2012-03-19 - Re: [GRASE-Hotspot] Grase and challenge

Header Data

From: Dikdust <di***t@adfacom.it>
Message Hash: 68de3ebfa0f7958638d856ea716c998ec0254ab473912264ec5fdc8be80836b4
Message ID: <240772880.201.1332166249023.JavaMail.root@zimbra>
Reply To: <83798BD85B754C619882A35B65738726@gmail.com>
UTC Datetime: 2012-03-19 07:10:49 UTC
Raw Date: Mon, 19 Mar 2012 15:10:49 +0100

Raw message 



----- Messaggio originale -----
> Da: "Mercier Valentin" <me***v@gmail.com>
> A: "GRASE Hotspot General Discussions" <gr***t@lists.sourceforge.net>
> Inviato: Mercoledì, 14 marzo 2012 13:09:58
> Oggetto: Re: [GRASE-Hotspot] Grase and challenge
> 
> 
> 
> 
> First thanks for the answer,
> 
> 
> 
> It is possible, but not supported currently. The reason being is you
> then need to MySQL database there too, and it starts to get a bit
> more
> complicated. If you are doing this, you need to modify the files in
> /etc/grase/ to point to the database on the other server so that the
> admin interface and the user interfaces can access it, as they access
> it
> directly and not through radius.
> What's you reason for wanting to do it like this?
> Great, I think I can modify the files to do this, but do you know if,
> when we install Grase, the installer install MySql too ?
> I wan't to do that because I'm gonna install Grase in different place
> but I want a centralization of the users.
> 
> 
> 
> 
> Grase already does this (the javascript based login does chap
> challenge
> response). It falls back to a less secure method if javascript is
> disabled, that still does CHAP but uses PHP scripts to do the
> challenge
> and response. So what I could do, is add an option so it doesn't
> fallback to the less secure method ever, but then users without
> javascript won't be able to login. Currently the non-javascript login
> warns the user about it being less secure.
> Hum ok, so if I change the javascript I can prompt the chap challenge
> to the users right ?

Hi I'm working on the centralization of grase for another project, at the moment the documentation is only italian, but if you want to cooperate I can translate docs.

Search for "integrate grase on router" in the mailing list.

I have very little time to work on it, so far the auth with radtest work perfectly with centralized mysql server but there must be a vpn between client and server.

I hope to hear from you soon.

Antonio Alessio "dikdust" Di Pinto


> 
> 
> Another question (sorry about that), do you think a user can login
> but in a anonymous way, I mean I want my user to enter his name and
> then a account is create but without password, but with the chap
> challenge - response system ?
> 
> 
> thanks again
> --
> Mercier Valentin
> 
> 
> Le mercredi, 14 mars 2012 à 11:47, Tim White a écrit :
> 
> 
> 
> HI Mercier
> 
> On 14/03/12 20:18, Mercier Valentin wrote:
> 
> 
> 
> Hi,
> 
> I'm very interested about Grase but I have some questions before
> using
> it.
> First I want to install the freeradius server in an other place and
> make the authentication through a VPN, is that possible ?
> It is possible, but not supported currently. The reason being is you
> 
> 
> 
> then need to MySQL database there too, and it starts to get a bit
> more
> complicated. If you are doing this, you need to modify the files in
> /etc/grase/ to point to the database on the other server so that the
> admin interface and the user interfaces can access it, as they access
> it
> directly and not through radius.
> What's you reason for wanting to do it like this?
> 
> 
> 
> 
> 
> 
> 
> And then I want to use the access-challenge with chap with freeradius
> not the simple authentication method that Grase use.
> And I want the client to calculate the response of the chap
> challenge,
> is that possible too ?
> Grase already does this (the javascript based login does chap
> challenge
> response). It falls back to a less secure method if javascript is
> disabled, that still does CHAP but uses PHP scripts to do the
> challenge
> and response. So what I could do, is add an option so it doesn't
> fallback to the less secure method ever, but then users without
> javascript won't be able to login. Currently the non-javascript login
> warns the user about it being less secure.
> 
> 
> 
> 
> 
> Thanks in advance for your response, and sorry about my bad english.
> 
> No problem. Hope that answers your questions.
> 
> Tim
> 
> 
> 
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Grase-hotspot mailing list
> Gr***t@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/grase-hotspot
>

Thread