password attribute > > # to an Access-Request. > > # The User-Name is used for the Password. > > # Note that the Password must be encoded > > # with the shared secret of the original NAS. > > # > > # Author: Hugh Irvine ([EMAIL PROTECTED]) > > # Copyright (C) 2001 Open System Consultants > > # > > > > sub > > { > > my $p = ${$_[0]}; > > my $rp = ${$_[1]}; > > > > # Get the request code. > > my $code = $p->code; > > > > if ($code eq 'Access-Request') > > { > > my $secret = $p->{Client}->{Secret}; > > $password = &Radius::Radius::encode_password > > ($p->{User-Name}, $secret); > > $p->add_attr('Password', $password); > > } > > return; > > } > > > > Your configuration file would look something like this: > > > > # define Realm(s) or Handler(s) > > > > > > . > > PreAuthHook file:"%D/addUsernameAsPassword" > > . > > > > >/Realm> > > > > I haven't tested the code, but you should get the idea. > > > > Please let me know how you get on. > > > > regards > > > > Hugh > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. Content-Type: text/html; charset="us-ascii"; name="Attachment: 1" Content-Transfer-Encoding: 7bit Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords
Thank you for your help in this matter but I am still having the same problem as can be seen from the password log I am still returning no password Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL this was working on local PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);} Hugh Irvine wrote: Hello - On Tuesday 18 September 2001 12:46, Tech wrote: > I am using radiator as a proxy only, but I have a problem, one of my > logins never has a password and I have to roll part of the username to > %P this is ok for local use but not when ongoing presentation to the > proxy. > > Suggestions or specific examples would be appreciated. > I think you will have to do this with a PreAuthHook, something like this: # -*- mode: Perl -*- # addUsernameAsPassword # # PreAuthHook to add a Password attribute # to an Access-Request. # The User-Name is used for the Password. # Note that the Password must be encoded # with the shared secret of the original NAS. # # Author: Hugh Irvine ([EMAIL PROTECTED]) # Copyright (C) 2001 Open System Consultants # sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; # Get the request code. my $code = $p->code; if ($code eq 'Access-Request') { my $secret = $p->{Client}->{Secret}; $password = &Radius::Radius::encode_password ($p->{User-Name}, $secret); $p->add_attr('Password', $password); } return; } Your configuration file would look something like this: # define Realm(s) or Handler(s) . PreAuthHook file:"%D/addUsernameAsPassword" . >/Realm> I haven't tested the code, but you should get the idea. Please let me know how you get on. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords
Hello - On Tuesday 18 September 2001 12:46, Tech wrote: > I am using radiator as a proxy only, but I have a problem, one of my > logins never has a password and I have to roll part of the username to > %P this is ok for local use but not when ongoing presentation to the > proxy. > > Suggestions or specific examples would be appreciated. > I think you will have to do this with a PreAuthHook, something like this: # -*- mode: Perl -*- # addUsernameAsPassword # # PreAuthHook to add a Password attribute # to an Access-Request. # The User-Name is used for the Password. # Note that the Password must be encoded # with the shared secret of the original NAS. # # Author: Hugh Irvine ([EMAIL PROTECTED]) # Copyright (C) 2001 Open System Consultants # sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; # Get the request code. my $code = $p->code; if ($code eq 'Access-Request') { my $secret = $p->{Client}->{Secret}; $password = &Radius::Radius::encode_password ($p->{User-Name}, $secret); $p->add_attr('Password', $password); } return; } Your configuration file would look something like this: # define Realm(s) or Handler(s) . PreAuthHook file:"%D/addUsernameAsPassword" . >/Realm> I haven't tested the code, but you should get the idea. Please let me know how you get on. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords and authSQL
Hello Matt - RFC 2138 makes no mention of what characters are allowed or not, but I can't see any reason why a "+" sign would be a problem, unless its some weirdness in a particular PPP implementation. Anyone else have an opinion? regards Hugh NB - I'm travelling for a couple of weeks ... -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. - Original Message - From: "Matt Chambers" <[EMAIL PROTECTED]> To: "Radius" <[EMAIL PROTECTED]> Sent: Wednesday, March 29, 2000 5:56 AM Subject: (RADIATOR) passwords and authSQL > > I'm authenticating with Radiator and mySQL. I had an issue with a MAC user > with a + in his password. What characters are not allowed in passwords? > > > > Matt Chambers > Resident Internet Visionary > The Pressroom Online Services > 703-631-5755 x3001 > > As always, please disregard any and all > spelling or grammar mistakes. > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords and authSQL
Hello Matt, both Radiator and radpwtst have no problem with embedded + in passwords, nor does mysql, so I have to presume that the problem with the + lies in your NAS or the users client; I dont have any information about them. As far as radiator is concerned, there are no built-in invalid characters in passwords (although some types of database may have their own limitations). Cheers. On Mar 28, 2:56pm, Matt Chambers wrote: > Subject: (RADIATOR) passwords and authSQL > > I'm authenticating with Radiator and mySQL. I had an issue with a MAC user > with a + in his password. What characters are not allowed in passwords? > > > > Matt Chambers > Resident Internet Visionary > The Pressroom Online Services > 703-631-5755 x3001 > > As always, please disregard any and all > spelling or grammar mistakes. > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Matt Chambers -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) passwords
Hi Brian - Apologies - I stand corrected. :-( You are quite right - I had confused and . So, yes you can use a UNIX-style password file on an NT box. The only likely problems with this are file access permissions and file location issues. On Sat, 31 Jul 1999, Mike McCauley wrote: > Hi Hugh, > > According to the reference manual (page 44) it is not necessary for the > passwd file to be located on a Unix box. However, if this is not true, is > it possible for Radiator running on NT to authenticate to the passwd file > on the Solaris machine itself? > Well yes you can - just set up another instance of Radiator on the Solaris machine and use a proxy configuration. However this is probably not the ideal setup for you. > Basically I have users who currently authenticate using TACACS+ to the > Solaris machine who I would like to authenticate through Radiator on NT. I > do not have their passwords otherwise I would move them all to an SQL > database and authenticate from it. Now that I have said that - is it > possible to import all the users and their _encrypted_ passwords to an SQL > database for authentication? > Yes you can. can take the EncryptedPassword parameter if you are storing encrypted passwords. See Section 6.23.7 in the manual. cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.