(RADIATOR) Problems with AuthBy SQLRADIUS

Hugh Irvine hugh at open.com.au
Tue Apr 16 17:08:05 CDT 2002 

Hello -

It looks to me like the shared secrets are incorrect.

regards

Hugh


On Wed, 17 Apr 2002 06:19, tdn at tdn.co.ke wrote:
> Hello,
>
> I have been doing some called-station-id handler-based authentication which
> has been working fine (below is an extract of my .cfg file.
>
> --cut--
> <Handler Called-Station-Id="*********">
>         <AuthBy RADIUS>
>                 Host x.x.x.x
>                 Secret ***
>                 AuthPort 18120
>                 AcctPort 18130
>         </AuthBy>
>         # Log accounting to the detail file in LogDir
>         AcctLogFileName %L/handlers-detail.%Y%m%d
> </Handler>
>
> --cut---
>
>
> I now want to change this to AuthBy SQLRADIUS, and my cfg file is as
> follows....
>
> <Client localhost>
>         Secret mysecret
>         DupInterval 0
> </Client>
>
> <Realm DEFAULT>
>         <AuthBy SQLRADIUS>
>                 DBSource        dbi:Pg:dbname=proxy
>                 DBUsername      radius
>                 DBAuth          ****
>
>                 HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT from
> RADIUSSERVERS where TARGETNAME='%{Called-Station-Id}
> .        </AuthBy>
> </Realm>
>
> The SQL lookup seems to work fine, and the request is proxied, but the
> level 2 radius instance always rejects the password. This is exactly the
> same instance that works OK with the handler based level 1 instance.
> Attached please find the Trace Output for the 2 radius instances,
>
> level 1
> --------------------
> Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 2101 ....
>
> Packet length = 92
> 01 e9 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> 34 33 32 31 3d 06 00 00 00 00 02 12 8d ee 2c d9
> 96 65 04 f6 bc 38 09 a0 d8 7d 78 99
> Code:       Access-Request
> Identifier: 233
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "utest1"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "269069000"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<141><238>,<217><150>e<4><246><188>8<9><160><216>}x<153>"
>
> Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Apr 16 13:07:53 2002: DEBUG:  Deleting session for utest1,
> 203.63.154.1, 1234
> Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthRADIUS
> Tue Apr 16 13:07:53 2002: DEBUG: Query is: select HOST1, SECRET, AUTHPORT,
> ACCTPORT from RADIUSSERVERS where TARGETNAME='269069000'
>
> Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> *** Sending to 195.202.64.45 port 18120 ....
> Packet length = 92
> 01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> 34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9
> f2 6b 0f 02 69 72 fb 07 fd ed 83 2d
> Code:       Access-Request
> Identifier: 2
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "utest1"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "269069000"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-"
>
> Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> *** Received from 195.202.64.45 port 18120 ....
>
> Packet length = 36
> 03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a
> 65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64
> Code:       Access-Reject
> Identifier: 2
> Authentic:  <140><157><180>B"{<211><220><184><203>}<26>e<133><155>7
> Attributes:
>         Reply-Message = "Request Denied"
>
> Tue Apr 16 13:07:53 2002: DEBUG: Received reply in AuthRADIUS for req 2
> from 195.202.64.45:18120
> Tue Apr 16 13:07:53 2002: WARNING: Bad authenticator received in reply to
> ID 2
> Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Proxied
> Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
>
>
>
>
> Level 2
> -------------------------------------
> Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> *** Received from 195.202.64.45 port 1889 ....
>
> Packet length = 92
> 01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> 34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9
> f2 6b 0f 02 69 72 fb 07 fd ed 83 2d
> Code:       Access-Request
> Identifier: 2
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "utest1"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "269069000"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-"
>
> Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Apr 16 13:07:53 2002: DEBUG: Rewrote user name to utest1
> Tue Apr 16 13:07:53 2002: DEBUG:  Deleting session for utest1,
> 203.63.154.1, 1234
> Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthFILE:
> Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE looks for match with
> utest1
> Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Bad Password
> Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> *** Sending to 195.202.64.45 port 1889 ....
>
> Packet length = 36
> 03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a
> 65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64
> Code:       Access-Reject
> Identifier: 2
> Authentic:  1234567890123456
> Attributes:
>         Reply-Message = "Request Denied"
>
>
> Any ideas, please help
>
> Rgds
> TDN
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list