(RADIATOR) Profiles problems

Brandon Lehmann blehmann at glis.cc
Wed Nov 12 16:45:38 CST 2003


Hugh,

    Note: I don't care that I left my ip address in there or the "encrypted"
password. This is a test server with test data.

Brandon

----- Original Message ----- 
From: "Brandon Lehmann" <blehmann at glis.cc>
To: "Hugh Irvine" <hugh at open.com.au>
Cc: <owner-radiator at open.com.au>; <radiator at open.com.au>
Sent: Wednesday, November 12, 2003 5:43 PM
Subject: Re: (RADIATOR) Profiles problems


> Hugh,
>
>     Trace 4 with the config in my original message shows:
>
> --- START----
> Reading dictionary file './dictionary'
> sending Access-Request...
> Packet dump:
> *** Sending to 63.148.117.3 port 1645 ....
> Code:       Access-Request
> Identifier: 120
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "brandon"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
>
> No reply
> sending Accounting-Request Start...
> Packet dump:
> *** Sending to 63.148.117.3 port 1646 ....
> Code:       Accounting-Request
> Identifier: 121
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>         User-Name = "brandon"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         Acct-Session-Id = "00001234"
>         Acct-Status-Type = Start
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         Acct-Delay-Time = 0
>
> Packet dump:
> *** Received from 63.148.117.3 port 1646 ....
> Code:       Accounting-Response
> Identifier: 121
> Authentic:  f>e#O#<156><150>S<239>N<240><234><182><23><229>
> Attributes:
>
> OK
> sending Accounting-Request Stop...
> Packet dump:
> *** Sending to 63.148.117.3 port 1646 ....
> Code:       Accounting-Request
> Identifier: 122
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>         User-Name = "brandon"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         Acct-Session-Id = "00001234"
>         Acct-Status-Type = Stop
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         Acct-Delay-Time = 0
>         Acct-Session-Time = 1000
>         Acct-Input-Octets = 20000
>         Acct-Output-Octets = 30000
>
> Packet dump:
> *** Received from 63.148.117.3 port 1646 ....
> Code:       Accounting-Response
> Identifier: 122
> Authentic:  5Y<2>V<137><180>L<2>R<138>vzai<248><184>
> Attributes:
>
> OK
> -----END----
>
>
> Chaning AuthByPolicy to ContinueWhileAccept returns this:
>
> -----START-----
> Reading dictionary file './dictionary'
> sending Access-Request...
> Packet dump:
> *** Sending to 63.148.117.3 port 1645 ....
> Code:       Access-Request
> Identifier: 81
> Authentic:  1234567890123456
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  NAS-Port-Type = Async
>  User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
>
> Packet dump:
> *** Received from 63.148.117.3 port 1645 ....
> Code:       Access-Reject
> Identifier: 81
> Authentic:  <201>KV<189>Ao<213><235><254>3<22>z>h<239><4>
> Attributes:
>  Reply-Message = "Request Denied"
>
> Rejected: Request Denied
> sending Accounting-Request Start...
> Packet dump:
> *** Sending to 63.148.117.3 port 1646 ....
> Code:       Accounting-Request
> Identifier: 82
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  NAS-Port-Type = Async
>  Acct-Session-Id = "00001234"
>  Acct-Status-Type = Start
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  Acct-Delay-Time = 0
>
> Packet dump:
> *** Received from 63.148.117.3 port 1646 ....
> Code:       Accounting-Response
> Identifier: 82
> Authentic:  <237><157><221><24><8><3><11><235><207><167>t<226>SVQ<227>
> Attributes:
>
> OK
> sending Accounting-Request Stop...
> Packet dump:
> *** Sending to 63.148.117.3 port 1646 ....
> Code:       Accounting-Request
> Identifier: 83
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  NAS-Port-Type = Async
>  Acct-Session-Id = "00001234"
>  Acct-Status-Type = Stop
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  Acct-Delay-Time = 0
>  Acct-Session-Time = 1000
>  Acct-Input-Octets = 20000
>  Acct-Output-Octets = 30000
>
> Packet dump:
> *** Received from 63.148.117.3 port 1646 ....
> Code:       Accounting-Response
> Identifier: 83
> Authentic:  <4>\<212>g'`<252><214><23><246>>A]<136><172><174>
> Attributes:
>
> OK
>
> ----END-----
>
> Removing the Authby clause for the profile & timeofday returns this (with
> ContinueWhileAccept):
>
> ----START------
> Reading dictionary file './dictionary'
> sending Access-Request...
> Packet dump:
> *** Sending to 63.148.117.3 port 1645 ....
> Code:       Access-Request
> Identifier: 251
> Authentic:  1234567890123456
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  NAS-Port-Type = Async
>  User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
>
> Packet dump:
> *** Received from 63.148.117.3 port 1645 ....
> Code:       Access-Reject
> Identifier: 251
