(RADIATOR) Re: (Radiator)User can login successfully even with wrong password
Mike McCauley
mikem at open.com.au
Fri Oct 29 00:21:53 CDT 2004
Hello Scott,
I dont think you have sent the right part of the config file that corresponds
to the log you sent:
The config file you sent says:
AuthSelect select PASSWORD, TIMELEFT from SUBSCRIBERS where USERNAME=%0 and
TIMELEFT > 0
but Radiator is executing:
select TIMELEFT from SUBSCRIBERS where USERNAME='kt' and TIMELEFT > 0
(ie no PASSWORD is being fetched)
so it must be that Radiator is using a different config file, or a different
part of the config file.
Anyway, the reason why your password is not being checked is that your config
is not fetching a password from the SUBSCRIBERS table.
Cheers.
On Friday 29 October 2004 15:09, ScottXiao wrote:
> Hello Mike,
> As you mentioned,here is the debug file and configuration of the
> authentication part,it seems it only check if the user name exist and
> timeleft >0 and then let the user get in ,even password is wrong.What I
> need to modify to resolve this problem?Thanks!! Scott
>
>
>
> Fri Oct 29 12:48:48 2004: DEBUG: Packet dump:
> *** Received from 219.238.x.y port 27163 ....
> Code: Access-Request
> Identifier: 118
> Authentic: <201>42)3<134>0N;CW<9>}<196><237>w
> Attributes:
> User-Name = "kt"
> User-Password = "|r{<148><145><8><142>"#G<223><174>|&<244><220>"
> NAS-IP-Address = 219.238.255.85
> NAS-Port = 0
> Service-Type = Authenticate-Only
> Framed-IP-Address = 192.168.123.7
> Calling-Station-Id = "00:0C:F1:07:27:DD"
> NAS-Identifier = "Ezxcess108"
> NAS-Port-Type = Virtual
>
> Fri Oct 29 12:48:48 2004: DEBUG: Handling request with Handler ''
> Fri Oct 29 12:48:48 2004: DEBUG: Deleting session for kt, 219.238.x.y, 0
> Fri Oct 29 12:48:48 2004: DEBUG: Handling with Radius::AuthSQL
> Fri Oct 29 12:48:48 2004: DEBUG: Handling with Radius::AuthSQL:
> Fri Oct 29 12:48:48 2004: DEBUG: Query is: 'select TIMELEFT from
> SUBSCRIBERS whe re USERNAME='kt' and TIMELEFT > 0':
>
> Fri Oct 29 12:48:48 2004: DEBUG: Radius::AuthSQL looks for match with kt
> Fri Oct 29 12:48:48 2004: DEBUG: Radius::AuthSQL ACCEPT:
> Fri Oct 29 12:48:48 2004: DEBUG: Access accepted for kt
> Fri Oct 29 12:48:48 2004: DEBUG: Packet dump:
> *** Sending to 219.238.255.85 port 27163 ....
> Code: Access-Accept
> Identifier: 118
> Authentic: <201>42)3<134>0N;CW<9>}<196><237>w
> Attributes:
> Session-Timeout = 124586
>
> Fri Oct 29 12:48:48 2004: DEBUG: Packet dump:
>
>
>
>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
> # DBSource dbi:mysql:radius
> # DBUsername mikem
> # DBAuth fred
>
> # Only one session per user at a time
> DefaultSimultaneousUse 1
> # Let the user in if they have any time left, set
> # the Session-timeout to the time left
> AuthSelect select PASSWORD, TIMELEFT from SUBSCRIBERS where
> USERNAME=%0 and TIMELEFT > 0 AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Session-Timeout,reply
>
> # Adjust the time left when they log out
> AccountingStopsOnly
> AcctSQLStatement update SUBSCRIBERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n'
>
>
> </AuthBy>
> #<AuthBy FILE>
>
>
> Best regards,
>
> ScottXiao
> scottxiao at antlabs.com
> 2004-10-29
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list