(RADIATOR) Problem with rewriteusername and chap

Chris Simmons csimmons at sghms.ac.uk
Wed Jan 7 12:18:02 CST 2004


  Dear all,
First, I must say sorry for the log post (and html). Secondly, we have a 
client  sending:
username = user2 at rn1-all.sghms.ac.uk via MS-CAHP V2 and the password 
"password".

We are running a simple config.file:

RewriteUsername s/\@.*//

<Client DEFAULT>
        Secret  mysecret
        DupInterval 0
</Client>

<Realm DEFAULT>
        <AuthBy FILE>
                Filename /usr/local/etc/users
        </AuthBy>
</Realm>

the users file contains:

user User-Password="password",     
user2 User-Password="password",
        

But the following happens:

Yeilds:
Wed Jan  7 17:54:21 2004: DEBUG: Reading users file /usr/local/etc/users
Wed Jan  7 17:54:21 2004: DEBUG: Finished reading configuration file 
'/usr/local/etc/simple.cfg'
Wed Jan  7 17:54:21 2004: DEBUG: Reading dictionary file 
'/var/log/radius/dictionary'
Wed Jan  7 17:54:21 2004: DEBUG: Creating authentication port 0.0.0.0:1813
Wed Jan  7 17:54:21 2004: DEBUG: Creating accounting port 0.0.0.0:1812
Wed Jan  7 17:54:21 2004: NOTICE: Server started: Radiator 3.8 on dns1
Wed Jan  7 17:54:25 2004: DEBUG: Packet dump:
*** Received from 172.16.1.52 port 1814 ....
Code:       Access-Request
Identifier: 13
Authentic:  /s0<1><26><143><149><200>R<154><239><244>tu_<138>
Attributes:
        MS-CHAP-Challenge = 
"o<167>k<193><136><128><203><138><26><214>&<160><230><127><0>K"
        MS-CHAP2-Response = 
"<1><0><145><228><250>/r<177>"E<13><148><236>%<25><182><230>Y<0><0><0><0><0><0><0><0>-<147><0><246><129>b<18><153><188><3><202><178><193><165><4><143>@<249>s<28>X<165>2<162>"
        User-Name = "user at rn1-all.sghms.ac.uk"
        NAS-IP-Address = 172.16.1.52
        NAS-Identifier = "roam at 10.0.1.0/24"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Proxy-State = 208

Wed Jan  7 17:54:25 2004: DEBUG: Rewrote user name to user
Wed Jan  7 17:54:25 2004: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Wed Jan  7 17:54:25 2004: DEBUG:  Deleting session for 
user2 at rn1-all.sghms.ac.uk, 172.16.1.52,
Wed Jan  7 17:54:25 2004: DEBUG: Handling with Radius::AuthFILE:
Wed Jan  7 17:54:25 2004: DEBUG: Radius::AuthFILE looks for match with user2
Wed Jan  7 17:54:25 2004: DEBUG: Radius::AuthFILE REJECT: Bad Password
Wed Jan  7 17:54:25 2004: INFO: Access rejected for user: Bad Password
Wed Jan  7 17:54:25 2004: DEBUG: Packet dump:
*** Sending to 172.16.1.52 port 1814 ....
Code:       Access-Reject
Identifier: 13
Authentic:  /s0<1><26><143><149><200>R<154><239><244>tu_<138>
Attributes:
        Reply-Message = "Request Denied"
        Proxy-State = 208


But if the follwoing is used:

radpwtst -user user2 at rn1-all.sghms.ac.uk -password password

the output below:

*** Received from 127.0.0.1 port 60973 ....
Code:       Access-Request
Identifier: 215
Authentic:  1234567890123456
Attributes:
        User-Name = "user2 at rn1-all.sghms.ac.uk"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = 
"<137><234>,<222><216>3v<146><188>8<9><160><216>}x<153>"

Wed Jan  7 18:05:05 2004: DEBUG: Rewrote user name to user2
Wed Jan  7 18:05:05 2004: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Wed Jan  7 18:05:05 2004: DEBUG:  Deleting session for 
user2 at rn1-all.sghms.ac.uk, 203.63.154.1, 1234
Wed Jan  7 18:05:05 2004: DEBUG: Handling with Radius::AuthFILE:
Wed Jan  7 18:05:05 2004: DEBUG: Radius::AuthFILE looks for match with user2
Wed Jan  7 18:05:05 2004: DEBUG: Radius::AuthFILE ACCEPT:
Wed Jan  7 18:05:05 2004: DEBUG: Access accepted for user2
Wed Jan  7 18:05:05 2004: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 60973 ....
Code:       Access-Accept
Identifier: 215
Authentic:  1234567890123456
Attributes:


BUT With rewriteUsername OFF and using MS-CHAP V2, and chaging the user 
anmes in the users file to user2 at rn1-all.sghms.ac.uk
It works.

*** Received from 172.16.1.52 port 1814 ....
Code:       Access-Request
Identifier: 14
Authentic:  <20><227>JyPz<8><192><168><183><245>M<252>k<139>j
Attributes:
        MS-CHAP-Challenge = 
"<14>l<158><25><209><199><205>a8J<137>u<4>02<146>"
        MS-CHAP2-Response = 
"<1><0>F<195>ps<4><160>|<250><200><176><3>q<213>c<244>2<0><0><0><0><0><0><0><0><175><224><26><9>j<180>"<220>3<238>?<157><230><231><206><184>*<192>K<<194><203>y<30>"
        User-Name = "user2 at rn1-all.sghms.ac.uk"
        NAS-IP-Address = 172.16.1.52
        NAS-Identifier = "roam at 10.0.1.0/24"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Proxy-State = 80

Wed Jan  7 18:08:21 2004: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Wed Jan  7 18:08:21 2004: DEBUG:  Deleting session for 
user2 at rn1-all.sghms.ac.uk, 172.16.1.52,
Wed Jan  7 18:08:21 2004: DEBUG: Handling with Radius::AuthFILE:
Wed Jan  7 18:08:21 2004: DEBUG: Radius::AuthFILE looks for match with 
user2 at rn1-all.sghms.ac.uk
Wed Jan  7 18:08:21 2004: DEBUG: Radius::AuthFILE ACCEPT:
Wed Jan  7 18:08:21 2004: DEBUG: Access accepted for 
user2 at rn1-all.sghms.ac.uk
Wed Jan  7 18:08:21 2004: DEBUG: Packet dump:

Does anybody have any idea's where we would be going wrong?

regards

Chris.

-- 
Chris Simmons
Network Engineer
St Georges Hospital Medical School

Tel: 020 8725 0234
mail: chris at sghms.ac.uk


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040107/faec231e/attachment.html>


More information about the radiator mailing list