(RADIATOR) passwords

Tech radiator at tcrholdings.com
Wed Sep 19 22:44:15 CDT 2001


Hugh
I have now added RejectEmptyPassword to the <AuthBy RADIUS> as can be
seen.Even now with using the hook it is being rejected for no password.

<Realm test.com>
        RewriteUsername s/^([^@]+).*/$1/
        PreAuthHook file:"%D/addUsernameAsPassword"
        <AuthBy RADIUS>
                RejectEmptyPassword
                Host 202.182.128.33
                Secret 00keith111
        </AuthBy>
        AcctLogFileName %L/test.detail.%Y%m%d
</Realm>
NEW LOG

Code:       Access-Request
Identifier: 226
Authentic:  <227><24><195><<254>(<3><144><151><180>hq+&Z<12>
Attributes:
        User-Name = "1234567890 at test.com"
        User-Password = ""
        NAS-IP-Address = 202.182.129.252
        NAS-Port = 20304
        NAS-Port-Type = Async
        Service-Type = Framed-User
        Framed-Protocol = PPP
        State = ""
        Calling-Station-Id = "0298694580"
        Called-Station-Id = "0282062000"
        Framed-IP-Address = 202.182.129.73
        Acct-Session-Id = "321559701"

Thu Sep 20 13:25:26 2001: DEBUG: Handling request with Handler
'Realm=test.com'
Thu Sep 20 13:25:26 2001: DEBUG: Rewrote user name to 1234567890
Thu Sep 20 13:25:26 2001: DEBUG:  Deleting session for
1234567890 at test.com, 202.
182.129.252, 20304
Thu Sep 20 13:25:26 2001: DEBUG: Handling with Radius::AuthRADIUS
Thu Sep 20 13:25:26 2001: DEBUG: AuthRADIUS rejected because of an empty
passwor
d






Request is being rejected because of no password or bad password as per
password log sent last time to you.
I have now also changed the end server

the client Secret is milmax21817

<Realm test.com>
 RewriteUsername s/^([^@]+).*/$1/
 PreAuthHook file:"%D/addUsernameAsPassword"
 <AuthBy RADIUS>
 Host 202.182.128.5
 Secret 00keith111
 </AuthBy>
 AcctLogFileName %L/test.detail.%Y%m%d
</Realm>


Hugh Irvine wrote:

