[RadiusNT] RadGetUser in RadiusNT30

Christian Gatti ( cgatti@vo.lu )
Thu, 15 Jun 2000 18:14:37 +0200

Option 'Disable User Cache Authentication' in RadiusNT Administrator 3.0 is

I tried to intercept the username and password of every user that logs in,
by adding a sql-insert-cmd to the stored procedure 'RadGetUsers':

CREATE PROCEDURE RadGetUser @user VARCHAR(64) , @password VARCHAR(32) AS

insert into spy (login,password) values (@user,@password)

SELECT SubAccounts.AccountID, SubAccounts.Login, SubAccounts.Password,
NULL, SubAccounts.AccountType, SubAccounts.LoginLimit, SubAccounts.TimeLeft,
MasterExpire=DateAdd(Day, ma.Extension+ma.OverDue+1, maExpireDate),
SubExpire=DateAdd(Day, SubAccounts.Extension+1, saExpireDate)
FROM SubAccounts, MasterAccounts ma
WHERE SubAccounts.CustomerID = ma.CustomerID
AND SubAccounts.Active <> 0
AND ma.Active <> 0
AND SubAccounts.Login = @user
AND SubAccounts.Password = @password

Why does RadiusNT30 always pass 'NULL' instead of the user's password?

Christian Gatti
Visual Online

For more information about this list (including removal) go to: