> Option 'Disable User Cache Authentication' in RadiusNT Administrator 3.0 is
> checked.
> I tried to intercept the username and password of every user that logs in,
> by adding a sql-insert-cmd to the stored procedure 'RadGetUsers':
> CREATE PROCEDURE RadGetUser @user VARCHAR(64) , @password VARCHAR(32) AS
> insert into spy (login,password) values (@user,@password)
> SELECT SubAccounts.AccountID, SubAccounts.Login, SubAccounts.Password,
> NULL, SubAccounts.AccountType, SubAccounts.LoginLimit, SubAccounts.TimeLeft,
> MasterExpire=DateAdd(Day, ma.Extension+ma.OverDue+1, maExpireDate),
> SubExpire=DateAdd(Day, SubAccounts.Extension+1, saExpireDate)
> FROM SubAccounts, MasterAccounts ma
> WHERE SubAccounts.CustomerID = ma.CustomerID
> AND SubAccounts.Active <> 0
> AND ma.Active <> 0
> AND SubAccounts.Login = @user
> AND SubAccounts.Password = @password
> Why does RadiusNT30 always pass 'NULL' instead of the user's password?
Radius handles searching for matching passwords internally... It
always sends a NULL password to RadGetUser.
You can get a list of failed logins from RadLogs and a list of successfull
ones from the Calls table.
Have Fun!
Peter
For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart