On 11/26/2011 05:19 AM, M P wrote: > Since in my case that I am getting the password from an external API via > an AuthBy EXTERNAL script, does it mean that I have to do the following > step s below upon receiving the user's Access-Request? > > [1] The external script will query the external API server and get the > user's password;
Yes. > [2] The script will then convert the password received into a > CHAP-Password format (e.g. CHAP ID + MD5SUM of CHAP ID + password + > CHAP-Challenge); Yes. Just to check what is hashed with MD5: CHAP ID + MD5SUM of (CHAP ID + password + CHAP-Challenge) > [3] Compare the CHAP-Password received from the user's Access-Request vs > the CHAP-Password that was converted as per item [2]; Yes. The human readable format Radiator uses for binary attribute values comes AttrVal.pm pclean function. You need to duplicate that format in your script to get the value calculated in [2] to match what AuthBy EXTERNAL gets for its input. So this format is output from pclean function: CHAP-Password = 5S<170><235><146><30><135><252><190><135><244>.cx<249><173>~ > [4] Whatever the result of item [3], my script will then do an "exit 0" > or "exit 1". Yes. > Please advice. Thank you very much. I think you got the steps correct. -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
