(RADIATOR) AuthSQL looks for match

Hugh Irvine hugh at open.com.au
Fri Oct 5 19:08:02 CDT 2001 

Hello William -

It looks to me like the shared secrets are incorrect (or the password is 
wrong).

The trace that you show correcly indicates the SQL query that was run for 
this user 'cumminspr':

> Fri Oct  5 15:03:26 2001: DEBUG: Query is: select password,
> active, timeleft, bl
> ockuser, guarantor from customer where username='cumminspr' and
> active='Y'

It is just the DEBUG message that uses the rewritten username in the log.

hth

Hugh


On Saturday 06 October 2001 05:22, William Hernandez wrote:
> Hello everyone,
>
> We have users that will be handled by the handler clause
> Handler Called-Station-Id=/5050$/.
>
> Some accounts will be assigned an IP address that is found
> in the users file. All users will be authenticated against
> Platypus.
>
> We're testing using:
> radpwtst -trace -s www.prw.net -user cumminspr -password
> mypassword -auth_port 1812 -
> noacct -secret mysecret -dictionary /etc/raddb/dictionary.prw
> Called-Station-Id
> =6415050
>
> There's a problem in
>
> Fri Oct  5 15:03:26 2001: DEBUG: Query is: select password,
> active, timeleft, bl
> ockuser, guarantor from customer where username='cumminspr' and
> active='Y'
> Fri Oct  5 15:03:26 2001: DEBUG: Radius::AuthSQL looks for match
> with cumminspr@
> prdigital.com
>
> In the first line there's a username='cumminspr' which is what I
> expect to see in '%u'. However, the AuthSQL says that it's
> looking for 'cumminspr at prdigital.com' and fails. Where did I go
> wrong?
>
> Thanks in advance,
> William
> Using Radiator 2.18.2 on RH 7.1.
>
> ----------------------------------- Users
> file ------------------------------------
> cumminspr at prdigital.com
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 208.249.79.280,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Compression = Van-Jacobson-TCP-IP,
>         Ascend-Idle-Limit = 0,
>         Idle-Timeout = 0
>
> ----------------------------------
> radius.cfg ------------------------------------
> <AuthBy FILE>
>         Identifier Check-FILE
>         Filename /etc/raddb/users
>         NoDefaultIfFound
> </AuthBy>
>
> <AuthBy SQL>
>         Identifier prdigital-plat
>
>         DBSource        dbi:Sybase:database=prdigital
>         DBUsername    *
>         DBAuth            *
>
>         AuthSelect select password, active, timeleft, blockuser,
> guarantor \
>                from customer where username='%u' and active='Y'
>         AuthColumnDef   0, User-Password, check
>
>         AddToReply Service-Type = Framed-User, \
>                 Framed-Protocol = PPP, \
>                 Framed-IP-Netmask = 255.255.255.255, \
>                 Framed-Compression = Van-Jacobson-TCP-IP, \
>                 Ascend-Idle-Limit = 900
>          NoDefault
> </AuthBy>
>
> <Handler Called-Station-Id=/5050$/>
>         RewriteUsername s/(.*)/$1\@prdigital.com/
>         SessionDatabase prdigital-sessiondb
>
>         AuthByPolicy ContinueUntilLastAuthBy
>         AuthBy Check-FILE
>         AuthBy prdigital-plat
>
>         PostAuthHook file:"/etc/raddb/setSessionTimeout"
>         AcctLogFileName /var/log/radacct/prdigital/detail
>         PasswordLogFileName
> /var/log/radacct/prdigital/radius.log
>         ExcludeFromPasswordLog  root
> </Handler>
>
> ----------------------------------- Here's a trace
> 4 ------------------------------------.
> Fri Oct  5 15:00:19 2001: INFO: Server started: Radiator 2.18.2
> on www.prw.net
> Fri Oct  5 15:00:23 2001: INFO: Trace level changed to 4
> Fri Oct  5 15:00:23 2001: INFO: Trace level increased to 4
> Fri Oct  5 15:03:25 2001: DEBUG: Packet dump:
> *** Received from 208.249.78.3 port 50990 ....
> Code:       Access-Request
> Identifier: 250
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "cumminspr"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         User-Password =
> "<215><138><169><156><243>$<144><5><164><133><228><174><
> 1>H<30>x"
>         Called-Station-Id = "6415050"
>
> Fri Oct  5 15:03:25 2001: DEBUG: Check if Handler
> Realm=surfea.net should be use
> d to handle this request
> Fri Oct  5 15:03:25 2001: DEBUG: Check if Handler
> Realm=prwebtv.net should be us
> ed to handle this request
> Fri Oct  5 15:03:25 2001: DEBUG: Check if Handler
> Realm=prdigital.com should be
> used to handle this request
> Fri Oct  5 15:03:25 2001: DEBUG: Check if Handler
> Called-Station-Id=/5050$/ shou
> ld be used to handle this request
> Fri Oct  5 15:03:25 2001: DEBUG: Handling request with Handler
> 'Called-Station-I
> d=/5050$/'
> Fri Oct  5 15:03:25 2001: DEBUG: Rewrote user name to
> cumminspr at prdigital.com
> Fri Oct  5 15:03:25 2001: DEBUG: prdigital-sessiondb Deleting
> session for cummin
> spr, 203.63.154.1, 1234
> Fri Oct  5 15:03:25 2001: DEBUG: do query is: delete from
> RADONLINE where NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
>
> Fri Oct  5 15:03:25 2001: DEBUG: Handling with Radius::AuthFILE
> Fri Oct  5 15:03:25 2001: DEBUG: Radius::AuthFILE looks for match
> with cumminspr
> @prdigital.com
> Fri Oct  5 15:03:25 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Fri Oct  5 15:03:25 2001: DEBUG: Handling with Radius::AuthSQL
> Fri Oct  5 15:03:26 2001: DEBUG: Handling with Radius::AuthSQL
> Fri Oct  5 15:03:26 2001: DEBUG: Query is: select password,
> active, timeleft, bl
> ockuser, guarantor from customer where username='cumminspr' and
> active='Y'
>
> Fri Oct  5 15:03:26 2001: DEBUG: Radius::AuthSQL looks for match
> with cumminspr@
> prdigital.com
> Fri Oct  5 15:03:26 2001: DEBUG: Radius::AuthSQL REJECT: Bad
> Password
> Fri Oct  5 15:03:26 2001: DEBUG: Processing
> PostAuthHook:setSessionTimeout
> Fri Oct  5 15:03:26 2001: DEBUG: setSessionTimeout: username is:
> cumminspr at prdig
> ital.com
> Fri Oct  5 15:03:26 2001: DEBUG: setSessionTimeout:
> Called-Station-Id is: 641505
> 0
> Fri Oct  5 15:03:26 2001: INFO: Access rejected for
> cumminspr at prdigital.com: Bad
>  Password
> Fri Oct  5 15:03:26 2001: DEBUG: Packet dump:
> *** Sending to 208.249.78.3 port 50990 ....
> Code:       Access-Reject
> Identifier: 250
> Authentic:  1234567890123456
> Attributes:
>         Framed-IP-Address = 208.249.79.280
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.255
>         Framed-Compression = Van-Jacobson-TCP-IP
>         Ascend-Idle-Limit = 0
>         Idle-Timeout = 0
>         Reply-Message = "Request Denied"
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list