> Authentic:  <2>I<24> <180>7<222><164><151>k<213><22>O<15><255>N
> Attributes:
>  Reply-Message = "Request Denied"
>
> Rejected: Request Denied
> sending Accounting-Request Start...
> Packet dump:
> *** Sending to 63.148.117.3 port 1646 ....
> Code:       Accounting-Request
> Identifier: 252
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  NAS-Port-Type = Async
>  Acct-Session-Id = "00001234"
>  Acct-Status-Type = Start
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  Acct-Delay-Time = 0
>
> Packet dump:
> *** Received from 63.148.117.3 port 1646 ....
> Code:       Accounting-Response
> Identifier: 252
> Authentic:  <203>r<199><16>8<247>G<146><29>fe<135>`<20><133>Q
> Attributes:
>
> OK
> sending Accounting-Request Stop...
> Packet dump:
> *** Sending to 63.148.117.3 port 1646 ....
> Code:       Accounting-Request
> Identifier: 253
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  NAS-Port-Type = Async
>  Acct-Session-Id = "00001234"
>  Acct-Status-Type = Stop
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  Acct-Delay-Time = 0
>  Acct-Session-Time = 1000
>  Acct-Input-Octets = 20000
>  Acct-Output-Octets = 30000
>
> Packet dump:
> *** Received from 63.148.117.3 port 1646 ....
> Code:       Accounting-Response
> Identifier: 253
> Authentic:  TZ<243><171><164><236><146>h<14>+<186>)<190><14><<197>
> Attributes:
>
> OK
> ----------END---------
>
> And with the authbyclaus for timeofday removed and the policy set to
> ContinueAlways:
>
> --------START---------
> Reading dictionary file './dictionary'
> sending Access-Request...
> Packet dump:
> *** Sending to 63.148.117.3 port 1645 ....
> Code:       Access-Request
> Identifier: 62
> Authentic:  1234567890123456
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  NAS-Port-Type = Async
>  User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
>
> Packet dump:
> *** Received from 63.148.117.3 port 1645 ....
> Code:       Access-Accept
> Identifier: 62
> Authentic:  9<165>Y<201><211><140><2>u<210><251><161><200>3<149><179><1>
> Attributes:
>  Service-Type = Framed-User
>  Session-Timeout = 18000
>  Idle-Timeout = 1740
>  Framed-IP-Netmask = 255.255.255.255
>  Port-Limit = 3
>
> OK
> sending Accounting-Request Start...
> Packet dump:
> *** Sending to 63.148.117.3 port 1646 ....
> Code:       Accounting-Request
> Identifier: 63
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  NAS-Port-Type = Async
>  Acct-Session-Id = "00001234"
>  Acct-Status-Type = Start
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  Acct-Delay-Time = 0
>
> Packet dump:
> *** Received from 63.148.117.3 port 1646 ....
> Code:       Accounting-Response
> Identifier: 63
> Authentic:  <1>.<245><190>|!.1g<201>0<201><148><229><234>%
> Attributes:
>
> OK
> sending Accounting-Request Stop...
> Packet dump:
> *** Sending to 63.148.117.3 port 1646 ....
> Code:       Accounting-Request
> Identifier: 64
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>  User-Name = "brandon"
>  Service-Type = Framed-User
>  NAS-IP-Address = 203.63.154.1
>  NAS-Port = 1234
>  NAS-Port-Type = Async
>  Acct-Session-Id = "00001234"
>  Acct-Status-Type = Stop
>  Called-Station-Id = "123456789"
>  Calling-Station-Id = "987654321"
>  Acct-Delay-Time = 0
>  Acct-Session-Time = 1000
>  Acct-Input-Octets = 20000
>  Acct-Output-Octets = 30000
>
> Packet dump:
> *** Received from 63.148.117.3 port 1646 ....
> Code:       Accounting-Response
> Identifier: 64
> Authentic:  <237><203>Z_<169><202>Um#&<241><136><29>8<145><23>
> Attributes:
>
> OK
> --------END----------
>
> As for a crash course in TimeOfDay, its a radius attribute that is used to
> define when a user can login. Say 7:30am to 3:30pm etc -> "07:30-15:30" or
> cannot login "!00:00-02:00" -> midnight to 2am. It is pretty similar to
the
> Radiator Time attribute. However I have tried changing the columndef to
> "AuthColumnDef 0,Time,reply" and adding "Al" to the front of the field to
> apply for all days as the radiator manual shows. What I need to do is
limit
> a few users to only login during certain hours (at their bosses request).
> For now I have just added a stored procedure to my SQL server and a job to
> turn the account on and off at the specified time however that will not
work
> forever.
>
> Thanks for the help,
>
> Brandon
>
> Note: This is running Radiator 3.7.1 on Windows 2000 SP4, w/ activestate
> perl 5.6.1 using a 3com total control.
>
> ----- Original Message ----- 
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Brandon Lehmann" <blehmann at glis.cc>
> Cc: <owner-radiator at open.com.au>; <radiator at open.com.au>
> Sent: Wednesday, November 12, 2003 5:03 PM
> Subject: Re: (RADIATOR) Profiles problems
>
>
> >
> > Hello Brandon -
> >
> > Could you please send me a trace 4 debug showing what is happening, and
