(RADIATOR)

Mark Sergeant msergeant at snsonline.net
Fri Apr 15 08:18:27 CDT 2005 

On 15/04/2005, at 22:04, frank.messie at osix.nl wrote:

>
> Hi all,
>
> In our evaluation we are now trying to authenticate against a  
> Postgres database.
> We are using the database as created by the Radiator provided script.
>
> We adapted the sql.cfg sample to use TTLS.
>
> At the bottom of this email we include the text of our radius.cfg.
>
>
>
> During authentication we get the error
> ERROR
> ********************************************************************** 
> ****************************
> Fri Apr 15 13:52:48 2005: ERR: Could not connect to SQL database  
> with DBI->connect dbi:Pg:radius, radiator, security:  missing "="  
> after "radius" in connection info string
> ********************************************************************** 
> **********
> For your information we also include a bigger piece of the log.
> I hope you can see what is causing this error.
>

Postgres requires different arguments to dbi than say mysql, you need  
to use something like ...

         DBSource dbi:Pg:dbname=radius;host=localhost

in your radius config

Cheers,

Mark

>
>
> LOGFILE
> ********************************************************************** 
> ******************************
> *** Received from 192.168.210.10 port 21645 ....
> Code:       Access-Request
> Identifier: 146
> Authentic:  f<190>[<22>^<205><213>7Vjz<8><150>A<210>q
> Attributes:
>         User-Name = "frank"
>         Framed-MTU = 1400
>         Called-Station-Id = "0012.dab6.a210"
>         Calling-Station-Id = "0010.c62b.9515"
>         Message-Authenticator =  
> <20>><142><0>r<131><169>_<216><197>Ep<200><207><223><130>
>         EAP-Message =  
> <2><5><0><196><21><128><0><0><0><186><23><3><1><0>  
> <194><31><169><176><171>PW<208><155><242><21><167><228>_y<154>P<188><1 
> 97><163><130><215><143>} 
> Y<25><237><24>id<167><177><23><3><1><0><144>4d/D]<255>0hN<12> 
> \<27><220><157>t<149><210><127><182><236><236><156> 
> {<145><178><2><245><171><27><135><216>gA| 
> <172><132><139><188><183><16>Z<235><201><229><190><131><2><184><202><1 
> 71><200>b;<5>u=R<204><216><162><15><253><145><250><178>:Q<164>9<15><24 
> 5>S<192>Y<148><255><186><143><189><161>m<128><252><185><214><26>x5  
> <240>NwT<237><212>5<186>J<162><14><224>h<152>i<240><251>`=91<181><162> 
> <22><4><23><138>>%? 
> <17><150>w<205><239>,<193><169><238><145><208><249> 
> (<235><171><175><177>.<173><172><0><213>P<186>n
>         NAS-Port-Type = Wireless-IEEE-802-11
>         NAS-Port = 354
>         Service-Type = Framed-User
>         NAS-IP-Address = 192.168.210.10
>         NAS-Identifier = "ap1"
>
> Fri Apr 15 13:52:48 2005: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Fri Apr 15 13:52:48 2005: DEBUG:  Deleting session for frank,  
> 192.168.210.10, 354
> Fri Apr 15 13:52:48 2005: DEBUG: Handling with Radius::AuthSQL
> Fri Apr 15 13:52:48 2005: DEBUG: Handling with Radius::AuthSQL:
> Fri Apr 15 13:52:48 2005: DEBUG: Handling with EAP: code 2, 5, 196
> Fri Apr 15 13:52:48 2005: DEBUG: Response type 21
> Fri Apr 15 13:52:48 2005: DEBUG: EAP TTLS data, 3, 5, 4
> Fri Apr 15 13:52:48 2005: DEBUG: EAP TTLS inner authentication  
> request for frank
> Fri Apr 15 13:52:48 2005: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <135>?<130>cu<200><201>%<226><148><162>@S<227><14>)
> Attributes:
>         User-Name = "frank"
>         MS-CHAP2-Response =  
> F<0><7><202><137><185><179><151>=<246>u<153><135>5<154><127>6) 
> <0><0><0><0><0><0><0><0><23><131><3><225><245><237><25><28><181><31><1 
> 70>$<188><158>NL<140><178>oox<25>14
>         MS-CHAP-Challenge = mM<19><140>)<235>! 
> <139><138>V<229><158><10><9>#<174>
>
> Fri Apr 15 13:52:48 2005: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Fri Apr 15 13:52:48 2005: DEBUG:  Deleting session for frank,  
> 192.168.210.10,
> Fri Apr 15 13:52:48 2005: DEBUG: Handling with Radius::AuthSQL
