Oggetto: Re: (RADIATOR) Character set
gionata.lamia at t-systems.it
gionata.lamia at t-systems.it
Wed Apr 16 04:28:54 CDT 2003
Hi Hugh,
follows the log and the configuration file.
Log:
Wed Apr 16 11:14:15 2003: DEBUG: Packet dump:
*** Received from 192.168.72.101 port 1645 ....
Code: Access-Request
Identifier: 49
Authentic: <186>5<19><0><170><212><145><139>g<211><153><244>~<204><212>9
Attributes:
User-Name = "db00893 at wan"
User-Password = "<186>/<212><239><19><176><140><204>$<147><27>z<3><248>=<150>"
NAS-Port = 6
NAS-Port-Type = Virtual
Calling-Station-Id = "53.212.4.151"
Service-Type = Login-User
NAS-IP-Address = 192.168.72.101
Wed Apr 16 11:14:15 2003: DEBUG: Rewrote user name to db00893 at wan
Wed Apr 16 11:14:15 2003: DEBUG: Handling request with Handler 'Realm = wan'
Wed Apr 16 11:14:15 2003: DEBUG: Deleting session for db00893 at wan, 192.168.72.101, 6
Wed Apr 16 11:14:15 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='192.168.72.101' and NASPORT=06
Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthGROUP
Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthRADMIN
Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthRADMIN: CheckRADMIN
Wed Apr 16 11:14:15 2003: DEBUG: Query is: select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
RADUSERS where USERNAME='db00893 at wan'
Wed Apr 16 11:14:15 2003: DEBUG: Query is: select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='db00893 at wan' order by
ITEM_TYPE
Wed Apr 16 11:14:15 2003: DEBUG: Radius::AuthRADMIN looks for match with db00893 at wan
Wed Apr 16 11:14:15 2003: DEBUG: do query is: update RADUSERS set BADLOGINS=BADLOGINS+1 where USERNAME='db00893 at wan'
Wed Apr 16 11:14:15 2003: DEBUG: Query is: select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
RADUSERS where USERNAME='DEFAULT'
Wed Apr 16 11:14:15 2003: INFO: Access rejected for db00893 at wan: Bad Password
Wed Apr 16 11:14:15 2003: DEBUG: Packet dump:
*** Sending to 192.168.72.101 port 1645 ....
Code: Access-Reject
Identifier: 49
Authentic: <186>5<19><0><170><212><145><139>g<211><153><244>~<204><212>9
Attributes:
Reply-Message = "Bad Password"
Configuration file :
#Foreground
#LogStdout
LogDir /var/log/radiusd
DbDir /var/lib/mysql/
LogFile /var/log/radiusd/%d%v%Y
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
#<Client DEFAULT>
# Secret radius
# DupInterval 0
#</Client>
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
DBSource dbi:mysql:radmin:1.1.1.1
DBUsername user
DBAuth password
DBSource dbi:mysql:radmin:2.2.2.2
DBUsername user
DBAuth password
</ClientListSQL>
#Convert a MSN realm/username to username at realm
RewriteUsername s/^(.*)\\(.*)/$2\@$1/
# Address allocation with pools
<AddressAllocator SQL>
Identifier SQLAllocator
DBSource dbi:mysql:radmin:1.1.1.1
DBUsername user
DBAuth password
DBSource dbi:mysql:radmin:2.2.2.2
DBUsername user
DBAuth password
DefaultLeasePeriod 14400
LeaseReclaimInterval 1800
.
.
.
.
#######################################################################################
################# Authenticazione Utenti primo livello telnet router #################
#######################################################################################
<AuthBy GROUP>
Identifier usr
AuthBy CheckRADMIN
AddToReply Service-Type=1,\
cisco-avpair = "shell:priv-lvl=1"
</AuthBy>
#######################################################################################
################# Authenticazione Utenti 15° livello telnet router ####################
#######################################################################################
<AuthBy GROUP>
Identifier wan
AuthBy CheckRADMIN
AddToReply Service-Type=1,\
cisco-avpair = "shell:priv-lvl=15"
</AuthBy>
#######################################################################################
################# Authenticazione Utenti primo livello telnet router #################
#######################################################################################
<Handler Realm = usr>
RejectHasReason
AuthByPolicy ContinueWhileAccept
AuthBy usr
</Handler>
#######################################################################################
################# Authenticazione Utenti 15° livello telnet router ####################
#######################################################################################
<Handler Realm = wan>
RejectHasReason
AuthByPolicy ContinueWhileAccept
AuthBy wan
</Handler>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:1.1.1.1
DBUsername user
DBAuth password
DBSource dbi:mysql:radmin:2.2.2.2
DBUsername user
DBAuth password
</SessionDatabase>
The problem occure for ras user and telnet user.
ragards
Gionata
Hugh Irvine <hugh at open.com.au> il 15/04/2003 10.14.07
Per: gionata.lamia at t-systems.it
Cc:
Oggetto: Re: (RADIATOR) Character set
Hello Gionata -
As Mike says, I don't think this is a Radiator problem per se.
In any case we will need to see a copy of the configuration file (no
secrets) together with a trace 4 debug from Radiator showing what is
happening as well as the user records in question.
regards
Hugh
On Tuesday, Apr 15, 2003, at 11:10 Australia/Melbourne, Mike McCauley
wrote:
> Hi Hugh,
>
> There is no particular char set requirements in Radiator.
> If ther eis a problem we need to see the logs and config files.
> Possibly his problems are auth module specific.
>
> Cheers.
>
> On Tue, 15 Apr 2003 10:17 am, Hugh Irvine wrote:
>> Mikey -
>>
>> Interesting question - what is the correct answer?
>>
>> cheers
>>
>> Hugh
>>
>> Begin forwarded message:
>>> From: gionata.lamia at t-systems.it
>>> Date: Mon Apr 14, 2003 23:57:35 Australia/Melbourne
>>> To: radiator at open.com.au
>>> Subject: (RADIATOR) Character set
>>>
>>> I've some problems with some users. The problem concern the password
>>> character set. My users use some special characters as "ù à è ...",
>>> and
>>> Radiator rejects the authentication. Is there a possibility to use
>>> these
>>> characters ?
>>>
>>> Regards
>>>
>>> Gionata
>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list