> > a bit more detail on what exactly you are wanting to have happen? I am
> > not clear on what the TimeOfDay reply item is meant to do.
> >
> > regards
> >
> > Hugh
> >
> >
> > On 13/11/2003, at 7:10 AM, Brandon Lehmann wrote:
> >
> > > Hi List,
> > >
> > > I cannot get the radius server to return the profile while using
> > > the following configuration:
> > >
> > > ------START-----
> > > LogStdout   c:/radiator/stdout.txt
> > > LogDir c:/radiator
> > > DbDir c:/radiator.
> > >
> > > <Client DEFAULT>
> > >      Secret !removed for my protection!
> > >      DupInterval 0
> > > </Client>
> > >
> > > <Realm DEFAULT>
> > >
> > >      AuthByPolicy ContinueAlways
> > >
> > >      <AuthBy SQL>
> > >           Identifier ACCT1
> > >           DBSource dbi:ODBC:!removed for my protection!
> > >           DBUsername !removed for my protection!
> > >           DBAuth !removed for my protection!
> > >
> > >           AuthSelect
> > >
> > >           AccountingTable radacct1
> > >           AcctColumnDef UserName,User-Name
> > >           AcctColumnDef LogDateTime,Timestamp,integer-date
> > >           AcctColumnDef AcctStatusType,Acct-Status-Type
> > >           AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> > >           AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
> > >           AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
> > >           AcctColumnDef AcctInputPackets,Acct-Input-Packets,integer
> > >           AcctColumnDef AcctOutputPackets,Acct-Output-Packets,integer
> > >           AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
> > >           AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause
> > >           AcctColumnDef NasIPAddress,NAS-IP-Address
> > >           AcctColumnDef NasIdentifier,NAS-Identifier
> > >           AcctColumnDef NasPortId,NAS-Port,integer
> > >           AcctColumnDef NasPortType,NAS-Port-Type,integer
> > >           AcctColumnDef ConnectInfo,Connect-Info
> > >           AcctColumnDef ServiceType,Service-Type
> > >           AcctColumnDef FramedProtocol,Framed-Protocol
> > >           AcctColumnDef FramedAddress,Framed-IP-Address
> > >           AcctColumnDef CallingStationId,Calling-Station-Id
> > >      </AuthBy>
> > >
> > >      <AuthBy SQL>
> > >           Identifier AUTH1
> > >           DBSource dbi:ODBC:!removed for my protection!
> > >           DBUsername !removed for my protection!
> > >           DBAuth  !removed for my protection!
> > >
> > >           AuthSelect select
> > > ClearTextPassword,ServiceType,SessionLimit, \
> > >               IdleLimit,StaticIP,IPNetmask,FramedRoute,PortLimit, \
> > >               PortLimit,ProfileID from Customers where CustomerID=%0 \
> > >               and Disable is null
> > >           AuthColumnDef 0,Password,check
> > >           AuthColumnDef 1,Service-Type,reply
> > >           AuthColumnDef 2,Session-Timeout,reply
> > >           AuthColumnDef 3,Idle-Timeout,reply
> > >           AuthColumnDef 4,Framed-IP-Address,reply
> > >           AuthColumnDef 5,Framed-IP-Netmask,reply
> > >           AuthColumnDef 6,Framed-Route,reply
> > >           AuthColumnDef 7,Port-Limit,reply
> > >           AuthColumnDef 8,Simultaneous-Use,check
> > >           AuthColumnDef 9,Profile,reply
> > >      </AuthBy>
> > >      <AuthBy SQL>
> > >          DBSource dbi:ODBC:!removed for my protection!
> > >          DBUsername !removed for my protection!
> > >          DBAuth !removed for my protection!
> > >
> > >          AuthSelect      SELECT timeofday FROM profiles WHERE \
> > >             [profile]='%{Reply:Profile}'
> > >          AuthColumnDef 0,TimeOfDay,reply
> > >
> > >          StripFromReply Profile
> > >      </AuthBy>
> > >
> > >      SessionDatabase SDB1
> > >
> > > </Realm>
> > >
> > > <SessionDatabase SQL>
> > >      Identifier SDB1
> > >      DBSource dbi:ODBC:!removed for my protection!
> > >      DBUsername !removed for my protection!
> > >      DBAuth  !removed for my protection!
> > > </SessionDatabase>
> > > -------END----
> > >
> > > If I change "AuthByPolicy ContinueAlways" to "AuthByPolicy
> > > ContinueWhileAccept" then the server always returns "Request Denied".
> > > Any
> > > input would be greatly appreciated. Note: I have already searched the
> > > list
> > > archives, nothing seems to work.
> > >
> > > Thank you,
> > >
> > > Brandon Lehmann
> > > Network Administrator
> > > Great Lakes Internet Service, LLC.
> > > The Computer Loft, Inc.
> > > 218 Justice St
> > > Fremont, Ohio 43420
> > > 419.332.3553
> > > blehmann at glis.cc
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> > >
> > >
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > -- 
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.
> >
> >
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list