(RADIATOR) Re: Problems
Mike McCauley
mikem at open.com.au
Wed Mar 27 14:29:51 CST 2002
Hello Stephen,
On Thu, 28 Mar 2002 03:48, Stephen Malenshek wrote:
> I am having a very difficult time with this product. I have read and
> reread the documentation on several occasions and evidently I am just to
> stupid to figure this out. The following is the error messages that I
> am getting:
Hello Stephen,
the main problem is that your DEFAULT Realm is using AuthBy SQL with the
default AuthSelect (which is select PASSWORD from SUBSCRIBERS where
USERNAME=%0). However, your subscribers table calls the password field passwd.
I suggest you change your Realm clause to be like this:
<Realm DEFAULT>
<AuthBy SQL>
DBSource dbi:Pg:dbname=radius;host=xxx.xxx.xxx.xxx
DBUsername xxxxx
DBAuth xxxxxx
AuthSelect select passwd from subscribers where username = %0
</AuthBy>
</Realm>
and go from there.
You also have two Realm DEFAULT clause. I suggest you remove the one that has
the AuthBy FILE in it.
There is a lot of other (prob unneccessary) stuff in your config file. You
might want to consider starting with goodies/sql.cfg as a simple SQL
configuration example (use the AuthSelect I show above.)
Cheers.
>
> Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from
> SUBSCRIBERS where USERNAME='stephen'': ERROR: Attribute 'password' not
> found
> Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from
> SUBSCRIBERS where USERNAME='stephen'': ERROR: Attribute 'password' not
> found
> Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from
> SUBSCRIBERS where USERNAME='DEFAULT'': ERROR: Attribute 'password' not
> found
> Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from
> SUBSCRIBERS where USERNAME='DEFAULT'': ERROR: Attribute 'password' not
> found
> Tue Mar 26 10:12:03 2002: INFO: Access rejected for stephen: No such
> user
>
> The following is the radius.cfg:
>
> #Foreground
> #LogStdout
> LogDir /var/log/radius
> DbDir /etc/raddb
> Trace 3
>
> <Client DEFAULT>
> Secret xxxxxx
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> AcctLogFileName %L/detail
> </Realm>
>
>
> <Realm DEFAULT>
> <AuthBy SQL>
> DBSource
> dbi:Pg:dbname=radius;host=xxx.xxx.xxx.xxx
> DBUsername xxxxx
> DBAuth xxxxxx
> </AuthBy>
> </Realm>
>
>
> # <Handler Service-Type=Call-Check>
> # RewriteUsername s/^([^@]+).*/$1/
> # <AuthBy FILE>
> # Filename %D/call-check
> # </AuthBy>
> # </Handler>
>
> <Handler Realm=DEFAULT,Acct-Status-Type=/.+/>
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername s/^P(.*)$/$1/
> RewriteUsername tr/[A-Z]/[a-z]/
> AcctLogFileName %L/detail-%Y-%m
> # AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name}
> WtmpFileName %L/wtmp
> # PasswordLogFileName %L/password-%Y-%m
> # PreAuthHook sub { print "Here I am in PreAuthHook\n" }
> # PostAuthHook sub { print "Here I am in PostAuthHook\n" }
>
> #AuthByPolicy ContinueWhileReject
> #AuthByPolicy ContinueUntilAccept
> AuthByPolicy DoAllAuths
> <AuthBy SQL>
> Fork
> Identifier AcctSTART
> AuthSelect
> DBSource dbi:Pg:dbname=radius;host=
> xxx.xxx.xxx.xxx
> DBUsername xxxxx
> DBAuth xxxxxx
> # DBSource dbi:Pg:radius:backuphost
> # DBUsername aUser
> # DBAuth aPassWord
> AccountingStartsOnly
> AcctSQLStatement insert into ACCOUNTING \
> ( \
> username,calledstationid,nasidentifier,\
> clientip,nasport,nasporttype,\
> acctstatustype,acctdelaytime,acctsessionid,\
> time_stamp,servicetype,framedprotocol,\
> framedipaddress,requestauth,\
> start_time,stop_time,\
> connect_info\
> ) \
> values \
> (\
> ip_to_int('%{User-Name}',\
> '%{Called-Station-Id}',\
> '%{NAS-IP-Address}',\
> '%{Client-IP-Address}',\
> '%{NAS-Port}',\
