(RADIATOR) passwords
Tech
radiator at tcrholdings.com
Thu Sep 20 00:59:15 CDT 2001
Hi Hugh
I have made the changes to the hook file but am still getting reject because
of an empty password.
Is there any way I can see what is happening as the hook is working
Hugh Irvine wrote:
> Hello -
>
> I have just noticed an error in the hook code:
>
> $p->add_attr('Password', $password);
>
> this line should be:
>
> $p->add_attr('User-Password', $password);
>
> my apologies
>
> Hugh
>
> On Thursday 20 September 2001 13:44, Tech wrote:
>
> > > Hugh
> > I have now added RejectEmptyPassword to the <AuthBy RADIUS> as can be
> > seen.Even now with using the hook it is being rejected for no password.
> >
> > <Realm test.com>
> > RewriteUsername s/^([^@]+).*/$1/
> > PreAuthHook file:"%D/addUsernameAsPassword"
> > <AuthBy RADIUS>
> > RejectEmptyPassword
> > Host 202.182.128.33
> > Secret 00keith111
> > </AuthBy>
> > AcctLogFileName %L/test.detail.%Y%m%d
> > </Realm>
> > NEW LOG
> >
> > Code: Access-Request
> > Identifier: 226
> > Authentic: <227><24><195><<254>(<3><144><151><180>hq+&Z<12>
> > Attributes:
> > User-Name = "1234567890 at test.com"
> > User-Password = ""
> > NAS-IP-Address = 202.182.129.252
> > NAS-Port = 20304
> > NAS-Port-Type = Async
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > State = ""
> > Calling-Station-Id = "0298694580"
> > Called-Station-Id = "0282062000"
> > Framed-IP-Address = 202.182.129.73
> > Acct-Session-Id = "321559701"
> >
> > Thu Sep 20 13:25:26 2001: DEBUG: Handling request with Handler
> > 'Realm=test.com'
> > Thu Sep 20 13:25:26 2001: DEBUG: Rewrote user name to 1234567890
> > Thu Sep 20 13:25:26 2001: DEBUG: Deleting session for
> > 1234567890 at test.com, 202.
> > 182.129.252, 20304
> > Thu Sep 20 13:25:26 2001: DEBUG: Handling with Radius::AuthRADIUS
> > Thu Sep 20 13:25:26 2001: DEBUG: AuthRADIUS rejected because of an empty
> > passwor
> > d
> >
> >
> >
> >
> >
> >
> > Request is being rejected because of no password or bad password as per
> > password log sent last time to you.
> > I have now also changed the end server
> >
> > the client Secret is milmax21817
> >
> > <Realm test.com>
> > RewriteUsername s/^([^@]+).*/$1/
> > PreAuthHook file:"%D/addUsernameAsPassword"
> > <AuthBy RADIUS>
> > Host 202.182.128.5
> > Secret 00keith111
> > </AuthBy>
> > AcctLogFileName %L/test.detail.%Y%m%d
> > </Realm>
> >
> > Hugh Irvine wrote:
> > > Hello -
> > >
> > > What are you seeing on the target radius server? Why is the request
> > > being
> > > rejected? And can you send me the shared secrets for the Client this
> > > request
> > > was received from and for the AuthBy RADIUS clause.
> > >
> > > thanks
> > >
> > > Hugh
> > >
> > > On Thursday 20 September 2001 08:38, Tech wrote:
> > > > > Dear Hugh
> > > >
> > > > Thank you for your time in this matter
> > > >
> > > > Yes I am using the hook below;
> > > > copy of logfile
> > > > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump:
> > > > *** Received from 202.182.129.252 port 1025 ....
