(RADIATOR) Radiator Thinks User Password Should be "update"

Jason Haltom jasonh at ideateksystems.com
Thu Sep 21 17:26:06 CDT 2006

Howdy all,

Not sure on the best way to show logs for this.  But some time within
the last month or so Radiator has randomly started thinking some people
should be using the password "update" even though the user's password
clearly is not.  It is not consistent with who it does this too.  It
does this across all of our realms that use the authby sql clause.

Example password log file:
Mon Sep 11 14:39:41 2006:1158003581:bjs66:bjohn:bjohn66:FAIL
Mon Sep 11 14:39:41 2006:1158003581:bjs66:bjohn:update:FAIL
Mon Sep 11 14:40:29 2006:1158003629:bjs66:bjohn66:bjohn66:PASS

As you can see the first time the customer tried logging in Radiator was
looking at the correct password but the user typed the wrong one.  The
second time it thought the password should be "update" and the third
time the password was ok with both the user and Radiator.

Follow the user "alliswell", you can see only they had problems for a
6min period in this log.
Tue Sep 19 16:54:05 2006:1158702845:surface:nikki:nikki:PASS
Tue Sep 19 16:55:26 2006:1158702926:alliswell:kalani1:update:FAIL
Tue Sep 19 16:55:30 2006:1158702930:snapps:tiki13:tiki13:PASS
Tue Sep 19 16:56:26 2006:1158702986:alliswell:kalani1:update:FAIL
Tue Sep 19 16:56:27 2006:1158702987:olnb:orasa76:orasa76:PASS
Tue Sep 19 16:56:48 2006:1158703008:kooljax:wyoming79:wyoming79:PASS
Tue Sep 19 16:57:22 2006:1158703042:alliswell:kalani1:update:FAIL
Tue Sep 19 17:01:25 2006:1158703285:njs6415:pepper:pepper:PASS
Tue Sep 19 17:01:28 2006:1158703288:hldalke:herman:herman:PASS
Tue Sep 19 17:01:29 2006:1158703289:br16:cclr0301:cclr0301:PASS
Tue Sep 19 17:03:38 2006:1158703418:alliswell:kalani1:kalani1:PASS
User tried 4 times, the first 3 failed as the system thought their
password should be "update".

We are using a simple MySQL query to pull the user info and
There is only 1 user in the database with the password of "update",
username is "default".  Not sure where that username is from, maybe it
just got left in from the initial database setup.  However it should not
be pulling that password for random users.

  Description Some NAS
  Secret SomeSecret
  DefaultRealm pxs
  NasType unknown
<Handler Realm=pxs>
  AuthByPolicy ContinueWhileAccept
  RewriteUsername s/\@pxs//
  AuthBy PxsFilterAndAccounting
  SessionDatabase sessionDB
  FramedGroup 2
  AuthLog globalauthlog
  PasswordLogFileName /var/log/radiator/norlm-pass.log
<AuthBy SQL>
  Identifier PxsFilterAndAccounting
  AccountingTable accounting
  AcctColumnDef USERNAME, User-Name
  AcctColumnDef TIME_STAMP Timestamp, timestamp
  AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
  AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time, integer
  AcctColumnDef ACCTINPUTOCTETS, Acct-Input-Octets, integer
  AcctColumnDef ACCTOUTPUTOCTETS, Acct-Output-Octets, integer
  AcctColumnDef ACCTSESSIONID, Acct-Session-Id
  AcctColumnDef ACCTSESSIONTIME, Acct-Session-Time, integer
  AcctColumnDef ACCTTERMINATECAUSE, Acct-Terminate-Cause
  AcctColumnDef NASIDENTIFIER, NAS-IP-Address
  AcctColumnDef NASPORT, NAS-Port, integer
  AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
  AcctColumnDef CONNECTINFO, Connect-Info
  AcctColumnDef CALLERID, Calling-Station-Id
  AcctColumnDef CALLEDID, Called-Station-Id
  AcctColumnDef TERMINATEDETAIL, LE-Terminate-Detail
  AuthColumnDef 0, Password, check
  AuthColumnDef 1, Idle-Timeout, reply
  AuthColumnDef 2, Session-Timeout, reply
  AuthColumnDef 3, Simultaneous-Use, check
  AuthColumnDef 4, Framed-IP-Address, reply
  AuthColumnDef 5, Framed-Route, reply
  AuthColumnDef 6, Framed-Routing, reply
and STATE!='1'
  DBSource dbi:mysql:radius:localhost
  DBUsername *removed*
  DBAuth *removed*
  FailureBackoffTime 30
  Timeout 30
  DefaultSimultaneousUse 2

Anyone have any ideas on this?


No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.12.6/453 - Release Date:

Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list