Oggetto: Re: (RADIATOR) Character set

Hugh Irvine hugh at open.com.au
Wed Apr 16 05:30:07 CDT 2003


Hello Gionata -

Thanks for sending the files.

I will also need to see the user records in question, the cleartext  
password, and the shared secrets for the Client clauses.

regards

Hugh


On Wednesday, Apr 16, 2003, at 19:28 Australia/Melbourne,  
gionata.lamia at t-systems.it wrote:

>
> Hi Hugh,
> follows the log and the configuration file.
>
> Log:
>
> Wed Apr 16 11:14:15 2003: DEBUG: Packet dump:
> *** Received from 192.168.72.101 port 1645 ....
> Code:       Access-Request
> Identifier: 49
> Authentic:   
> <186>5<19><0><170><212><145><139>g<211><153><244>~<204><212>9
> Attributes:
>         User-Name = "db00893 at wan"
>         User-Password =  
> "<186>/<212><239><19><176><140><204>$<147><27>z<3><248>=<150>"
>         NAS-Port = 6
>         NAS-Port-Type = Virtual
>         Calling-Station-Id = "53.212.4.151"
>         Service-Type = Login-User
>         NAS-IP-Address = 192.168.72.101
>
> Wed Apr 16 11:14:15 2003: DEBUG: Rewrote user name to db00893 at wan
> Wed Apr 16 11:14:15 2003: DEBUG: Handling request with Handler 'Realm  
> = wan'
> Wed Apr 16 11:14:15 2003: DEBUG:  Deleting session for db00893 at wan,  
> 192.168.72.101, 6
> Wed Apr 16 11:14:15 2003: DEBUG: do query is: delete from RADONLINE  
> where NASIDENTIFIER='192.168.72.101' and NASPORT=06
>
> Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthGROUP
> Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthRADMIN
> Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthRADMIN:  
> CheckRADMIN
> Wed Apr 16 11:14:15 2003: DEBUG: Query is: select PASS_WORD,  
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,  
> VALIDTO from
> RADUSERS where USERNAME='db00893 at wan'
>
> Wed Apr 16 11:14:15 2003: DEBUG: Query is: select ATTR_ID, VENDOR_ID,  
> IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='db00893 at wan'  
> order by
> ITEM_TYPE
>
> Wed Apr 16 11:14:15 2003: DEBUG: Radius::AuthRADMIN looks for match  
> with db00893 at wan
> Wed Apr 16 11:14:15 2003: DEBUG: do query is: update RADUSERS set  
> BADLOGINS=BADLOGINS+1 where USERNAME='db00893 at wan'
>
> Wed Apr 16 11:14:15 2003: DEBUG: Query is: select PASS_WORD,  
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,  
> VALIDTO from
> RADUSERS where USERNAME='DEFAULT'
>
> Wed Apr 16 11:14:15 2003: INFO: Access rejected for db00893 at wan: Bad  
> Password
> Wed Apr 16 11:14:15 2003: DEBUG: Packet dump:
> *** Sending to 192.168.72.101 port 1645 ....
> Code:       Access-Reject
> Identifier: 49
> Authentic:   
> <186>5<19><0><170><212><145><139>g<211><153><244>~<204><212>9
> Attributes:
>         Reply-Message = "Bad Password"
>
> Configuration file :
>
> #Foreground
> #LogStdout
> LogDir          /var/log/radiusd
> DbDir           /var/lib/mysql/
> LogFile         /var/log/radiusd/%d%v%Y
> # to the RADMESSAGES table in the database. 3 will give you everything
> # except debugging messages
> Trace 4
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
> #<Client DEFAULT>
> #       Secret  radius
> #       DupInterval 0
> #</Client>
>
> # You can put additonal (or all) client details in your Radmin
> # database table
> # and get their details from there with something like this:
> # You can then use the Radmin 'Add Radius Client' to add new clients.
> <ClientListSQL>
>         DBSource        dbi:mysql:radmin:1.1.1.1
>         DBUsername      user
>         DBAuth          password
>         DBSource        dbi:mysql:radmin:2.2.2.2
>         DBUsername      user
>         DBAuth          password
> </ClientListSQL>
>
> #Convert a MSN realm/username to username at realm
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>
> # Address allocation with pools
>
> <AddressAllocator SQL>
>        Identifier      SQLAllocator
>
>         DBSource        dbi:mysql:radmin:1.1.1.1
>         DBUsername      user
>         DBAuth          password
>         DBSource        dbi:mysql:radmin:2.2.2.2
>         DBUsername      user
>         DBAuth          password
>         DefaultLeasePeriod      14400
>         LeaseReclaimInterval    1800
