(RADIATOR) passwords
Hugh Irvine
hugh at open.com.au
Wed Sep 19 18:46:19 CDT 2001
Hello -
What are you seeing on the target radius server? Why is the request being
rejected? And can you send me the shared secrets for the Client this request
was received from and for the AuthBy RADIUS clause.
thanks
Hugh
On Thursday 20 September 2001 08:38, Tech wrote:
> > Dear Hugh
>
> Thank you for your time in this matter
>
> Yes I am using the hook below;
> copy of logfile
> Thu Sep 20 08:06:47 2001: DEBUG: Packet dump:
> *** Received from 202.182.129.252 port 1025 ....
> Code: Access-Request
> Identifier: 173
> Authentic:
> <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> Attributes:
> User-Name = "123456780 at test.com"
> User-Password = ""
> NAS-IP-Address = 202.182.129.252
> NAS-Port = 20103
> NAS-Port-Type = Async
> Service-Type = Framed-User
> Framed-Protocol = PPP
> State = ""
> Calling-Station-Id = "0298694580"
> Called-Station-Id = "0299962000"
> Framed-IP-Address = 202.182.129.20
> Acct-Session-Id = "321559643"
>
> Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler
> 'Realm=test.com'
>
> Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780
> Thu Sep 20 08:06:47 2001: DEBUG: Deleting session for 123456780 at test.com,
> 202.182.129.252, 20103
> Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS
> Thu Sep 20 08:06:47 2001: DEBUG: Packet dump:
> *** Sending to 202.182.192.202 port 1645 ....
> Code: Access-Request
> Identifier: 1
> Authentic:
> <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> Attributes:
> User-Name = "123456780"
> User-Password = "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>"
> NAS-IP-Address = 202.182.129.252
> NAS-Port = 20103
> NAS-Port-Type = Async
> Service-Type = Framed-User
> Framed-Protocol = PPP
> State = ""
> Calling-Station-Id = "0298694580"
> Called-Station-Id = "0299962000"
> Framed-IP-Address = 202.182.129.20
> Acct-Session-Id = "321559643"
>
> Thu Sep 20 08:06:48 2001: DEBUG: Packet dump:
> *** Received from 202.182.192.202 port 1645 ....
> Code: Access-Reject
> Identifier: 1
> Authentic: <235>C<213>9h<148><204><143>ErMgg<9><11>j
> Attributes:
> Reply-Message = "Request Denied"
>
> Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for req 1
> from 202.182.192.202:1645
> Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780: Proxied
> Thu Sep 20 08:06:48 2001: DEBUG: Packet dump:
> *** Sending to 202.182.129.252 port 1025 ....
> Code: Access-Reject
> Identifier: 173
> Authentic:
> <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> Attributes:
> Reply-Message = "Request Denied"
> Reply-Message = "Request Denied"
> copy of config file
> <Realm test.com>
> RewriteUsername s/^([^@]+).*/$1/
> PreAuthHook file:"%D/addUsernameAsPassword"
> <AuthBy RADIUS>
> Host 202.182.192.202
> Secret xxxxxxxxxxxx
> </AuthBy>
> AcctLogFileName %L/test.detail.%Y%m%d
> </Realm>
>
> Hugh Irvine wrote:
> > Hello -
> >
> > Have you tried the hook code that I sent you, shown in my message below?
> >
> > What you show below will definitely not work.
> >
> > In any case, a copy of your configuration file (no secrets) and a trace 4
> > debug from Radiator showing what is happening are what I need to be able
> > to help you.
> >
> > regards
> >
> > Hugh
> >
> > On Wednesday 19 September 2001 14:41, Tech wrote:
> > > > Thank you for your help in this matter but I am still having the same
> > >
> > > problem as can be seen from the password log I am still returning no
> > > password
> > > Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL
> > > Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL
> > > this was working on local
> > > PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);}
> > >
> > > Hugh Irvine wrote:
> > > > Hello -
> > > >
> > > > On Tuesday 18 September 2001 12:46, Tech wrote:
> > > > > I am using radiator as a proxy only, but I have a problem, one of
> > > > > my
> > > > >
> > > > > logins never has a password and I have to roll part of the username
> > > >
> > > > to
> > > >
> > > > > %P this is ok for local use but not when ongoing presentation to
> > > > > the
> > > > >
> > > > > proxy.
> > > > >
> > > > > Suggestions or specific examples would be appreciated.
> > > >
> > > > I think you will have to do this with a PreAuthHook, something like
> > > > this:
> > > >
> > > > # -*- mode: Perl -*-
> > > > # addUsernameAsPassword
> > > > #
> > > > # PreAuthHook to add a Password attribute
> > > > # to an Access-Request.
> > > > # The User-Name is used for the Password.
> > > > # Note that the Password must be encoded
> > > > # with the shared secret of the original NAS.
> > > > #
> > > > # Author: Hugh Irvine (hugh at open.com.au)
> > > > # Copyright (C) 2001 Open System Consultants
> > > > #
> > > >
> > > > sub
> > > > {
> > > > my $p = ${$_[0]};
> > > > my $rp = ${$_[1]};
> > > >
> > > > # Get the request code.
> > > > my $code = $p->code;
> > > >
> > > > if ($code eq 'Access-Request')
> > > > {
> > > > my $secret = $p->{Client}->{Secret};
> > > > $password = &Radius::Radius::encode_password
> > > > ($p->{User-Name}, $secret);
> > > > $p->add_attr('Password', $password);
> > > > }
> > > > return;
> > > > }
> > > >
> > > > Your configuration file would look something like this:
> > > >
> > > > # define Realm(s) or Handler(s)
> > > >
> > > > <Realm .....>
> > > > .....
> > > > PreAuthHook file:"%D/addUsernameAsPassword"
> > > > .....
> > > >
> > > > >/Realm>
> > > >
> > > > I haven't tested the code, but you should get the idea.
> > > >
> > > > Please let me know how you get on.
> > > >
> > > > regards
> > > >
> > > > Hugh
> > > >
> > > > --
> > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > > -
> > > > Nets: internetwork inventory and management - graphical, extensible,
> > > > flexible with hardware, software, platform and database independence.
> > > > ===
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> >
> > ----------------------------------------
> > Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
> > Content-Transfer-Encoding: 7bit
> > Content-Description:
> > ----------------------------------------
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
----------------------------------------
Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
Content-Transfer-Encoding: 7bit
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list