Oggetto: Re: (RADIATOR) Character set
Hugh Irvine
hugh at open.com.au
Wed Apr 16 05:30:07 CDT 2003
Hello Gionata -
Thanks for sending the files.
I will also need to see the user records in question, the cleartext
password, and the shared secrets for the Client clauses.
regards
Hugh
On Wednesday, Apr 16, 2003, at 19:28 Australia/Melbourne,
gionata.lamia at t-systems.it wrote:
>
> Hi Hugh,
> follows the log and the configuration file.
>
> Log:
>
> Wed Apr 16 11:14:15 2003: DEBUG: Packet dump:
> *** Received from 192.168.72.101 port 1645 ....
> Code: Access-Request
> Identifier: 49
> Authentic:
> <186>5<19><0><170><212><145><139>g<211><153><244>~<204><212>9
> Attributes:
> User-Name = "db00893 at wan"
> User-Password =
> "<186>/<212><239><19><176><140><204>$<147><27>z<3><248>=<150>"
> NAS-Port = 6
> NAS-Port-Type = Virtual
> Calling-Station-Id = "53.212.4.151"
> Service-Type = Login-User
> NAS-IP-Address = 192.168.72.101
>
> Wed Apr 16 11:14:15 2003: DEBUG: Rewrote user name to db00893 at wan
> Wed Apr 16 11:14:15 2003: DEBUG: Handling request with Handler 'Realm
> = wan'
> Wed Apr 16 11:14:15 2003: DEBUG: Deleting session for db00893 at wan,
> 192.168.72.101, 6
> Wed Apr 16 11:14:15 2003: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='192.168.72.101' and NASPORT=06
>
> Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthGROUP
> Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthRADMIN
> Wed Apr 16 11:14:15 2003: DEBUG: Handling with Radius::AuthRADMIN:
> CheckRADMIN
> Wed Apr 16 11:14:15 2003: DEBUG: Query is: select PASS_WORD,
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,
> VALIDTO from
> RADUSERS where USERNAME='db00893 at wan'
>
> Wed Apr 16 11:14:15 2003: DEBUG: Query is: select ATTR_ID, VENDOR_ID,
> IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='db00893 at wan'
> order by
> ITEM_TYPE
>
> Wed Apr 16 11:14:15 2003: DEBUG: Radius::AuthRADMIN looks for match
> with db00893 at wan
> Wed Apr 16 11:14:15 2003: DEBUG: do query is: update RADUSERS set
> BADLOGINS=BADLOGINS+1 where USERNAME='db00893 at wan'
>
> Wed Apr 16 11:14:15 2003: DEBUG: Query is: select PASS_WORD,
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,
> VALIDTO from
> RADUSERS where USERNAME='DEFAULT'
>
> Wed Apr 16 11:14:15 2003: INFO: Access rejected for db00893 at wan: Bad
> Password
> Wed Apr 16 11:14:15 2003: DEBUG: Packet dump:
> *** Sending to 192.168.72.101 port 1645 ....
> Code: Access-Reject
> Identifier: 49
> Authentic:
> <186>5<19><0><170><212><145><139>g<211><153><244>~<204><212>9
> Attributes:
> Reply-Message = "Bad Password"
>
> Configuration file :
>
> #Foreground
> #LogStdout
> LogDir /var/log/radiusd
> DbDir /var/lib/mysql/
> LogFile /var/log/radiusd/%d%v%Y
> # to the RADMESSAGES table in the database. 3 will give you everything
> # except debugging messages
> Trace 4
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
> #<Client DEFAULT>
> # Secret radius
> # DupInterval 0
> #</Client>
>
> # You can put additonal (or all) client details in your Radmin
> # database table
> # and get their details from there with something like this:
> # You can then use the Radmin 'Add Radius Client' to add new clients.