> '%{NAS-Port-Type}',\
> '%{Acct-Status-Type}',\
> '%{Acct-Delay-Time}',\
> '%{Acct-Session-Id}',\
> '%{Timestamp}',\
> '%{Service-Type}',\
> '%{Framed-Protocol}',\
> '%{Framed-IP-Address}',\
> '%{Request-Authenticator}\
> # From_unixtime(%{Timestamp}),\
> # 0,\
> # '%{Connect-Info}'\
> )
> </AuthBy>
> <AuthBy SQL>
> Fork
> Identifier AcctSTOP
> AuthSelect
> DBSource dbi:Pg:dbname=radius;host=
> xxx.xxx.xxx.xxx
> DBUsername xxxxx
> DBAuth xxxxxx
> # DBSource dbi:mysql:db:backuphost
> # DBUsername aUser
> # DBAuth aPassWord
> AccountingStopsOnly
> AcctSQLStatement insert into ACCOUNTING \
> ( \
> nasport,nasporttype,acctinputoctets,\
> acctoutputoctets,acctinputpackets,acctoutputpackets,\
>
> acctstatustype,acctdelaytime,acctsessionid,acctsessiontime,\
>
> acctterminatecause,time_stamp,servicetype,framedprotocol,\
> framedipaddress,requestauth,\
> start_time,stop_time,\
> connect_info\
> ) \
> values \
> (\
> ip_to_int('%{User-Name}',\
> '%{Called-Station-Id}',\
> '%{NAS-IP-Address}',\
> '%{NAS-Port}',\
> '%{NAS-Port-Type}',\
> '%{Acct-Input-Octets}',\
> '%{Acct-Output-Octets}',\
> '%{Acct-Input-Packets}',\
> '%{Acct-Output-Packets}',\
> '%{Acct-Status-Type}',\
> '%{Acct-Delay-Time}',\
> '%{Acct-Session-Id}',\
> '%{Acct-Session-Time}',\
> '%{Acct-Terminate-Cause}',\
> '%{Timestamp}',\
> '%{Service-Type}',\
> '%{Framed-Protocol}',\
> '%{Framed-IP-Address}',\
> '%{Request-Authenticator}\
> # From_unixtime(%{Timestamp}),\
> # 0,\
> # '%{Connect-Info}'\
> )
> AcctSQLStatement update usertime set \
> time_on = %{Acct-Session-Time,NULL},\
> InBytes = %{Acct-Input-Octets,NULL},\
> OutBytes = %{Acct-Output-Octets,NULL},\
> term_cause = %{Acct-Terminate-Cause,integerNULL},\
> stop_time = From_unixtime(%{Timestamp}),\
> terminate_detail = '%{LE-Terminate-Detail}',\
> connect_info = concat(connect_info ,";",
> '%{Connect-Info}') \
> WHERE \
> server = ip_to_int('%{NAS-IP-Address}') AND \
> id = '%{Acct-Session-Id}' AND \
> name = '%{User-Name}' AND \
> port = '%{NAS-Port}'
> </AuthBy>
> <AuthBy TEST>
> # Return a Packet
> </AuthBy>
> </Handler>
>
> <Handler Realm=DEFAULT,Proxy-State="0">
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername s/^P(.*)$/$1/
> RewriteUsername tr/[A-Z]/[a-z]/
> AcctLogFileName %L/roam-detail-auth-%Y-%m
> PasswordLogFileName %L/password-roam-%Y-%m
> AuthByPolicy ContinueWhileReject
> #AuthByPolicy ContinueUntilAccept
> #AuthByPolicy DoAllAuths
> <AuthBy SQL>
> DBSource dbi:Pg:dbname=radius;host=
> xxx.xxx.xxx.xxx
> DBUsername xxxxx
> DBAuth xxxxxx
> # DBSource dbi:mysql:db:backuphost
> # DBUsername aUser
> # DBAuth aPassWord
> AuthSelect select \
>
> if(pw_iscrypt=0,passwd,concat('{crypt}',passwd)),\
> port_limit,\
> radius_check,\
> concat(\
>
> if("%{Service-Type}"="Framed-User","Service-Type=Framed-User,",""),\
> if(server=3,"NAS-Port-Type = Async,",""),\
>
> if(type=2,"Time=Al1550-0930,SaSu0000-2400","")\
> ),\
> radius_reply,\
> concat(\
> if("%{Service-Type}"="Framed-User",\
>
> "Service-Type=Framed-User,Framed-Compression=Van-Jacobson-TCP-IP,Framed-
> MTU=1500,Framed-Protocol=PPP,",""),\
> if("%{Service-Type}"="Framed-User" &&
> filter.name>""
> ,\
>
> concat("Filter-Id=",filter.name,","),""),\
>
> if("%{Service-Type}"="Framed-User",if(ISNULL(static_ip) ||
> static_ip='',\
>
> 'Framed-IP-Address=255.255.255.254,',concat("Framed-IP-Address=",static_
> ip,",")),\
> ""),\
>
> if("%{Service-Type}"="Framed-User",if(ISNULL(static_netmask) ||
> static_netmask='',\
>
> 'Framed-IP-Netmask=255.255.255.254,',concat("Framed-IP-Netmask=",static_
> netmask,",")),\
> ""),\
>
> if("%{Service-Type}"<>"Framed-User","Service-Type=Login-User,Login-IP-Ho
