I am happy to report my previous issues dealing with the external scripts
are all fixed and working. I am coming from an XT-Radius background, and
migrating many of the same scripts over which I am trying to get to work
with FreeRadius. Nearly everything is successful except 1 item. Chap
authentication. We are using perl for the auth script, and attached is a
copy of the CHAP function to see if it matches. The problem I am having is
$digest is never eq substr($chap_password,1). I have confirmed that both
$ENV{"CHAP_PASSWORD"} and $ENV{"CHAP_CHALLENGE"} do have data.
Any assistance is apprecated. This exact (well, XT uses different ENV
names, but otherwise exact) function works perfect in XT Radius, so I am
assuming there must be something just slightly different about how
Freeradius handles the chap password and challenge. Also, if anyone has a
pre-written script which handles CHAP auth, that would also be useful.
---- snippet of CHAP auth portion of script ----
if ($ENV{"CHAP_PASSWORD"} && $ENV{"CHAP_CHALLENGE"}) {
$chap_password = pack("H*", $ENV{"CHAP_PASSWORD"});
$chap_challenge = pack("H*", $ENV{"CHAP_CHALLENGE"});
$md5 = new MD5;
$md5->reset;
$md5->add(substr($chap_password,0,1));
$md5->add($userinfo[1]);
$md5->add($chap_challenge);
$digest = $md5->digest();
$blehtemp = substr($chap_password,1);
if ($digest ne substr($chap_password,1)) {
# i don't know you. sod off.
$authlogfile = IO::File->new("/var/log/auth.log", "a+")
or die "Couldn't open /var/log/auth.log for writing: $!\n";
$authlogfile->printf(localtime(time) . ": Error: Incorrect
password$
$authlogfile->close();
exit 1003;
}
}
---- end snippet ----
Note, the $authlogfile line is cut off, just my copy/paste didn't catch the
end of it, but that is not a problem. Below this function if it does not
deny user here, it authenticates it lower in the script. But what happens
is the if ($digest ne substr($chap_password,1)) statement is always true;
therefore, nobody ever gets authenticated.
Thanks in advance,
Nate
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html