(RADIATOR) Problem with OTP/Radmin and Cisco VPN 3000
Haakan Olofsson
olofson at dax.net
Wed Mar 14 08:02:41 CST 2007
Hello
I simply love your radius server.. but now when i try to make this
otp-part work. basicly its from your goodiesdirectory, and it seems
like i never get to the otp-part in this config.
OS: FreeBSD 6.2-RELEASE #0
Perl: v5.8.8
VPN: Cisco VPN 3000
VPN-klient: Cisco vpn klient for windows, mac, linux aswell a ported
version for FBSD
I have this Radius server running in a cisco vpn 3000 enviroment,
together with Ciscos vpnclient
At first it checks the grouppassword and after that, the user shall login.
I get it logged in by using password since i dont get the OTP part to work
in the bottom of the mail you will find the cfg file
The password stated is not used by us. :)
Hope to hear from you soon...
With regards
Haakan Olofsson
afasdf# radiusd -config_file /etc/radiator/radmin_otp_internode.cfg
Wed Mar 14 13:28:55 2007: DEBUG: Finished reading configuration file
'/etc/radiator/radmin_otp_internode.cfg'
This Radiator license will expire on 2007-05-30
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au
Wed Mar 14 13:28:55 2007: DEBUG: Reading dictionary file
'/etc/radiator/dictionary.cisco'
Wed Mar 14 13:28:55 2007: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Mar 14 13:28:55 2007: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Mar 14 13:28:55 2007: NOTICE: Server started: Radiator 3.16 on
test.radius.server (LOCKED)
Wed Mar 14 13:28:59 2007: ERR: Attribute number 66 is not defined in
your dictionary
Wed Mar 14 13:28:59 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code: Accounting-Request
Identifier: 6
Authentic: w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
Attributes:
User-Name = "user1"
NAS-Port = 1830
Service-Type = Framed
Framed-Protocol = PPP
Framed-IP-Address = 10.0.200.140
Class = "testme"
Calling-Station-Id = "192.168.254.254"
Acct-Status-Type = Stop
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Session-Id = "FB0003EA"
Acct-Session-Time = 51
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Terminate-Cause = User-Request
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:28:59 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:28:59 2007: DEBUG: Deleting session for user1, 10.0.202.2, 1830
Wed Mar 14 13:28:59 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:28:59 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:28:59 2007: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,
OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPOR
Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:00 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:00 2007: ERR: Attribute number 66 is not defined in
your dictionary
Wed Mar 14 13:29:00 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code: Accounting-Request
Identifier: 6
Authentic: w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
Attributes:
User-Name = "user1"
NAS-Port = 1830
Service-Type = Framed
Framed-Protocol = PPP
Framed-IP-Address = 10.0.200.140
Class = "testme"
Calling-Station-Id = "192.168.254.254"
Acct-Status-Type = Stop
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Session-Id = "FB0003EA"
Acct-Session-Time = 51
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Terminate-Cause = User-Request
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:29:00 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:00 2007: DEBUG: Deleting session for user1, 10.0.202.2, 1830
Wed Mar 14 13:29:00 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:00 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,
OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPOR
Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:00 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined in
your dictionary
Wed Mar 14 13:29:01 2007: ERR: Attribute number 22 (vendor 3076) is
not defined in your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1552 ....
Code: Access-Request
Identifier: 23
Authentic: <245><246>FOrw<246>$<239><18><236><31><160>!<188>l
Attributes:
User-Name = "testme"
User-Password =
"<145>Bt<218>Y<252><161>"<143><31>)<211><220><222><7>m"
NAS-Port = 0
Service-Type = Framed
Framed-Protocol = PPP
Called-Station-Id = "192.168.1.250"
Calling-Station-Id = "192.168.254.254"
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG: Deleting session for testme, 10.0.202.2, 0
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined in
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,
VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where
NAME='testme' order by ITEM_TYPE':
Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match
with testme [testme]
Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to: 1173713699
Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to: 1205280000
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=0 where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Sending to 10.0.202.2 port 1552 ....
Code: Access-Accept
Identifier: 23
Authentic: <245><246>FOrw<246>$<239><18><236><31><160>!<188>l
Attributes:
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1552 ....
