(RADIATOR) passwords

Hugh Irvine hugh at open.com.au
Wed Sep 19 23:43:58 CDT 2001


Hello -

I have just noticed an error in the hook code:

	$p->add_attr('Password', $password);

this line should be:

	$p->add_attr('User-Password', $password);

my apologies

Hugh


On Thursday 20 September 2001 13:44, Tech wrote:

> > Hugh
> I have now added RejectEmptyPassword to the <AuthBy RADIUS> as can be
> seen.Even now with using the hook it is being rejected for no password.
>
> <Realm test.com>
>         RewriteUsername s/^([^@]+).*/$1/
>         PreAuthHook file:"%D/addUsernameAsPassword"
>         <AuthBy RADIUS>
>                 RejectEmptyPassword
>                 Host 202.182.128.33
>                 Secret 00keith111
>         </AuthBy>
>         AcctLogFileName %L/test.detail.%Y%m%d
> </Realm>
> NEW LOG
>
> Code:       Access-Request
> Identifier: 226
> Authentic:  <227><24><195><<254>(<3><144><151><180>hq+&Z<12>
> Attributes:
>         User-Name = "1234567890 at test.com"
>         User-Password = ""
>         NAS-IP-Address = 202.182.129.252
>         NAS-Port = 20304
>         NAS-Port-Type = Async
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         State = ""
>         Calling-Station-Id = "0298694580"
>         Called-Station-Id = "0282062000"
>         Framed-IP-Address = 202.182.129.73
>         Acct-Session-Id = "321559701"
>
> Thu Sep 20 13:25:26 2001: DEBUG: Handling request with Handler
> 'Realm=test.com'
> Thu Sep 20 13:25:26 2001: DEBUG: Rewrote user name to 1234567890
> Thu Sep 20 13:25:26 2001: DEBUG:  Deleting session for
> 1234567890 at test.com, 202.
> 182.129.252, 20304
> Thu Sep 20 13:25:26 2001: DEBUG: Handling with Radius::AuthRADIUS
> Thu Sep 20 13:25:26 2001: DEBUG: AuthRADIUS rejected because of an empty
> passwor
> d
>
>
>
>
>
>
> Request is being rejected because of no password or bad password as per
> password log sent last time to you.
> I have now also changed the end server
>
> the client Secret is milmax21817
>
> <Realm test.com>
>  RewriteUsername s/^([^@]+).*/$1/
>  PreAuthHook file:"%D/addUsernameAsPassword"
>  <AuthBy RADIUS>
>  Host 202.182.128.5
>  Secret 00keith111
>  </AuthBy>
>  AcctLogFileName %L/test.detail.%Y%m%d
> </Realm>
>
> Hugh Irvine wrote:
> > Hello -
> >
> > What are you seeing on the target radius server? Why is the request
> > being
> > rejected? And can you send me the shared secrets for the Client this
> > request
> > was received from and for the AuthBy RADIUS clause.
> >
> > thanks
> >
> > Hugh
> >
> > On Thursday 20 September 2001 08:38, Tech wrote:
> > > > Dear Hugh
> > >
> > > Thank you for your time in this matter
> > >
> > > Yes I am using the hook below;
> > > copy of logfile
> > > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump:
> > > *** Received from 202.182.129.252 port 1025 ....
> > > Code:       Access-Request
> > > Identifier: 173
> > > Authentic:
> > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > > Attributes:
> > >         User-Name = "123456780 at test.com"
> > >         User-Password = ""
> > >         NAS-IP-Address = 202.182.129.252
> > >         NAS-Port = 20103
> > >         NAS-Port-Type = Async
> > >         Service-Type = Framed-User
> > >         Framed-Protocol = PPP
> > >         State = ""
> > >         Calling-Station-Id = "0298694580"
> > >         Called-Station-Id = "0299962000"
> > >         Framed-IP-Address = 202.182.129.20
> > >         Acct-Session-Id = "321559643"
> > >
> > > Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler
> > > 'Realm=test.com'
> > >
> > > Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780
> > > Thu Sep 20 08:06:47 2001: DEBUG:  Deleting session for
> >
> > 123456780 at test.com,
> >
> > > 202.182.129.252, 20103
> > > Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS
> > > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump:
> > > *** Sending to 202.182.192.202 port 1645 ....
> > > Code:       Access-Request
> > > Identifier: 1
> > > Authentic:
> > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > > Attributes:
> > >         User-Name = "123456780"
> > >         User-Password =
> >
> > "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>"
> >
> > >         NAS-IP-Address = 202.182.129.252
> > >         NAS-Port = 20103
> > >         NAS-Port-Type = Async
> > >         Service-Type = Framed-User
> > >         Framed-Protocol = PPP
> > >         State = ""
> > >         Calling-Station-Id = "0298694580"
> > >         Called-Station-Id = "0299962000"
> > >         Framed-IP-Address = 202.182.129.20
> > >         Acct-Session-Id = "321559643"
> > >
> > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump:
> > > *** Received from 202.182.192.202 port 1645 ....
> > > Code:       Access-Reject
> > > Identifier: 1
> > > Authentic:  <235>C<213>9h<148><204><143>ErMgg<9><11>j
> > > Attributes:
> > >         Reply-Message = "Request Denied"
> > >
> > > Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for
> >
> > req 1
> >
> > > from 202.182.192.202:1645
> > > Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780:
> >
> > Proxied
> >
> > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump:
> > > *** Sending to 202.182.129.252 port 1025 ....
> > > Code:       Access-Reject
> > > Identifier: 173
> > > Authentic:
> > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > > Attributes:
> > >         Reply-Message = "Request Denied"
> > >         Reply-Message = "Request Denied"
