(RADIATOR) PM3 and completing Authenication

Mike Gomez mgomez at iland.net
Mon Apr 17 04:19:27 CDT 2006 

Hi there,

I'm trying to setup radiator to be used by some PM3 units.  When I have users 
try to connect, it says "AuthBy SQL result: ACCEPT" in the logs, but the PM3 
never lets the user authenticate, it just retries over and over again.  I saw 
an email on the mailing list that was the exact same problem 
(http://www.open.com.au/archives/radiator/2002-02/msg00215.html) and it was 
stated it could be a reply attribute problem, but I didn't see a solution 
ever posted.  I'm posting my cfg file and the output of my logs.  If someone 
could tell me what I'm doing wrong, I would be very thankful! :)

radius.cfg(with secrets and IPs X'd out):
LogFile %L/%Y%m-logfile
LogDir          /var/log/radius/
DbDir           .
# User a lower trace level in production systems:
Trace           4

# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
        Secret  mysecret
        DupInterval 0
</Client>
<SessionDatabase SQL>
Identifier InSQL
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
       DBUsername XXXX
       DBAuth XXXXX
      </SessionDatabase>
<Realm DEFAULT>
RewriteUsername s/^([^@]+)$/$1\@hopper.net/
<AuthBy SQL>
        DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
          DBUsername XXXX
             DBAuth XXXX
AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \
        from SUBSCRIBERS \
                where USERNAME = '%n'
AccountingTable ACCT%Y%m
                AcctColumnDef    USERNAME,User-Name
                AcctColumnDef    TIME_STAMP,Timestamp,integer-date
                AcctColumnDef    ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef    ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef    ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef    ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef    ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef    ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef    ACCTTERMINATECAUSE,Acct-Terminate-Cause
                AcctColumnDef    ACCTTERMINATECAUSE,Ascend-Disconnect-Cause
                AcctColumnDef    NASPORT_TYPE,NAS-Port-Type
                AcctColumnDef    NASADDRESS,NAS-IP-Address
                AcctColumnDef    FRAMEDADDRESS,Framed-IP-Address
                AcctColumnDef    NASIDENTIFIER,NAS-Identifier
                AcctColumnDef    NASPORT,NAS-Port,integer
                AcctColumnDef    USRCONSPEED,Connect-Speed
                AcctColumnDef    USRCONSPEED,Connect-Info
                AcctColumnDef    MODULATION,Modulation-Type
                AcctColumnDef    CSI,Calling-Station-Id


        </AuthBy>
        # Log accounting to a detail file
        AcctLogFileName ./detail
</Realm>



Log file:
*** Received from 209.192.77.5 port 3461 ....
Code:       Access-Request
Identifier: 22
Authentic:  <178><233><157><255><166>,<163><30>g<205><14>s<144><19><245>
Attributes:
        User-Name = "test"
        CHAP-Password = 
"<1><218><232><211>b<194><127>X<177>_<243><242>936<192><
188>"
        NAS-IP-Address = xxx.xxx.xxx.xxx
        NAS-Port = 1
        NAS-Port-Type = Async
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Connect-Info = "26400 LAPM/NONE"
        Called-Station-Id = "xxxx"
        Calling-Station-Id = "xxxx"

Mon Apr 17 04:12:43 2006: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Apr 17 04:12:43 2006: DEBUG: Rewrote user name to test at hopper.net
Mon Apr 17 04:12:43 2006: DEBUG: InSQL Deleting session for test, 
xxx.xxx.xxx.xxx, 1
Mon Apr 17 04:12:43 2006: DEBUG: do query is: 'delete from RADONLINE where 
NASID
ENTIFIER='209.192.77.5' and NASPORT=01':
Mon Apr 17 04:12:43 2006: DEBUG: Handling with Radius::AuthSQL
Mon Apr 17 04:12:43 2006: DEBUG: Handling with Radius::AuthSQL:

Mon Apr 17 04:12:43 2006: DEBUG: Query is: 'select 
PASSWORD,CHECKATTR,REPLYATTR
from SUBSCRIBERS where USERNAME = 'test at hopper.net'':
Mon Apr 17 04:12:43 2006: DEBUG: Radius::AuthSQL looks for match with test@
hopper.net [ledmo4798]

Mon Apr 17 04:12:43 2006: DEBUG: Radius::AuthSQL ACCEPT: : test at hopper.net
[test]
Mon Apr 17 04:12:43 2006: DEBUG: AuthBy SQL result: ACCEPT,
Mon Apr 17 04:12:43 2006: DEBUG: Access accepted for test at hopper.net
Mon Apr 17 04:12:43 2006: DEBUG: Packet dump:
*** Sending to 209.192.77.5 port 3461 ....
Code:       Access-Accept
Identifier: 22
Authentic:  <178><233><157><255><166>,<163><30>g<205><14>s<144><19><245>
Attributes:




And then it just repeats this same sequence about 6 times before giving up.

Thanks!
-- 
Mike Gomez

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list