(RADIATOR) Authentication Problems

Eric Johnson eric at teamworksmedia.com
Mon Jan 7 10:34:04 CST 2002 

I am having problems authenticating with Radiator.  I am running NT 4 with MySQL as the database.  My config script is set to first check the NT user database and then the SQL database.  When I use radpwtst I get a bad authenticator reply and then 2 no reply's which I assume are because the first request failed.  I am using the default user to test.  Included is the trace file (first) and my config file (second).  Thanks for your help.

Mon Jan  7 10:07:34 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3577 ....
Code:       Access-Request
Identifier: 4
Authentic:  1234567890123456
Attributes:
	User-Name = "mikem"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password = "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"

Mon Jan  7 10:07:34 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Jan  7 10:07:34 2002: DEBUG:  Deleting session for mikem, 203.63.154.1, 1234
Mon Jan  7 10:07:34 2002: DEBUG: Handling with NT
Mon Jan  7 10:07:34 2002: DEBUG: Handling with Radius::AuthSQL
Mon Jan  7 10:07:34 2002: DEBUG: Handling with Radius::AuthSQL: CheckSQL
Mon Jan  7 10:07:34 2002: DEBUG: Query is: select PASSWORD from SUBSCRIBERS where USERNAME='mikem'

Mon Jan  7 10:07:34 2002: DEBUG: Radius::AuthSQL looks for match with mikem
Mon Jan  7 10:07:34 2002: DEBUG: Radius::AuthSQL REJECT: Bad Password
Mon Jan  7 10:07:34 2002: DEBUG: Query is: select PASSWORD from SUBSCRIBERS where USERNAME='DEFAULT'

Mon Jan  7 10:07:34 2002: INFO: Access rejected for mikem: Bad Password
Mon Jan  7 10:07:34 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 3577 ....
Code:       Access-Reject
Identifier: 4
Authentic:  1234567890123456
Attributes:
	Reply-Message = "Request Denied"

Mon Jan  7 10:07:34 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3577 ....
Code:       Accounting-Request
Identifier: 5
Authentic:  <141><245>j6<145><242><213>\;<218>x^^=<22>)
Attributes:
	User-Name = "mikem"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Port = 1234
	NAS-Port-Type = Async
	Acct-Session-Id = "00001234"
	Acct-Status-Type = Start
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"

Mon Jan  7 10:07:34 2002: WARNING: Bad authenticator in request from 127.0.0.1 (203.63.154.1)
Mon Jan  7 10:07:39 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3577 ....
Code:       Accounting-Request
Identifier: 6
Authentic:  d6B<159><200>u<138><152>FI<216><154><190>S<230>G
Attributes:
	User-Name = "mikem"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Port = 1234
	NAS-Port-Type = Async
	Acct-Session-Id = "00001234"
	Acct-Status-Type = Stop
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	Acct-Delay-Time = 0
	Acct-Session-Time = 1000
	Acct-Input-Octets = 20000
	Acct-Output-Octets = 30000

Mon Jan  7 10:07:39 2002: WARNING: Bad authenticator in request from 127.0.0.1 (203.63.154.1)

Foreground 
LogStdout 
LogDir  /Radiator/log 
#Dictionary File is in current dir 
DictionaryFile ./dictionary 
Trace 4 

<Client 127.0.0.1> 
       Secret  dogcat 
         DupInterval 0 
</Client> 
     <AuthBy SQL> 

         Identifier CheckSQL 

         DBSource        dbi:mysql:ISP 
         DBUsername      admin 
         DBAuth lifter 
         AccountingTable ACCOUNTING 
         AcctColumnDef   USERNAME,User-Name 
         AcctColumnDef   TIME_STAMP,Timestamp,integer 
         AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type 
         AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer 
         AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer 
         AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer 
         AcctColumnDef   ACCTSESSIONID,Acct-Session-Id 
         AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer 
         AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause 
         AcctColumnDef   NASIDENTIFIER,NAS-Identifier 
         AcctColumnDef   NASPORT,NAS-Port,integer 
     </AuthBy> 



<AuthBy NT> 

                 Identifier CheckNT 

                 # You must set the domain name here to suit your site 
                 Domain ETHERNET1 

                 # ON NT, optionally specify the name of the 
                 # Primary Domain Controller, including the leading 
                 # \\ slashes, to override the default domain controller 
                 # for the domain you specified above 
                 DomainController \\FEZZIK 

                 # On Unix, you MUST specify the Domain Controller 
                 # name as the NT host name of the domain controller 
                 # its not optional. This needs to be set to the NT 
                 # name of the Primary Domain Controller, and further 
                 # the NT name must be in the Unix hosts or DNS 
                 DomainController FEZZIK 

                 # On NT, you can optionally check the 
                 # "Grant dialin permission to user" flag in the 
                 # user manager. Requires the 
                 # Win32-RasAdmin Perl package to be installed first 
                 # HonourDialinPermission 

                 # This will set up some standard reply items for 
                 # your NAS, you may need others for your NAS 
                  DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP 
         </AuthBy> 

<Realm DEFAULT> 
         AuthByPolicy ContinueUntilAccept 
         AuthBy CheckNT 
         AuthBy CheckSQL 
         # Log accounting to the detail file in LogDir 
         AcctLogFileName ./detail   
</Realm> 


--
Eric Johnson

Teamworks Media
www.teamworksmedia.com
--
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list