> st=phobos.kiss.de,Login-Service=Rlogin,","")\
> ),\
> if(expires<"1990-01-01",NULL,expires),\
> port_limit \
> FROM accounts left outer join filter ON
> accounts.filter=filter.id \
> WHERE \
> accounts.name = '%n' AND active <> 0 AND
> (type <= OR type =3) AND \
> (server IN ('1','2','3') OR server =
> ip_to_int('%N')
> )
> # type=3 : only-radius
> # type=0 : normal
> # type<0 : Versch. restrictions
> # server 0 = NONE
> # server 1 = ALL
> # server 2 = ISDN
> # server 3 = Analog
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Simultaneous-Use,check
> AuthColumnDef 2,GENERIC,check
> AuthColumnDef 3,GENERIC,check
> AuthColumnDef 4,GENERIC,reply
> AuthColumnDef 5,GENERIC,reply
> AuthColumnDef 6,Expires,check
> AuthColumnDef 7,Port-Limit,reply
> #
> StripFromReply Filter-Id
> </AuthBy>
> </Handler>
>
> <Handler Realm=DEFAULT>
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername s/^P(.*)$/$1/
> RewriteUsername tr/[A-Z]/[a-z]/
> AcctLogFileName %L/detail-auth-%Y-%m
> # AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name}
> WtmpFileName %L/wtmp
> # PasswordLogFileName %L/password-%Y-%m
> # PreAuthHook sub { print "Here I am in PreAuthHook\n" }
> # PostAuthHook sub { print "Here I am in PostAuthHook\n" }
> AuthByPolicy ContinueWhileReject
> #AuthByPolicy ContinueUntilAccept
> #AuthByPolicy DoAllAuths
> <AuthBy SQL>
> DBSource dbi:Pg:dbname=radius;host=65.67.76.100
> DBUsername radacct
> DBAuth 5qweh*ujnbhtr
> # DBSource dbi:mysql:db:backuphost
> # DBUsername aUser
> # DBAuth aPassWord
> AuthSelect select \
>
> if(pw_iscrypt=0,passwd,concat('{crypt}',passwd)),\
> port_limit,\
> radius_check,\
> concat(\
>
> if("%{Service-Type}"="Framed-User","Service-Type=Framed-User,",""),\
> if(server=3,"NAS-Port-Type = Async,",""),\
>
> if(type=2,"Time=Al1550-0930,SaSu0000-2400","")\
> ),\
> radius_reply,\
> concat(\
> if("%{Service-Type}"="Framed-User",\
>
> "Service-Type=Framed-User,Framed-Compression=Van-Jacobson-TCP-IP,Framed-
> MTU=1500,Framed-Protocol=PPP,",""),\
> if("%{Service-Type}"="Framed-User" &&
> filter.name>""
> ,\
>
> concat("Filter-Id=",filter.name,","),""),\
>
> if("%{Service-Type}"="Framed-User",if(ISNULL(static_ip) ||
> static_ip='',\
>
> 'Framed-IP-Address=255.255.255.254,',concat("Framed-IP-Address=",static_
> ip,",")),\
> ""),\
>
> if("%{Service-Type}"="Framed-User",if(ISNULL(static_netmask) ||
> static_netmask='',\
>
> 'Framed-IP-Netmask=255.255.255.254,',concat("Framed-IP-Netmask=",static_
> netmask,",")),\
> ""),\
>
> if("%{Service-Type}"<>"Framed-User","Service-Type=Login-User,Login-IP-Ho
> st=phobos.kiss.de,Login-Service=Rlogin,","")\
> ),\
> if(expires<"1990-01-01",NULL,expires),\
> port_limit \
> FROM accounts left outer join filter ON
> accounts.filter=filter.id \
> WHERE \
> accounts.name = '%n' AND active <> 0 AND
> (type <= 0 OR type =3) AND \
> (server IN ('1','2','3') OR server =
> ip_to_int('%N')
> )
> # type=3 : only-radius
> # type=0 : normal
> # type<0 : Versch. restrictions
> # server 0 = NONE
> # server 1 = ALL
> # server 2 = ISDN
> # server 3 = Analog
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Simultaneous-Use,check
> AuthColumnDef 2,GENERIC,check
> AuthColumnDef 3,GENERIC,check
> AuthColumnDef 4,GENERIC,reply
> AuthColumnDef 5,GENERIC,reply
> AuthColumnDef 6,Expires,check
> AuthColumnDef 7,Port-Limit,reply
> </AuthBy>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> </Handler>
>
> <SessionDatabase SQL>
> DBSource dbi:Pg:dbname=radius;host= xxx.xxx.xxx.xxx
> DBUsername xxxxx
> DBAuth xxxxxx
> # DBSource dbi:mysql:db:backuphost
> # DBUsername aUser
> # DBAuth aPassWord