> > > > Code: Access-Request
> > > > Identifier: 173
> > > > Authentic:
> > > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > > > Attributes:
> > > > User-Name = "123456780 at test.com"
> > > > User-Password = ""
> > > > NAS-IP-Address = 202.182.129.252
> > > > NAS-Port = 20103
> > > > NAS-Port-Type = Async
> > > > Service-Type = Framed-User
> > > > Framed-Protocol = PPP
> > > > State = ""
> > > > Calling-Station-Id = "0298694580"
> > > > Called-Station-Id = "0299962000"
> > > > Framed-IP-Address = 202.182.129.20
> > > > Acct-Session-Id = "321559643"
> > > >
> > > > Thu Sep 20 08:06:47 2001: DEBUG: Handling request with Handler
> > > > 'Realm=test.com'
> > > >
> > > > Thu Sep 20 08:06:47 2001: DEBUG: Rewrote user name to 123456780
> > > > Thu Sep 20 08:06:47 2001: DEBUG: Deleting session for
> > >
> > > 123456780 at test.com,
> > >
> > > > 202.182.129.252, 20103
> > > > Thu Sep 20 08:06:47 2001: DEBUG: Handling with Radius::AuthRADIUS
> > > > Thu Sep 20 08:06:47 2001: DEBUG: Packet dump:
> > > > *** Sending to 202.182.192.202 port 1645 ....
> > > > Code: Access-Request
> > > > Identifier: 1
> > > > Authentic:
> > > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > > > Attributes:
> > > > User-Name = "123456780"
> > > > User-Password =
> > >
> > > "<214><249>;Q5*<250>Q<194>"W8<5><242><14><185>"
> > >
> > > > NAS-IP-Address = 202.182.129.252
> > > > NAS-Port = 20103
> > > > NAS-Port-Type = Async
> > > > Service-Type = Framed-User
> > > > Framed-Protocol = PPP
> > > > State = ""
> > > > Calling-Station-Id = "0298694580"
> > > > Called-Station-Id = "0299962000"
> > > > Framed-IP-Address = 202.182.129.20
> > > > Acct-Session-Id = "321559643"
> > > >
> > > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump:
> > > > *** Received from 202.182.192.202 port 1645 ....
> > > > Code: Access-Reject
> > > > Identifier: 1
> > > > Authentic: <235>C<213>9h<148><204><143>ErMgg<9><11>j
> > > > Attributes:
> > > > Reply-Message = "Request Denied"
> > > >
> > > > Thu Sep 20 08:06:48 2001: DEBUG: Received reply in AuthRADIUS for
> > >
> > > req 1
> > >
> > > > from 202.182.192.202:1645
> > > > Thu Sep 20 08:06:48 2001: INFO: Access rejected for 123456780:
> > >
> > > Proxied
> > >
> > > > Thu Sep 20 08:06:48 2001: DEBUG: Packet dump:
> > > > *** Sending to 202.182.129.252 port 1025 ....
> > > > Code: Access-Reject
> > > > Identifier: 173
> > > > Authentic:
> > > > <148><149>.<166><236><150><180><144><135><235><17>F<133>W<180><11>
> > > > Attributes:
> > > > Reply-Message = "Request Denied"
> > > > Reply-Message = "Request Denied"
> > > > copy of config file
> > > > <Realm test.com>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > > PreAuthHook file:"%D/addUsernameAsPassword"
> > > > <AuthBy RADIUS>
> > > > Host 202.182.192.202
> > > > Secret xxxxxxxxxxxx
> > > > </AuthBy>
> > > > AcctLogFileName %L/test.detail.%Y%m%d
> > > > </Realm>
> > > >
> > > > Hugh Irvine wrote:
> > > > > Hello -
> > > > >
> > > > > Have you tried the hook code that I sent you, shown in my message
> > >
> > > below?
> > >
> > > > > What you show below will definitely not work.
> > > > >
> > > > > In any case, a copy of your configuration file (no secrets) and a
> > >
> > > trace 4
> > >
> > > > > debug from Radiator showing what is happening are what I need to
> > >
> > > be able
> > >
> > > > > to help you.
> > > > >
> > > > > regards
> > > > >
> > > > > Hugh
> > > > >
> > > > > On Wednesday 19 September 2001 14:41, Tech wrote:
> > > > > > > Thank you for your help in this matter but I am still having
> > >
> > > the same
> > >
> > > > > > problem as can be seen from the password log I am still
> > >
> > > returning no
> > >
> > > > > > password
> > > > > > Wed Sep 19 11:09:25 2001:1000861765:1234567891::123456:FAIL
> > > > > > Wed Sep 19 11:38:21 2001:1000863501:1234567891::123456:FAIL
> > > > > > this was working on local
> > > > > > PreAuthHook sub { %U=> %P;chop(%P);chop(%P);chop(%P);chop(%P);}
> > > > > >
> > > > > > Hugh Irvine wrote:
> > > > > > > Hello -
> > > > > > >
> > > > > > > On Tuesday 18 September 2001 12:46, Tech wrote:
> > > > > > > > I am using radiator as a proxy only, but I have a problem,
> > >
> > > one of
> > >
> > > > > > > > my
> > > > > > > >
> > > > > > > > logins never has a password and I have to roll part of the
> > >
> > > username
> > >
> > > > > > > to
> > > > > > >
> > > > > > > > %P this is ok for local use but not when ongoing
> > >
> > > presentation to
> > >
> > > > > > > > the
> > > > > > > >
> > > > > > > > proxy.
