(RADIATOR) Password not being checked.

Jason Haltom jasonh at ideateksystems.com
Fri Feb 18 18:43:02 CST 2005 

I am new to this product, and have been using it for less than a month
now.
 
When we were evaluating we had no problems, so we purchased a license
and after installing the licensed version and running the latest patches
(2005-2-17) we have problems with the password not being checked for one
of our <AuthBy SQL> statements.  (more notes and details at the bottom
of email.)
 
Our current cfg file is:
#-----------------------------------------------------------------------
-------------------------
# Radiator configuration file.
# Produced by /radconfig.pl Wed Jan 26 14:31:13 2005
#REMOTE_USER: , REMOTE_ADDR: 10.0.0.10
 
DbDir .
DictionaryFile %L/dictionary
Foreground 
LogDir /Program Files/Radiator
LogStdout 
RewriteUsername tr/[A-Z]/[a-z]/
RewriteUsername s/\s+//g
RewriteUsername s/idk-//
RewriteUsername s/pop.net/kansasi.net/
Trace 3
 
<AuthBy SQL>
  AccountingTable ACCOUNTING
  AcctColumnDef USERNAME, User-Name
  AcctColumnDef TIME_STAMP Timestamp, timestamp
  AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
  AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time, integer
  AcctColumnDef ACCTINPUTOCTETS, Acct-Input-Octets, integer
  AcctColumnDef ACCTOUTPUTOCTETS, Acct-Output-Octets, integer
  AcctColumnDef ACCTSESSIONID, Acct-Session-Id
  AcctColumnDef ACCTSESSIONTIME, Acct-Session-Time, integer
  AcctColumnDef ACCTTERMINATECAUSE, Acct-Terminate-Cause
  AcctColumnDef NASIDENTIFIER, NAS-IP-Address
  AcctColumnDef NASPORT, NAS-Port, integer
  AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
  AcctColumnDef CONNECTINFO, Connect-Info
  AcctColumnDef CALLERID, Calling-Station-Id
  AcctColumnDef CALLEDID, Called-Station-Id
  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
  DBAuth ideatek
  DBSource dbi:mysql:radius
  DBUsername root
  FailureBackoffTime 30
  Identifier accounting
  Timeout 30
</AuthBy>
 
<AuthBy SQL>
  AccountingTable ACCOUNTING
  AcctColumnDef USERNAME, User-Name
  AcctColumnDef TIME_STAMP Timestamp, timestamp
  AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
  AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time, integer
  AcctColumnDef ACCTINPUTOCTETS, Acct-Input-Octets, integer
  AcctColumnDef ACCTOUTPUTOCTETS, Acct-Output-Octets, integer
  AcctColumnDef ACCTSESSIONID, Acct-Session-Id
  AcctColumnDef ACCTSESSIONTIME, Acct-Session-Time, integer
  AcctColumnDef ACCTTERMINATECAUSE, Acct-Terminate-Cause
  AcctColumnDef NASIDENTIFIER, NAS-IP-Address
  AcctColumnDef NASPORT, NAS-Port, integer
  AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
  AcctColumnDef CONNECTINFO, Connect-Info
  AcctColumnDef CALLERID, Calling-Station-Id
  AcctColumnDef CALLEDID, Called-Station-Id
  AuthSelect select PASSWORD, IDLETIME, MAXLOGTIME from SUBSCRIBERS
where USERNAME='%n'
  AuthColumnDef 1, Idle-Timeout, reply
  AuthColumnDef 2, Session-Timeout, reply
  DBAuth ideatek
  DBSource dbi:mysql:radius
  DBUsername root
  FailureBackoffTime 30
  Identifier FilterAndAccounting
  Timeout 30
</AuthBy>
 
<Client 10.0.0.6>
  Description Portmaster
  DupInterval 2
  FramedGroupBaseAddress 10.0.0.100
  NasType Portmaster3
  Secret {removed}
</Client>
 
<Client 10.0.0.7>
  Description Portmaster
  DupInterval 2
  FramedGroupBaseAddress 10.0.0.150
  NasType Portmaster3
  Secret {removed}
</Client>
 
<Realm ideateksystems.com>
  AuthBy accounting
  AuthByPolicy ContinueWhileIgnore
  Description ideateksystems.com realm
  FramedGroup 0
  MaxSessions 5
  RejectHasReason 
  SessionDatabase sessionDB
</Realm>
 
<Realm kansasi.net>
  AuthBy FilterAndAccounting
  AuthByPolicy ContinueWhileIgnore
  Description kansasi.net realm
  FramedGroup 0
  MaxSessions 1
  RejectHasReason 
  SessionDatabase sessionDB
</Realm>
 
<Realm burrtonks.net>
  AccountingHandled 
  AuthBy FilterAndAccounting
  AuthByPolicy ContinueWhileIgnore
  Description burrtonks.net realm
  FramedGroup 0
  MaxSessions 1
  RejectHasReason 
  SessionDatabase sessionDB
</Realm>
 
<Realm buhlerks.net>
  AuthBy FilterAndAccounting
  AuthByPolicy ContinueWhileIgnore
  Description buhlerks.net realm
  FramedGroup 0
  MaxSessions 1
  RejectHasReason 
  SessionDatabase sessionDB
</Realm>
 
<Realm havenks.net>
  AuthBy FilterAndAccounting
  AuthByPolicy ContinueWhileIgnore
  Description havenks.net realm
  FramedGroup 0
  MaxSessions 1
  RejectHasReason 
  SessionDatabase sessionDB
</Realm>
 
<Realm hesstonks.net>
  AuthBy FilterAndAccounting
  AuthByPolicy ContinueWhileIgnore
  Description hesstonks.net realm
  FramedGroup 0
  MaxSessions 1
  RejectHasReason 
  SessionDatabase sessionDB
</Realm>
 
<Realm inmanks.net>
  AuthBy FilterAndAccounting
  AuthByPolicy ContinueWhileIgnore
  Description inmanks.net realm
  FramedGroup 0
  MaxSessions 1
  RejectHasReason 
  SessionDatabase sessionDB
</Realm>
 
<SessionDatabase SQL>
  AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,
CONNECTINFO, CALLERID, CALLEDID) values ('%u', '%N', 0%{NAS-Port},
'%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}',
'%{NAS-Port-Type}', '%{Service-Type}', '%{Connect-Info}',
'%{Calling-Station-Id}', '%{Called-Station-Id}')
  ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
  CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
NASIDENTIFIER='%N'
  CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
where USERNAME='%u'
  DBAuth ideatek
  DBSource dbi:mysql:radius
  DBUsername root
  DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
NASPORT=0%{NAS-Port}
  Description The session Database
  FailureBackoffTime 30
  Identifier sessionDB
  Timeout 30
</SessionDatabase>
#======================================================================
 
Anyone who is processed by the “AuthBy FilterAndAccounting” section is
able to login regardless of the password they use.  If someone is
processed by the “AuthBy accounting” section their password is checked
and everything works as it should.  The “AuthBy accounting” section is
only used for our own employees where we do not need to limit them on
anything.  Where  “AuthBy FilterAndAccounting” is used by our customers
and we need to limit them on some stuff.
 
I set the logging to debug level and nothing of use was shown there, it
appeared as if everything was ok.  I am thinking this has to do with the
patch.
If anyone can help me out on this it would be great.
 
Thanks,
Jason
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050218/7b76624f/attachment.html>

More information about the radiator mailing list