Re: RADIUS Question

Derric Scott (dtscott@scott.net)
Thu, 29 May 1997 13:43:46 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Storms: "Re: IRX-114"
Previous message: Todd Knaus: "Zoom Modem & PM3"

> Jon Lewis wrote:
> > On Wed, 28 May 1997, Robert Boyle wrote:
> > > I would change this to:
> > >
> > > noauth Password = "sJSDd2dfk92"
> > > User-Service-Type = Framed-User
> > I've been using:
> > zalabia Password = ""
> > ali Password = ""
>
> It would, mostly, but after 2 minutes of testing, typing "zalabia" as the
> username, and simply pressing enter at the password prompt will allow you on!!!
>
> We use:
> username Password=DISABLED_56438534
> (where a random number is used after the _)

The single line entry does work for us (Radius 1.16 hacked). I also used
dummy passwords for a while. Finally, while hacking radius for something
else, I put a catch in so that a password of "NOLOGIN" would always
disallow a login.

In radiusd.c I put this in the function rad_authenticate, in the "if"
where the check for the password="UNIX" special case is made:

/* DTS 24Mar97 Added below to handle prohibited logins */
} else if(strcmp(check_item->strvalue, "NOLOGIN") == 0) {
result = -1;
user_msg = "LOGIN DENIED - CALL OUR OFFICE\r\n";
} else if(strcmp(check_item->strvalue, ...

Seems to work fine.

Later.

Derric

-- 
Derric Scott          Scott Network Services, Inc.         P. O. Box 361353
derric@scott.net           (205)987-5889               Birmingham, AL 35236

Next message: John Storms: "Re: IRX-114"
Previous message: Todd Knaus: "Zoom Modem & PM3"