(RADIATOR) NULL passwords in Radmin

Nacho Paredes iparedes at eurocomercial.es
Sat Jun 11 10:04:42 CDT 2005 

Hi Hugh,

That's what I thought, but...

I've defined an user TEST with no password nor check or reply items through
Radmin.

And with this config:
================================================================
<AuthBy RADMIN>
        Identifier RadminAuth
        DBSource        dbi:mysql:radmin:localhost
        DBUsername      radmin
        DBAuth          xxxxx
</AuthBy>

<Handler>
        AuthBy RadminAuth
</Handler
==========================================================================
And for this test, since the user has a NULL password, should be accepted:
$ radpwtst -s 127.0.0.1 -secret xxxxx -noacct -user TEST -password asdf

I got this log:
==========================================================================
*** Received from 127.0.0.1 port 1094 ....
Code:       Access-Request
Identifier: 251
Authentic:  1234567890123456
Attributes:
        User-Name = "test"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "|<242>t<178><140>tSDKKU<132><144><239><198>I"

Sat Jun 11 16:58:26 2005: DEBUG: Handling request with Handler ''
Sat Jun 11 16:58:26 2005: DEBUG:  Deleting session for test, 203.63.154.1,
1234
Sat Jun 11 16:58:26 2005: DEBUG: Handling with Radius::AuthRADMIN
Sat Jun 11 16:58:26 2005: DEBUG: Handling with Radius::AuthRADMIN:
RadminAuth
Sat Jun 11 16:58:26 2005: DEBUG: Query is: 'select PASS_WORD, STATICADDRESS,
TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
RADUSERS where USERNAME='test'': 
Sat Jun 11 16:58:26 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='test' order by
ITEM_TYPE': 
Sat Jun 11 16:58:26 2005: DEBUG: Radius::AuthRADMIN looks for match with
test
Sat Jun 11 16:58:26 2005: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=BADLOGINS+1 where USERNAME='test'': 
Sat Jun 11 16:58:26 2005: DEBUG: AuthBy RADMIN result: REJECT, Bad Password
Sat Jun 11 16:58:26 2005: INFO: Access rejected for test: Bad Password
Sat Jun 11 16:58:26 2005: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1094 ....
Code:       Access-Reject
Identifier: 251
Authentic:  1234567890123456
Attributes:
        Reply-Message = "Request Denied"
============================================================================
========
Now, I've changed the config to:
=========================================================
<AuthBy SQL>
        Identifier AuthSQL
        DBSource        dbi:mysql:radmin:localhost
        DBUsername      radmin
        DBAuth          xxxxx
        AuthSelect      select PASS_WORD from RADUSERS where USERNAME=%0
</AuthBy>

<Handler>
#       AuthBy RadminAuth
        AuthBy AuthSQL
</Handler> 
======================================================================
And for the same test:
$ radpwtst -s 127.0.0.1 -secret xxxxx -noacct -user TEST -password asdf

I got:
======================================================================
Code:       Access-Request
Identifier: 27
Authentic:  1234567890123456
Attributes:
        User-Name = "TEST"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "|<242>t<178><140>tSDKKU<132><144><239><198>I"

Sat Jun 11 17:15:57 2005: DEBUG: Handling request with Handler ''
Sat Jun 11 17:15:57 2005: DEBUG:  Deleting session for TEST, 203.63.154.1,
1234
Sat Jun 11 17:15:57 2005: DEBUG: Handling with Radius::AuthSQL
Sat Jun 11 17:15:57 2005: DEBUG: Handling with Radius::AuthSQL: AuthSQL
Sat Jun 11 17:15:57 2005: DEBUG: Query is: 'select PASS_WORD from RADUSERS
where USERNAME='TEST'': 
Sat Jun 11 17:15:57 2005: DEBUG: Radius::AuthSQL looks for match with TEST
Sat Jun 11 17:15:57 2005: DEBUG: Radius::AuthSQL ACCEPT: 
Sat Jun 11 17:15:57 2005: DEBUG: AuthBy SQL result: ACCEPT, 
Sat Jun 11 17:15:57 2005: DEBUG: Access accepted for TEST
Sat Jun 11 17:15:57 2005: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1094 ....
Code:       Access-Accept
Identifier: 27
Authentic:  1234567890123456
Attributes:
=====================================================================

Any ideas why is this happening?

Thanks on advance.

> -----Original Message-----
> From: owner-radiator at open.com.au 
> [mailto:owner-radiator at open.com.au] On Behalf Of Hugh Irvine
> Sent: sábado, 11 de junio de 2005 2:18
> To: Nacho Paredes
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) NULL passwords in Radmin
> 
> 
> Hello Nacho -
> 
> As the AuthBy RADMIN clause is based on the AuthBy SQL 
> clause, I would expect it to behave the same with NULL passwords.
> 
> regards
> 
> Hugh
> 
> 
> On 10 Jun 2005, at 20:37, Nacho Paredes wrote:
> 
> > Hi all,
> >
> > I've read in the <AuthBy SQL> that when a user has a NULL in the 
> > PASSWORD column, Radiator accepts any password the user 
> provides. I've 
> > tested it, and works fine, but I wonder if is it possible 
> to have the 
> > same feature in <AuthBy RADMIN> (I havent been able to reproduce it 
> > with Radmin)
> >
> > Thanks on advance.
> >
> > Regards
> > --------------------------------------------------------------------
> > Ignacio Paredes               |  email: iparedes at eurocomercial.es
> > Eurocomercial I&C, S.A.       |  Tel: +34 98 5195703
> > Ezcurdia, 194 - Gijon (AS)    |  Fax: +34 98 5132596
> > --------------------------------------------------------------------
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au To 
> unsubscribe, email 
> > 'majordomo at open.com.au' with 'unsubscribe radiator' in the 
> body of the 
> > message.
> >
> 
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive 
> (www.open.com.au/archives/ radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no 
> secrets), together with a trace 4 debug showing what is happening?
> 
> --
> Radiator: the most portable, flexible and configurable RADIUS 
> server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, 
> extensible, flexible with hardware, software, platform and 
> database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list