(RADIATOR) Access Rejected on AuthBy RADIUS
Matt Scifo
mscifo at o1.com
Wed Dec 19 17:18:43 CST 2001
Hello
I have a installation of Radiator 2.19 on a Debian box. My config only
has an AuthBy RADUIS clause in a single Handler. Whenever I send a test
auth, I get a "Request Denied" with no explaination. The server that I
am proxying to is up and in production. I have successfully test authed
to it from another box (not going through radiator first). When I check
the trace 4 debug, I see the following....
###################################################################
*** Received from xxx.xxx.xxx.xxx port 1024 ....
Code: Access-Request
Identifier: 117
Authentic: 1234567890123456
Attributes:
User-Name = "stevek"
Service-Type = Framed-User
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 1234
Called-Station-Id = "xxxxxxxxxx"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<29>M<146>Uq<15><170><200>T<10><201>,m3<15><172>"
Wed Dec 19 15:04:27 2001: DEBUG: Check if Handler Called-Station-Id =
/1155$/ should be used to handle this request
Wed Dec 19 15:04:27 2001: DEBUG: Handling request with Handler
'Called-Station-Id = /1155$/'
Wed Dec 19 15:04:27 2001: DEBUG: Deleting session for stevek,
xxx.xxx.xxx.xxx, 1234
Wed Dec 19 15:04:27 2001: DEBUG: Handling with Radius::AuthSQL
Wed Dec 19 15:04:27 2001: INFO: Access rejected for stevek:
Authentication disabled
Wed Dec 19 15:04:27 2001: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 1024 ....
Code: Access-Reject
Identifier: 117
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
##################################################################
Why does it say "Deleting session for stevek" and "Handling with
Radius::AuthSQL" when I am only using AuthRADIUS? What is the reason
for the reject? I have checked everything, the client list, the
secrets, the user/pass.
Below is my radius.cfg. Any ideas??
-Matt
## radius.cfg ##########################################################
Foreground
#LogStdout
LogDir /var/log/radius
LogFile /var/log/radius/%Y%m%d-radius.log
AuthPort 1812
AcctPort 1813
# User a lower trace level in production systems:
Trace 4
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<ClientListSQL>
DBSource dbi:mysql:radius
DBUsername root
DBAuth xxxxxxxxx
GetClientQuery select NASIDENTIFIER, SECRET from RADCLIENTLIST
</ClientListSQL>
# Get configs from specified directory
include /usr/local/radiator/configs/1155.cfg
########################################################################
## 1155.cfg ############################################################
<Handler Called-Station-Id = /1155$/>
#AuthByPolicy ContinueAlways
<AuthBy RADIUS>
#Synchronous
#FailureBackoffTime
#StripFromRequest
#AddToRequest
#NoForwardAuthentication
#NoForwardAccounting
#USERNAME =
#PASSWORD =
<Host xxx.xxx.xxx.xxx>
Secret xxxxxxxxx
AuthPort 11155
#AcctPort 11156
Retries 3
RetryTimeout 10
</Host>
</AuthBy>
</Handler>
#######################################################################
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list