(RADIATOR) AuthBySQL - match something other than user/pass
Matthew Alexander
mra4d at virginia.edu
Wed Oct 19 19:57:01 CDT 2005
Does anyone know if there a way to get Radiator to authenticate against something besides the username? I want it to authenticate by looking for the calling-station-id in a database, but it keeps failing. From the log, it looks like Radiator is still trying to match the username. Or maybe something else is going on...
Thanks,
Matt
Here is my AuthBySQL:
<AuthBy SQL>
Identifier MachineCache
EAPType MSCHAP-V2
DBSource DBI:mysql:radiator:127.0.0.1
DBUsername user
DBAuth pass
AuthSelect select CALLINGSTATIONID from MACHINECACHE where CALLINGSTATIONID = "%{Calling-Station-Id}"
AuthColumnDef 0, Calling-Station-Id, check
</AuthBy>
My database looks like this:
+---------------------+-------------------+
| TIMESTAMP | CALLINGSTATIONID |
+---------------------+-------------------+
| 2005-10-19 15:48:38 | 00-09-6B-90-49-C8 |
| 2005-10-19 15:49:43 | 00-09-6B-90-49-C8 |
| 2005-10-19 15:51:19 | 00-09-6B-90-49-C8 |
+---------------------+-------------------+
The trace:
Wed Oct 19 15:54:26 2005: DEBUG: Handling request with Handler 'TunnelledByPEAP=1'
Wed Oct 19 15:54:26 2005: DEBUG: Deleting session for HSCDOM\mra4d, 10.4.250.8, 50009
Wed Oct 19 15:54:26 2005: DEBUG: Handling with Radius::AuthSQL
Wed Oct 19 15:54:26 2005: DEBUG: Handling with Radius::AuthSQL: MachineCache
Wed Oct 19 15:54:26 2005: DEBUG: Handling with EAP: code 2, 25, 67
Wed Oct 19 15:54:26 2005: DEBUG: Response type 26
Wed Oct 19 15:54:26 2005: DEBUG: Query is:
'select CALLINGSTATIONID from MACHINECACHE where CALLINGSTATIONID = "00-09-6B-90-49-C8"':
Wed Oct 19 15:54:26 2005: DEBUG: Radius::AuthSQL looks for match with HSCDOM\mra4d [HSCDOM\mra4d]
Wed Oct 19 15:54:26 2005: DEBUG: Radius::AuthSQL ACCEPT: : HSCDOM\mra4d [HSCDOM\mra4d]
Wed Oct 19 15:54:26 2005: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication failure
Wed Oct 19 15:54:26 2005: DEBUG: AuthBy SQL result: REJECT, EAP MSCHAP-V2 Authentication failure
Wed Oct 19 15:54:26 2005: INFO: Access rejected for HSCDOM\mra4d: EAP MSCHAP-V2 Authentication failure
Wed Oct 19 15:54:26 2005: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Reject
My entire config file:
LogDir /var/log/radius/
DbDir /etc/radiator/
Trace 4
AuthPort 1645,1812
AcctPort 1646,1813
<Client DEFAULT>
Secret asdf
DupInterval 0
</Client>
<AuthBy NTLM>
Identifier MachineAuth
Domain HSCDOM
EAPType MSCHAP-V2
</AuthBy>
<AuthBy NTLM>
Identifier UserAuth
Domain HSCDOM
EAPType MSCHAP-V2
</AuthBy>
<AuthBy SQL>
Identifier MachineCache
EAPType MSCHAP-V2
DBSource DBI:mysql:radiator:127.0.0.1
DBUsername user
DBAuth pass
AuthSelect select CALLINGSTATIONID from MACHINECACHE where CALLINGSTATIONID = "%{Call
ing-Station-Id}"
AuthColumnDef 0, Calling-Station-Id, check
</AuthBy>
<AuthBy FILE>
Identifier PEAPOuterAuth
EAPAnonymous %0
Filename %D/users
EAPType PEAP
EAPTLS_CAFile %D/certificates/cacert.pem
EAPTLS_CertificateFile %D/certificates/Lisa-cert.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/Lisa-key.pem
EAPTLS_PrivateKeyPassword whatever
AutoMPPEKeys
SSLeayTrace 4
EAPTLS_SessionResumptionLimit 0
EAPTLS_PEAPVersion 0
</AuthBy>
<Handler TunnelledByPEAP=1,User-Name=/^host\//>
AuthBy MachineAuth
PostAuthHook file:"%D/writecache.pl"
</Handler>
<Handler TunnelledByPEAP=1>
AuthByPolicy ContinueWhileAccept
AuthBy MachineCache
AuthBy UserAuth
</Handler>
<Handler>
AuthBy PEAPOuterAuth
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20051019/ec88a726/attachment.html>
More information about the radiator
mailing list