Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
1
Replies

CAR Authentication with Null password with External DB

sotsubo80
Level 1
Level 1

‎01-11-2008 04:52 AM - edited ‎03-10-2019 03:35 PM

With Radclient I send a UserName sergio with a Null password, in my Oracle DB I have the same data and when checked it

User sergio's password does not match

And when I used CAR db with the option AllowNullPassword TRUE everything work fine

01/11/2008 9:43:36: P537: Using Client: localhost

01/11/2008 9:43:36: P537: Using NAS: localhost (127.0.0.1)

01/11/2008 9:43:36: P537: Request is directly from a NAS: TRUE

01/11/2008 9:43:36: P537: Authenticating and Authorizing with Service sergio

01/11/2008 9:43:36: P537: Service sergio: Sending request to remote server sergio

01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): Binding values for MarkerList in SQLStatement 'sqlsergio':

01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): Binding marker variable 'UserName' with value 'sergio'

01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): executing SQLStatement 'sqlsergio'

01/11/2008 9:43:36: P537: Results obtained after executing SQLStatements:

01/11/2008 9:43:36: P537: Column name: 'USUARIO' Retrieved value: 'sergio'

01/11/2008 9:43:36: P537: Column name: 'CLAVE' Retrieved value: ''

01/11/2008 9:43:36: P537: Remote Server sergio (sergio-odbc:0): user sergio's password does not match

01/11/2008 9:43:36: P537: User sergio's password does not match

01/11/2008 9:43:36: P537: Trace of Access-Reject packet

01/11/2008 9:43:36: P537: identifier = 1

01/11/2008 9:43:36: P537: length = 36

01/11/2008 9:43:36: P537: respauth = 0f:39:da:e2:fb:ea:17:d8:af:39:f1:0d:9b:32:3a:5a

01/11/2008 9:43:36: P537: Reply-Message = Access Denied

01/11/2008 9:43:36: P537: Sending response to 127.0.0.1

01/11/2008 9:43:36: Log: Request from localhost (127.0.0.1): User sergio rejected by RemoteServer sergio (UserPasswordInvalid).

01/11/2008 9:43:36: P537: Packet successfully removed

Labels:
0 Helpful
1 Reply 1

ebreniz
Level 6
Level 6

‎01-17-2008 07:30 AM

AR itself is normally comparing the password it has in the authentication request with the password it retrieves from the database With AR, it is possible to create your own authentication service script that will not check passwords. This method is not easy since you will most likely have to access an external data store. And also Check all the four AR processes are running using /opt/CSCOar/bin/arstatus

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents