(RADIATOR) MS-Chap ver2 from a Watchguard Firebox
Erik Wirring LE34 Trimble Center Danmark
ew at trimblecenter.dk
Mon Jan 3 06:48:58 CST 2005
Hi
I am trying to setup Radiator to validate VPN (pptp) users on a Watchguard Firebox but I am getting no succes.
I am pretty sure that it is not the password that is wrong.
I have the un-encrypted password in the database field PASSWORD
Her is the debug respons:
Mon Jan 3 12:25:41 2005: DEBUG: Packet dump:
*** Received from 192.168.34.200 port 16478 ....
Code: Access-Request
Identifier: 31
Authentic: <31><228><205><211><130>V<136><239><31><198><224>ep<221><241>/
Attributes:
User-Name = "EW"
MS-CHAP-Challenge = c~<140><222><2>?<247><185><4>tyQ<10>Y<175>J
MS-CHAP2-Response = <129><0><17><14>*<215>z'Qda<25><181>(<132><243>/N<0><0><0><0><0><0><0><0><239><227>~C/*a<171>e<225>{@<214>*ly<169>+%9<0><224><255><242>
NAS-Identifier = "firebox"
NAS-Port = 15453
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Mon Jan 3 12:25:41 2005: DEBUG: Handling request with Handler 'Realm=DZONG'
Mon Jan 3 12:25:41 2005: DEBUG: DZONGDB Deleting session for EW, 192.168.34.200, 15453
Mon Jan 3 12:25:41 2005: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='192.168.34.200' and NASPORT=015453':
Mon Jan 3 12:25:41 2005: DEBUG: Handling with Radius::AuthSQL
Mon Jan 3 12:25:41 2005: DEBUG: Handling with Radius::AuthSQL:
Mon Jan 3 12:25:41 2005: DEBUG: Query is: 'select PASSWORD, CHECKATTR, REPLYATTR from DzongLogin where BINARY USERNAME='EW at DZONG'':
Mon Jan 3 12:25:41 2005: DEBUG: Radius::AuthSQL looks for match with EW at DZONG
Mon Jan 3 12:25:41 2005: DEBUG: Radius::AuthSQL REJECT: Bad Password
Mon Jan 3 12:25:41 2005: DEBUG: Query is: 'select PASSWORD, CHECKATTR, REPLYATTR from DzongLogin where BINARY USERNAME='DEFAULT'':
Mon Jan 3 12:25:41 2005: INFO: Access rejected for EW at DZONG: Bad Password
Mon Jan 3 12:25:41 2005: DEBUG: Packet dump:
*** Sending to 192.168.34.200 port 16478 ....
Code: Access-Reject
Identifier: 31
Authentic: <31><228><205><211><130>V<136><239><31><198><224>ep<221><241>/
Attributes:
Reply-Message = "Request Denied"
Here a part of the config:
>
# WatchGuard Firebox X700 Dzong
<Client 192.168.34.200>
Secret *********
DupInterval 2
DefaultRealm DZONG
</Client>
.
.
.
<SessionDatabase SQL>
DBSource dbi:mysql:radius
DBUsername ob
DBAuth *********
Identifier DZONGDB
#AddQuery insert into DZONGONLINE (USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS) values ('%{Calling-Station-Id}', '%N', '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}')
#DeleteQuery delete from DZONGONLINE where NASIDENTIFIER='%N' and USERNAME='%{Calling-Station-Id}'
#ClearNasQuery delete from DZONGONLINE where NASIDENTIFIER='%N'
#CountQuery select NASIDENTIFIER, ACCTSESSIONID from GPRSONLINE where USERNAME='%{Calling-Station-Id}'
</SessionDatabase>
# This will authenticate users from SUBSCRIBERS
<Realm DEFAULT>
.
.
.
</Realm>
<Realm DZONG>
<AuthBy SQL>
#RewriteUsername s/^([^@]+).*/$1/
DBSource dbi:mysql:radius
DBUsername ob
DBAuth ****************
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR from DzongLogin where BINARY USERNAME=%0
AutoMPPEKeys
AddToReply Filter-Id = pptp_users
# You may want to tailor these for your ACCOUNTING table
# You can add your own columns to store whatever you like
</AuthBy>
SessionDatabase DZONGDB
</Realm>
Best Regards
Erik Wirring
Chief Software Engineer
Chartered Surveyor
Email: EW at TrimbleCenter.Dk
Direct tel: +45 77 332 257
Mobile : +45 51 314 257
Trimble Center Danmark A/S
Energivej 34
DK-2750 Ballerup
Denmark
Tel: +45 77 332 233
Fax.+45 77 332 299
Http://www.TrimbleCenter.Dk
Http://GPSnet.dk The Electronic Referencenetwork of Denmark
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list