(RADIATOR) radiator not padding out short passowrd fields

Tariq Rashid tariq.rashid at uk.easynet.net
Wed Sep 1 04:22:28 CDT 2004 

as requested... he are two exchanges ... the first one to a server which
seems to work fine from the problem stinger, and the second to the live
radius server which exhibits the problem:

ps - the client password (shared secret) and the username login password
(stored in ldap) is fine too as it workd when the request is sent from the
same stinger to other servers (eg test lab radius servers, same
configuration) or to different code (eg freeradius, old livingston derived
code).

i can supply the secret kets and passwords to mike if required - but i know
they are correct - and freeradius will output the decoded password init logs
- even with the suspected short password fields...


this one works:....

*** Received from 217.206.246.231 port 9123 ....

Packet length = 74
01 9e 00 4a 1f b1 ef 71 3c 81 d3 9d 3d c7 14 76
74 ad c6 bc 01 1b 61 64 73 6c 32 34 40 6c 6c 75
2e 65 61 73 79 6e 65 74 2e 63 6f 2e 75 6b 00 02
09 31 1d e6 33 84 fc 24 04 06 d9 ce f6 e7 05 06
00 00 00 00 3d 06 00 00 00 05
Code:       Access-Request
Identifier: 158
Authentic:  <31><177><239>q<<129><211><157>=<199><20>vt<173><198><188>
Attributes:
        User-Name = "adsl24 at llu.easynet.co.uk"
        Password = "1<29><230>3<132><252>$"
        NAS-Identifier = "217.206.246.231"
        NAS-Port = 0
        NAS-Port-Type = Virtual

Tue Aug 31 10:53:21 2004: DEBUG: Rewrote user name to
adsl24 at llu.easynet.co.uk
Tue Aug 31 10:53:21 2004: DEBUG: Rewrote user name to
adsl24 at llu.easynet.co.uk
Tue Aug 31 10:53:21 2004: DEBUG: Rewrote user name to
adsl24 at llu.easynet.co.uk
Tue Aug 31 10:53:21 2004: DEBUG: Rewrote user name to
adsl24 at llu.easynet.co.uk
Tue Aug 31 10:53:21 2004: DEBUG: Handling request with Handler
'Realm=llu.easynet.co.uk'
Tue Aug 31 10:53:21 2004: DEBUG: SDB1 Deleting session for
adsl24 at llu.easynet.co.uk, 217.206.246.231, 0
Tue Aug 31 10:53:21 2004: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='217.206.246.231' and ACCTSESSIONID=''': 

Tue Aug 31 10:53:21 2004: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='ad
sl24 at llu.easynet.co.uk'': 

Tue Aug 31 10:53:21 2004: DEBUG: Handling with Radius::AuthLDAP2: ldap-dial
Tue Aug 31 10:53:21 2004: INFO: Connecting to 127.0.0.1, port 389
Tue Aug 31 10:53:21 2004: INFO: Attempting to bind to LDAP server
127.0.0.1:389)
Tue Aug 31 10:53:21 2004: DEBUG: LDAP got result for
uid=adsl24 at llu.easynet.co.uk,ou=users,domain=llu.easynet.co.uk,vip=easynet-u
k,o=easyne
t.net
Tue Aug 31 10:53:21 2004: DEBUG: LDAP got ipAddr: 195.172.200.249
Tue Aug 31 10:53:21 2004: DEBUG: LDAP got ipNetmask: 255.255.255.248
Tue Aug 31 10:53:21 2004: DEBUG: LDAP got protocol: PPP
Tue Aug 31 10:53:21 2004: DEBUG: LDAP got userPassword: adsl24
Tue Aug 31 10:53:21 2004: DEBUG: LDAP got services: pstn isdn dial
Tue Aug 31 10:53:21 2004: ERR: Bad attribute=value pair: pstn,isdn,dial
Tue Aug 31 10:53:21 2004: DEBUG: POST Search Hook -- Start Processing
Tue Aug 31 10:53:21 2004: DEBUG: Time of Day Restriction Check
Tue Aug 31 10:53:21 2004: DEBUG: No time checking done or required
Tue Aug 31 10:53:21 2004: ERR: ************ post search hook test **********
1
Tue Aug 31 10:53:21 2004: ERR: ************ post search hook test **********
2
Tue Aug 31 10:53:21 2004: ERR: ************ post search hook stringer ip in
range - NOT found!  **********
Tue Aug 31 10:53:21 2004: DEBUG: Timeout -1
Tue Aug 31 10:53:21 2004: DEBUG: Radius::AuthLDAP2 looks for match with
adsl24 at llu.easynet.co.uk
Tue Aug 31 10:53:21 2004: DEBUG: Radius::AuthLDAP2 ACCEPT: 
Tue Aug 31 10:53:21 2004: DEBUG: Access accepted for
adsl24 at llu.easynet.co.uk
Tue Aug 31 10:53:21 2004: DEBUG: Packet dump:
*** Sending to 217.206.246.231 port 9123 ....

