Thanks so much for taking a look... See comments below:
On Jan 18, 2013, at 3:04 PM, Alan DeKok <al...@deployingradius.com> wrote: > Joseph wrote: >> What we would like to do is this: >> >> Take this request: >> >> User-Name = "6064191...@evdo.myawi.net" >> CHAP-Password = 0x59db2896a9629a7a1296e8e3dc7751da58 >> NAS-IP-Address = 10.130.2.1 >> CHAP-Challenge = 0x022074534be2e8405c867f676b46b432 >> 3GPP2-Attr-60 = 0x00000001 >> 3GPP2-Attr-61 = 0x0106000000010209a0000029275c41 > > That looks like a series of TLVs to me. i.e. not a password. There > seems to be a 32-bit integer, followed by a 64-bit integer. > >> And instead of using chap to authenticate the user, we take the >> 3GPP2-Attr-61, convert it to the password we want, set it into the >> cleartext-password, and have the sql module query the DB for that new >> password. > > I'm not sure what that means. "convert it to the password we want"? Instead of using Chap which we are getting above, we want to use the "3GPP2-Attr-61 = 0x0106000000010209a0000029275c41" value which we can convert to the device serial number. In our DB we store the device serial number. The devices chap info most of them time might be tampered with or wrong. So we wanted our EXEC script to replace the chap user/pass with the new PAP user/password. > >> Here is the perl code that we run prior to the pap module: >> >> >> $retattr .= "Cleartext-Password := $meid"; >> $retattr .= ", CHAP-Password :=\"\" , CHAP-Challenge :=\"\" "; >> $retattr .= ", Auth-Type := PAP "; > > Well, that won't work. > > The Cleartext-Password is the *known good* password. The PAP module > needs a User-Password, too. The User-Password is the password as > entered by the user. > Should we be setting Cleartext-Password and the User-Password? > If you're going to force authentication success, why not just set > "Auth-Type := Accept"? That avoids all of the mangling of passwords > (chap and pap) We still want radius to run through the normal SQL process to verify that the above serial number is valid. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --regards, Joseph - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
