(RADIATOR) initial run using simple.cfg with NAS client added fails

Joon Yun joon at berkeley.edu
Fri Dec 9 17:04:17 CST 2005 

Hello,

After much trouble with 2 versions of Perl on my FreeBSD box I am  
finally up and running with the demo installation of Radiator.  
Ultimately I want to test the AuthBy KRB5 for eap/ttls usage but I  
can't even seem to get the AuthBy File to work. I'm just using the  
simple.cfg file and the perl radtest tool says everything is oky:

[perimeter:local/etc/radiator] joon% perl radpwtst -user fred -password  
fred
sending Access-Request...
OK
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK

But when I add one of my NAS devices the users file as a client and  
then test with the fred account I get a failure. I've appended the  
debug output from the manually launched radiator radiusd. Any help  
would be much appreciated.

Regards,
Joon Yun
UC Berkeley

------------------------------------------------------------------------ 
---------------

[perimeter:local/etc/radiator] joon% sudo perl radiusd -config_file  
goodies/simple.cfg
RADIUS Password:
Fri Dec  9 14:47:48 2005: DEBUG: Finished reading configuration file  
'goodies/simple.cfg'
This Radiator license will expire on 2006-01-30
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au

Fri Dec  9 14:47:48 2005: DEBUG: Reading dictionary file './dictionary'
Fri Dec  9 14:47:48 2005: DEBUG: Creating authentication port  
0.0.0.0:1645
Fri Dec  9 14:47:48 2005: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Dec  9 14:47:48 2005: NOTICE: Server started: Radiator 3.13 on  
perimeter.berkeley.edu (LOCKED)


Fri Dec  9 14:48:00 2005: DEBUG: Packet dump:
*** Received from 128.32.231.212 port 32858 ....
Code:       Access-Request
Identifier: 249
Authentic:  B<179><163><247><2><174><152><130>,<243>?i<168><226>X<253>
Attributes:
         NAS-Identifier = "128.32.231.212"
         User-Name = "fred"
         User-Password =  
<239><150><187><255><218><190><139><218><177>.<216>xG<167><187><199>

Fri Dec  9 14:48:00 2005: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Fri Dec  9 14:48:00 2005: DEBUG:  Deleting session for fred,  
128.32.231.212,
Fri Dec  9 14:48:00 2005: DEBUG: Handling with Radius::AuthFILE:
Fri Dec  9 14:48:00 2005: DEBUG: Reading users file ./users
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE looks for match with  
fred
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE REJECT: Bad Password
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE looks for match with  
DEFAULT
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE REJECT: Check item  
Service-Type expression 'Administrative-User' does not match '' in  
request
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE looks for match with  
DEFAULT1
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE REJECT: Check item  
Service-Type expression 'Login-User' does not match '' in request
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE looks for match with  
DEFAULT2
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE REJECT: Check item  
Service-Type expression 'Outbound-User' does not match '' in request
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE looks for match with  
DEFAULT3
Fri Dec  9 14:48:00 2005: WARNING: Could not find Identifier for  
Auth-Type 'System'
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE REJECT: Could not  
find Identifier for Auth-Type 'System'
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE looks for match with  
DEFAULT4
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE REJECT: Username not  
suffixed with .ppp
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE looks for match with  
DEFAULT5
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE REJECT: Username not  
prefixed with P
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE looks for match with  
DEFAULT6
Fri Dec  9 14:48:00 2005: WARNING: This AuthBy does not know how to  
check Group membership
Fri Dec  9 14:48:00 2005: DEBUG: Radius::AuthFILE REJECT: User fred is  
not in Group group1
Fri Dec  9 14:48:00 2005: DEBUG: AuthBy FILE result: REJECT, User fred  
is not in Group group1
Fri Dec  9 14:48:00 2005: INFO: Access rejected for fred: User fred is  
not in Group group1
Fri Dec  9 14:48:00 2005: DEBUG: Packet dump:
*** Sending to 128.32.231.212 port 32858 ....
Code:       Access-Reject
Identifier: 249
Authentic:  B<179><163><247><2><174><152><130>,<243>?i<168><226>X<253>
Attributes:
         Reply-Message = "Request Denied"

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list