(RADIATOR) NULL passwords in Radmin
Nacho Paredes
iparedes at eurocomercial.es
Thu Jun 16 02:49:19 CDT 2005
Hi again,
First of all, excuse my dumbness, but I'm not able to make it work. In
desperation I've done the following:
The config file:
==========================================================================
<AuthBy RADMIN>
Identifier RadminAuth
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth xxxxx
# Never look up the DEFAULT user
NoDefault
AuthSelect select PASS_WORD from RADUSERS where USERNAME=%0
UserAttrQuery
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
</AuthBy>
<Handler>
AuthBy RadminAuth
</Handler>
============================================================================
===========
The test (user TEST has a NULL password in the DB):
radpwtst -s 127.0.0.1 -secret xxxx -noacct -user TEST -password asdf
sending Access-Request...
Rejected: Request Denied
The log:
============================================================================
============
Code: Access-Request
Identifier: 32
Authentic: 1234567890123456
Attributes:
User-Name = "TEST"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "|<242>t<178><140>tSDKKU<132><144><239><198>I"
Thu Jun 16 09:57:47 2005: DEBUG: Handling request with Handler ''
Thu Jun 16 09:57:47 2005: DEBUG: Deleting session for TEST, 203.63.154.1,
1234
Thu Jun 16 09:57:47 2005: DEBUG: Handling with Radius::AuthRADMIN
Thu Jun 16 09:57:47 2005: DEBUG: Handling with Radius::AuthRADMIN:
RadminAuth
Thu Jun 16 09:57:47 2005: DEBUG: Query is: 'select PASS_WORD from RADUSERS
where USERNAME='TEST'':
Thu Jun 16 09:57:47 2005: DEBUG: Radius::AuthRADMIN looks for match with
TEST
Thu Jun 16 09:57:47 2005: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=BADLOGINS+1 where USERNAME='TEST'':
Thu Jun 16 09:57:47 2005: DEBUG: AuthBy RADMIN result: REJECT, Bad Password
Thu Jun 16 09:57:47 2005: INFO: Access rejected for TEST: Bad Password
Thu Jun 16 09:57:47 2005: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1025 ....
Code: Access-Reject
Identifier: 32
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
============================================================================
====
Now the authselect query is doing the same as in <AuthBy SQL>, I've even
taken out the UserAttrQuery, but still doesn't work.
I really need this working, so any help will be appreciated.
Thanks again.
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: domingo, 12 de junio de 2005 1:39
> To: Nacho Paredes
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) NULL passwords in Radmin
>
>
> Hello Nacho -
>
> As you can see in the debug the default AuthSelect for Radmin
> does much more than just check the password.
>
> Hence when you define the query in an AuthBy SQL it works correctly.
>
> regards
>
> Hugh
>
>
> On 12 Jun 2005, at 01:04, Nacho Paredes wrote:
>
> > Hi Hugh,
> >
> > That's what I thought, but...
> >
> > I've defined an user TEST with no password nor check or reply items
> > through Radmin.
> >
> > And with this config:
> > ================================================================
> > <AuthBy RADMIN>
> > Identifier RadminAuth
> > DBSource dbi:mysql:radmin:localhost
> > DBUsername radmin
> > DBAuth xxxxx
> > </AuthBy>
> >
> > <Handler>
> > AuthBy RadminAuth
> > </Handler
> >
> ======================================================================
> > ====
> > And for this test, since the user has a NULL password, should be
> > accepted:
> > $ radpwtst -s 127.0.0.1 -secret xxxxx -noacct -user TEST -password
> > asdf
> >
> > I got this log:
> >
> ======================================================================
> > ====
> > *** Received from 127.0.0.1 port 1094 ....
> > Code: Access-Request
> > Identifier: 251
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "test"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Identifier = "203.63.154.1"
> > NAS-Port = 1234
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> > NAS-Port-Type = Async
> > User-Password =
> "|<242>t<178><140>tSDKKU<132><144><239><198>I"
> >
> > Sat Jun 11 16:58:26 2005: DEBUG: Handling request with Handler ''
> > Sat Jun 11 16:58:26 2005: DEBUG: Deleting session for test,
> > 203.63.154.1,
> > 1234
> > Sat Jun 11 16:58:26 2005: DEBUG: Handling with
> Radius::AuthRADMIN Sat
> > Jun 11 16:58:26 2005: DEBUG: Handling with Radius::AuthRADMIN:
> > RadminAuth
> > Sat Jun 11 16:58:26 2005: DEBUG: Query is: 'select PASS_WORD,
> > STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
> VALIDFROM,
> > VALIDTO from RADUSERS where USERNAME='test'':
> > Sat Jun 11 16:58:26 2005: DEBUG: Query is: 'select ATTR_ID,
> VENDOR_ID,
> > IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='test' order by
> > ITEM_TYPE':
> > Sat Jun 11 16:58:26 2005: DEBUG: Radius::AuthRADMIN looks for match
> > with test Sat Jun 11 16:58:26 2005: DEBUG: do query is: 'update
> > RADUSERS set
> > BADLOGINS=BADLOGINS+1 where USERNAME='test'':
> > Sat Jun 11 16:58:26 2005: DEBUG: AuthBy RADMIN result: REJECT, Bad
> > Password Sat Jun 11 16:58:26 2005: INFO: Access rejected
> for test: Bad
> > Password Sat Jun 11 16:58:26 2005: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 1094 ....