> AddQuery insert into RADONLINE \
> (USERNAME, CALLEDSTATIONID, NASIDENTIFIER, NASPORT,\
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, \
> NASPORTTYPE, SERVICETYPE) \
> values (\
> '%n', %{Called-Station-Id}, '%N', %{NAS-Port,NULL}, \
> '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}',\
> '%{NAS-Port-Type}', '%{Service-Type}')
> DeleteQuery delete from RADONLINE \
> where USERNAME='%n' and \
> NASIDENTIFIER='%N' and NASPORT=%{NAS-Port,NULL}
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
> RADONLINE w
> here USERNAME='%n'
>
> </SessionDatabase>
>
>
> This is a list of tables that I have specified in the database.
>
> List of relations
> Name | Type | Owner
> ----------------------+-------+----------
> accounting | table | postgres
> groupradius | table | postgres
> radclientlist | table | postgres
> radlog | table | postgres
> radonline | table | postgres
> radpool | table | postgres
> radsqlradius | table | postgres
> radsqlradiusindirect | table | postgres
> radstatslog | table | postgres
> subscribers | table | postgres
> (10 rows)
>
> radius=# \d accounting
> Table "accounting"
> Attribute | Type | Modifier
> --------------------+-----------------------+----------
> username | character varying(50) |
> realm | character varying(50) |
> calledstationid | integer |
> nasidentifier | character varying(50) |
> nasipaddress | character varying(50) |
> clientip | character varying(25) |
> nasport | integer |
> nasporttype | character varying(30) |
> acctinputoctets | integer |
> acctoutputoctets | integer |
> acctinputpackets | integer |
> acctoutputpackets | integer |
> acctstatustype | character varying(10) |
> acctdelaytime | integer |
> acctsessionid | character varying(30) |
> acctsessiontime | integer |
> acctterminatecause | integer |
> time_stamp | integer |
> servicetype | character varying(80) |
> framedprotocol | character varying(50) |
> framedipaddress | character varying(22) |
> requestauth | character varying(50) |
> start_time | character varying(50) |
> stop_time | character varying(50) |
> connect_info | character varying(50) |
> Index: accounting_i
>
> radius=# \d radclientlist
> Table "radclientlist"
> Attribute | Type | Modifier
> ------------------------------+-----------------------+----------
> nasidentifier | character varying(50) | not null
> secret | character varying(50) | not null
> ignoreacctsignature | integer |
> dupinterval | integer |
> defaultrealm | character varying(50) |
> nastype | character varying(20) |
> snmpcommunity | character varying(20) |
> livingstonoffs | integer |
> livingstonhole | integer |
> framedgroupbaseaddress | character varying(50) |
> framedgroupmaxportsperclassc | integer |
> rewriteusername | character varying(50) |
> noignoreduplicates | character varying(50) |
> prehandlerhook | character varying(50) |
> Index: nasidentifier_i
>
> radius=# \d radlog
> Table "radlog"
> Attribute | Type | Modifier
> ------------+------------------------+----------
> time_stamp | integer |
> priority | integer |
> message | character varying(200) |
>
> radius=# \d radonline
> Table "radonline"
> Attribute | Type | Modifier
> -----------------+-----------------------+----------
> username | character varying(50) |
> calledstationid | character varying(20) |
> nasidentifier | character varying(50) |
> nasport | integer |
> acctsessionid | character varying(30) |
> time_stamp | integer |
> framedipaddress | character varying(22) |
> nasporttype | character varying(10) |
> servicetype | character varying(20) |
> Indices: radonline_i,
> radonline_i2
>
> radius=# \d radpool
> Table "radpool"
