[RadiusNT] RadGetUser in RadiusNT30

Christian Gatti ( cgatti@vo.lu )
Thu, 15 Jun 2000 18:14:37 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Richard Pedersen: "RE: [RadiusNT] Email-Only Filter"
Next message: Peter Deacon: "Re: [RadiusNT] RadGetUser in RadiusNT30"
Next in thread: Peter Deacon: "Re: [RadiusNT] RadGetUser in RadiusNT30"

Option 'Disable User Cache Authentication' in RadiusNT Administrator 3.0 is
checked.

I tried to intercept the username and password of every user that logs in,
by adding a sql-insert-cmd to the stored procedure 'RadGetUsers':

CREATE PROCEDURE RadGetUser @user VARCHAR(64) , @password VARCHAR(32) AS

insert into spy (login,password) values (@user,@password)

SELECT SubAccounts.AccountID, SubAccounts.Login, SubAccounts.Password,
NULL, SubAccounts.AccountType, SubAccounts.LoginLimit, SubAccounts.TimeLeft,
MasterExpire=DateAdd(Day, ma.Extension+ma.OverDue+1, maExpireDate),
SubExpire=DateAdd(Day, SubAccounts.Extension+1, saExpireDate)
FROM SubAccounts, MasterAccounts ma
WHERE SubAccounts.CustomerID = ma.CustomerID
AND SubAccounts.Active <> 0
AND ma.Active <> 0
AND SubAccounts.Login = @user
AND SubAccounts.Password = @password

Why does RadiusNT30 always pass 'NULL' instead of the user's password?

Christian Gatti
cgatti@vo.lu
Visual Online

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart

Previous message: Richard Pedersen: "RE: [RadiusNT] Email-Only Filter"
Next message: Peter Deacon: "Re: [RadiusNT] RadGetUser in RadiusNT30"
Next in thread: Peter Deacon: "Re: [RadiusNT] RadGetUser in RadiusNT30"