> > Code: Access-Reject
> > Identifier: 251
> > Authentic: 1234567890123456
> > Attributes:
> > Reply-Message = "Request Denied"
> >
> ======================================================================
> > ======
> > ========
> > Now, I've changed the config to:
> > =========================================================
> > <AuthBy SQL>
> > Identifier AuthSQL
> > DBSource dbi:mysql:radmin:localhost
> > DBUsername radmin
> > DBAuth xxxxx
> > AuthSelect select PASS_WORD from RADUSERS where
> > USERNAME=%0
> > </AuthBy>
> >
> > <Handler>
> > # AuthBy RadminAuth
> > AuthBy AuthSQL
> > </Handler>
> >
> ======================================================================
> > And for the same test:
> > $ radpwtst -s 127.0.0.1 -secret xxxxx -noacct -user TEST -password
> > asdf
> >
> > I got:
> >
> ======================================================================
> > Code: Access-Request
> > Identifier: 27
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "TEST"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Identifier = "203.63.154.1"
> > NAS-Port = 1234
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> > NAS-Port-Type = Async
> > User-Password =
> "|<242>t<178><140>tSDKKU<132><144><239><198>I"
> >
> > Sat Jun 11 17:15:57 2005: DEBUG: Handling request with Handler ''
> > Sat Jun 11 17:15:57 2005: DEBUG: Deleting session for TEST,
> > 203.63.154.1,
> > 1234
> > Sat Jun 11 17:15:57 2005: DEBUG: Handling with
> Radius::AuthSQL Sat Jun
> > 11 17:15:57 2005: DEBUG: Handling with Radius::AuthSQL:
> > AuthSQL
> > Sat Jun 11 17:15:57 2005: DEBUG: Query is: 'select PASS_WORD from
> > RADUSERS where USERNAME='TEST'':
> > Sat Jun 11 17:15:57 2005: DEBUG: Radius::AuthSQL looks for
> match with
> > TEST Sat Jun 11 17:15:57 2005: DEBUG: Radius::AuthSQL ACCEPT:
> > Sat Jun 11 17:15:57 2005: DEBUG: AuthBy SQL result: ACCEPT,
> Sat Jun 11
> > 17:15:57 2005: DEBUG: Access accepted for TEST Sat Jun 11 17:15:57
> > 2005: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 1094 ....
> > Code: Access-Accept
> > Identifier: 27
> > Authentic: 1234567890123456
> > Attributes:
> >
> =====================================================================
> >
> > Any ideas why is this happening?
> >
> > Thanks on advance.
> >
> >
> >> -----Original Message-----
> >> From: owner-radiator at open.com.au
> >> [mailto:owner-radiator at open.com.au] On Behalf Of Hugh Irvine
> >> Sent: sábado, 11 de junio de 2005 2:18
> >> To: Nacho Paredes
> >> Cc: radiator at open.com.au
> >> Subject: Re: (RADIATOR) NULL passwords in Radmin
> >>
> >>
> >> Hello Nacho -
> >>
> >> As the AuthBy RADMIN clause is based on the AuthBy SQL clause, I
> >> would expect it to behave the same with NULL passwords.
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On 10 Jun 2005, at 20:37, Nacho Paredes wrote:
> >>
> >>
> >>> Hi all,
> >>>
> >>> I've read in the <AuthBy SQL> that when a user has a NULL in the
> >>> PASSWORD column, Radiator accepts any password the user
> >>>
> >> provides. I've
> >>
> >>> tested it, and works fine, but I wonder if is it possible
> >>>
> >> to have the
> >>
> >>> same feature in <AuthBy RADMIN> (I havent been able to
> reproduce it
> >>> with Radmin)
> >>>
> >>> Thanks on advance.
> >>>
> >>> Regards
> >>>
> --------------------------------------------------------------------
> >>> Ignacio Paredes | email: iparedes at eurocomercial.es
> >>> Eurocomercial I&C, S.A. | Tel: +34 98 5195703
> >>> Ezcurdia, 194 - Gijon (AS) | Fax: +34 98 5132596
> >>>
> --------------------------------------------------------------------
> >>>
> >>>
> >>> --
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au To
> >>>
> >> unsubscribe, email
> >>
> >>> 'majordomo at open.com.au' with 'unsubscribe radiator' in the
> >>>
> >> body of the
> >>
> >>> message.
> >>>
> >>>
> >>
> >>
> >> NB:
> >>
> >> Have you read the reference manual ("doc/ref.html")?
> >> Have you searched the mailing list archive
> (www.open.com.au/archives/
> >> radiator)?
> >> Have you had a quick look on Google (www.google.com)?
> >> Have you included a copy of your configuration file (no secrets),
> >> together with a trace 4 debug showing what is happening?
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable
> RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical,
> extensible,
> >> flexible with hardware, software, platform and database
> independence.
> >> -
> >> CATool: Private Certificate Authority for Unix and
> Unix-like systems.
> >>
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au To
> unsubscribe, email
> >> 'majordomo at open.com.au' with 'unsubscribe radiator' in the body of
> >> the message.
> >>
> >>
> >
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/ radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no
> secrets), together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS
> server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical,
> extensible, flexible with hardware, software, platform and
> database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list