https://community.cisco.com/t5/network-access-control/car-authentication-with-null-password-with-external-db/m-p/823323#M407945 <HTML><HEAD></HEAD><BODY><P>AR itself is normally comparing the password it has in the authentication request with the password it retrieves from the database With AR, it is possible to create your own authentication service script that will not check passwords. This method is not easy since you will most likely have to access an external data store. And also Check all the four AR processes are running using /opt/CSCOar/bin/arstatus</P><P></P></BODY></HTML> Thu, 17 Jan 2008 15:30:16 GMT ebreniz 2008-01-17T15:30:16Z https://community.cisco.com/t5/network-access-control/car-authentication-with-null-password-with-external-db/m-p/823322#M407944 <P>With Radclient I send a UserName sergio with a Null password, in my Oracle DB I have the same data and when checked it </P><P>User sergio's password does not match</P><P>And when I used CAR db with the option AllowNullPassword TRUE everything work fine</P><P></P><P>01/11/2008 9:43:36: P537: Using Client: localhost</P><P>01/11/2008 9:43:36: P537: Using NAS: localhost (127.0.0.1)</P><P>01/11/2008 9:43:36: P537: Request is directly from a NAS: TRUE</P><P>01/11/2008 9:43:36: P537: Authenticating and Authorizing with Service sergio</P><P>01/11/2008 9:43:36: P537: Service sergio: Sending request to remote server sergio</P><P>01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): Binding values for MarkerList in SQLStatement 'sqlsergio':</P><P>01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): Binding marker variable 'UserName' with value 'sergio'</P><P>01/11/2008 9:43:36: P537: ODBC client (DataSource 'sergio', Connection 2): executing SQLStatement 'sqlsergio'</P><P>01/11/2008 9:43:36: P537: Results obtained after executing SQLStatements:</P><P>01/11/2008 9:43:36: P537: Column name: 'USUARIO' Retrieved value: 'sergio'</P><P>01/11/2008 9:43:36: P537: Column name: 'CLAVE' Retrieved value: ''</P><P>01/11/2008 9:43:36: P537: Remote Server sergio (sergio-odbc:0): user sergio's password does not match</P><P>01/11/2008 9:43:36: P537: User sergio's password does not match</P><P>01/11/2008 9:43:36: P537: Trace of Access-Reject packet</P><P>01/11/2008 9:43:36: P537: identifier = 1</P><P>01/11/2008 9:43:36: P537: length = 36</P><P>01/11/2008 9:43:36: P537: respauth = 0f:39:da:e2:fb:ea:17:d8:af:39:f1:0d:9b:32:3a:5a</P><P>01/11/2008 9:43:36: P537: Reply-Message = Access Denied</P><P>01/11/2008 9:43:36: P537: Sending response to 127.0.0.1</P><P>01/11/2008 9:43:36: Log: Request from localhost (127.0.0.1): User sergio rejected by RemoteServer sergio (UserPasswordInvalid).</P><P>01/11/2008 9:43:36: P537: Packet successfully removed</P><P></P> Sun, 10 Mar 2019 22:35:51 GMT https://community.cisco.com/t5/network-access-control/car-authentication-with-null-password-with-external-db/m-p/823322#M407944 sotsubo80 2019-03-10T22:35:51Z https://community.cisco.com/t5/network-access-control/car-authentication-with-null-password-with-external-db/m-p/823323#M407945 <HTML><HEAD></HEAD><BODY><P>AR itself is normally comparing the password it has in the authentication request with the password it retrieves from the database With AR, it is possible to create your own authentication service script that will not check passwords. This method is not easy since you will most likely have to access an external data store. And also Check all the four AR processes are running using /opt/CSCOar/bin/arstatus</P><P></P></BODY></HTML> Thu, 17 Jan 2008 15:30:16 GMT https://community.cisco.com/t5/network-access-control/car-authentication-with-null-password-with-external-db/m-p/823323#M407945 ebreniz 2008-01-17T15:30:16Z