(RADIATOR) User authentication problem

Hugh Irvine hugh at open.com.au
Thu Jul 29 05:43:17 CDT 2004


Hello Peter -

The debug output does not appear to correspond with what you show for  
the configuration.

Could I please see your complete configuration file and a more complete  
trace 4 debug from startup?

In general if the PASSWORD is NULL anything will be accepted.

BTW - have you restarted Radiator since changing the configuration file?

regards

Hugh


On 29 Jul 2004, at 19:41, Peter Lindeman wrote:

> Hello,
>
> We are using Radiator with SQL authentication.
> The problem is that if the username is correct Radiator accepts the  
> access request. The password does not matter for somehow.
>
> This is what I have in the <AuthBY SQL> clause
>
> AuthSelect select PASSWORD,POOLHINT from SUBSCRIBERS where BINARY  
> USERNAME=%0
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, PoolHint, reply
>
> When I use the default query of Radiator the same behaviour occurs.
>
> Why is the User-Password attribute not checked with the answer from  
> the query and how can we solve this?
>
> This is what I see in a debug log :
>
> Thu Jul 29 11:34:05 2004: DEBUG: Packet dump:
> *** Received from 10.2.0.2 port 40008 ....
>
> Packet length = 121
> 01 f6 00 79 7e f1 4f ec a4 52 b1 b5 b9 67 87 78
> a3 e3 d5 b2 01 0a 76 6f 64 61 66 6f 6e 65 02 12
> 4d e6 ef 56 ea 9e de e5 9c a9 96 b0 1f bd 93 af
> 04 06 0a 02 00 02 06 06 00 00 00 02 07 06 00 00
> 00 01 1f 0d 33 31 36 34 36 33 33 31 35 38 39 1e
> 0f 67 70 72 73 2e 78 74 72 61 63 2e 6e 6c 20 0f
> 67 70 72 73 2e 78 74 72 61 63 2e 6e 6c 1a 0c 00
> 00 2a ab 0e 06 00 00 00 01
> Code:       Access-Request
> Identifier: 246
> Authentic:   
> ~<241>O<236><164>R<177><181><185>g<135>x<163><227><213><178>
> Attributes:
> 	User-Name = "vodafone"
> 	User-Password =  
> "M<230><239>V<234><158><222><229><156><169><150><176><31><189><147><175 
> >"
> 	NAS-IP-Address = 10.2.0.2
> 	Service-Type = Framed-User
> 	Framed-Protocol = PPP
> 	Calling-Station-Id = "31646331589"
> 	Called-Station-Id = "gprs.xtrac.nl"
> 	NAS-Identifier = "gprs.xtrac.nl"
>
> Thu Jul 29 11:34:05 2004: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Thu Jul 29 11:34:05 2004: DEBUG:  Deleting session for vodafone,  
> 10.2.0.2,
> Thu Jul 29 11:34:05 2004: DEBUG: Handling with Radius::AuthSQL
> Thu Jul 29 11:34:05 2004: DEBUG: Handling with Radius::AuthSQL:
> Thu Jul 29 11:34:05 2004: DEBUG: Query is: 'select PASSWORD,POOLHINT  
> from SUBSCRIBERS where BINARY USERNAME='vodafone'':
>
> Thu Jul 29 11:34:05 2004: ERR: Bad attribute=value pair: pool1
> Thu Jul 29 11:34:05 2004: DEBUG: Radius::AuthSQL looks for match with  
> vodafone
> Thu Jul 29 11:34:05 2004: DEBUG: Radius::AuthSQL ACCEPT:
> Thu Jul 29 11:34:05 2004: DEBUG: Handling with Radius::AuthDYNADDRESS
> Thu Jul 29 11:34:05 2004: DEBUG: No PoolHint found. No address will be  
> allocated
> Thu Jul 29 11:34:05 2004: DEBUG: Access accepted for vodafone
> Thu Jul 29 11:34:05 2004: DEBUG: Packet dump:
> *** Sending to 10.2.0.2 port 40008 ....
>
> Packet length = 20
> 02 f6 00 14 0b ec 1e 03 98 3f a3 55 fb e3 6f e3
> 3b 6a 33 6a
> Code:       Access-Accept
> Identifier: 246
> Authentic:   
> ~<241>O<236><164>R<177><181><185>g<135>x<163><227><213><178>
> Attributes:
>
> -- 
>
> Peter Lindeman
> TPA traffic & parking automation bv
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list