(RADIATOR) initial run using simple.cfg with NAS client added fails

Joon Yun joon at berkeley.edu
Wed Dec 21 16:10:14 CST 2005 

Hi Hugh,

I found this thread  
(http://www.open.com.au/archives/radiator/2000-11/msg00078.html) in the  
archives where you explain how you recommend applying patches and I can  
now report success! Radiator launches fine now with the Kerberos  
configuration, but it is now failing the auth. :(

Here is the trace info:

[ndrl5] ~/Radiator-Locked-3.13> perl radiusd -config_file krb5.cfg
Wed Dec 21 13:56:08 2005: DEBUG: Finished reading configuration file  
'krb5.cfg'
Wed Dec 21 13:56:08 2005: DEBUG: Reading dictionary file './dictionary'
Wed Dec 21 13:56:09 2005: DEBUG: Creating authentication port  
0.0.0.0:1645
Wed Dec 21 13:56:09 2005: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Dec 21 13:56:09 2005: NOTICE: Server started: Radiator 3.13 on  
ndrl5.berkeley.edu


Wed Dec 21 13:56:28 2005: DEBUG: Packet dump:
*** Received from 128.32.231.212 port 32870 ....
Code:       Access-Request
Identifier: 226
Authentic:  <250><147><186>Px<163>K<192>'<224><12><154><16><233>O<185>
Attributes:
         NAS-IP-Address = 128.32.231.212
         User-Name = "joon"
         User-Password =  
<148><214><241><253><11>Q<246><22><214>wB<14><0><140><203><127><0>9<230> 
=cq<201><147><177><11><174><12><3><31>Z<173>

Wed Dec 21 13:56:28 2005: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Wed Dec 21 13:56:28 2005: DEBUG:  Deleting session for joon,  
128.32.231.212,
Wed Dec 21 13:56:28 2005: DEBUG: Handling with Radius::AuthKRB5:
Wed Dec 21 13:56:28 2005: DEBUG: Radius::AuthKRB5 looks for match with  
joon [joon]
Wed Dec 21 13:56:28 2005: DEBUG: Building Kerberos principal:  
joon at BERKELEY.EDU
Wed Dec 21 13:56:29 2005: DEBUG: Radius::AuthKRB5 REJECT: Kinit failed:  
Decrypt integrity check failed: joon [joon]
Wed Dec 21 13:56:29 2005: DEBUG: AuthBy KRB5 result: REJECT, Kinit  
failed: Decrypt integrity check failed
Wed Dec 21 13:56:29 2005: INFO: Access rejected for joon: Kinit failed:  
Decrypt integrity check failed
Wed Dec 21 13:56:29 2005: DEBUG: Packet dump:
*** Sending to 128.32.231.212 port 32870 ....
Code:       Access-Reject
Identifier: 226
Authentic:  <250><147><186>Px<163>K<192>'<224><12><154><16><233>O<185>
Attributes:
         Reply-Message = "Request Denied"
------------------------------------------------------------------------ 
-----------

I can do a kinit manually perfectly fine though and can get a tgt.

[ndrl5] ~> kinit
joon at BERKELEY.EDU's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
[ndrl5] ~> klist
Credentials cache: FILE:/tmp/krb5cc_5696
         Principal: joon at BERKELEY.EDU

   Issued           Expires          Principal
Dec 21 14:06:54  Dec 22 00:06:41  krbtgt/BERKELEY.EDU at BERKELEY.EDU

So I am not sure what the problem is exactly. Sorry to keep pestering  
you but what is my next step?

Regards,
Joon Yun
UC Berkeley

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list