(RADIATOR) PM3 and completing Authenication
Hugh Irvine
hugh at open.com.au
Mon Apr 17 19:02:10 CDT 2006
Hello Mike -
You should check the PM3 documentation for details, although
typical reply attributes that you might try are these:
<AuthBy SQL>
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP
</AuthBy>
However from what you describe it could also be that there are
filters or firewalls blocking the return path to the PM3.
hope that helps
regards
Hugh
On 17 Apr 2006, at 19:19, Mike Gomez wrote:
> Hi there,
>
> I'm trying to setup radiator to be used by some PM3 units. When I
> have users
> try to connect, it says "AuthBy SQL result: ACCEPT" in the logs,
> but the PM3
> never lets the user authenticate, it just retries over and over
> again. I saw
> an email on the mailing list that was the exact same problem
> (http://www.open.com.au/archives/radiator/2002-02/msg00215.html)
> and it was
> stated it could be a reply attribute problem, but I didn't see a
> solution
> ever posted. I'm posting my cfg file and the output of my logs.
> If someone
> could tell me what I'm doing wrong, I would be very thankful! :)
>
> radius.cfg(with secrets and IPs X'd out):
> LogFile %L/%Y%m-logfile
> LogDir /var/log/radius/
> DbDir .
> # User a lower trace level in production systems:
> Trace 4
>
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
> <SessionDatabase SQL>
> Identifier InSQL
> DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> DBUsername XXXX
> DBAuth XXXXX
> </SessionDatabase>
> <Realm DEFAULT>
> RewriteUsername s/^([^@]+)$/$1\@hopper.net/
> <AuthBy SQL>
> DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> DBUsername XXXX
> DBAuth XXXX
> AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \
> from SUBSCRIBERS \
> where USERNAME = '%n'
> AccountingTable ACCT%Y%m
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-
> Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-
> Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-
> Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-
> Cause
> AcctColumnDef ACCTTERMINATECAUSE,Ascend-
> Disconnect-Cause
> AcctColumnDef NASPORT_TYPE,NAS-Port-Type
> AcctColumnDef NASADDRESS,NAS-IP-Address
> AcctColumnDef FRAMEDADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef USRCONSPEED,Connect-Speed
> AcctColumnDef USRCONSPEED,Connect-Info
> AcctColumnDef MODULATION,Modulation-Type
> AcctColumnDef CSI,Calling-Station-Id
>
>
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName ./detail
> </Realm>
>
>
>
> Log file:
> *** Received from 209.192.77.5 port 3461 ....
> Code: Access-Request
> Identifier: 22
> Authentic:
> <178><233><157><255><166>,<163><30>g<205><14>s<144><19><245>
> Attributes:
> User-Name = "test"
> CHAP-Password =
> "<1><218><232><211>b<194><127>X<177>_<243><242>936<192><
> 188>"
> NAS-IP-Address = xxx.xxx.xxx.xxx
> NAS-Port = 1
> NAS-Port-Type = Async
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Connect-Info = "26400 LAPM/NONE"
> Called-Station-Id = "xxxx"
> Calling-Station-Id = "xxxx"
>
> Mon Apr 17 04:12:43 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Apr 17 04:12:43 2006: DEBUG: Rewrote user name to test at hopper.net
> Mon Apr 17 04:12:43 2006: DEBUG: InSQL Deleting session for test,
> xxx.xxx.xxx.xxx, 1
> Mon Apr 17 04:12:43 2006: DEBUG: do query is: 'delete from
> RADONLINE where
> NASID
> ENTIFIER='209.192.77.5' and NASPORT=01':
> Mon Apr 17 04:12:43 2006: DEBUG: Handling with Radius::AuthSQL
> Mon Apr 17 04:12:43 2006: DEBUG: Handling with Radius::AuthSQL:
>
> Mon Apr 17 04:12:43 2006: DEBUG: Query is: 'select
> PASSWORD,CHECKATTR,REPLYATTR
> from SUBSCRIBERS where USERNAME = 'test at hopper.net'':
> Mon Apr 17 04:12:43 2006: DEBUG: Radius::AuthSQL looks for match
> with test@
> hopper.net [ledmo4798]
>
> Mon Apr 17 04:12:43 2006: DEBUG: Radius::AuthSQL ACCEPT: :
> test at hopper.net
> [test]
> Mon Apr 17 04:12:43 2006: DEBUG: AuthBy SQL result: ACCEPT,
> Mon Apr 17 04:12:43 2006: DEBUG: Access accepted for test at hopper.net
> Mon Apr 17 04:12:43 2006: DEBUG: Packet dump:
> *** Sending to 209.192.77.5 port 3461 ....
> Code: Access-Accept
> Identifier: 22
> Authentic:
> <178><233><157><255><166>,<163><30>g<205><14>s<144><19><245>
> Attributes:
>
>
>
>
> And then it just repeats this same sequence about 6 times before
> giving up.
>
> Thanks!
> --
> Mike Gomez
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list