(RADIATOR) Mysql Authentication Failing
Mike McCauley
mikem at open.com.au
Sat Jun 9 13:31:26 CDT 2001
--- Forwarded mail from owner-radiator at open.com.au
From: owner-radiator at open.com.au
Date: Fri, 8 Jun 2001 20:11:06 -0500
To: radiator-approval at open.com.au
Subject: BOUNCE radiator at open.com.au: Non-member submission from [Roger
Hedrick <Roger.Hedrick at voyager.net>]
>From mikem at server1.open.com.au Fri Jun 8 20:11:05 2001
Received: from mailcore1.oh.voyager.net (mailcore1.oh.voyager.net
[207.0.229.19])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f591B5D03326
for <radiator at open.com.au>; Fri, 8 Jun 2001 20:11:05 -0500
Received: from rhedrick.voyager.net (d5.as0.mtvr.oh.voyager.net [209.115.94.6])
by mailcore1.oh.voyager.net (8.9.3/8.9.3) with ESMTP id XAA22573
for <radiator at open.com.au>; Fri, 8 Jun 2001 23:06:35 -0400 (EDT)
Message-Id: <4.3.2.7.2.20010608224034.00ac6520 at pop.axom.com>
X-Sender: rhedrick at pop.axom.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Fri, 08 Jun 2001 23:04:31 -0400
To: radiator at open.com.au
From: Roger Hedrick <Roger.Hedrick at voyager.net>
Subject: Mysql Authentication Failing
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
I was able to get radiator installed and tested using the simple.cfg
configuration
against the fred user.
I am having problems testing authentication against a mysql database.
Debug from the radius server looks as if it is loosing the password entered
from the radpwtst program. It does look like it is able to get the encrypted
password from the mysql database. Is the radpwtst not a good test to use
against
an encrypted password entry from the mysql database? The 'AuthSql: Reject'
debug message from the server seems to lead to a password comparison mismatch.
What am I doing wrong?
I have included the following:
1) Radius config file
2) radpwtst command output
3) radiusd server debug
4) mysql select output showing user account entry
Roger
Axiom Technologies
#1) Radius config file
Foreground
LogStdout
Trace 4
LogDir /usr/local/radius/log/
DbDir /usr/local/radius/etc/
LogFile %L/log_%Y-%m
<Client DEFAULT>
Secret xxxxxx
DupInterval 0
</Client>
#<SessionDatabase NULL>
# Identifier nulldb
#</SessionDatabase>
<Realm DEFAULT>
#PasswordLogFileName %L/password/log.%Y%m%d
<AuthBy SQL>
DBSource dbi:mysql:auth
DBUsername xxxxx
DBAuth xxxxx
AuthSelect select password, checkattr, replyattr \
from subscriber where username='%U'
AuthColumnDef 0, Encypted-Password, check
#EncryptedPassword
</AuthBy>
</Realm>
#2) Output from radpwtst command
./radpwtst -user testuser -password testit
sending Access-Request...
Rejected: Request Denied
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK
#3) Debug from radius server
./radiusd -config_file ../etc/axiom.cfg
Fri Jun 8 22:45:22 2001: INFO: Server started: Radiator 2.18.1 on elm
Fri Jun 8 22:46:10 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 33799 ....
Code: Access-Request
Identifier: 220
Authentic: 1234567890123456
Attributes:
User-Name = "testuser"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"<141><238>,<217><198>(<4><246><188>8<9><160><216>}x<153>"
Fri Jun 8 22:46:10 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Jun 8 22:46:10 2001: DEBUG: Deleting session for testuser,
203.63.154.1, 1234
Fri Jun 8 22:46:10 2001: DEBUG: Handling with Radius::AuthSQL
Fri Jun 8 22:46:10 2001: DEBUG: Handling with Radius::AuthSQL
Fri Jun 8 22:46:10 2001: DEBUG: Query is: select password, checkattr,
replyattr from subscriber where username='testuser'
Fri Jun 8 22:46:10 2001: DEBUG: Radius::AuthSQL looks for match with testuser
Fri Jun 8 22:46:10 2001: DEBUG: Radius::AuthSQL REJECT: Check item
Encypted-Password expression 'tejH5kIGn0qyM' does not match '' in request
Fri Jun 8 22:46:10 2001: DEBUG: Query is: select password, checkattr,
replyattr from subscriber where username='DEFAULT'
Fri Jun 8 22:46:10 2001: INFO: Access rejected for testuser: Check item
Encypted-Password expression 'tejH5kIGn0qyM' does not match '' in request
Fri Jun 8 22:46:10 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33799 ....
Code: Access-Reject
Identifier: 220
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Fri Jun 8 22:46:10 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 33799 ....
Code: Accounting-Request
Identifier: 221
Authentic: <247>6B<147>h6<166><165><153><131>+<243><233><253><188><250>
Attributes:
User-Name = "testuser"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Fri Jun 8 22:46:10 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Jun 8 22:46:10 2001: DEBUG: Adding session for testuser,
203.63.154.1, 1234
Fri Jun 8 22:46:11 2001: DEBUG: Handling with Radius::AuthSQL
Fri Jun 8 22:46:11 2001: DEBUG: Handling accounting with Radius::AuthSQL
Fri Jun 8 22:46:11 2001: DEBUG: Accounting accepted
Fri Jun 8 22:46:11 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33799 ....
Code: Accounting-Response
Identifier: 221
Authentic: <247>6B<147>h6<166><165><153><131>+<243><233><253><188><250>
Attributes:
Fri Jun 8 22:46:11 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 33799 ....
Code: Accounting-Request
Identifier: 222
Authentic:
<203><190><127><234><0><158><244><144><188>`<156><136><173><221><245><240>
Attributes:
User-Name = "testuser"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Fri Jun 8 22:46:11 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Jun 8 22:46:11 2001: DEBUG: Deleting session for testuser,
203.63.154.1, 1234
Fri Jun 8 22:46:11 2001: DEBUG: Handling with Radius::AuthSQL
Fri Jun 8 22:46:11 2001: DEBUG: Handling accounting with Radius::AuthSQL
Fri Jun 8 22:46:11 2001: DEBUG: Accounting accepted
Fri Jun 8 22:46:11 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33799 ....
Code: Accounting-Response
Identifier: 222
Authentic:
<203><190><127><234><0><158><244><144><188>`<156><136><173><221><245><240>
Attributes:
#4) User from mysql database
mysql> select * from subscriber where username='testuser';
+-------+----------+---------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| realm | username | password | checkattr |
replyattr
|
+-------+----------+---------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | testuser | tejH5kIGn0qyM | Simultaneous-Use = 1 |
Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500,
Framed-Protocol = PPP, Framed-Routing = None, Idle-Timeout = 0, Port-Limit
= 1, Session-Timeout = 0, Service-Type = Framed-User, Ascend-Idl |
+-------+----------+---------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.01 sec)
mysql>
---End of forwarded mail from owner-radiator at open.com.au
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list