(RADIATOR) Strange behaving authentication ?

Patrik Forsberg patrik.forsberg at dataphone.net
Thu Jun 14 02:55:48 CDT 2001


Hi..

I've got a .. minor problem.
I have three different ways a user could get authenticated.
1st is a "users" file for special cases, like static ip-addresses and so
on.
2nd is a deny user file where I put users that ain't supposed to get in.
3rd is UNIX based authentication.

I've ripped out non-intressting parts of the config-file.
## Configuration file ##

        # If accept contiue.. we could get rejected later..
        AuthByPolicy ContinueWhileAccept

        <AuthBy DBFILE>
                Filename %D/db/test <-- Changed to make sure there were
nothing wrong with my "real" users file.
                AcceptIfMissing
        </AuthBy>

        <AuthBy DBFILE>
                Filename %D/db/denied_users
                AcceptIfMissing
        </AuthBy>

        <AuthBy UNIX>
                Identifier System
                Filename /etc/master.passwd
        </AuthBy>

## END ##

## Trace Level 5 from the logfile ##

*** Received from 212.37.0.171 port 2178 ....

Packet length = 90
01 85 00 5a 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 06 64 65 6d 6f 06 06 00 00 00 02
04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b 31 32
33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33
32 31 3d 06 00 00 00 00 02 12 47 3c 34 b3 8d fd
05 6a f2 12 1a 3a 98 dd 11 5f
Code:       Access-Request
Identifier: 133
Authentic:  1234567890123456
Attributes:
        User-Name = "demo"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password =
"G<4<179><141><253><5>j<242><18><26>:<152><221><17>_"

Thu Jun 14 09:50:13 2001: DEBUG: Rewrote user name to demo
Thu Jun 14 09:50:13 2001: DEBUG: Handling request with Handler
'Realm=dataphone.se'
Thu Jun 14 09:50:13 2001: DEBUG: Rewrote user name to demo
Thu Jun 14 09:50:13 2001: DEBUG: Rewrote user name to demo
Thu Jun 14 09:50:13 2001: DEBUG:  Deleting session for demo,
203.63.154.1, 1234
Thu Jun 14 09:50:13 2001: DEBUG: Handling with Radius::AuthDBFILE
Thu Jun 14 09:50:13 2001: DEBUG: Radius::AuthDBFILE looks for match with
demo
Thu Jun 14 09:50:13 2001: DEBUG: Radius::AuthDBFILE REJECT: Check item
Framed-Protocol expression 'PPP' does not match '' in request
Thu Jun 14 09:50:13 2001: DEBUG: Radius::AuthDBFILE looks for match with
DEFAULT
Thu Jun 14 09:50:13 2001: DEBUG: Handling with Radius::AuthUNIX
Thu Jun 14 09:50:13 2001: DEBUG: Radius::AuthUNIX looks for match with
demo
Thu Jun 14 09:50:13 2001: DEBUG: Radius::AuthDBFILE REJECT: No such user
Thu Jun 14 09:50:13 2001: INFO: Access rejected for demo: No such user
Thu Jun 14 09:50:13 2001: DEBUG: Packet dump:
*** Sending to 212.37.0.171 port 2178 ....

Packet length = 34
03 85 00 22 f9 75 ee 1f f3 4c 5e 32 b9 c5 c3 6b
00 bb 85 00 12 0e 4e 6f 20 73 75 63 68 20 75 73
65 72
Code:       Access-Reject
Identifier: 133
Authentic:  1234567890123456
Attributes:
        Reply-Message = "No such user"

## END ##

## Users file ##

demo            User-Password = "test1",
                Service-Type = Framed-User,
                Framed-Protocol = PPP

DEFAULT         Auth-Type = System,
                Service-Type = Framed-User,
                Framed-Protocol = PPP,
                Framed-Compression = None,
                Framed-IP-Address = 255.255.255.254,
                Framed-IP-Netmask = 255.255.255.255

## END

What I can't understand is what the 
" Check item Framed-Protocol expression 'PPP' does not match '' in
request " 
error message is about ?

The test has been done with radpwtst and the user/password have been
checked and are correct.

Please help! I'm stuck :/

Regards,
Patrik
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list