> Attribute | Type | Modifier
> ------------+-----------------------+----------
> state | integer | not null
> time_stamp | integer |
> expiry | integer |
> username | character varying(50) |
> pool | character varying(50) | not null
> yiaddr | character varying(50) | not null
> subnetmask | character varying(50) | not null
> dnsserver | character varying(50) |
> Indices: radpool_i,
> radpool_i2
>
> radius=# \d radsqlradius
> Table "radsqlradius"
> Attribute | Type | Modifier
> ----------------------------+-----------------------+----------
> targetname | character varying(50) |
> host1 | character varying(50) |
> host2 | character varying(50) |
> secret | character varying(50) |
> authport | character varying(20) |
> acctport | character varying(20) |
> retries | integer |
> retrytimeout | integer |
> useoldascendpasswords | integer |
> serverhasbrokenportnumbers | integer |
> serverhasbrokenaddresses | integer |
> ignorereplysignature | integer |
> failurepolicy | integer |
> Index: radsqlradius_i
>
> radius=# \d radsqlradiusindirect
> Table "radsqlradiusindirect"
> Attribute | Type | Modifier
> ------------+-----------------------+----------
> sourcename | character varying(50) |
> targetname | character varying(50) |
> Index: radsqlradiusindirect_i
>
> radius=# \d radstatslog
> Table "radstatslog"
> Attribute | Type | Modifier
> -----------------------------+-----------------------+----------
> time_stamp | integer |
> type | character varying(20) |
> identifier | character varying(30) |
> accessaccepts | integer |
> accesschallenges | integer |
> accessrejects | integer |
> accessrequests | integer |
> accountingrequests | integer |
> accountingresponses | integer |
> badauthaccessrequests | integer |
> badauthaccountingrequests | integer |
> badauthrequests | integer |
> droppedaccessrequests | integer |
> droppedaccountingrequests | integer |
> droppedrequests | integer |
> dupaccessrequests | integer |
> dupaccountingrequests | integer |
> duplicaterequests | integer |
> malformedaccessrequests | integer |
> malformedaccountingrequests | integer |
> proxiednoreply | integer |
> proxiedrequests | integer |
> requests | integer |
> responsetime | numeric(12,6) |
>
> radius=# \d subscribers
> Table "subscribers"
> Attribute | Type | Modifier
> -----------+------------------------+----------
> username | character varying(50) | not null
> realname | character varying(50) |
> passwd | character varying(50) |
> epasswd | character varying(50) |
> uid | integer |
> gid | integer |
> homedir | character varying(50) |
> shell | character varying(50) |
> checkattr | character varying(200) |
> replyattr | character varying(200) |
> Indices: realname_i,
> subscribers_pkey,
> username_i
>
>
> Please forgive me if this is not the proper way to post to this list,
> but I have wasted 3 days trying to figure the proper structure out for
> this product. The documentation for a PostgreSQL documentation is
> sparse and everything I have has been adapted from the
> wimsComplexConfig.txt file located in the goodies directory. I have not
> found any place that I can specify anything for SUBSCRIBERS for
> authentication in the radius.cfg file and I do not know what structure
> needs to be added to make this happen. This is my first implementation
> with this product, but I have had a lot of experience with Cistron, and
> trying to convert from one to the other is a little bit of a stretch.
> Thanks in advance for any help that you might provide.
>
>
> Stephen Malenshek
> Valuelinx Corporation
> stephen at valuelinx.net
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list