Antw: Re: (RADIATOR) Enless-Loop when wrong passwd and AuthBySQL
Peter Gruber
Peter.Gruber at uni-klu.ac.at
Wed Apr 23 03:05:01 CDT 2003
Hello Mike,
thank you for your reply.
I use
* Debian-Linux
* libdbd-oracle-perl 1.12-2
* libclntsh.so.9.0
* oracle 9.2.0
But the workaround with "NoDefault" works fine.
Do you think the "NoDefault" causes any impacts?
Cheers,
Peter
>>> Mike McCauley <mikem at open.com.au> 22.04.2003 09:23:46 >>>
Hello Peter,
Hughs earlier response concerning NoDefault is a good workaround to your
problem, but...
Normally Radiator detects when it runs out of DEFAULT usernames and does not
go into an endless loop like that.
Your symptoms make me think that your DBD-Oracle is not behaving correctly
when it gets an empty result from your AuthSelect query..
What versions of DBD-Oracle and the Oracle client library are you using?
On what platform?
Cheers.
On Thu, 17 Apr 2003 10:27 pm, Peter Gruber wrote:
> Hi all,
>
> I use the AuthBySQL to authenticate via an Oracle-Database. When the passwd
> is correct, everything works fine. When the password is incorrect, the
> radiator goes into an endless-loop (see the trace 4 - output) and can just
> be "-9" killed. During this loop, it is not possibly to authenticate even
> with the correct password - the radiusd seems to be completely confused.
>
> I use the Radiator 3.5 (Demo) on a debian-box.
>
> Did anybody have the same problem or know what could be the reason for that
> behaviour?
>
>
> Best regards and THX ahead,
> Peter
>
>
> This is the output of the Trace 4:
> *** Received from x.y.z.z port 1645 ....
> Code: Access-Request
> Identifier: 54
> Authentic: <229><193><169>R<157><178>j.<20>F^<154>#Z<237><149>
> Attributes:
> Framed-Protocol = PPP
> Username = "wedu at xxx"
> CHAP-Password = xxx
> NAS-Port = 1
> NAS-Port-Type = Virtual
> Service-Type = Framed-User
> NAS-IP-Address = x.y.z.z
>
> Thu Apr 17 13:43:04 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Thu Apr 17 13:43:04 2003: DEBUG: Deleting session for
> wedu at xxx, x.y.z.z, 1 Thu Apr 17 13:43:04 2003: DEBUG: Handling with
> Radius::AuthSQL
> Thu Apr 17 13:43:04 2003: DEBUG: Handling with Radius::AuthSQL:
> Thu Apr 17 13:43:04 2003: DEBUG: Query is: SELECT passwd, servicetype,
> framedprotocol,ip_address,framedipnetmask,ciscoavpair FROM ads l_auth
> WHERE username = 'wedu'
>
> Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL looks for match with
> wedu at xxx Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL REJECT: Bad
> Password Thu Apr 17 13:43:04 2003: DEBUG: Query is: SELECT passwd,
> servicetype, framedprotocol,ip_address,framedipnetmask,ciscoavpair FROM
> ads l_auth WHERE username = 'wedu'
>
> Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL REJECT: Bad
> Password Thu Apr 17 13:43:04 2003: DEBUG: Query is: SELECT passwd,
> servicetype, framedprotocol,ip_address,framedipnetmask,ciscoavpair FROM
> ads l_auth WHERE username = 'wedu'
>
> Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT1 Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL REJECT: Bad
> Password Thu Apr 17 13:43:04 2003: DEBUG: Query is: SELECT passwd,
> servicetype, framedprotocol,ip_address,framedipnetmask,ciscoavpair FROM
> ads l_auth WHERE username = 'wedu'
>
> Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT2 Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL REJECT: Bad
> Password Thu Apr 17 13:43:04 2003: DEBUG: Query is: SELECT passwd,
> servicetype, framedprotocol,ip_address,framedipnetmask,ciscoavpair FROM
> ads l_auth WHERE username = 'wedu'
>
> Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT3 Thu Apr 17 13:43:04 2003: DEBUG: Radius::AuthSQL REJECT: Bad
> Password Thu Apr 17 13:43:04 2003: DEBUG: Query is: SELECT passwd,
> servicetype, framedprotocol,ip_address,framedipnetmask,ciscoavpair FROM
> ads l_auth WHERE username = 'wedu'
>
> and so on...
>
>
>
> This is the (partial) radius.cfg:
> Trace 4
>
> Foreground
> AuthPort 1812
> AcctPort 1813
> DictionaryFile /usr/local/etc/dictionary
> DefineFormattedGlobalVar ORACLEHOME /u01/app/oracle/product/9.2.0
> LogDir /var/log/radius
> LogFile /var/log/radius/radius.log
>
> <Client DEFAULT>
> Secret testsecret
> DupInterval 2
> </Client>
>
>
> <Realm DEFAULT>
> PasswordLogFileName /var/log/radius/password.log
> AcctLogFileName /var/log/radius/acct.log
>
> <AuthBy SQL>
> DBSource dbi:Oracle:xxx
> DBUsername xxx
> DBAuth xxx
>
> AuthSelect SELECT passwd, \
> servicetype, \
> framedprotocol,\
> ip_address,\
> framedipnetmask,\
> ciscoavpair \
> FROM xxxxx \
> WHERE username = '%w'
>
> AuthColumnDef 0,User-Password, check
> AuthColumnDef 1,Service-Type,reply
> AuthColumnDef 2,Framed-Protocol,reply
> AuthColumnDef 3,Framed-IP-Address,reply
> AuthColumnDef 4,Framed-IP-Netmask,reply
> AuthColumnDef 5,cisco-avpair,reply
>
> IgnoreAccounting
> </AuthBy>
>
>
> <AuthBy GROUP>
> AuthByPolicy All
> IgnoreAuthentication
> <AuthBy SQL>
> DBSource dbi:Oracle:xxx
> DBUsername xxx
> DBAuth xxx
> AccountingStartsOnly
> IgnoreAuthentication
> AcctSQLStatement update /*+ USE_CONCAT */ xxx \
> .
> .
> .
> </AuthBy>
>
> <AuthBy SQL>
> DBSource dbi:Oracle:xxx
> DBUsername xxx
> DBAuth xxx
> AccountingAlivesOnly
> AcctFailedLogFileName /var/log/radius/acctfail.log
> IgnoreAuthentication
> AcctSQLStatement insert into xxx
> .
> .
> .
> AcctSQLStatement update /*+ USE_CONCAT */ xxx \
> .
> .
> .
> </AuthBy>
>
> <AuthBy SQL>
> DBSource dbi:Oracle:xxx
> DBUsername xxx
> DBAuth xxx
> AccountingStopsOnly
> AcctFailedLogFileName /var/log/radius/acctfail.log
> IgnoreAuthentication
> AcctSQLStatement insert into xxx
> .
> .
> .
> AcctSQLStatement update /*+ USE_CONCAT */ xxx \
> .
> .
> .
> </AuthBy>
> </AuthBy>
> </Realm>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list