Joseph Showalter wrote:
What we would like to do is this:
Take this request:
User-Name = "6064191111@evdo.myawi.net" CHAP-Password = 0x59db2896a9629a7a1296e8e3dc7751da58 NAS-IP-Address = 10.130.2.1 CHAP-Challenge = 0x022074534be2e8405c867f676b46b432 3GPP2-Attr-60 = 0x00000001 3GPP2-Attr-61 = 0x0106000000010209a0000029275c41
That looks like a series of TLVs to me. i.e. not a password. There seems to be a 32-bit integer, followed by a 64-bit integer.
And instead of using chap to authenticate the user, we take the 3GPP2-Attr-61, convert it to the password we want, set it into the cleartext-password, and have the sql module query the DB for that new password.
I'm not sure what that means. "convert it to the password we want"?
Here is the perl code that we run prior to the pap module:
$retattr .= "Cleartext-Password := $meid"; $retattr .= ", CHAP-Password :=\"\" , CHAP-Challenge :=\"\" "; $retattr .= ", Auth-Type := PAP ";
Well, that won't work. The Cleartext-Password is the *known good* password. The PAP module needs a User-Password, too. The User-Password is the password as entered by the user. If you're going to force authentication success, why not just set "Auth-Type := Accept"? That avoids all of the mangling of passwords (chap and pap) Alan DeKok.