(RADIATOR) dumb question about "Radius::AuthFILE looks for match with []"

Mike McCauley mikem at open.com.au
Mon Jan 9 19:13:30 CST 2006


Hello Andrew,

On Tuesday 10 January 2006 10:27, Andrew Fort wrote:
> Okay so I have a dumb question, but I can't work this out.
Thanks for reporting this.
It turns out it was our fault, not yours. A recent patch to ServerTACACSPLUS 
broke this part of the code (I assume you had the patches installed?). We 
have now fixed this problem and issued a new patch set, which you can 
download from the web site.

We apologise for this problem.
Please let me know how you get on.

Cheers.


>
> I'm trying to test a very basic AuthFILE based <ServerTACACPLUS> stanza.
>   I have a much more complex configuration, using {Auth,Acct}BySQL
> working on other hosts.
>
> I'm using the Radiator-3.13 included goodies/tacacsplusserver.cfg file
> (ONLY change is the tacacs+ shared Key), and the included two users from
> the demo users file, just incase i'm being extra dumb.  I've removed the
> 'tacacsgroup' reply attribute as it's not defined in the dictionary
> (though it appears that internally added attributes don't need to be
> defined in the dictionary?).
>
> --users file--
> tacuser1 User-Password=tacuser1
> tacuser2 User-Password=tacuser2
> --users file--
>
> So, when I run the radiusd, and attempt to login from the cisco using
> 'tacuser1' and 'tacuser1', I get this:
>
> --log--
> # /usr/local/bin/radiusd -config_file /tmp/tacacsplusserver.cfg
> Tue Jan 10 11:19:19 2006: DEBUG: Creating TACACSPLUS port 0.0.0.0:49
> Tue Jan 10 11:19:19 2006: DEBUG: Finished reading configuration file
> '/tmp/tacacsplusserver.cfg'
> Tue Jan 10 11:19:19 2006: DEBUG: Reading dictionary file './dictionary'
> Tue Jan 10 11:19:20 2006: NOTICE: Server started: Radiator 3.13 on box3.lab
> Tue Jan 10 11:19:22 2006: DEBUG: New TacacsplusConnection created for
> 192.168.1.34:62098
> Tue Jan 10 11:19:22 2006: DEBUG: TacacsplusConnection request 192, 1, 1,
> 0, 1803428813, 25
> Tue Jan 10 11:19:22 2006: DEBUG: TacacsplusConnection Authentication
> START 1, 1, 1 for , tty2, 192.168.1.253
> Tue Jan 10 11:19:22 2006: DEBUG: TacacsplusConnection Authentication
> REPLY 4, 0, Username: ,
> Tue Jan 10 11:19:27 2006: DEBUG: TacacsplusConnection request 192, 1, 3,
> 0, 1803428813, 13
> Tue Jan 10 11:19:27 2006: DEBUG: TacacsplusConnection Authentication
> CONTINUE 0, tacuser1,
> Tue Jan 10 11:19:27 2006: DEBUG: TacacsplusConnection Authentication
> REPLY 5, 1, Password: ,
> Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection request 192, 1, 5,
> 0, 1803428813, 13
> Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection Authentication
> CONTINUE 0, tacuser1,
> Tue Jan 10 11:19:28 2006: DEBUG: TACACSPLUS derived Radius request
> packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <243>J<217>F<210><0>)a<129>?;<154>n<220><131><25>
> Attributes:
>          NAS-IP-Address = 192.168.1.34
>          NAS-Port-Id = "tty2"
>          Calling-Station-Id = "192.168.1.253"
>          Service-Type = Login-User
>          NAS-Identifier = "TACACS"
>          User-Name = "tacuser1"
>          User-Password = tacuser1
>
> Tue Jan 10 11:19:28 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jan 10 11:19:28 2006: DEBUG:  Deleting session for , 192.168.1.34,
> Tue Jan 10 11:19:28 2006: DEBUG: Handling with Radius::AuthFILE:
> Tue Jan 10 11:19:28 2006: DEBUG: Radius::AuthFILE looks for match with  []
> Tue Jan 10 11:19:28 2006: DEBUG: Radius::AuthFILE REJECT: No such user:  []
> Tue Jan 10 11:19:28 2006: DEBUG: Reading users file ./users
> Tue Jan 10 11:19:28 2006: DEBUG: AuthBy FILE result: REJECT, No such user
> Tue Jan 10 11:19:28 2006: INFO: Access rejected for : No such user
> Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection result Access-Reject
> Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection Authentication
> REPLY 2, 0, ,
> Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection disconnected from
> 192.168.1.34:62098
> Tue Jan 10 11:19:30 2006: DEBUG: New TacacsplusConnection created for
> 192.168.1.34:11338
> Tue Jan 10 11:19:30 2006: DEBUG: TacacsplusConnection request 192, 1, 1,
> 0, 1102023088, 25
> Tue Jan 10 11:19:30 2006: DEBUG: TacacsplusConnection Authentication
> START 1, 1, 1 for , tty2, 192.168.1.253
> Tue Jan 10 11:19:30 2006: DEBUG: TacacsplusConnection Authentication
> REPLY 4, 0, Username: ,
> Tue Jan 10 11:20:01 2006: DEBUG: TacacsplusConnection disconnected from
> 192.168.1.34:11338
> --log--
>
> Note the line "Tue Jan 10 11:19:28 2006: DEBUG: Radius::AuthFILE looks
> for match with  []".
>
> What's going wrong?  Why isn't AuthFILE seeing the username?
>
> Using AuthTEST works fine.
>
> Cheers,
> Andrew
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list