(RADIATOR) Problems with AuthBy SQLRADIUS

tdn at tdn.co.ke tdn at tdn.co.ke
Tue Apr 16 15:19:14 CDT 2002


Hello,

I have been doing some called-station-id handler-based authentication which
has been working fine (below is an extract of my .cfg file.

--cut--
<Handler Called-Station-Id="*********">
        <AuthBy RADIUS>
                Host x.x.x.x
                Secret ***
                AuthPort 18120
                AcctPort 18130
        </AuthBy>
        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/handlers-detail.%Y%m%d
</Handler>

--cut---


I now want to change this to AuthBy SQLRADIUS, and my cfg file is as
follows....

<Client localhost>
        Secret mysecret
        DupInterval 0
</Client>

<Realm DEFAULT>
        <AuthBy SQLRADIUS>
                DBSource        dbi:Pg:dbname=proxy
                DBUsername      radius
                DBAuth          ****

                HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT from
RADIUSSERVERS where TARGETNAME='%{Called-Station-Id}
.        </AuthBy>
</Realm>

The SQL lookup seems to work fine, and the request is proxied, but the level
2 radius instance always rejects the password. This is exactly the same
instance that works OK with the handler based level 1 instance.
Attached please find the Trace Output for the 2 radius instances,

level 1
--------------------
Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 2101 ....

Packet length = 92
01 e9 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
34 33 32 31 3d 06 00 00 00 00 02 12 8d ee 2c d9
96 65 04 f6 bc 38 09 a0 d8 7d 78 99
Code:       Access-Request
Identifier: 233
Authentic:  1234567890123456
Attributes:
        User-Name = "utest1"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "269069000"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password =
"<141><238>,<217><150>e<4><246><188>8<9><160><216>}x<153>"

Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Apr 16 13:07:53 2002: DEBUG:  Deleting session for utest1, 203.63.154.1,
1234
Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthRADIUS
Tue Apr 16 13:07:53 2002: DEBUG: Query is: select HOST1, SECRET, AUTHPORT,
ACCTPORT from RADIUSSERVERS where TARGETNAME='269069000'

Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
*** Sending to 195.202.64.45 port 18120 ....
Packet length = 92
01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9
f2 6b 0f 02 69 72 fb 07 fd ed 83 2d
Code:       Access-Request
Identifier: 2
Authentic:  1234567890123456
Attributes:
        User-Name = "utest1"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "269069000"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password =
"<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-"

Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
*** Received from 195.202.64.45 port 18120 ....

Packet length = 36
03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a
65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 2
Authentic:  <140><157><180>B"{<211><220><184><203>}<26>e<133><155>7
Attributes:
        Reply-Message = "Request Denied"

Tue Apr 16 13:07:53 2002: DEBUG: Received reply in AuthRADIUS for req 2 from
195.202.64.45:18120
Tue Apr 16 13:07:53 2002: WARNING: Bad authenticator received in reply to ID
2
Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Proxied
Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:




Level 2
-------------------------------------
Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
*** Received from 195.202.64.45 port 1889 ....

Packet length = 92
01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9
f2 6b 0f 02 69 72 fb 07 fd ed 83 2d
Code:       Access-Request
Identifier: 2
Authentic:  1234567890123456
Attributes:
        User-Name = "utest1"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "269069000"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password =
"<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-"

Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Apr 16 13:07:53 2002: DEBUG: Rewrote user name to utest1
Tue Apr 16 13:07:53 2002: DEBUG:  Deleting session for utest1, 203.63.154.1,
1234
Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthFILE:
Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE looks for match with
utest1
Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password
Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Bad Password
Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
*** Sending to 195.202.64.45 port 1889 ....

Packet length = 36
03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a
65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 2
Authentic:  1234567890123456
Attributes:
        Reply-Message = "Request Denied"


Any ideas, please help

Rgds
TDN


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list