Packet length = 44
02 9e 00 2c 39 27 9a 75 5a 0d ee f6 d2 e3 1d d6
19 a8 ea be 08 06 c3 ac c8 f9 09 06 ff ff ff f8
07 06 00 00 00 01 06 06 00 00 00 02
Code:       Access-Accept
Identifier: 158
Authentic:  <31><177><239>q<<129><211><157>=<199><20>vt<173><198><188>
Attributes:
        Framed-Address = 195.172.200.249
        Framed-Netmask = 255.255.255.248
        Framed-Protocol = PPP
        User-Service = Framed-User



and here is one that doesn't work....  same lucent stinger ... but the issue
is on the live radius servers...


*** Received from 217.206.246.231 port 9123 ....

Packet length = 74
01 12 00 4a 7c 4a 29 74 d1 d9 66 7d ec 45 73 b3
19 a2 4d 68 01 1b 61 64 73 6c 32 34 40 6c 6c 75
2e 65 61 73 79 6e 65 74 2e 63 6f 2e 75 6b 00 02
09 d7 32 b7 00 de 85 2e 04 06 d9 ce f6 e7 05 06
00 00 00 00 3d 06 00 00 00 05
Code:       Access-Request
Identifier: 18
Authentic:  |J)t<209><217>f}<236>Es<179><25><162>Mh
Attributes:
        User-Name = "adsl24 at llu.easynet.co.uk"
        Password = "<215>2<183><0><222><133>."
        NAS-Identifier = "217.206.246.231"
        NAS-Port = 0
        NAS-Port-Type = Virtual

Wed Sep  1 10:15:36 2004: DEBUG: Rewrote user name to
adsl24 at llu.easynet.co.uk
Wed Sep  1 10:15:36 2004: DEBUG: Rewrote user name to
adsl24 at llu.easynet.co.uk
Wed Sep  1 10:15:36 2004: DEBUG: Rewrote user name to
adsl24 at llu.easynet.co.uk
Wed Sep  1 10:15:36 2004: DEBUG: Handling request with Handler
'Realm=llu.easynet.co.uk'
Wed Sep  1 10:15:36 2004: DEBUG: SDB1 Deleting session for
adsl24 at llu.easynet.co.uk, 217.206.246.231, 0
Wed Sep  1 10:15:36 2004: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='217.206.246.231' and ACCTSESSIONID=''

Wed Sep  1 10:15:36 2004: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USE
RNAME='adsl24 at llu.easynet.co.uk'

Wed Sep  1 10:15:36 2004: DEBUG: Handling with Radius::AuthLDAP2: ldap-dial
Wed Sep  1 10:15:36 2004: INFO: Connecting to 212.135.1.207, port 389
Wed Sep  1 10:15:36 2004: INFO: Attempting to bind with
cn=radiusd,ou=accounts,company=EasynetUK,o=easynet.net, h3lld4p (server 2
12.135.1.207:389)
Wed Sep  1 10:15:36 2004: DEBUG: LDAP got result for
uid=adsl24 at llu.easynet.co.uk,ou=users,domain=llu.easynet.co.uk,vip=easynet-u
k,o=easynet.net
Wed Sep  1 10:15:36 2004: DEBUG: LDAP got ipAddr: 195.172.200.249
Wed Sep  1 10:15:36 2004: DEBUG: LDAP got ipNetmask: 255.255.255.248
Wed Sep  1 10:15:36 2004: DEBUG: LDAP got protocol: PPP
Wed Sep  1 10:15:36 2004: DEBUG: LDAP got userPassword: adsl24
Wed Sep  1 10:15:36 2004: DEBUG: LDAP got services: pstn isdn dial
Wed Sep  1 10:15:36 2004: ERR: Bad attribute=value pair: pstn,isdn,dial
Wed Sep  1 10:15:36 2004: DEBUG: POST Search Hook -- Start Processing
Wed Sep  1 10:15:37 2004: DEBUG: Time of Day Restriction Check
Wed Sep  1 10:15:37 2004: DEBUG: No time checking done or required
Wed Sep  1 10:15:37 2004: DEBUG: Timeout -1
Wed Sep  1 10:15:37 2004: DEBUG: Radius::AuthLDAP2 looks for match with
adsl24 at llu.easynet.co.uk
Wed Sep  1 10:15:37 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
Wed Sep  1 10:15:37 2004: INFO: Connecting to 212.135.1.207, port 389
Wed Sep  1 10:15:37 2004: INFO: Attempting to bind with
cn=radiusd,ou=accounts,company=EasynetUK,o=easynet.net, h3lld4p (server 2
12.135.1.207:389)
Wed Sep  1 10:15:37 2004: DEBUG: No entries for DEFAULT found in LDAP
database
Wed Sep  1 10:15:37 2004: INFO: Access rejected for
adsl24 at llu.easynet.co.uk: Bad Password
Wed Sep  1 10:15:37 2004: DEBUG: Packet dump:
*** Sending to 217.206.246.231 port 9123 ....

