(RADIATOR) Authentication Problems
Hugh Irvine
hugh at open.com.au
Mon Jan 7 16:54:23 CST 2002
Hello Eric -
It looks to me like the shared secrets are not correct.
radpwtst uses the shared secret "mysecret" by default, so in your case you
should use "radpwtst -secret dogcat .....".
regards
Hugh
On Tue, 8 Jan 2002 03:34, Eric Johnson wrote:
> I am having problems authenticating with Radiator. I am running NT 4 with
> MySQL as the database. My config script is set to first check the NT user
> database and then the SQL database. When I use radpwtst I get a bad
> authenticator reply and then 2 no reply's which I assume are because the
> first request failed. I am using the default user to test. Included is
> the trace file (first) and my config file (second). Thanks for your help.
>
> Mon Jan 7 10:07:34 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 3577 ....
> Code: Access-Request
> Identifier: 4
> Authentic: 1234567890123456
> Attributes:
> User-Name = "mikem"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password = "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
>
> Mon Jan 7 10:07:34 2002: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Mon Jan 7 10:07:34 2002: DEBUG: Deleting session for
> mikem, 203.63.154.1, 1234 Mon Jan 7 10:07:34 2002: DEBUG: Handling with NT
> Mon Jan 7 10:07:34 2002: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 7 10:07:34 2002: DEBUG: Handling with Radius::AuthSQL: CheckSQL
> Mon Jan 7 10:07:34 2002: DEBUG: Query is: select PASSWORD from SUBSCRIBERS
> where USERNAME='mikem'
>
> Mon Jan 7 10:07:34 2002: DEBUG: Radius::AuthSQL looks for match with mikem
> Mon Jan 7 10:07:34 2002: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Mon Jan 7 10:07:34 2002: DEBUG: Query is: select PASSWORD from SUBSCRIBERS
> where USERNAME='DEFAULT'
>
> Mon Jan 7 10:07:34 2002: INFO: Access rejected for mikem: Bad Password
> Mon Jan 7 10:07:34 2002: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 3577 ....
> Code: Access-Reject
> Identifier: 4
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> Mon Jan 7 10:07:34 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 3577 ....
> Code: Accounting-Request
> Identifier: 5
> Authentic: <141><245>j6<145><242><213>\;<218>x^^=<22>)
> Attributes:
> User-Name = "mikem"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
>
> Mon Jan 7 10:07:34 2002: WARNING: Bad authenticator in request from
> 127.0.0.1 (203.63.154.1) Mon Jan 7 10:07:39 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 3577 ....
> Code: Accounting-Request
> Identifier: 6
> Authentic: d6B<159><200>u<138><152>FI<216><154><190>S<230>G
> Attributes:
> User-Name = "mikem"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Stop
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> Acct-Delay-Time = 0
> Acct-Session-Time = 1000
> Acct-Input-Octets = 20000
> Acct-Output-Octets = 30000
>
> Mon Jan 7 10:07:39 2002: WARNING: Bad authenticator in request from
> 127.0.0.1 (203.63.154.1)
>
> Foreground
> LogStdout
> LogDir /Radiator/log
> #Dictionary File is in current dir
> DictionaryFile ./dictionary
> Trace 4
>
> <Client 127.0.0.1>
> Secret dogcat
> DupInterval 0
> </Client>
> <AuthBy SQL>
>
> Identifier CheckSQL
>
> DBSource dbi:mysql:ISP
> DBUsername admin
> DBAuth lifter
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> </AuthBy>
>
>
>
> <AuthBy NT>
>
> Identifier CheckNT
>
> # You must set the domain name here to suit your site
> Domain ETHERNET1
>
> # ON NT, optionally specify the name of the
> # Primary Domain Controller, including the leading
> # \\ slashes, to override the default domain controller
> # for the domain you specified above
> DomainController \\FEZZIK
>
> # On Unix, you MUST specify the Domain Controller
> # name as the NT host name of the domain controller
> # its not optional. This needs to be set to the NT
> # name of the Primary Domain Controller, and further
> # the NT name must be in the Unix hosts or DNS
> DomainController FEZZIK
>
> # On NT, you can optionally check the
> # "Grant dialin permission to user" flag in the
> # user manager. Requires the
> # Win32-RasAdmin Perl package to be installed first
> # HonourDialinPermission
>
> # This will set up some standard reply items for
> # your NAS, you may need others for your NAS
> DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> </AuthBy>
>
> <Realm DEFAULT>
> AuthByPolicy ContinueUntilAccept
> AuthBy CheckNT
> AuthBy CheckSQL
> # Log accounting to the detail file in LogDir
> AcctLogFileName ./detail
> </Realm>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list