(RADIATOR) Authenticaton Problems

Hugh Irvine hugh at open.com.au
Wed Jan 2 17:45:33 CST 2002 

Hello Eric -

I suspect there are two things wrong - one is your configuration file, which 
should have the Realm clause changed to look like this:

<Realm>
	.....
</Realm>

The other thing that is wrong is probably because you are not specifiying the 
correct secret when running radpwtst.

	radpwtst -secret dogcat ......

regards

Hugh


On Thu, 3 Jan 2002 03:20, Eric Johnson wrote:
> When I run radpwtst I get three no reply errors in a row.  The default user
> is in the test database.  In the log file the error is a bad authenticator.
>  Here is the log file and the config file that I am using.  Could someone
> tell me what I am doing wrong and possibly how to fix it?
>
> Wed Jan  2 10:05:56 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1528 ....
> Code:       Access-Request
> Identifier: 131
> Authentic:  1234567890123456
> Attributes:
> 	User-Name = "mikem"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password = "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
>
> Wed Jan  2 10:05:56 2002: DEBUG: Check if Handler Realm=127.0.0.1 should be
> used to handle this request Wed Jan  2 10:05:56 2002: WARNING: Could not
> find a handler for mikem: request is ignored Wed Jan  2 10:06:01 2002:
> DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1528 ....
> Code:       Accounting-Request
> Identifier: 132
> Authentic:  <156>,{*<190><151><218><249><183><15>Y<127><146><128><6>
> Attributes:
> 	User-Name = "mikem"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	NAS-Port-Type = Async
> 	Acct-Session-Id = "00001234"
> 	Acct-Status-Type = Start
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
>
> Wed Jan  2 10:06:01 2002: WARNING: Bad authenticator in request from
> 127.0.0.1 (203.63.154.1) Wed Jan  2 10:06:06 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1528 ....
> Code:       Accounting-Request
> Identifier: 133
> Authentic:  <193><187><186><190><186><181><21><228><23>V<253>a+2I<133>
> Attributes:
> 	User-Name = "mikem"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	NAS-Port-Type = Async
> 	Acct-Session-Id = "00001234"
> 	Acct-Status-Type = Stop
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	Acct-Delay-Time = 0
> 	Acct-Session-Time = 1000
> 	Acct-Input-Octets = 20000
> 	Acct-Output-Octets = 30000
>
> Wed Jan  2 10:06:06 2002: WARNING: Bad authenticator in request from
> 127.0.0.1 (203.63.154.1)
>
> Foreground
> LogStdout
> LogDir  /Radiator/log
> #Dictionary File is in current dir
> DictionaryFile ./dictionary
> Trace 4
>
> <Client 127.0.0.1>
>        Secret  dogcat
>          DupInterval 0
> </Client>
>      <AuthBy SQL>
>
>          Identifier CheckSQL
>
>          DBSource        dbi:mysql:ISP
>          DBUsername      admin
>          DBAuth lifter
>          AccountingTable ACCOUNTING
>          AcctColumnDef   USERNAME,User-Name
>          AcctColumnDef   TIME_STAMP,Timestamp,integer
>          AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>          AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>          AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>          AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>          AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>          AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>          AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>          AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>          AcctColumnDef   NASPORT,NAS-Port,integer
>      </AuthBy>
>
>
>
> <AuthBy NT>
>
>                  Identifier CheckNT
>
>                  # You must set the domain name here to suit your site
>                  Domain ETHERNET1
>
>                  # ON NT, optionally specify the name of the
>                  # Primary Domain Controller, including the leading
>                  # \\ slashes, to override the default domain controller
>                  # for the domain you specified above
>                  DomainController \\FEZZIK
>
>                  # On Unix, you MUST specify the Domain Controller
>                  # name as the NT host name of the domain controller
>                  # its not optional. This needs to be set to the NT
>                  # name of the Primary Domain Controller, and further
>                  # the NT name must be in the Unix hosts or DNS
>                  DomainController FEZZIK
>
>                  # On NT, you can optionally check the
>                  # "Grant dialin permission to user" flag in the
>                  # user manager. Requires the
>                  # Win32-RasAdmin Perl package to be installed first
>                  # HonourDialinPermission
>
>                  # This will set up some standard reply items for
>                  # your NAS, you may need others for your NAS
>                   DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
>          </AuthBy>
>
> <Realm 127.0.0.1>
>          AuthByPolicy ContinueUntilAccept
>          AuthBy CheckNT
>          AuthBy CheckSQL
>          # Log accounting to the detail file in LogDir
>          AcctLogFileName ./detail
> </Realm>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list