(RADIATOR) PM3 and completing Authenication

Mike Gomez mgomez at iland.net
Wed May 3 09:15:18 CDT 2006 

This unfortunately didn't seem to help.  I still get the same thing, it just 
cycles over and over again.  There aren't any firewalls between, the PM3 
plugs into a vlan switch and then to the same router that the radius server 
plugs into, via the same vlan switch.  I didn't see any access lists on the 
router that would block this traffic.  

I've looked up the PM3 manuals and troubleshooting guides online, but I didn't 
really see anything in particular on what it wanted as a reply attribute 
specifically.  Has anyone setup radiator to work with a PM3?  If so, care to 
share the config? ;)

Thanks!
--
Mike Gomez

On Monday 17 April 2006 19:02, Hugh Irvine wrote:
> Hello Mike -
>
> You should check the PM3 documentation for details, although
> typical reply attributes that you might try are these:
>
>
>  <AuthBy SQL>
>   .....
>   AddToReply Service-Type = Framed-User, \
>    Framed-Protocol = PPP
>  </AuthBy>
>
>
> However from what you describe it could also be that there are
> filters or firewalls blocking the return path to the PM3.
>
> hope that helps
>
> regards
>
> Hugh
>
> On 17 Apr 2006, at 19:19, Mike Gomez wrote:
> > Hi there,
> >
> > I'm trying to setup radiator to be used by some PM3 units.  When I
> > have users
> > try to connect, it says "AuthBy SQL result: ACCEPT" in the logs,
> > but the PM3
> > never lets the user authenticate, it just retries over and over
> > again.  I saw
> > an email on the mailing list that was the exact same problem
> > (http://www.open.com.au/archives/radiator/2002-02/msg00215.html)
> > and it was
> > stated it could be a reply attribute problem, but I didn't see a
> > solution
> > ever posted.  I'm posting my cfg file and the output of my logs.
> > If someone
> > could tell me what I'm doing wrong, I would be very thankful! :)
> >
> > radius.cfg(with secrets and IPs X'd out):
> > LogFile %L/%Y%m-logfile
> > LogDir          /var/log/radius/
> > DbDir           .
> > # User a lower trace level in production systems:
> > Trace           4
> >
> > # You will probably want to add other Clients to suit your site,
> > # one for each NAS you want to work with
> > <Client DEFAULT>
> >         Secret  mysecret
> >         DupInterval 0
> > </Client>
> > <SessionDatabase SQL>
> > Identifier InSQL
> > DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> >        DBUsername XXXX
> >        DBAuth XXXXX
> >       </SessionDatabase>
> > <Realm DEFAULT>
> > RewriteUsername s/^([^@]+)$/$1\@hopper.net/
> > <AuthBy SQL>
> >         DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> >           DBUsername XXXX
> >              DBAuth XXXX
> > AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \
> >         from SUBSCRIBERS \
> >                 where USERNAME = '%n'
> > AccountingTable ACCT%Y%m
> >                 AcctColumnDef    USERNAME,User-Name
> >                 AcctColumnDef    TIME_STAMP,Timestamp,integer-date
> >                 AcctColumnDef    ACCTSTATUSTYPE,Acct-Status-Type
> >                 AcctColumnDef    ACCTDELAYTIME,Acct-Delay-Time,integer
> >                 AcctColumnDef    ACCTINPUTOCTETS,Acct-Input-
> > Octets,integer
> >                 AcctColumnDef    ACCTOUTPUTOCTETS,Acct-Output-
> > Octets,integer
> >                 AcctColumnDef    ACCTSESSIONID,Acct-Session-Id
> >                 AcctColumnDef    ACCTSESSIONTIME,Acct-Session-
> > Time,integer
> >                 AcctColumnDef    ACCTTERMINATECAUSE,Acct-Terminate-
> > Cause
> >                 AcctColumnDef    ACCTTERMINATECAUSE,Ascend-
> > Disconnect-Cause
> >                 AcctColumnDef    NASPORT_TYPE,NAS-Port-Type
> >                 AcctColumnDef    NASADDRESS,NAS-IP-Address
> >                 AcctColumnDef    FRAMEDADDRESS,Framed-IP-Address
> >                 AcctColumnDef    NASIDENTIFIER,NAS-Identifier
> >                 AcctColumnDef    NASPORT,NAS-Port,integer
> >                 AcctColumnDef    USRCONSPEED,Connect-Speed
> >                 AcctColumnDef    USRCONSPEED,Connect-Info
> >                 AcctColumnDef    MODULATION,Modulation-Type
> >                 AcctColumnDef    CSI,Calling-Station-Id
> >
> >
> >         </AuthBy>
> >         # Log accounting to a detail file
> >         AcctLogFileName ./detail
> > </Realm>
> >
> >
> >
> > Log file:
> > *** Received from 209.192.77.5 port 3461 ....
> > Code:       Access-Request
> > Identifier: 22
> > Authentic:
> > <178><233><157><255><166>,<163><30>g<205><14>s<144><19><245>
> > Attributes:
> >         User-Name = "test"
> >         CHAP-Password =
> > "<1><218><232><211>b<194><127>X<177>_<243><242>936<192><
> > 188>"
> >         NAS-IP-Address = xxx.xxx.xxx.xxx
> >         NAS-Port = 1
> >         NAS-Port-Type = Async
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         Connect-Info = "26400 LAPM/NONE"
> >         Called-Station-Id = "xxxx"
> >         Calling-Station-Id = "xxxx"
> >
> > Mon Apr 17 04:12:43 2006: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Mon Apr 17 04:12:43 2006: DEBUG: Rewrote user name to test at hopper.net
> > Mon Apr 17 04:12:43 2006: DEBUG: InSQL Deleting session for test,
> > xxx.xxx.xxx.xxx, 1
> > Mon Apr 17 04:12:43 2006: DEBUG: do query is: 'delete from
> > RADONLINE where
> > NASID
> > ENTIFIER='209.192.77.5' and NASPORT=01':
> > Mon Apr 17 04:12:43 2006: DEBUG: Handling with Radius::AuthSQL
> > Mon Apr 17 04:12:43 2006: DEBUG: Handling with Radius::AuthSQL:
> >
> > Mon Apr 17 04:12:43 2006: DEBUG: Query is: 'select
> > PASSWORD,CHECKATTR,REPLYATTR
> > from SUBSCRIBERS where USERNAME = 'test at hopper.net'':
> > Mon Apr 17 04:12:43 2006: DEBUG: Radius::AuthSQL looks for match
> > with test@
> > hopper.net [ledmo4798]
> >
> > Mon Apr 17 04:12:43 2006: DEBUG: Radius::AuthSQL ACCEPT: :
> > test at hopper.net
> > [test]
> > Mon Apr 17 04:12:43 2006: DEBUG: AuthBy SQL result: ACCEPT,
> > Mon Apr 17 04:12:43 2006: DEBUG: Access accepted for test at hopper.net
> > Mon Apr 17 04:12:43 2006: DEBUG: Packet dump:
> > *** Sending to 209.192.77.5 port 3461 ....
> > Code:       Access-Accept
> > Identifier: 22
> > Authentic:
> > <178><233><157><255><166>,<163><30>g<205><14>s<144><19><245>
> > Attributes:
> >
> >
> >
> >
> > And then it just repeats this same sequence about 6 times before
> > giving up.
> >
> > Thanks!
> > --
> > Mike Gomez
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?

-- 
Mike Gomez
Network Operations Center
I-Land Internet Services
660.829.4638 Ext. 130

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list