(RADIATOR) Radmin setup question with Autenthication

Prins, R. r.prins at i-groep.leidenuniv.nl
Wed May 4 03:33:30 CDT 2005



I try to implement user authorization with Radmin.

In Radmin I have created a service profile called "Network-Devices".
(Quotes aren't part of the configuraton text anywhere)

In Radmin I have created a check item Auth-Type="Network-Devices"

In Radmin I have created a user with the service profile
"Network-Devices".

In Radiator I have created a Realm "radmin" using the default
configuration from "goodies".

In the Authby RADMIN clause I have added an identifier "Network-Devices"

It works very well without the Auth-Type set as a check item

If I define the check item I get an endless loop in Radiator

What did I do wrong"?

------------------------------- Piece of radius.cfg
# Handle everyone with RADMIN
<Handler Realm=radmin>
	RewriteUsername s/^([^@]+).*/$1/
	<AuthBy RADMIN>
		Identifier Network-Devices
		# Change DBSource, DBUsername, DBAuth for your database
		# See the reference manual. You will also have to 
		# change the one in <SessionDatabse SQL> below
		# so its the same
		DBSource	dbi:mysql:radmin:localhost
		DBUsername	radmin
		DBAuth		radminpw

		# Never look up the DEFAULT user 
		NoDefault

		# You can add to or change these if you want, but you
		# will probably want to change the database schema first
		AccountingTable	RADUSAGE
		AcctColumnDef	USERNAME,User-Name
		AcctColumnDef	TIME_STAMP,Timestamp,integer
		AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type,integer
		AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
		AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
		AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
		AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
		AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
		AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
		AcctColumnDef	NASIDENTIFIER,NAS-IP-Address
		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
		AcctColumnDef	NASPORT,NAS-Port,integer
		AcctColumnDef	DNIS,Called-Station-Id
#		AcctColumnDef	CALLINGSTATIONID,Calling-Station-Id

		# This updates the time and octets left
		# for this user
		AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

		# These are the classic things to add to each users 
		# reply to allow a PPP dialup session. It may be 
		# different for your NAS. This will add some 
		# reply items to everyone's reply
		AddToReply Framed-Protocol = PPP,\
        		Framed-IP-Netmask = 255.255.255.255,\
        		Framed-Routing = None,\
        		Framed-MTU = 1500,\
			Framed-Compression = Van-Jacobson-TCP-IP

		# If you intend to use rcrypt reversible encryption
		# for passwords in your Radmin database, you must 
		# RcryptKey here to be the same secret key you
		# defined in your Radmin Site.pm, and also set 
		# PasswordFormat in your Site.pm.
		# RcryptKey mysecret

		# If you intend to use Unix encryption in your database,
		# you will need to set EncryptedPasssword here,
		# as well as setting PasswordFormat in your Site.pm
		# EncryptedPassword

		# You can change the max bad login count from the
default
		# of 5 with something like
		# MaxBadLogins 10
	</AuthBy>

	# This clause logs all authentication successes and failures to
the RADAUTHLOG table
	# Suitable for use with RAdmin version 1.6 or later
	<AuthLog SQL>
		# This database spec usually should be exactly the same
		# as in <AuthBy RADMIN> above
		DBSource	dbi:mysql:radmin:localhost
		DBUsername	radmin
		DBAuth		radminpw

		LogSuccess
		SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
USERNAME, TYPE) values (%t, '%n', 1)
		LogFailure
		FailureQuery insert into RADAUTHLOG (TIME_STAMP,
USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
	</AuthLog>

</Handler>
------------------------------- Piece of log file 
*** Received from 127.0.0.1 port 47990 ....
Code:       Access-Request
Identifier: 146
Authentic:  1234567890123456
Attributes:
	User-Name = "tnb at radmin"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password =
"<173><238>,<217><197>9<4><246><188>8<9><160><216>}x<153>"

Tue May  3 17:31:11 2005: DEBUG: Rewrote user name to tnb at radmin Tue May
3 17:31:11 2005: DEBUG: Handling request with Handler 'Realm=radmin' Tue
May  3 17:31:11 2005: DEBUG: Rewrote user name to tnb Tue May  3
17:31:11 2005: DEBUG:  Deleting session for tnb at radmin, 203.63.154.1,
1234 Tue May  3 17:31:11 2005: DEBUG: do query is: 'delete from
RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234': 

Tue May  3 17:31:11 2005: DEBUG: Handling with Radius::AuthRADMIN Tue
May  3 17:31:11 2005: DEBUG: Handling with Radius::AuthRADMIN:
Network-Devices Tue May  3 17:31:11 2005: DEBUG: Query is: 'select
PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
VALIDFROM, VALIDTO from RADUSERS where USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200 Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN Tue May  3 17:31:11 2005: DEBUG: Handling with
Radius::AuthRADMIN: Network-Devices Tue May  3 17:31:11 2005: DEBUG:
Query is: 'select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='tnb'': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME='Network-Devices'
order by ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='tnb' order by
ITEM_TYPE': 

Tue May  3 17:31:11 2005: DEBUG: Radius::AuthRADMIN looks for match with
tnb Tue May  3 17:31:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='tnb at radmin'': 

Tue May  3 17:31:11 2005: DEBUG: ValidFrom date converted to: 1114702620
Tue May  3 17:31:11 2005: DEBUG: Expiration date converted to:
1146175200


-- 
I am using the free version of SPAMfighter for private users. It has
removed 13891 spam emails to date. Paying users do not have this message
in their emails. Try www.SPAMfighter.com for free now!

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list