Packet length = 36
03 12 00 24 d3 1c f4 48 f2 bb 45 51 79 37 75 54
2f de 45 7f 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 18
Authentic:  |J)t<209><217>f}<236>Es<179><25><162>Mh
Attributes:
        Reply-Message = "Request Denied"



and if you know about lucent stingers... here is the debug output for that
machine... 

EXTERNAL-AUTH written
RADIF: _radiusReinit: reinitializing.
RADIF:_radiusReinit: clearing extended retry counters
RADIF: radiusServerReinit: reinitializing.
RADIF: radius type Auth ID = 14
RADIF 09:15:28> _radiusRequest: id 14, user name <20:route-Chertsey_STN-1>
RADIF: _radiusReq: socket 14 len 76 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 14 <20:route-Chertsey_STN-1>, starting timer (50 sec)
RADIF: radius type Auth ID = 15
RADIF 09:15:28> _radiusRequest: id 15, user name <18:pools-Chertsey_STN>
RADIF: _radiusReq: socket 14 len 74 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 15 <18:pools-Chertsey_STN>, starting timer (50 sec)
RADIF: radius type Auth ID = 16
RADIF 09:15:28> _radiusRequest: id 16, user name
<23:permconn-Chertsey_STN-1>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 14 len 81 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 16 <23:permconn-Chertsey_STN-1>, starting timer (50
sec)
RADIF: radius type Auth ID = 17
RADIF 09:15:28> _radiusRequest: id 17, user name <22:frdlink-Chertsey_STN-1>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 14 len 80 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 17 <22:frdlink-Chertsey_STN-1>, starting timer (50 sec)
<cs0.lscher>_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=81920330 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 81920330
_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=833b30f0 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 833b30f0
RADIF: _radiusAcctReinit: reinitializing.
_radiusAcctReinit: profile index = 0 timeractive = 0, host-1 0
RADIF: _radiusAcctReinit: reinitializing.
_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=833ac600 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 833ac600
_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=833a9cc0 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 833a9cc0
 
<cs0.lscher>radauth adsl24 at llu.easynet.co.uk adsl24
RADIF: radius type Auth ID = 18
RADIF: authenticating <24:adsl24 at llu.easynet.co.uk> with PAP
RADIF 09:15:36> _radiusRequest: id 18, user name
<24:adsl24 at llu.easynet.co.uk>
RADIF: _radiusReq: socket 14 len 74 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 18 <24:adsl24 at llu.easynet.co.uk>, starting timer (50
sec)
...radauth request queued, awaiting response
<cs0.lscher>_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=833a9660 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 833a9660


then....


RADIF 09:16:17> Timeout: retry #1 of 3, id 15 <pools-Chertsey_STN>
RADIF 09:16:17> _radiusRequest: id 15, user name <18:pools-Chertsey_STN>
RADIF: _radiusReq: socket 14 len 74 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 15 <18:pools-Chertsey_STN>, starting timer (50 sec)
RADIF 09:16:17> Timeout: retry #1 of 3, id 17 <frdlink-Chertsey_STN-1>
RADIF 09:16:17> _radiusRequest: id 17, user name <22:frdlink-Chertsey_STN-1>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 14 len 80 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 17 <22:frdlink-Chertsey_STN-1>, starting timer (50 sec)
RADIF 09:16:17> Timeout: retry #1 of 3, id 16 <permconn-Chertsey_STN-1>
RADIF 09:16:17> _radiusRequest: id 16, user name
<23:permconn-Chertsey_STN-1>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 14 len 81 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 16 <23:permconn-Chertsey_STN-1>, starting timer (50
sec)
RADIF 09:16:17> Timeout: retry #1 of 3, id 14 <route-Chertsey_STN-1>
RADIF 09:16:17> _radiusRequest: id 14, user name <20:route-Chertsey_STN-1>
RADIF: _radiusReq: socket 14 len 76 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 14 <20:route-Chertsey_STN-1>, starting timer (50 sec)
_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=833ad790 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 833ad790
_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=833c1550 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 833c1550
_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=833ac600 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 833ac600
_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=833b0e10 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 833b0e10
RADIF 09:16:26> Timeout: retry #1 of 3, id 18 <adsl24 at llu.easynet.co.uk>
RADIF 09:16:26> _radiusRequest: id 18, user name
<24:adsl24 at llu.easynet.co.uk>
RADIF: _radiusReq: socket 14 len 74 ipaddr 212.135.1.110 port 65534->1645
RADIF:_radiusReq: id 18 <24:adsl24 at llu.easynet.co.uk>, starting timer (50
sec)
_receivedResponse :1, addrPoolAcked : 0
RADIF: _radCallback: buf=83368950 from 212.135.1.110 1645
RADIF: _radCallback, bad authenticator for buffer 83368950

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list