Code: Access-Request
Identifier: 24
Authentic: &<209><16><139><172><191>6>crt)f<146>R<221>
Attributes:
User-Name = "testme"
User-Password =
"(<9>q<131>s<161><228>:<199><143><0><18><155><133><177><30>"
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG: Deleting session for testme, 10.0.202.2,
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined in
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,
VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where
NAME='testme' order by ITEM_TYPE':
Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match
with testme [testme]
Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to: 1173713699
Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to: 1205280000
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=0 where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Sending to 10.0.202.2 port 1552 ....
Code: Access-Accept
Identifier: 24
Authentic: &<209><16><139><172><191>6>crt)f<146>R<221>
Attributes:
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1552 ....
Code: Access-Request
Identifier: 25
Authentic: ?<233><155>dP<153><217><28>D<200><230><156><136><238><183>\
Attributes:
User-Name = "testme"
User-Password = "<6><182>n<203>,7f<132>V<16>J<245>"D|<31>"
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG: Deleting session for testme, 10.0.202.2,
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined in
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,
VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where
NAME='testme' order by ITEM_TYPE':
Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match
with testme [testme]
Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to: 1173713699
Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to: 1205280000
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=0 where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Sending to 10.0.202.2 port 1552 ....
Code: Access-Accept
Identifier: 25
Authentic: ?<233><155>dP<153><217><28>D<200><230><156><136><238><183>\
Attributes:
Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined in
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code: Accounting-Request
Identifier: 7
Authentic: <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
Attributes:
User-Name = "user1"
NAS-Port = 1831
Service-Type = Framed
Framed-Protocol = PPP
Framed-IP-Address = 10.0.200.140
Class = "testme"
Calling-Station-Id = "192.168.254.254"
Acct-Status-Type = Start
Acct-Session-Id = "FB0003EB"
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG: Adding session for user1, 10.0.202.2, 1831
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.0
Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined in
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code: Accounting-Request
Identifier: 6
Authentic: w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
Attributes:
User-Name = "user1"
NAS-Port = 1830
Service-Type = Framed
Framed-Protocol = PPP
Framed-IP-Address = 10.0.200.140
Class = "testme"
Calling-Station-Id = "192.168.254.254"
Acct-Status-Type = Stop
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Session-Id = "FB0003EA"
Acct-Session-Time = 51
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Terminate-Cause = User-Request
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG: Deleting session for user1, 10.0.202.2, 1830
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,
OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPOR
Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:02 2007: ERR: Attribute number 66 is not defined in
your dictionary
Wed Mar 14 13:29:02 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code: Accounting-Request
Identifier: 7
Authentic: <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
Attributes:
User-Name = "user1"
NAS-Port = 1831
Service-Type = Framed
Framed-Protocol = PPP
Framed-IP-Address = 10.0.200.140
Class = "testme"
Calling-Station-Id = "192.168.254.254"
Acct-Status-Type = Start
Acct-Session-Id = "FB0003EB"
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:29:02 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:02 2007: DEBUG: Adding session for user1, 10.0.202.2, 1831
Wed Mar 14 13:29:02 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:02 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:02 2007: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
Wed Mar 14 13:29:02 2007: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.0
Wed Mar 14 13:29:02 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:02 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:02 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:03 2007: ERR: Attribute number 66 is not defined in
your dictionary
Wed Mar 14 13:29:03 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code: Accounting-Request
Identifier: 7
Authentic: <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
Attributes:
User-Name = "user1"
NAS-Port = 1831
Service-Type = Framed
Framed-Protocol = PPP
Framed-IP-Address = 10.0.200.140
Class = "testme"
Calling-Station-Id = "192.168.254.254"
Acct-Status-Type = Start
Acct-Session-Id = "FB0003EB"
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = 10.0.202.2
NAS-Port-Type = Virtual
Wed Mar 14 13:29:03 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:03 2007: DEBUG: Adding session for user1, 10.0.202.2, 1831
Wed Mar 14 13:29:03 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:03 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:03 2007: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
Wed Mar 14 13:29:03 2007: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.0
Wed Mar 14 13:29:03 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:03 2007: ERR: do failed for 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME)
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:03 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
---------------------------------------------------------------------------------------------------------------------------------------