> Fri Apr 15 13:52:48 2005: DEBUG: Handling with Radius::AuthSQL:
> Fri Apr 15 13:52:48 2005: ERR: Could not connect to SQL database  
> with DBI->connect dbi:Pg:radius, radiator, security:  missing "="  
> after "radius" in connection info string
>
> Fri Apr 15 13:52:48 2005: ERR: Could not connect to any SQL  
> database. Request is ignored. Backing off for 600 seconds
> Fri Apr 15 13:52:48 2005: DEBUG: AuthBy SQL result: IGNORE, User  
> database access error
> Fri Apr 15 13:52:48 2005: DEBUG: EAP result: 2, EAP TTLS inner  
> authentication redespatched to a Handler
> Fri Apr 15 13:52:48 2005: DEBUG: AuthBy SQL result: IGNORE, EAP  
> TTLS inner authentication redespatched to a Handler
> Fri Apr 15 13:52:53 2005: DEBUG: Packet dump:
>
> CFG file
> ********************************************************************** 
> *************************************
>
> Foreground
> LogStdout
> LogDir        /var/log/radius
> DbDir        /etc/radiator
> PidFile /var/log/radius/radiator.pid
> # User a lower trace level in production systems:
> Trace                 4
>
> <Client ap1>
>         Secret        security
>         DupInterval 0
> </Client>
> <Client DEFAULT>
>         Secret        security
>         DupInterval 0
> </Client>
>
> <Realm DEFAULT>
>
>
>         <AuthBy SQL>
>
>         DBSource        dbi:Pg:radius
>         DBUsername        radiator
>         DBAuth                security
>
>         # You may want to tailor these for your ACCOUNTING table
>         # You can add your own columns to store whatever you like
>         AccountingTable        ACCOUNTING
>         AcctColumnDef        USERNAME,User-Name
>         AcctColumnDef        TIME_STAMP,Timestamp,integer
>         AcctColumnDef        ACCTSTATUSTYPE,Acct-Status-Type
>         AcctColumnDef        ACCTDELAYTIME,Acct-Delay-Time,integer
>         AcctColumnDef        ACCTINPUTOCTETS,Acct-Input-Octets,integer
>         AcctColumnDef        ACCTOUTPUTOCTETS,Acct-Output- 
> Octets,integer
>         AcctColumnDef        ACCTSESSIONID,Acct-Session-Id
>         AcctColumnDef        ACCTSESSIONTIME,Acct-Session-Time,integer
>         AcctColumnDef        ACCTTERMINATECAUSE,Acct-Terminate-Cause
>         AcctColumnDef        NASIDENTIFIER,NAS-Identifier
>         AcctColumnDef        NASPORT,NAS-Port,integer
>         AcctColumnDef        FRAMEDIPADDRESS,Framed-IP-Address
>
>
>
>                 EAPType TTLS
>
>                 EAPTLS_CAFile /var/ssl/root.pem
>
>                 EAPTLS_CertificateFile /var/ssl/rds1.pem
>                 EAPTLS_CertificateType PEM
>
>                 EAPTLS_PrivateKeyFile /var/ssl/rds1.pem
>                 EAPTLS_PrivateKeyPassword security
>
>                 EAPTLS_MaxFragmentSize 1000
>
>
>
>                 AutoMPPEKeys
>
>     </AuthBy>
>
>
> </Realm>
>
> ********************************************************************** 
> ***
>
> Vriendelijke groeten, Kind regards,
> Frank Messie
> Osix/Systems B.V.
> Office:   Bikbergerweg 18, 1272 PM Huizen, The Netherlands
> Mail:     Postbox 5006, 1410 AA Naarden, The Netherlands
> Phone:    +31(0)356946010                  Fax:  +31(0)356951802
> Email:    frank.messie at osix.nl              Homepage: www.osix.nl
>
> This is an e-mail message from The Osix Group. The information  
> contained in this
> communication is intended solely for use by the individual or  
> entity to
> whom it is addressed. Use of this communication by others is  
> prohibited. If
> the e-mail message was sent to you by mistake, please destroy it  
> without
> reading, using, copying or disclosing its contents to any other  
> person.
> Sender accepts no liability for damage related to data and/or  
> documents which
> are communicated by electronic mail.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050415/12c16a12/attachment.html>

More information about the radiator mailing list