(RADIATOR) Problems with AuthBy SQLRADIUS

tdn at tdn.co.ke tdn at tdn.co.ke
Wed Apr 17 15:32:43 CDT 2002


Hello,

I have double-checked that the shared secrets are the same, the one in the
database and the one in the plain text file, however the problem still
persists


Rgds
TDN

----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: <tdn at tdn.co.ke>; <radiator at open.com.au>
Sent: Tuesday, April 16, 2002 3:08 PM
Subject: Re: (RADIATOR) Problems with AuthBy SQLRADIUS


>
> Hello -
>
> It looks to me like the shared secrets are incorrect.
>
> regards
>
> Hugh
>
>
> On Wed, 17 Apr 2002 06:19, tdn at tdn.co.ke wrote:
> > Hello,
> >
> > I have been doing some called-station-id handler-based authentication
which
> > has been working fine (below is an extract of my .cfg file.
> >
> > --cut--
> > <Handler Called-Station-Id="*********">
> >         <AuthBy RADIUS>
> >                 Host x.x.x.x
> >                 Secret ***
> >                 AuthPort 18120
> >                 AcctPort 18130
> >         </AuthBy>
> >         # Log accounting to the detail file in LogDir
> >         AcctLogFileName %L/handlers-detail.%Y%m%d
> > </Handler>
> >
> > --cut---
> >
> >
> > I now want to change this to AuthBy SQLRADIUS, and my cfg file is as
> > follows....
> >
> > <Client localhost>
> >         Secret mysecret
> >         DupInterval 0
> > </Client>
> >
> > <Realm DEFAULT>
> >         <AuthBy SQLRADIUS>
> >                 DBSource        dbi:Pg:dbname=proxy
> >                 DBUsername      radius
> >                 DBAuth          ****
> >
> >                 HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT
from
> > RADIUSSERVERS where TARGETNAME='%{Called-Station-Id}
> > .        </AuthBy>
> > </Realm>
> >
> > The SQL lookup seems to work fine, and the request is proxied, but the
> > level 2 radius instance always rejects the password. This is exactly the
> > same instance that works OK with the handler based level 1 instance.
> > Attached please find the Trace Output for the 2 radius instances,
> >
> > level 1
> > --------------------
> > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > *** Received from 127.0.0.1 port 2101 ....
> >
> > Packet length = 92
> > 01 e9 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> > 34 33 32 31 3d 06 00 00 00 00 02 12 8d ee 2c d9
> > 96 65 04 f6 bc 38 09 a0 d8 7d 78 99
> > Code:       Access-Request
> > Identifier: 233
> > Authentic:  1234567890123456
> > Attributes:
> >         User-Name = "utest1"
> >         Service-Type = Framed-User
> >         NAS-IP-Address = 203.63.154.1
> >         NAS-Port = 1234
> >         Called-Station-Id = "269069000"
> >         Calling-Station-Id = "987654321"
> >         NAS-Port-Type = Async
> >         User-Password =
> > "<141><238>,<217><150>e<4><246><188>8<9><160><216>}x<153>"
> >
> > Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Tue Apr 16 13:07:53 2002: DEBUG:  Deleting session for utest1,
> > 203.63.154.1, 1234
> > Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthRADIUS
> > Tue Apr 16 13:07:53 2002: DEBUG: Query is: select HOST1, SECRET,
AUTHPORT,
> > ACCTPORT from RADIUSSERVERS where TARGETNAME='269069000'
> >
> > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > *** Sending to 195.202.64.45 port 18120 ....
> > Packet length = 92
> > 01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> > 34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9
> > f2 6b 0f 02 69 72 fb 07 fd ed 83 2d
> > Code:       Access-Request
> > Identifier: 2
> > Authentic:  1234567890123456
> > Attributes:
> >         User-Name = "utest1"
> >         Service-Type = Framed-User
> >         NAS-IP-Address = 203.63.154.1
> >         NAS-Port = 1234
> >         Called-Station-Id = "269069000"
> >         Calling-Station-Id = "987654321"
> >         NAS-Port-Type = Async
> >         User-Password =
> > "<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-"
> >
> > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > *** Received from 195.202.64.45 port 18120 ....
> >
> > Packet length = 36
> > 03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a
> > 65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65
> > 6e 69 65 64
> > Code:       Access-Reject
> > Identifier: 2
> > Authentic:  <140><157><180>B"{<211><220><184><203>}<26>e<133><155>7
> > Attributes:
> >         Reply-Message = "Request Denied"
> >
> > Tue Apr 16 13:07:53 2002: DEBUG: Received reply in AuthRADIUS for req 2
> > from 195.202.64.45:18120
> > Tue Apr 16 13:07:53 2002: WARNING: Bad authenticator received in reply
to
> > ID 2
> > Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Proxied
> > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> >
> >
> >
> >
> > Level 2
> > -------------------------------------
> > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > *** Received from 195.202.64.45 port 1889 ....
> >
> > Packet length = 92
> > 01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> > 34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9
> > f2 6b 0f 02 69 72 fb 07 fd ed 83 2d
> > Code:       Access-Request
> > Identifier: 2
> > Authentic:  1234567890123456
> > Attributes:
> >         User-Name = "utest1"
> >         Service-Type = Framed-User
> >         NAS-IP-Address = 203.63.154.1
> >         NAS-Port = 1234
> >         Called-Station-Id = "269069000"
> >         Calling-Station-Id = "987654321"
> >         NAS-Port-Type = Async
> >         User-Password =
> > "<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-"
> >
> > Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Tue Apr 16 13:07:53 2002: DEBUG: Rewrote user name to utest1
> > Tue Apr 16 13:07:53 2002: DEBUG:  Deleting session for utest1,
> > 203.63.154.1, 1234
> > Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthFILE:
> > Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE looks for match with
> > utest1
> > Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password
> > Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Bad Password
> > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > *** Sending to 195.202.64.45 port 1889 ....
> >
> > Packet length = 36
> > 03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a
> > 65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65
> > 6e 69 65 64
> > Code:       Access-Reject
> > Identifier: 2
> > Authentic:  1234567890123456
> > Attributes:
> >         Reply-Message = "Request Denied"
> >
> >
> > Any ideas, please help
> >
> > Rgds
> > TDN
> >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list