> Hello -
>
> What are you seeing on the target radius server? Why is the request
> being
> rejected? And can you send me the shared secrets for the Client this
> request
> was received from and for the AuthBy RADIUS clause.
>
> thanks
>
> Hugh
>
> On Thursday 20 September 2001 08:38, Tech wrote:
>
> > > Dear Hugh
> >
> > Thank you for your time in this matter
> >
> > Yes I am using the hook below;
> > copy of logfile
> > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump:
> > *** Received from 202.182.129.252 port 1025 ....
> > Code:       Access-Request
> > Identifier: 173
> > Authentic:
> > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > Attributes:
> >         User-Name = "123456780 at test.com"
> >         User-Password = ""
> >         NAS-IP-Address = 202.182.129.252
> >         NAS-Port = 20103
> >         NAS-Port-Type = Async
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         State = ""
> >         Calling-Station-Id = "0298694580"
> >         Called-Station-Id = "0299962000"
> >         Framed-IP-Address = 202.182.129.20
> >         Acct-Session-Id = "321559643"
> >
> > Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler
> > 'Realm=test.com'
> >
> > Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780
> > Thu Sep 20 08:06:47 2001: DEBUG:  Deleting session for
> 123456780 at test.com,
> > 202.182.129.252, 20103
> > Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS
> > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump:
> > *** Sending to 202.182.192.202 port 1645 ....
> > Code:       Access-Request
> > Identifier: 1
> > Authentic:
> > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > Attributes:
> >         User-Name = "123456780"
> >         User-Password =
> "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>"
> >         NAS-IP-Address = 202.182.129.252
> >         NAS-Port = 20103
> >         NAS-Port-Type = Async
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         State = ""
> >         Calling-Station-Id = "0298694580"
> >         Called-Station-Id = "0299962000"
> >         Framed-IP-Address = 202.182.129.20
> >         Acct-Session-Id = "321559643"
> >
> > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump:
> > *** Received from 202.182.192.202 port 1645 ....
> > Code:       Access-Reject
> > Identifier: 1
> > Authentic:  <235>C<213>9h<148><204><143>ErMgg<9><11>j
> > Attributes:
> >         Reply-Message = "Request Denied"
> >
> > Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for
> req 1
> > from 202.182.192.202:1645
> > Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780:
> Proxied
> > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump:
> > *** Sending to 202.182.129.252 port 1025 ....
> > Code:       Access-Reject
> > Identifier: 173
> > Authentic:
> > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > Attributes:
> >         Reply-Message = "Request Denied"
> >         Reply-Message = "Request Denied"
> > copy of config file
> > <Realm test.com>
> >         RewriteUsername s/^([^@]+).*/$1/
> >         PreAuthHook file:"%D/addUsernameAsPassword"
> >         <AuthBy RADIUS>
> >                 Host 202.182.192.202
> >                 Secret xxxxxxxxxxxx
> >         </AuthBy>
> >         AcctLogFileName %L/test.detail.%Y%m%d
> >         </Realm>
> >
> > Hugh Irvine wrote:
> > > Hello -
> > >
> > > Have you tried the hook code that I sent you, shown in my message
> below?
> > >
> > > What you show below will definitely not work.
> > >
> > > In any case, a copy of your configuration file (no secrets) and a
> trace 4
> > > debug from Radiator showing what is happening are what I need to
> be able
> > > to help you.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > > On Wednesday 19 September 2001 14:41, Tech wrote:
> > > > > Thank you for your help in this matter but I am still having
> the same
> > > >
> > > > problem as can be seen from the password log I am still
> returning no
> > > > password
> > > > Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL
> > > > Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL
> > > > this was working on local
> > > > PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);}
> > > >
> > > > Hugh Irvine wrote:
> > > > > Hello -
> > > > >
> > > > > On Tuesday 18 September 2001 12:46, Tech wrote:
> > > > > > I am using radiator as a proxy only, but I have a problem,
> one of
> > > > > > my
> > > > > >
> > > > > > logins never has a password and I have to roll part of the
> username
> > > > >
> > > > > to
> > > > >
> > > > > > %P this is ok for local use but not when ongoing
> presentation to
> > > > > > the
> > > > > >
> > > > > > proxy.
> > > > > >
> > > > > > Suggestions or specific examples would be appreciated.
> > > > >
> > > > > I think you will have to do this with a PreAuthHook, something
> like
> > > > > this:
> > > > >
> > > > > # -*- mode: Perl -*-
> > > > > # addUsernameAsPassword
> > > > > #
> > > > > # PreAuthHook to add a Password attribute
> > > > > # to an Access-Request.
> > > > > # The User-Name is used for the Password.
> > > > > # Note that the Password must be encoded
> > > > > # with the shared secret of the original NAS.
> > > > > #
> > > > > # Author: Hugh Irvine (hugh at open.com.au)
> > > > > # Copyright (C) 2001 Open System Consultants
> > > > > #
> > > > >
> > > > > sub
> > > > > {
> > > > >     my $p = ${$_[0]};
> > > > >     my $rp = ${$_[1]};
> > > > >
> > > > >     # Get the request code.
> > > > >     my $code = $p->code;
> > > > >
> > > > >     if ($code eq 'Access-Request')
> > > > >     {
> > > > >         my $secret = $p->{Client}->{Secret};
> > > > >         $password = &Radius::Radius::encode_password
> > > > >             ($p->{User-Name}, $secret);
> > > > >         $p->add_attr('Password', $password);
> > > > >     }
> > > > >     return;
> > > > > }
> > > > >
> > > > > Your configuration file would look something like this:
> > > > >
> > > > > # define Realm(s) or Handler(s)
> > > > >
> > > > > <Realm .....>
> > > > >         .....
> > > > >         PreAuthHook file:"%D/addUsernameAsPassword"
> > > > >         .....
> > > > >
> > > > > >/Realm>
> > > > >
> > > > > I haven't tested the code, but you should get the idea.
> > > > >
> > > > > Please let me know how you get on.
> > > > >
> > > > > regards
> > > > >
> > > > > Hugh
> > > > >
> > > > > --
> > > > > Radiator: the most portable, flexible and configurable RADIUS
> server
> > > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT,
> MacOS X.
> > > > > -
> > > > > Nets: internetwork inventory and management - graphical,
> extensible,
> > > > > flexible with hardware, software, platform and database
> independence.
> > > > > ===
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > ----------------------------------------
> > > Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
> > > Content-Transfer-Encoding: 7bit
> > > Content-Description:
> > > ----------------------------------------
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS
> server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS
> X.
> > > -
> > > Nets: internetwork inventory and management - graphical,
> extensible,
> > > flexible with hardware, software, platform and database
> independence.
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
>
> ----------------------------------------
> Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
> Content-Transfer-Encoding: 7bit
> Content-Description:
> ----------------------------------------
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20010920/b0ec8d2e/attachment.html>


More information about the radiator mailing list