Radius authentication passphrase length

billm

Any debug from the Encrypt() function? I tested it with 15-17 character passwords and it seemed to do the right thing there. I don't have a way to test against RADIUS, but the function looks good now :-/

–Bill

buraglio

No real debug info from the Encrypt() function. I can dig a little deeper. I can also give you access to the box if you'd like.

buraglio

So it does allow for shorter paswords but generates some errors:


radius-port: 1812
radius-host: 10.10.102.2
username: blahblah

key: TestRadiusKey
password: testpasswd
username is blahblah with len 8 encryptedpassword is šJ»[à6%¤2ÍÇƒhÄ with len 10 nasHostname is portal-a.lab.local with len 18 
writing 95 bytes

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/captiveportal/radius_authentication.inc:48) in /usr/local/captiveportal/index.php on line 335 
radius-port: 1813
radius-host: 10.10.2.25
username: blahblah

username is blahblah with len 8 nasHostname is portal-a.lab.local with len 18 
writing 113 bytes
[/code]

The errors on the RADIUS server for a >16 char passphrase are as i'd expect for an incorrect passphrase.

billm

@buraglio:

No real debug info from the Encrypt() function. I can dig a little deeper. I can also give you access to the box if you'd like.

It'd be helpful to be able to point at a radius server with an account that has a 17 (or larger) character password. I've got no way of testing that I'm following the RFC correctly - 16 and under still work with the new code I assume?

–Bill

buraglio

It authenticates with the new code with a RADIUS box with >=16 passwords but the redirection after fails with some php errors. I assume that is a cosmetic fix and not critical. I can work on getting a radius box up probably tomorrow if that'd be helpful.

billm

@buraglio:

It authenticates with the new code with a RADIUS box with >=16 passwords but the redirection after fails with some php errors. I assume that is a cosmetic fix and not critical. I can work on getting a radius box up probably tomorrow if that'd be helpful.

So it now authenticates accounts with > 16 char passwords? And authenticates accounts with < 16 char passwords? Only a PHP error to cleanup? Good news. Maybe the PHP error is coming from the $debug define.

–Bill

buraglio

@billm:

@buraglio:

It authenticates with the new code with a RADIUS box with >=16 passwords but the redirection after fails with some php errors. I assume that is a cosmetic fix and not critical. I can work on getting a radius box up probably tomorrow if that'd be helpful.

So it now authenticates accounts with > 16 char passwords? And authenticates accounts with < 16 char passwords? Only a PHP error to cleanup? Good news. Maybe the PHP error is coming from the $debug define.

–Bill

Actually it only authenticates 16 char or below passwords. I mistyped. Sorry.

buraglio

Has anyone else noticed this behavior? Would it be beneficial for me to set up a RADIUS box and give you access to test against?

sullrich

@buraglio:

Has anyone else noticed this behavior? Would it be beneficial for me to set up a RADIUS box and give you access to test against?

Yes, please do. Bill does not have access to a tesitng environment for this.

billm

@buraglio:

Has anyone else noticed this behavior? Would it be beneficial for me to set up a RADIUS box and give you access to test against?

If you can provide me a radius target I can test this myself.

–Bill

buraglio

I'll work on this this afternoon and post when it's done.

buraglio

@buraglio:

I'll work on this this afternoon and post when it's done.

I have this up, I'm still verifying correct functionality. How would you like to go about testing?

buraglio

ok, I have this working whenever you'd like to start working on it.

billm

@buraglio:

ok, I have this working whenever you'd like to start working on it.

Can you PM me an IP to test against along with two usernames, one with a 15 char password, one with a 20 char password. I can provide a static IP if needed that I'll be testing from.

–Bill