> > > copy of config file
> > > <Realm test.com>
> > >         RewriteUsername s/^([^@]+).*/$1/
> > >         PreAuthHook file:"%D/addUsernameAsPassword"
> > >         <AuthBy RADIUS>
> > >                 Host 202.182.192.202
> > >                 Secret xxxxxxxxxxxx
> > >         </AuthBy>
> > >         AcctLogFileName %L/test.detail.%Y%m%d
> > >         </Realm>
> > >
> > > Hugh Irvine wrote:
> > > > Hello -
> > > >
> > > > Have you tried the hook code that I sent you, shown in my message
> >
> > below?
> >
> > > > What you show below will definitely not work.
> > > >
> > > > In any case, a copy of your configuration file (no secrets) and a
> >
> > trace 4
> >
> > > > debug from Radiator showing what is happening are what I need to
> >
> > be able
> >
> > > > to help you.
> > > >
> > > > regards
> > > >
> > > > Hugh
> > > >
> > > > On Wednesday 19 September 2001 14:41, Tech wrote:
> > > > > > Thank you for your help in this matter but I am still having
> >
> > the same
> >
> > > > > problem as can be seen from the password log I am still
> >
> > returning no
> >
> > > > > password
> > > > > Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL
> > > > > Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL
> > > > > this was working on local
> > > > > PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);}
> > > > >
> > > > > Hugh Irvine wrote:
> > > > > > Hello -
> > > > > >
> > > > > > On Tuesday 18 September 2001 12:46, Tech wrote:
> > > > > > > I am using radiator as a proxy only, but I have a problem,
> >
> > one of
> >
> > > > > > > my
> > > > > > >
> > > > > > > logins never has a password and I have to roll part of the
> >
> > username
> >
> > > > > > to
> > > > > >
> > > > > > > %P this is ok for local use but not when ongoing
> >
> > presentation to
> >
> > > > > > > the
> > > > > > >
> > > > > > > proxy.
> > > > > > >
> > > > > > > Suggestions or specific examples would be appreciated.
> > > > > >
> > > > > > I think you will have to do this with a PreAuthHook, something
> >
> > like
> >
> > > > > > this:
> > > > > >
> > > > > > # -*- mode: Perl -*-
> > > > > > # addUsernameAsPassword
> > > > > > #
> > > > > > # PreAuthHook to add a Password attribute
> > > > > > # to an Access-Request.
> > > > > > # The User-Name is used for the Password.
> > > > > > # Note that the Password must be encoded
> > > > > > # with the shared secret of the original NAS.
> > > > > > #
> > > > > > # Author: Hugh Irvine (hugh at open.com.au)
> > > > > > # Copyright (C) 2001 Open System Consultants
> > > > > > #
> > > > > >
> > > > > > sub
> > > > > > {
> > > > > >     my $p = ${$_[0]};
> > > > > >     my $rp = ${$_[1]};
> > > > > >
> > > > > >     # Get the request code.
> > > > > >     my $code = $p->code;
> > > > > >
> > > > > >     if ($code eq 'Access-Request')
> > > > > >     {
> > > > > >         my $secret = $p->{Client}->{Secret};
> > > > > >         $password = &Radius::Radius::encode_password
> > > > > >             ($p->{User-Name}, $secret);
> > > > > >         $p->add_attr('Password', $password);
> > > > > >     }
> > > > > >     return;
> > > > > > }
> > > > > >
> > > > > > Your configuration file would look something like this:
> > > > > >
> > > > > > # define Realm(s) or Handler(s)
> > > > > >
> > > > > > <Realm .....>
> > > > > >         .....
> > > > > >         PreAuthHook file:"%D/addUsernameAsPassword"
> > > > > >         .....
> > > > > >
> > > > > > >/Realm>
> > > > > >
> > > > > > I haven't tested the code, but you should get the idea.
> > > > > >
> > > > > > Please let me know how you get on.
> > > > > >
> > > > > > regards
> > > > > >
> > > > > > Hugh
> > > > > >
> > > > > > --
> > > > > > Radiator: the most portable, flexible and configurable RADIUS
> >
> > server
> >
> > > > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT,
> >
> > MacOS X.
> >
> > > > > > -
> > > > > > Nets: internetwork inventory and management - graphical,
> >
> > extensible,
> >
> > > > > > flexible with hardware, software, platform and database
> >
> > independence.
> >
> > > > > > ===
> > > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > > Announcements on radiator-announce at open.com.au
> > > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > > 'unsubscribe radiator' in the body of the message.
> > > >
> > > > ----------------------------------------
> > > > Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
> > > > Content-Transfer-Encoding: 7bit
> > > > Content-Description:
> > > > ----------------------------------------
> > > >
> > > > --
> > > > Radiator: the most portable, flexible and configurable RADIUS
> >
> > server
> >
> > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS
> >
> > X.
> >
> > > > -
> > > > Nets: internetwork inventory and management - graphical,
> >
> > extensible,
> >
> > > > flexible with hardware, software, platform and database
> >
> > independence.
> >
> > > > ===
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> >
> > ----------------------------------------
> > Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
> > Content-Transfer-Encoding: 7bit
> > Content-Description:
> > ----------------------------------------
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.

----------------------------------------
Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
Content-Transfer-Encoding: 7bit
Content-Description: 
----------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list