(RADIATOR) Problems with AuthBy SQLRADIUS
Hugh Irvine
hugh at open.com.au
Wed Apr 17 17:34:09 CDT 2002
Hello -
This log message in the trace output "Bad authenticator ..." indicates that
the shared secrets are incorrect.
> > > Tue Apr 16 13:07:53 2002: DEBUG: Received reply in AuthRADIUS for req 2
> > > from 195.202.64.45:18120
> > > Tue Apr 16 13:07:53 2002: WARNING: Bad authenticator received in reply
Could you please send me a copy of the database table definition and the
contents for this host?
regards
Hugh
On Thu, 18 Apr 2002 06:32, tdn at tdn.co.ke wrote:
> Hello,
>
> I have double-checked that the shared secrets are the same, the one in the
> database and the one in the plain text file, however the problem still
> persists
>
>
> Rgds
> TDN
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: <tdn at tdn.co.ke>; <radiator at open.com.au>
> Sent: Tuesday, April 16, 2002 3:08 PM
> Subject: Re: (RADIATOR) Problems with AuthBy SQLRADIUS
>
> > Hello -
> >
> > It looks to me like the shared secrets are incorrect.
> >
> > regards
> >
> > Hugh
> >
> > On Wed, 17 Apr 2002 06:19, tdn at tdn.co.ke wrote:
> > > Hello,
> > >
> > > I have been doing some called-station-id handler-based authentication
>
> which
>
> > > has been working fine (below is an extract of my .cfg file.
> > >
> > > --cut--
> > > <Handler Called-Station-Id="*********">
> > > <AuthBy RADIUS>
> > > Host x.x.x.x
> > > Secret ***
> > > AuthPort 18120
> > > AcctPort 18130
> > > </AuthBy>
> > > # Log accounting to the detail file in LogDir
> > > AcctLogFileName %L/handlers-detail.%Y%m%d
> > > </Handler>
> > >
> > > --cut---
> > >
> > >
> > > I now want to change this to AuthBy SQLRADIUS, and my cfg file is as
> > > follows....
> > >
> > > <Client localhost>
> > > Secret mysecret
> > > DupInterval 0
> > > </Client>
> > >
> > > <Realm DEFAULT>
> > > <AuthBy SQLRADIUS>
> > > DBSource dbi:Pg:dbname=proxy
> > > DBUsername radius
> > > DBAuth ****
> > >
> > > HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT
>
> from
>
> > > RADIUSSERVERS where TARGETNAME='%{Called-Station-Id}
> > > . </AuthBy>
> > > </Realm>
> > >
> > > The SQL lookup seems to work fine, and the request is proxied, but the
> > > level 2 radius instance always rejects the password. This is exactly
> > > the same instance that works OK with the handler based level 1
> > > instance. Attached please find the Trace Output for the 2 radius
> > > instances,
> > >
> > > level 1
> > > --------------------
> > > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > > *** Received from 127.0.0.1 port 2101 ....
> > >
> > > Packet length = 92
> > > 01 e9 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> > > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> > > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> > > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> > > 34 33 32 31 3d 06 00 00 00 00 02 12 8d ee 2c d9
> > > 96 65 04 f6 bc 38 09 a0 d8 7d 78 99
> > > Code: Access-Request
> > > Identifier: 233
> > > Authentic: 1234567890123456
> > > Attributes:
> > > User-Name = "utest1"
> > > Service-Type = Framed-User
> > > NAS-IP-Address = 203.63.154.1
> > > NAS-Port = 1234
> > > Called-Station-Id = "269069000"
> > > Calling-Station-Id = "987654321"
> > > NAS-Port-Type = Async
> > > User-Password =
> > > "<141><238>,<217><150>e<4><246><188>8<9><160><216>}x<153>"
> > >
> > > Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler
> > > 'Realm=DEFAULT'
> > > Tue Apr 16 13:07:53 2002: DEBUG: Deleting session for utest1,
> > > 203.63.154.1, 1234
> > > Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthRADIUS
> > > Tue Apr 16 13:07:53 2002: DEBUG: Query is: select HOST1, SECRET,
>
> AUTHPORT,
>
> > > ACCTPORT from RADIUSSERVERS where TARGETNAME='269069000'
> > >
> > > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > > *** Sending to 195.202.64.45 port 18120 ....
> > > Packet length = 92
> > > 01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> > > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> > > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> > > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> > > 34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9
> > > f2 6b 0f 02 69 72 fb 07 fd ed 83 2d
> > > Code: Access-Request
> > > Identifier: 2
> > > Authentic: 1234567890123456
> > > Attributes:
> > > User-Name = "utest1"
> > > Service-Type = Framed-User
> > > NAS-IP-Address = 203.63.154.1
> > > NAS-Port = 1234
> > > Called-Station-Id = "269069000"
> > > Calling-Station-Id = "987654321"
> > > NAS-Port-Type = Async
> > > User-Password =
> > > "<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-"
> > >
> > > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > > *** Received from 195.202.64.45 port 18120 ....
> > >
> > > Packet length = 36
> > > 03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a
> > > 65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65
> > > 6e 69 65 64
> > > Code: Access-Reject
> > > Identifier: 2
> > > Authentic: <140><157><180>B"{<211><220><184><203>}<26>e<133><155>7
> > > Attributes:
> > > Reply-Message = "Request Denied"
> > >
> > > Tue Apr 16 13:07:53 2002: DEBUG: Received reply in AuthRADIUS for req 2
> > > from 195.202.64.45:18120
> > > Tue Apr 16 13:07:53 2002: WARNING: Bad authenticator received in reply
>
> to
>
> > > ID 2
> > > Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Proxied
> > > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > >
> > >
> > >
> > >
> > > Level 2
> > > -------------------------------------
> > > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > > *** Received from 195.202.64.45 port 1889 ....
> > >
> > > Packet length = 92
> > > 01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32
> > > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00
> > > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b
> > > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35
> > > 34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9
> > > f2 6b 0f 02 69 72 fb 07 fd ed 83 2d
> > > Code: Access-Request
> > > Identifier: 2
> > > Authentic: 1234567890123456
> > > Attributes:
> > > User-Name = "utest1"
> > > Service-Type = Framed-User
> > > NAS-IP-Address = 203.63.154.1
> > > NAS-Port = 1234
> > > Called-Station-Id = "269069000"
> > > Calling-Station-Id = "987654321"
> > > NAS-Port-Type = Async
> > > User-Password =
> > > "<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-"
> > >
> > > Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler
> > > 'Realm=DEFAULT'
> > > Tue Apr 16 13:07:53 2002: DEBUG: Rewrote user name to utest1
> > > Tue Apr 16 13:07:53 2002: DEBUG: Deleting session for utest1,
> > > 203.63.154.1, 1234
> > > Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthFILE:
> > > Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE looks for match with
> > > utest1
> > > Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password
> > > Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Bad
> > > Password Tue Apr 16 13:07:53 2002: DEBUG: Packet dump:
> > > *** Sending to 195.202.64.45 port 1889 ....
> > >
> > > Packet length = 36
> > > 03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a
> > > 65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65
> > > 6e 69 65 64
> > > Code: Access-Reject
> > > Identifier: 2
> > > Authentic: 1234567890123456
> > > Attributes:
> > > Reply-Message = "Request Denied"
> > >
> > >
> > > Any ideas, please help
> > >
> > > Rgds
> > > TDN
> > >
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list