> <ClientListSQL>
> DBSource dbi:mysql:radmin:1.1.1.1
> DBUsername user
> DBAuth password
> DBSource dbi:mysql:radmin:2.2.2.2
> DBUsername user
> DBAuth password
> </ClientListSQL>
>
> #Convert a MSN realm/username to username at realm
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>
> # Address allocation with pools
>
> <AddressAllocator SQL>
> Identifier SQLAllocator
>
> DBSource dbi:mysql:radmin:1.1.1.1
> DBUsername user
> DBAuth password
> DBSource dbi:mysql:radmin:2.2.2.2
> DBUsername user
> DBAuth password
> DefaultLeasePeriod 14400
> LeaseReclaimInterval 1800
> .
> .
> .
> .
> #######################################################################
> ################
> ################# Authenticazione Utenti primo livello telnet router
> #################
> #######################################################################
> ################
>
> <AuthBy GROUP>
> Identifier usr
> AuthBy CheckRADMIN
> AddToReply Service-Type=1,\
> cisco-avpair = "shell:priv-lvl=1"
> </AuthBy>
>
> #######################################################################
> ################
> ################# Authenticazione Utenti 15° livello telnet router
> ####################
> #######################################################################
> ################
>
> <AuthBy GROUP>
> Identifier wan
> AuthBy CheckRADMIN
> AddToReply Service-Type=1,\
> cisco-avpair = "shell:priv-lvl=15"
> </AuthBy>
>
> #######################################################################
> ################
> ################# Authenticazione Utenti primo livello telnet router
> #################
> #######################################################################
> ################
>
> <Handler Realm = usr>
> RejectHasReason
> AuthByPolicy ContinueWhileAccept
> AuthBy usr
> </Handler>
>
> #######################################################################
> ################
> ################# Authenticazione Utenti 15° livello telnet router
> ####################
> #######################################################################
> ################
>
> <Handler Realm = wan>
> RejectHasReason
> AuthByPolicy ContinueWhileAccept
> AuthBy wan
> </Handler>
>
> <SessionDatabase SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:1.1.1.1
> DBUsername user
> DBAuth password
> DBSource dbi:mysql:radmin:2.2.2.2
> DBUsername user
> DBAuth password
> </SessionDatabase>
>
> The problem occure for ras user and telnet user.
>
> ragards
>
> Gionata
>
>
>
>
>
> Hugh Irvine <hugh at open.com.au> il 15/04/2003 10.14.07
>
> Per: gionata.lamia at t-systems.it
> Cc:
> Oggetto: Re: (RADIATOR) Character set
>
>
>
> Hello Gionata -
>
> As Mike says, I don't think this is a Radiator problem per se.
>
> In any case we will need to see a copy of the configuration file (no
> secrets) together with a trace 4 debug from Radiator showing what is
> happening as well as the user records in question.
>
> regards
>
> Hugh
>
>
> On Tuesday, Apr 15, 2003, at 11:10 Australia/Melbourne, Mike McCauley
> wrote:
>
>> Hi Hugh,
>>
>> There is no particular char set requirements in Radiator.
>> If ther eis a problem we need to see the logs and config files.
>> Possibly his problems are auth module specific.
>>
>> Cheers.
>>
>> On Tue, 15 Apr 2003 10:17 am, Hugh Irvine wrote:
>>> Mikey -
>>>
>>> Interesting question - what is the correct answer?
>>>
>>> cheers
>>>
>>> Hugh
>>>
>>> Begin forwarded message:
>>>> From: gionata.lamia at t-systems.it
>>>> Date: Mon Apr 14, 2003 23:57:35 Australia/Melbourne
>>>> To: radiator at open.com.au
>>>> Subject: (RADIATOR) Character set
>>>>
>>>> I've some problems with some users. The problem concern the password
>>>> character set. My users use some special characters as "ù à è ...",
>>>> and
>>>> Radiator rejects the authentication. Is there a possibility to use
>>>> these
>>>> characters ?
>>>>
>>>> Regards
>>>>
>>>> Gionata
>>>>
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>> NB: have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Mike McCauley mikem at open.com.au
>> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++,
>> WWW
>> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
>> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
>> TLS,
>> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>
>
>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list