(RADIATOR) problems with user file
Hugh Irvine
hugh at open.com.au
Thu Jan 13 02:41:23 CST 2005
Hello James -
Could you please send us a copy of your configuration file (no secrets).
regards
Hugh
On 13 Jan 2005, at 03:19, james edwards wrote:
> After an upgrade to Radiator-3.11-2 (running RH Core2, 2.6.xx kernel)
> it
> seems my previous
> users file is not working correctly. I created user isdntest set the
> group
> isdn & user powertest set to group
> power. I the below debug it does not look like Radiator is finding
> that the
> user is in the apprioprate
> group. These users are not able to establist 2 session.
>
>
>
>
> Users config file:
>
> DEFAULT Auth-Type = System, Group = deadbeat,
> Auth-Type="Reject:Deadbeated
> users can not dial in."
>
> DEFAULT Auth-Type = System, Group = susp, Auth-Type="Reject:Suspended
> users
> can not dial in."
>
> DEFAULT Auth-Type = System, Group = shell
> Service-Type = Login-User,
> Login-IP-Host = 198.59.109.7,
> Login-Service = Telnet
>
> DEFAULT Auth-Type = System, Group = power, Simultaneous-Use = 3
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Port-Limit = 2,
> Reply-Message = "ts>"
>
> DEFAULT Auth-Type = System, Group = DSL, Simultaneous-Use = 200
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Port-Limit = 1,
>
> DEFAULT Auth-Type = System, Group = ISDN, Simultaneous-Use = 2
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Port-Limit = 2,
>
> DEFAULT Auth-Type = System, Group = aux-dial, Simultaneous-Use = 1
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Port-Limit = 1,
> Reply-Message = "ts>"
>
>
> DEFAULT Auth-Type = System, Simultaneous-Use = 2
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Port-Limit = 2,
> Reply-Message = "ts>"
>
>
> ##### Static IPS #####
>
> # --test for national user....removing framed-compression
> #
> eklund at cybermesa.com Auth-Type = System
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500
>
>
> Debugs:
>
>
>
> Tue Jan 11 16:23:44 2005: DEBUG: Rewrote user name to isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Rewrote user name to isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jan 11 16:23:44 2005: DEBUG: Deleting session for isdntest,
> 65.19.14.4,
> 521
> Tue Jan 11 16:23:44 2005: DEBUG: do query is: 'delete from RADONLINE
> where
> NASIDENTIFIER='65.19.14.4' and NASPORT=0521':
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSQL
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthFILE:
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> isdntest is
> not in Group aux
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User
> isdntest is
> not in Group aux
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> isdntest is
> not in Group deadbeat
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User
> isdntest is
> not in Group deadbeat
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT2
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> isdntest is
> not in Group susp
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User
> isdntest is
> not in Group susp
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT3
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> isdntest is
> not in Group shell
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User
> isdntest is
> not in Group shell
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT4
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> isdntest is
> not in Group power
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User
> isdntest is
> not in Group power
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT5
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> isdntest is
> not in Group DSL
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User
> isdntest is
> not in Group DSL
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT6
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='isdntest'':
> Tue Jan 11 16:23:44 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='isdntest'':
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM ACCEPT:
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Jan 11 16:23:44 2005: DEBUG: Access accepted for isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Packet dump:
> *** Sending to 65.19.14.4 port 1645 ....
> Code: Access-Accept
> Identifier: 50
> Authentic: <170><250>|a<222>.<234>L<23><151>!;<229><28>%^
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> Port-Limit = 2
>
>
>
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXX
> XXXXXXXXXXXXXXXXXXXXXXX
>
> Tue Jan 11 16:31:15 2005: DEBUG: Rewrote user name to powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Rewrote user name to powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jan 11 16:31:15 2005: DEBUG: Deleting session for powertest,
> 65.19.14.4, 792
> Tue Jan 11 16:31:15 2005: DEBUG: do query is: 'delete from RADONLINE
> where
> NASIDENTIFIER='65.19.14.4' and NASPORT=0792':
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSQL
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthFILE:
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> powertest
> is not in Group aux
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE REJECT: User
> powertest is
> not in Group aux
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> powertest
> is not in Group deadbeat
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE REJECT: User
> powertest is
> not in Group deadbeat
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT2
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> powertest
> is not in Group susp
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE REJECT: User
> powertest is
> not in Group susp
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT3
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM REJECT: User
> powertest
> is not in Group shell
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE REJECT: User
> powertest is
> not in Group shell
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT4
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='powertest'':
> Tue Jan 11 16:31:15 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='powertest'':
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM ACCEPT:
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Jan 11 16:31:15 2005: DEBUG: Access accepted for powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Packet dump:
> *** Sending to 65.19.14.4 port 1645 ....
> Code: Access-Accept
> Identifier: 66
> Authentic: <1><164>V<188>D<178>B<235>I<24><251>Nqr<202>U
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> Port-Limit = 2
> Reply-Message = "ts>"
>
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list