> > > > > > > >
> > > > > > > > Suggestions or specific examples would be appreciated.
> > > > > > >
> > > > > > > I think you will have to do this with a PreAuthHook, something
> > >
> > > like
> > >
> > > > > > > this:
> > > > > > >
> > > > > > > # -*- mode: Perl -*-
> > > > > > > # addUsernameAsPassword
> > > > > > > #
> > > > > > > # PreAuthHook to add a Password attribute
> > > > > > > # to an Access-Request.
> > > > > > > # The User-Name is used for the Password.
> > > > > > > # Note that the Password must be encoded
> > > > > > > # with the shared secret of the original NAS.
> > > > > > > #
> > > > > > > # Author: Hugh Irvine (hugh at open.com.au)
> > > > > > > # Copyright (C) 2001 Open System Consultants
> > > > > > > #
> > > > > > >
> > > > > > > sub
> > > > > > > {
> > > > > > > my $p = ${$_[0]};
> > > > > > > my $rp = ${$_[1]};
> > > > > > >
> > > > > > > # Get the request code.
> > > > > > > my $code = $p->code;
> > > > > > >
> > > > > > > if ($code eq 'Access-Request')
> > > > > > > {
> > > > > > > my $secret = $p->{Client}->{Secret};
> > > > > > > $password = &Radius::Radius::encode_password
> > > > > > > ($p->{User-Name}, $secret);
> > > > > > > $p->add_attr('Password', $password);
> > > > > > > }
> > > > > > > return;
> > > > > > > }
> > > > > > >
> > > > > > > Your configuration file would look something like this:
> > > > > > >
> > > > > > > # define Realm(s) or Handler(s)
> > > > > > >
> > > > > > > <Realm .....>
> > > > > > > .....
> > > > > > > PreAuthHook file:"%D/addUsernameAsPassword"
> > > > > > > .....
> > > > > > >
> > > > > > > >/Realm>
> > > > > > >
> > > > > > > I haven't tested the code, but you should get the idea.
> > > > > > >
> > > > > > > Please let me know how you get on.
> > > > > > >
> > > > > > > regards
> > > > > > >
> > > > > > > Hugh
> > > > > > >
> > > > > > > --
> > > > > > > Radiator: the most portable, flexible and configurable RADIUS
> > >
> > > server
> > >
> > > > > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT,
> > >
> > > MacOS X.
> > >
> > > > > > > -
> > > > > > > Nets: internetwork inventory and management - graphical,
> > >
> > > extensible,
> > >
> > > > > > > flexible with hardware, software, platform and database
> > >
> > > independence.
> > >
> > > > > > > ===
> > > > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > > > Announcements on radiator-announce at open.com.au
> > > > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > > > 'unsubscribe radiator' in the body of the message.
> > > > >
> > > > > ----------------------------------------
> > > > > Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
> > > > > Content-Transfer-Encoding: 7bit
> > > > > Content-Description:
> > > > > ----------------------------------------
> > > > >
> > > > > --
> > > > > Radiator: the most portable, flexible and configurable RADIUS
> > >
> > > server
> > >
> > > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS
> > >
> > > X.
> > >
> > > > > -
> > > > > Nets: internetwork inventory and management - graphical,
> > >
> > > extensible,
> > >
> > > > > flexible with hardware, software, platform and database
> > >
> > > independence.
> > >
> > > > > ===
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > ----------------------------------------
> > > Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
> > > Content-Transfer-Encoding: 7bit
> > > Content-Description:
> > > ----------------------------------------
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
>
> ----------------------------------------
> Content-Type: text/html; charset="us-ascii"; name="Attachment: 1"
> Content-Transfer-Encoding: 7bit
> Content-Description:
> ----------------------------------------
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20010920/59457b94/attachment.html>
More information about the radiator
mailing list