Re: Cleartext username
Kristoffer Milligan wrote: > The same thing happens during authentication when the CPE intially > enters the network .. but then the username/password is decrypted and > successfully compared in the database. > > What's the difference between the accounting and the authentication .. > apart from the info that's exchanged? Read the debug log to see? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cleartext username
The same thing happens during authentication when the CPE intially
enters the network .. but then the username/password is decrypted and
successfully compared in the database.
What's the difference between the accounting and the authentication ..
apart from the info that's exchanged?
- Kristoffer Milligan
On 08/26/2010 01:11 PM, Alan DeKok wrote:
Kristoffer Milligan wrote:
as a small test. However, %{SQL-User-Name} is an encrypted version of
the username, which of course will not match anything in my database.
Ask the client PC why it's sending an encrypted user name.
How can I get the username in a cleartext format?
Figure out how the client PC is encrypting it, and decrypt it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cleartext username
Kristoffer Milligan wrote:
> as a small test. However, %{SQL-User-Name} is an encrypted version of
> the username, which of course will not match anything in my database.
Ask the client PC why it's sending an encrypted user name.
> How can I get the username in a cleartext format?
Figure out how the client PC is encrypting it, and decrypt it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cleartext username
Hello list,
I am currently using FreeRADIUS as my AAA server for a WiMAX network.
Authentication is working perfectly, and the server is performing well.
As part of my infrastructure-design I need to be able to forcibly kick
users off the radiolink. As far as I have understood, this needs to be
done using CoA/Disconnect-Request packets forged to match the NAS
requirement.
So far, so good.
I have set up this query in my accounting section:
if("%{sql:SELECT value FROM radcheck WHERE UserName =
'%{SQL-User-Name}' and attribute = 'Acct-Logout-Now'}") {
update disconnect {
Reply-Message = "You have been closed."
}
}
as a small test. However, %{SQL-User-Name} is an encrypted version of
the username, which of course will not match anything in my database.
Thu Aug 26 11:16:42 2010 : Info: (2) expand: SELECT value FROM
radcheck WHERE UserName = '%{SQL-User-Name}' and attribute =
'Acct-Logout-Now' -> SELECT value FROM radcheck WHERE UserName =
'=8Ham=3D1=7A62345d3c567f85678749f233ebe4577fbad' and attribute =
'Acct-Logout-Now'
Thu Aug 26 11:16:42 2010 : Debug: rlm_sql (sql): Reserving sql socket id: 0
Thu Aug 26 11:16:42 2010 : Info: (2) SQL query did not return any results
Thu Aug 26 11:16:42 2010 : Debug: rlm_sql (sql): Released sql socket id: 0
Thu Aug 26 11:16:42 2010 : Info: (2) expand: %{sql:SELECT value FROM
radcheck WHERE UserName = '%{SQL-User-Name}' and attribute =
'Acct-Logout-Now'} ->
Thu Aug 26 11:16:42 2010 : Info: (2) ? Evaluating ("%{sql:SELECT value
FROM radcheck WHERE UserName = '%{SQL-User-Name}' and attribute =
'Acct-Logout-Now'}") -> FALSE
Thu Aug 26 11:16:42 2010 : Info: (2) ++? if ("%{sql:SELECT value FROM
radcheck WHERE UserName = '%{SQL-User-Name}' and attribute =
'Acct-Logout-Now'}") -> FALSE
How can I get the username in a cleartext format?
Thanks in advance,
- Kristoffer Milligan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
