(RADIATOR) Access Rejected on AuthBy RADIUS

Hugh Irvine hugh at open.com.au
Wed Dec 19 22:04:00 CST 2001 

Hello Matt -

The only thing I can think of is that you have another 

<Handler Called-Station-Id = /1155$/>

in one of your other included files which is overwriting the one you show 
below.

And Radiator always maintains an internal session database which is why you 
see the "Deleting session ...." message.

hth

Hugh


On Thu, 20 Dec 2001 10:18, Matt Scifo wrote:
> Hello
>
> I have a installation of Radiator 2.19 on a Debian box.  My config only
> has an AuthBy RADUIS clause in a single Handler.  Whenever I send a test
> auth, I get a "Request Denied" with no explaination.  The server that I
> am proxying to is up and in production.  I have successfully test authed
> to it from another box (not going through radiator first).  When I check
> the trace 4 debug, I see the following....
>
> ###################################################################
> *** Received from xxx.xxx.xxx.xxx port 1024 ....
> Code:       Access-Request
> Identifier: 117
> Authentic:  1234567890123456
> Attributes:
> 	User-Name = "stevek"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = xxx.xxx.xxx.xxx
> 	NAS-Port = 1234
> 	Called-Station-Id = "xxxxxxxxxx"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password = "<29>M<146>Uq<15><170><200>T<10><201>,m3<15><172>"
>
> Wed Dec 19 15:04:27 2001: DEBUG: Check if Handler Called-Station-Id =
> /1155$/ should be used to handle this request
> Wed Dec 19 15:04:27 2001: DEBUG: Handling request with Handler
> 'Called-Station-Id = /1155$/'
> Wed Dec 19 15:04:27 2001: DEBUG:  Deleting session for stevek,
> xxx.xxx.xxx.xxx, 1234
> Wed Dec 19 15:04:27 2001: DEBUG: Handling with Radius::AuthSQL
> Wed Dec 19 15:04:27 2001: INFO: Access rejected for stevek:
> Authentication disabled
> Wed Dec 19 15:04:27 2001: DEBUG: Packet dump:
> *** Sending to xxx.xxx.xxx.xxx port 1024 ....
> Code:       Access-Reject
> Identifier: 117
> Authentic:  1234567890123456
> Attributes:
> 	Reply-Message = "Request Denied"
> ##################################################################
>
> Why does it say "Deleting session for stevek" and "Handling with
> Radius::AuthSQL" when I am only using AuthRADIUS?  What is the reason
> for the reject?  I have checked everything, the client list, the
> secrets, the user/pass.
>
> Below is my radius.cfg.  Any ideas??
>
> -Matt
>
>
>
> ## radius.cfg ##########################################################
> Foreground
> #LogStdout
> LogDir		/var/log/radius
> LogFile		/var/log/radius/%Y%m%d-radius.log
> AuthPort	1812
> AcctPort	1813
>
> # User a lower trace level in production systems:
> Trace 	4
>
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <ClientListSQL>
> 	DBSource	dbi:mysql:radius
> 	DBUsername	root
> 	DBAuth		xxxxxxxxx
>
> 	GetClientQuery	select NASIDENTIFIER, SECRET from RADCLIENTLIST
> </ClientListSQL>
>
> # Get configs from specified directory
> include /usr/local/radiator/configs/1155.cfg
> ########################################################################
>
> ## 1155.cfg ############################################################
> <Handler Called-Station-Id = /1155$/>
> 	#AuthByPolicy ContinueAlways
>
>         <AuthBy RADIUS>
>                 #Synchronous
>                 #FailureBackoffTime
>                 #StripFromRequest
>                 #AddToRequest
>                 #NoForwardAuthentication
>                 #NoForwardAccounting
>
> 		#USERNAME =
>                 #PASSWORD =
>                 <Host xxx.xxx.xxx.xxx>
>                         Secret xxxxxxxxx
>                         AuthPort 11155
>                         #AcctPort 11156
>                         Retries 3
>                         RetryTimeout 10
>                 </Host>
>         </AuthBy>
> </Handler>
> #######################################################################
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list