CAR Authentication with Null password with External DB

Unanswered Question
Jan 11th, 2008

With Radclient I send a UserName sergio with a Null password, in my Oracle DB I have the same data and when checked it

User sergio's password does not match

And when I used CAR db with the option AllowNullPassword TRUE everything work fine

01/11/2008 9:43:36: P537: Using Client: localhost

01/11/2008 9:43:36: P537: Using NAS: localhost (127.0.0.1)

01/11/2008 9:43:36: P537: Request is directly from a NAS: TRUE

01/11/2008 9:43:36: P537: Authenticating and Authorizing with Service sergio

01/11/2008 9:43:36: P537: Service sergio: Sending request to remote server sergio

01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): Binding values for MarkerList in SQLStatement 'sqlsergio':

01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): Binding marker variable 'UserName' with value 'sergio'

01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): executing SQLStatement 'sqlsergio'

01/11/2008 9:43:36: P537: Results obtained after executing SQLStatements:

01/11/2008 9:43:36: P537: Column name: 'USUARIO' Retrieved value: 'sergio'

01/11/2008 9:43:36: P537: Column name: 'CLAVE' Retrieved value: ''

01/11/2008 9:43:36: P537: Remote Server sergio (sergio-odbc:0): user sergio's password does not match

01/11/2008 9:43:36: P537: User sergio's password does not match

01/11/2008 9:43:36: P537: Trace of Access-Reject packet

01/11/2008 9:43:36: P537: identifier = 1

01/11/2008 9:43:36: P537: length = 36

01/11/2008 9:43:36: P537: respauth = 0f:39:da:e2:fb:ea:17:d8:af:39:f1:0d:9b:32:3a:5a

01/11/2008 9:43:36: P537: Reply-Message = Access Denied

01/11/2008 9:43:36: P537: Sending response to 127.0.0.1

01/11/2008 9:43:36: Log: Request from localhost (127.0.0.1): User sergio rejected by RemoteServer sergio (UserPasswordInvalid).

01/11/2008 9:43:36: P537: Packet successfully removed

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Thu, 01/17/2008 - 07:30

AR itself is normally comparing the password it has in the authentication request with the password it retrieves from the database With AR, it is possible to create your own authentication service script that will not check passwords. This method is not easy since you will most likely have to access an external data store. And also Check all the four AR processes are running using /opt/CSCOar/bin/arstatus

Actions

This Discussion