(RADIATOR) AuthSQL checking DEFAULT as username instead of actual username
Hugh Irvine
hugh at open.com.au
Wed Oct 22 17:38:27 CDT 2003
Hello William -
The default behaviour for Radiator is to look first for the exact
username, then DEFAULT, DEFAULT1, DEFAULT2, etc. If you do not want
this to occur you should add a NoDefault parameter to your AuthBy SQL
clause.
<AuthBy SQL>
......
NoDefault
......
</AuthBy>
See section 6.17.12 in the Radiator 3.7.1 reference manual.
regards
Hugh
On Thursday, Oct 23, 2003, at 03:39 Australia/Melbourne, William C.
Mott wrote:
> I am having a problem with SQL authentication, the log file shows
> AuthSQL
> trying to authenticate with the username then checks the username
> DEFAULT,
> instead of the actual username. Am I missing something...
>
> -----LOG FILE-----
> Tue Oct 21 18:29:21 2003: DEBUG: Packet dump:
>
> *** Received from 208.179.155.18 port 1339 ....
>
> Code: Access-Request
>
> Identifier: 1
>
> Authentic:
> <189><15>A<201><3><173><192><235><187><254><224><187><216>ga<213>
>
> Attributes:
>
> User-Name = "vesta"
>
> NAS-IP-Address = 208.179.155.18
>
> NAS-Identifier = "0"
>
> User-Password = "(a<147><241>1.\<243>2<19><172><207><143><170><4><192>"
>
> NAS-Port = 1
>
> Service-Type = Framed-User
>
> Framed-Protocol = PPP
>
> Tue Oct 21 18:29:21 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
>
> Tue Oct 21 18:29:21 2003: DEBUG: Rewrote user name to vesta
>
> Tue Oct 21 18:29:21 2003: DEBUG: Rewrote user name to vesta
>
> Tue Oct 21 18:29:21 2003: DEBUG: Deleting session for vesta,
> 208.179.155.18,
> 1
>
> Tue Oct 21 18:29:21 2003: DEBUG: Handling with Radius::AuthSQL
>
> Tue Oct 21 18:29:21 2003: DEBUG: Handling with Radius::AuthSQL:
>
> Tue Oct 21 18:29:22 2003: DEBUG: Query is: 'SELECT RTRIM(PASSWORD),
> REPLYATTR, MAXTIME, SESSIONS FROM Users WHERE (USERNAME='vesta') AND
> ((Status = 1) OR (Status = 4))':
>
> Tue Oct 21 18:29:23 2003: DEBUG: Radius::AuthSQL looks for match with
> vesta
>
> Tue Oct 21 18:29:23 2003: DEBUG: Query is: 'SELECT RTRIM(PASSWORD),
> REPLYATTR, MAXTIME, SESSIONS FROM Users WHERE (USERNAME='DEFAULT') AND
> ((Status = 1) OR (Status = 4))':
>
> Tue Oct 21 18:29:23 2003: INFO: Access rejected for vesta: No such user
>
> Tue Oct 21 18:29:23 2003: DEBUG: Packet dump:
>
> *** Sending to 208.179.155.18 port 1339 ....
>
> Code: Access-Reject
>
> Identifier: 1
>
> Authentic:
> <189><15>A<201><3><173><192><235><187><254><224><187><216>ga<213>
>
> Attributes:
>
> Reply-Message = "Request Denied"
>
>
>
> -----END LOG-----
>
> -----CONFIG FILE-----
>
> <Realm DEFAULT>
>
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>
> RewriteUsername s/^([^@]+).*/$1/
>
> <AuthBy SQL>
>
> DBSource dbi:ODBC:radiator
>
> DBUsername radiator
>
> DBAuth <hidden>
>
> AuthSelect SELECT RTRIM(PASSWORD), REPLYATTR, MAXTIME, SESSIONS FROM
> Users
> WHERE (USERNAME='%n') AND ((Status = 1) OR (Status = 4))
>
> AuthColumnDef 0, User-Password, check
>
> AuthColumnDef 1, GENERIC, reply
>
> AuthColumnDef 2, Session-Timeout, reply
>
> AuthColumnDef 3, Simultaneous-Use, check
>
> AddToReply Framed-Protocol=1,\
>
> Framed-IP-Netmask=255.255.255.255,\
>
> Framed-MTU=476,\
>
> Framed-Compression=1
>
> HandleAcctStatusTypes Start, Stop
>
> AcctColumnDef USERNAME,User-Name
>
> #AcctColumnDef TIME_STAMP,Timestamp,formatted-date,to_date('%m/%e/%Y
> %H:%M:%S', 'MM/DD/YYYY HH24:MI:SS')
>
> #AcctColumnDef TIME_STAMP,Timestamp,formatted-date
>
> AcctColumnDef TIME_STAMP,Timestamp,integer
>
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>
> AcctColumnDef ACCTINPUTOCT,Acct-Input-Octets,integer
>
> AcctColumnDef ACCTOUTPUTOCT,Acct-Output-Octets,integer
>
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>
> AcctColumnDef ACCTSESSTIME,Acct-Session-Time,integer
>
> AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
>
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>
> AcctColumnDef NASPORT,NAS-Port,integer
>
>
> </AuthBy>
>
>
>
> # Log accounting to a detail file. %D is replaced by DbDir above
>
> AcctLogFileName %D/detail
>
> </Realm>
>
>
> -----END CONFIG-----
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list