(RADIATOR) problems with user file

Hugh Irvine hugh at open.com.au
Thu Jan 13 02:41:23 CST 2005


Hello James -

Could you please send us a copy of your configuration file (no secrets).

regards

Hugh


On 13 Jan 2005, at 03:19, james edwards wrote:

> After an upgrade to Radiator-3.11-2 (running RH Core2, 2.6.xx kernel)  
> it
> seems my previous
> users file is not working correctly. I created user isdntest set the  
> group
> isdn & user powertest set to group
> power. I the below debug it does not look like Radiator is finding  
> that the
> user is in the apprioprate
> group. These users are not able to establist 2 session.
>
>
>
>
> Users config file:
>
> DEFAULT Auth-Type = System, Group = deadbeat,  
> Auth-Type="Reject:Deadbeated
> users can not dial in."
>
> DEFAULT Auth-Type = System, Group = susp, Auth-Type="Reject:Suspended  
> users
> can not dial in."
>
> DEFAULT Auth-Type = System, Group = shell
>         Service-Type = Login-User,
>         Login-IP-Host = 198.59.109.7,
>         Login-Service = Telnet
>
> DEFAULT Auth-Type = System, Group = power, Simultaneous-Use = 3
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP,
>         Port-Limit = 2,
>         Reply-Message = "ts>"
>
> DEFAULT Auth-Type = System, Group = DSL, Simultaneous-Use = 200
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP,
>         Port-Limit = 1,
>
> DEFAULT Auth-Type = System, Group = ISDN, Simultaneous-Use = 2
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP,
>         Port-Limit = 2,
>
> DEFAULT Auth-Type = System, Group = aux-dial, Simultaneous-Use = 1
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP,
>         Port-Limit = 1,
>         Reply-Message = "ts>"
>
>
> DEFAULT Auth-Type = System, Simultaneous-Use = 2
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 255.255.255.254,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP,
>         Port-Limit = 2,
>         Reply-Message = "ts>"
>
>
> ##### Static IPS #####
>
> # --test for national user....removing framed-compression
> #
> eklund at cybermesa.com    Auth-Type = System
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 255.255.255.254,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500
>
>
> Debugs:
>
>
>
> Tue Jan 11 16:23:44 2005: DEBUG: Rewrote user name to isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Rewrote user name to isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jan 11 16:23:44 2005: DEBUG:  Deleting session for isdntest,  
> 65.19.14.4,
> 521
> Tue Jan 11 16:23:44 2005: DEBUG: do query is: 'delete from RADONLINE  
> where
> NASIDENTIFIER='65.19.14.4' and NASPORT=0521':
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSQL
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthFILE:
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> isdntest is
> not in Group aux
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User  
> isdntest is
> not in Group aux
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> isdntest is
> not in Group deadbeat
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User  
> isdntest is
> not in Group deadbeat
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT2
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> isdntest is
> not in Group susp
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User  
> isdntest is
> not in Group susp
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT3
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> isdntest is
> not in Group shell
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User  
> isdntest is
> not in Group shell
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT4
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> isdntest is
> not in Group power
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User  
> isdntest is
> not in Group power
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT5
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> isdntest is
> not in Group DSL
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE REJECT: User  
> isdntest is
> not in Group DSL
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT6
> Tue Jan 11 16:23:44 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:23:44 2005: DEBUG: getpwnam got isdntest,
> $1$WFw5Lk7y$VjTw6BGI4Krj3vaj5Ee91., 34780, 668, , , , /home/isdntest,
> /bin/bash,
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where  
> USERNAME='isdntest'':
> Tue Jan 11 16:23:44 2005: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where  
> USERNAME='isdntest'':
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthSYSTEM ACCEPT:
> Tue Jan 11 16:23:44 2005: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Jan 11 16:23:44 2005: DEBUG: Access accepted for isdntest
> Tue Jan 11 16:23:44 2005: DEBUG: Packet dump:
> *** Sending to 65.19.14.4 port 1645 ....
> Code:       Access-Accept
> Identifier: 50
> Authentic:  <170><250>|a<222>.<234>L<23><151>!;<229><28>%^
> Attributes:
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.255
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = Van-Jacobson-TCP-IP
>         Port-Limit = 2
>
>
>
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
> XXXXX
> XXXXXXXXXXXXXXXXXXXXXXX
>
> Tue Jan 11 16:31:15 2005: DEBUG: Rewrote user name to powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Rewrote user name to powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jan 11 16:31:15 2005: DEBUG:  Deleting session for powertest,
> 65.19.14.4, 792
> Tue Jan 11 16:31:15 2005: DEBUG: do query is: 'delete from RADONLINE  
> where
> NASIDENTIFIER='65.19.14.4' and NASPORT=0792':
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSQL
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthFILE:
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> powertest
> is not in Group aux
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE REJECT: User  
> powertest is
> not in Group aux
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> powertest
> is not in Group deadbeat
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE REJECT: User  
> powertest is
> not in Group deadbeat
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT2
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> powertest
> is not in Group susp
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE REJECT: User  
> powertest is
> not in Group susp
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT3
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM REJECT: User  
> powertest
> is not in Group shell
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE REJECT: User  
> powertest is
> not in Group shell
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT4
> Tue Jan 11 16:31:15 2005: DEBUG: Handling with Radius::AuthSYSTEM:  
> System
> Tue Jan 11 16:31:15 2005: DEBUG: getpwnam got powertest,
> $1$Kb7n5nRT$DcKI2BsdJh.JbvjOPlcUK1, 34781, 555, , , , /home/powertest,
> /bin/bash,
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM looks for match  
> with
> powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where  
> USERNAME='powertest'':
> Tue Jan 11 16:31:15 2005: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where  
> USERNAME='powertest'':
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthSYSTEM ACCEPT:
> Tue Jan 11 16:31:15 2005: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Jan 11 16:31:15 2005: DEBUG: Access accepted for powertest
> Tue Jan 11 16:31:15 2005: DEBUG: Packet dump:
> *** Sending to 65.19.14.4 port 1645 ....
> Code:       Access-Accept
> Identifier: 66
> Authentic:  <1><164>V<188>D<178>B<235>I<24><251>Nqr<202>U
> Attributes:
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.255
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = Van-Jacobson-TCP-IP
>         Port-Limit = 2
>         Reply-Message = "ts>"
>
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive  
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list