Hey All,
I've given this some serious thought and done a bunch of reading, and I'm
stuck. Here's what I want to do:
1. Provider A uses PAP
2. Provider B uses CHAP
3. I have an existing MySQL table (not radcheck) that has
a single unique row for each username; the people that use
PAP have crypted passwords, and the people who use CHAP
have cleartext passwords stored in each row
I want to setup a single FreeRadius server to process requests from either
Provider A or Provider B using my existing password table. I would prefer
not to build a new radcheck table as this would duplicate existing data.
I have been able to get PAP to work using this query, which reads the
crypted password from my table:
authorize_check_query = SELECT
uid,username,'User-Password',passwd,':=' FROM passwd WHERE username =
'%{SQL-User-Name}' AND allow_logon=1 and pwstatus='x'
How do I configure this so that it does basically this:
- Get auth request
- Is it PAP? If so, run query string A
- Compare crypted password
- Is it CHAP? If so, run query string B
- Compare cleartext password
If I had access to the Auth-Type value within sql.conf, I might could do
something like this:
authorize_check_query = SELECT uid, username,
'User-Password',IF('%{Auth-Type}'='PAP', passwd, clearpw),':=' FROM passwd
WHERE username = '%{SQL-User-Name}' AND allow_logon=1 and pwstatus='x'
This would return the appropriate PAP/CHAP password from the DB, however
this doesn't seem to be anywhere close to working.
Am I on crack? Advice appreciated.
Thanks,
Dave
=
David C. Troy [[EMAIL PROTECTED]] 410-544-6193 Sales
ToadNet - Want to go fast?410-544-1329 FAX
570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