> .
> .
> .
> .
> ####################################################################### 
> ################
> #################  Authenticazione Utenti primo livello telnet router  
> #################
> ####################################################################### 
> ################
>
> <AuthBy GROUP>
>         Identifier usr
>         AuthBy CheckRADMIN
>         AddToReply Service-Type=1,\
>                 cisco-avpair = "shell:priv-lvl=1"
> </AuthBy>
>
> ####################################################################### 
> ################
> ################# Authenticazione Utenti 15° livello telnet router  
> ####################
> ####################################################################### 
> ################
>
> <AuthBy GROUP>
>         Identifier wan
>         AuthBy CheckRADMIN
>         AddToReply Service-Type=1,\
>                 cisco-avpair = "shell:priv-lvl=15"
> </AuthBy>
>
> ####################################################################### 
> ################
> #################  Authenticazione Utenti primo livello telnet router  
> #################
> ####################################################################### 
> ################
>
> <Handler Realm = usr>
>         RejectHasReason
>         AuthByPolicy ContinueWhileAccept
>         AuthBy usr
> </Handler>
>
> ####################################################################### 
> ################
> ################# Authenticazione Utenti 15° livello telnet router  
> ####################
> ####################################################################### 
> ################
>
> <Handler Realm = wan>
>         RejectHasReason
>         AuthByPolicy ContinueWhileAccept
>         AuthBy wan
> </Handler>
>
> <SessionDatabase SQL>
>         # This database spec usually should be exactly the same
>         # as in <AuthBy RADMIN> above
>         DBSource        dbi:mysql:radmin:1.1.1.1
>         DBUsername      user
>         DBAuth          password
>         DBSource        dbi:mysql:radmin:2.2.2.2
>         DBUsername      user
>         DBAuth          password
> </SessionDatabase>
>
> The problem occure for ras user and telnet user.
>
> ragards
>
> Gionata
>
>
>
>
>
> Hugh Irvine <hugh at open.com.au> il 15/04/2003 10.14.07
>
> Per:   gionata.lamia at t-systems.it
> Cc:
> Oggetto:    Re: (RADIATOR) Character set
>
>
>
> Hello Gionata -
>
> As Mike says, I don't think this is a Radiator problem per se.
>
> In any case we will need to see a copy of the configuration file (no
> secrets) together with a trace 4 debug from Radiator showing what is
> happening as well as the user records in question.
>
> regards
>
> Hugh
>
>
> On Tuesday, Apr 15, 2003, at 11:10 Australia/Melbourne, Mike McCauley
> wrote:
>
>> Hi Hugh,
>>
>> There is no particular char set requirements in Radiator.
>> If ther eis a problem we need to see the logs and config files.
>> Possibly his problems are auth module specific.
>>
>> Cheers.
>>
>> On Tue, 15 Apr 2003 10:17 am, Hugh Irvine wrote:
>>> Mikey -
>>>
>>> Interesting question - what is the correct answer?
>>>
>>> cheers
>>>
>>> Hugh
>>>
>>> Begin forwarded message:
>>>> From: gionata.lamia at t-systems.it
>>>> Date: Mon Apr 14, 2003  23:57:35 Australia/Melbourne
>>>> To: radiator at open.com.au
>>>> Subject: (RADIATOR) Character set
>>>>
>>>> I've some problems with some users. The problem concern the password
>>>> character set. My users use some special characters as "ù à è ...",
>>>> and
>>>> Radiator rejects the authentication. Is there a possibility to use
>>>> these
>>>> characters ?
>>>>
>>>>    Regards
>>>>
>>>>    Gionata
>>>>
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>> NB: have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Mike McCauley                               mikem at open.com.au
>> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,  
>> WWW
>> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
>> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,  
>> TLS,
>> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>
>
>
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list