(RADIATOR) Radmin setup question with Autenthication
Prins, R.
r.prins at i-groep.leidenuniv.nl
Wed May 4 03:33:30 CDT 2005
I try to implement user authorization with Radmin.
In Radmin I have created a service profile called "Network-Devices".
(Quotes aren't part of the configuraton text anywhere)
In Radmin I have created a check item Auth-Type="Network-Devices"
In Radmin I have created a user with the service profile
"Network-Devices".
In Radiator I have created a Realm "radmin" using the default
configuration from "goodies".
In the Authby RADMIN clause I have added an identifier "Network-Devices"
It works very well without the Auth-Type set as a check item
If I define the check item I get an endless loop in Radiator
What did I do wrong"?
------------------------------- Piece of radius.cfg
# Handle everyone with RADMIN
<Handler Realm=radmin>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy RADMIN>
Identifier Network-Devices
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth radminpw
# Never look up the DEFAULT user
NoDefault
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
# If you intend to use rcrypt reversible encryption
# for passwords in your Radmin database, you must
# RcryptKey here to be the same secret key you
# defined in your Radmin Site.pm, and also set
# PasswordFormat in your Site.pm.
# RcryptKey mysecret
# If you intend to use Unix encryption in your database,
# you will need to set EncryptedPasssword here,
# as well as setting PasswordFormat in your Site.pm
# EncryptedPassword
# You can change the max bad login count from the
default
# of 5 with something like
# MaxBadLogins 10
</AuthBy>
# This clause logs all authentication successes and failures to
the RADAUTHLOG table
# Suitable for use with RAdmin version 1.6 or later
<AuthLog SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth radminpw
LogSuccess
SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
USERNAME, TYPE) values (%t, '%n', 1)
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP,
USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
</AuthLog>
</Handler>
------------------------------- Piece of log file
*** Received from 127.0.0.1 port 47990 ....
Code: Access-Request
Identifier: 146
Authentic: 1234567890123456
Attributes:
User-Name = "tnb at radmin"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"<173><238>,<217><197>9<4><246><188>8<9><160><216>}x<153>"
Tue May 3 17:31:11 2005: DEBUG: Rewrote user name to tnb at radmin Tue May
3 17:31:11 2005: DEBUG: Handling request with Handler 'Realm=radmin' Tue
May 3 17:31:11 2005: DEBUG: Rewrote user name to tnb Tue May 3
17:31:11 2005: DEBUG: Deleting session for tnb at radmin, 203.63.154.1,
1234 Tue May 3 17:31:11 2005: DEBUG: do query is: 'delete from
RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234':
Tue May 3 17:31:11 2005: DEBUG: Handling with Radius::AuthRADMIN Tue
May 3 17:31:11 2005: DEBUG: Handling with Radius::AuthRADMIN:
Network-Devices Tue May 3 17:31:11 2005: DEBUG: Query is: 'select
PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
VALIDFROM, VALIDTO from RADUSERS where USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May 3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May 3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE':
Tue May 3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May 3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'':
Tue May 3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May 3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200
--
I am using the free version of SPAMfighter for private users. It has
removed 13891 spam emails to date. Paying users do not have this message
in their emails. Try www.SPAMfighter.com for free now!
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list