CHAP-Password handling
Hi guys, How are things ? I need valuable suggestion from you guys let me explain what I have here. I have a script which decides which kind of Access-Request have to correct. so my perl script modies the $RAD_REQUEST{'User-Name'} and $RAD_REQUEST{'User-Password'} . So this username and password both are correct. They both are in my radcheck database as well so we get Access-Accept. This works great for PAP now when I use CHAP we see 2 new parameters in the Access-Request (CHAP-Password & CHAP-Challenge) is there any way I can send direct Access-Accept if my script found the User-Name in my database? Thank you -- Regards, Jehanzaib
On Jul 2, 2018, at 7:11 PM, J E H A N Z A I B <jehanzaib.kiani@gmail.com> wrote:
How are things ? I need valuable suggestion from you guys let me explain what I have here.
I have a script which decides which kind of Access-Request have to correct. so my perl script modies the $RAD_REQUEST{'User-Name'} and $RAD_REQUEST{'User-Password'} .
You don't need to do that. You can just set the $RAD_CHECK{'Auth-Type'} = "Accept"
So this username and password both are correct. They both are in my radcheck database as well so we get Access-Accept. This works great for PAP now when I use CHAP we see 2 new parameters in the Access-Request (CHAP-Password & CHAP-Challenge) is there any way I can send direct Access-Accept if my script found the User-Name in my database?
Yes. See above. Alan DeKok.
Thanks Alan. The reason I am only adding RAD_REQUEST['Username'] is , our cpes have wrong username and most of the times wrong password so I have to accept them but also need to keep the accounting records on the basis of username. so if simply add $RAD_CHECK{'Auth-Type'} = "Accept" will it also change my username which I am already doing above this? THank you On Tue, Jul 3, 2018 at 11:16 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Jul 2, 2018, at 7:11 PM, J E H A N Z A I B <jehanzaib.kiani@gmail.com> wrote:
How are things ? I need valuable suggestion from you guys let me explain what I have here.
I have a script which decides which kind of Access-Request have to correct. so my perl script modies the $RAD_REQUEST{'User-Name'} and $RAD_REQUEST{'User-Password'} .
You don't need to do that. You can just set the $RAD_CHECK{'Auth-Type'} = "Accept"
So this username and password both are correct. They both are in my radcheck database as well so we get Access-Accept. This works great for PAP now when I use CHAP we see 2 new parameters in the Access-Request (CHAP-Password & CHAP-Challenge) is there any way I can send direct Access-Accept if my script found the User-Name in my database?
Yes. See above.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-- Regards, Jehanzaib
On Jul 2, 2018, at 7:21 PM, J E H A N Z A I B <jehanzaib.kiani@gmail.com> wrote:
Thanks Alan. The reason I am only adding RAD_REQUEST['Username'] is , our cpes have wrong username and most of the times wrong password so I have to accept them but also need to keep the accounting records on the basis of username.
You didn't say that. I can only answer questions based on information you give
so if simply add $RAD_CHECK{'Auth-Type'} = "Accept" will it also change my username which I am already doing above this?
If you do both things, you will get both results. Alan DeKok.
I really appreciate your reply Alan. Thank you On Tue, Jul 3, 2018 at 11:23 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Jul 2, 2018, at 7:21 PM, J E H A N Z A I B <jehanzaib.kiani@gmail.com> wrote:
Thanks Alan. The reason I am only adding RAD_REQUEST['Username'] is , our cpes have wrong username and most of the times wrong password so I have to accept them but also need to keep the accounting records on the basis of username.
You didn't say that. I can only answer questions based on information you give
so if simply add $RAD_CHECK{'Auth-Type'} = "Accept" will it also change my username which I am already doing above this?
If you do both things, you will get both results.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-- Regards, Jehanzaib
participants (2)
-
Alan DeKok -
J E H A N Z A I B