afasdf# cat radmin_otp_internode.cfg
# radmin_otp_internode.cfg
#
# Example Radiator configuration file showing how to do One-Time-Passwords
# delivered by SMS, using the Internode NodeText Gateway, a
commercial SMS gateway
# available from Internode in Australia.
#
# The NodeText Gateway is a high reliability, high performance SMS Gateway
# for Australian SMS numbers. Works with GSM, CDMA. Works with Telstra, Optus
# and Vodafone networks. Billing of SMS delivery charges can be to the sender,
# or the receiver. The Internode NodeText Gateway can also apply a
range of special
# features, such as name to SMS number translation etc. Multiple recipients,
# message splitting etc are supported.
# They also offer an email-to-SMS gateway.
#
# The NodeText Gateway requires a username and password to
authenticate the sender,
# you have to get these from Internode when you sign up for the service.
#
# As per 'NodeText Gateway User Guide', 22/05/2006
# Internode SMS gateway access for Australian SMS number is available
# from http://www.internode.on.net
# and
# http://www.internode.on.net/products/sms.htm
#
# This fully working example allows your users to be administered with Radmin,
# using One-Time-Passwords delivered to the user by SMS.
#
# When a valid user attempts to log in with an empty password,
# AuthBy OTP will generate a new random password (according to a configurable
# pattern) and send it to the users SMS number. The SMS number is stored in the
# Radmin Full Name field as a complete SMS number including the '61' Australian
# country code prefix, eg '61414999999'
# When the user receives the OTP via SMS, they then log in again
# with the password they received
#
# To test:
# Install Radiator
# Install RAdmin
# Create a new user in RAdmin, enter their Australian SMS number in the RAdmin
# Full Name field
# Get an SMS senders account from Internode
# Modify this config file by changing YOURINTERNODEUSER, YOURINTERNODEPASS
# Run Radiator with this config file:
# perl radius goodies/radmin_otp_internode.cfg -trace 4
# Test with radpwtst:
# perl radpwtst -interactive -noacct -user THERADMINUSERNAME -password ""
# OTP Challenge: Wait for your password via SMS
# EnterYourSMSPasswordHere
#
# You should consider this file to be a starting point only
# $Id $
Foreground
LogStdout
AuthPort 1645
AcctPort 1646
LogFile %L/logfile2
LogDir /var/log/radius
DbDir /etc/radiator
DictionaryFile %D/dictionary.cisco
PreClientHook file:"%D/alterNASPort"
SnmpgetProg /usr/local/bin/snmpget
SnmpwalkProg /usr/local/bin/snmpwalk
Trace 4
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
<Client DEFAULT>
Secret SETECASTRONOMY
DupInterval 0
NasType Cisco
</Client>
# Handle everyone with RADMIN, then OTP
<Realm DEFAULT>
# Ensure we first check the username validity with Radmin
# and then check the password with OTP afterwards
AuthByPolicy ContinueWhileAccept
# Check username validity etc with RAdmin:
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth SETECASTRONOMY
# Never look up the DEFAULT user
NoDefault
# AuthBy OTP below will check the password
NoCheckPassword
# Here we set up a custom select query that gets the FULLNAME
# column, where we are storing the users SMS number
AuthSelect select PASS_WORD, STATICADDRESS,
TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,
FULLNAME from RADUSERS where USERNAME=%0
# Here we add the users SMS number from the FULLNAME column
# to the incoming request
# so AuthBy OTP will get it below
AuthColumnDef 0, SMS-Number, request
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef PASS_WORD,Password
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
</AuthBy>
</AuthBy>
# If the username is valid etc then we get to here and issue or check
# the One-Time-Pasword
<AuthBy OTP>
# This hook generates a new random password and sends it
# to the users SMS number (which we got from the
FULLNAME column
# in the Radmin database above), using the Internode NodeText
# https gateway.
# You have to edit 'user' and 'pass' with the username
# and password of your Internode SMS sender account
# You can configure 'test' to 1 to prevent sending
and charging
# of the SMS by Internode
ChallengeHook sub {\
use Radius::SMS::Internode;\
my ($self, $user, $p, $context) = @_;\
$context->{otp_password} = $self->generate_password();\
my $errormsg = $self->sms_internode(\
debug => '-',\
user => 'YOURINTERNODEUSER',\
pass => 'YOURINTERNODEPASS',\
dest => $p->get_attr('SMS-Number'),\
msg => "Password: $context->{otp_password}",\
test => 1);\
return (defined $errormsg) ? undef : 'Wait for your
password via SMS';\
}
</AuthBy>
# This clause logs all authentication successes and failures
to the RADAUTHLOG table
# Suitable for use with RAdmin version 1.6 or later
<AuthLog SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth SETECASTRONOMY
LogSuccess
SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
USERNAME, TYPE) values (%t, '%n', 1)
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP,
USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
</AuthLog>
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth SETECASTRONOMY
</SessionDatabase>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list