(RADIATOR) Problem with OTP/Radmin and Cisco VPN 3000

Haakan Olofsson olofson at dax.net
Wed Mar 14 08:02:41 CST 2007


Hello

I simply love your radius server.. but now when i try to make this 
otp-part work. basicly its from your goodiesdirectory, and it seems 
like i never get to the otp-part in this config.

OS: 	FreeBSD 6.2-RELEASE #0
Perl: 	v5.8.8

VPN:	Cisco VPN 3000
VPN-klient:	Cisco vpn klient for windows, mac, linux aswell a ported 
version for FBSD



I have this Radius server running in a cisco vpn 3000 enviroment, 
together with Ciscos vpnclient

At first it checks the grouppassword and after that, the user shall login.
I get it logged in by using password since i dont get the OTP part to work
in the bottom of the mail you will find the cfg file

The password stated is not used by us. :) 		


Hope to hear from you soon...

With regards

Haakan Olofsson

afasdf# radiusd -config_file /etc/radiator/radmin_otp_internode.cfg
Wed Mar 14 13:28:55 2007: DEBUG: Finished reading configuration file 
'/etc/radiator/radmin_otp_internode.cfg'
This Radiator license will expire on 2007-05-30
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au

Wed Mar 14 13:28:55 2007: DEBUG: Reading dictionary file 
'/etc/radiator/dictionary.cisco'
Wed Mar 14 13:28:55 2007: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Mar 14 13:28:55 2007: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Mar 14 13:28:55 2007: NOTICE: Server started: Radiator 3.16 on 
test.radius.server (LOCKED)
Wed Mar 14 13:28:59 2007: ERR: Attribute number 66 is not defined in 
your dictionary
Wed Mar 14 13:28:59 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code:       Accounting-Request
Identifier: 6
Authentic:  w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
Attributes:
         User-Name = "user1"
         NAS-Port = 1830
         Service-Type = Framed
         Framed-Protocol = PPP
         Framed-IP-Address = 10.0.200.140
         Class = "testme"
         Calling-Station-Id = "192.168.254.254"
         Acct-Status-Type = Stop
         Acct-Input-Octets = 0
         Acct-Output-Octets = 0
         Acct-Session-Id = "FB0003EA"
         Acct-Session-Time = 51
         Acct-Input-Packets = 0
         Acct-Output-Packets = 0
         Acct-Terminate-Cause = User-Request
         Acct-Authentic = RADIUS
         Acct-Delay-Time = 0
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:28:59 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:28:59 2007: DEBUG:  Deleting session for user1, 10.0.202.2, 1830
Wed Mar 14 13:28:59 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:28:59 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:28:59 2007: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00, 
OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPOR
Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:00 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:00 2007: ERR: Attribute number 66 is not defined in 
your dictionary
Wed Mar 14 13:29:00 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code:       Accounting-Request
Identifier: 6
Authentic:  w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
Attributes:
         User-Name = "user1"
         NAS-Port = 1830
         Service-Type = Framed
         Framed-Protocol = PPP
         Framed-IP-Address = 10.0.200.140
         Class = "testme"
         Calling-Station-Id = "192.168.254.254"
         Acct-Status-Type = Stop
         Acct-Input-Octets = 0
         Acct-Output-Octets = 0
         Acct-Session-Id = "FB0003EA"
         Acct-Session-Time = 51
         Acct-Input-Packets = 0
         Acct-Output-Packets = 0
         Acct-Terminate-Cause = User-Request
         Acct-Authentic = RADIUS
         Acct-Delay-Time = 0
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:29:00 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:00 2007: DEBUG:  Deleting session for user1, 10.0.202.2, 1830
Wed Mar 14 13:29:00 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:00 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00, 
OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPOR
Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:00 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined in 
your dictionary
Wed Mar 14 13:29:01 2007: ERR: Attribute number 22 (vendor 3076) is 
not defined in your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1552 ....
Code:       Access-Request
Identifier: 23
Authentic:  <245><246>FOrw<246>$<239><18><236><31><160>!<188>l
Attributes:
         User-Name = "testme"
         User-Password = 
"<145>Bt<218>Y<252><161>"<143><31>)<211><220><222><7>m"
         NAS-Port = 0
         Service-Type = Framed
         Framed-Protocol = PPP
         Called-Station-Id = "192.168.1.250"
         Calling-Station-Id = "192.168.254.254"
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG:  Deleting session for testme, 10.0.202.2, 0
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined in 
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD, 
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, 
VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID, 
VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where 
NAME='testme' order by ITEM_TYPE':
Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match 
with testme [testme]
Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to: 1173713699
Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to: 1205280000
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set 
BADLOGINS=0 where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Sending to 10.0.202.2 port 1552 ....
Code:       Access-Accept
Identifier: 23
Authentic:  <245><246>FOrw<246>$<239><18><236><31><160>!<188>l
Attributes:

Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1552 ....
Code:       Access-Request
Identifier: 24
Authentic:  &<209><16><139><172><191>6>crt)f<146>R<221>
Attributes:
         User-Name = "testme"
         User-Password = 
"(<9>q<131>s<161><228>:<199><143><0><18><155><133><177><30>"
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG:  Deleting session for testme, 10.0.202.2,
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined in 
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD, 
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, 
VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID, 
VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where 
NAME='testme' order by ITEM_TYPE':
Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match 
with testme [testme]
Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to: 1173713699
Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to: 1205280000
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set 
BADLOGINS=0 where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Sending to 10.0.202.2 port 1552 ....
Code:       Access-Accept
Identifier: 24
Authentic:  &<209><16><139><172><191>6>crt)f<146>R<221>
Attributes:

Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1552 ....
Code:       Access-Request
Identifier: 25
Authentic:  ?<233><155>dP<153><217><28>D<200><230><156><136><238><183>\
Attributes:
         User-Name = "testme"
         User-Password = "<6><182>n<203>,7f<132>V<16>J<245>"D|<31>"
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG:  Deleting session for testme, 10.0.202.2,
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined in 
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD, 
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, 
VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID, 
VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where 
NAME='testme' order by ITEM_TYPE':
Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match 
with testme [testme]
Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to: 1173713699
Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to: 1205280000
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set 
BADLOGINS=0 where USERNAME='testme'':
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Sending to 10.0.202.2 port 1552 ....
Code:       Access-Accept
Identifier: 25
Authentic:  ?<233><155>dP<153><217><28>D<200><230><156><136><238><183>\
Attributes:

Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined in 
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code:       Accounting-Request
Identifier: 7
Authentic:  <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
Attributes:
         User-Name = "user1"
         NAS-Port = 1831
         Service-Type = Framed
         Framed-Protocol = PPP
         Framed-IP-Address = 10.0.200.140
         Class = "testme"
         Calling-Station-Id = "192.168.254.254"
         Acct-Status-Type = Start
         Acct-Session-Id = "FB0003EB"
         Acct-Authentic = RADIUS
         Acct-Delay-Time = 0
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG:  Adding session for user1, 10.0.202.2, 1831
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, 
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.0
Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined in 
your dictionary
Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code:       Accounting-Request
Identifier: 6
Authentic:  w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
Attributes:
         User-Name = "user1"
         NAS-Port = 1830
         Service-Type = Framed
         Framed-Protocol = PPP
         Framed-IP-Address = 10.0.200.140
         Class = "testme"
         Calling-Station-Id = "192.168.254.254"
         Acct-Status-Type = Stop
         Acct-Input-Octets = 0
         Acct-Output-Octets = 0
         Acct-Session-Id = "FB0003EA"
         Acct-Session-Time = 51
         Acct-Input-Packets = 0
         Acct-Output-Packets = 0
         Acct-Terminate-Cause = User-Request
         Acct-Authentic = RADIUS
         Acct-Delay-Time = 0
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:01 2007: DEBUG:  Deleting session for user1, 10.0.202.2, 1830
Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00, 
OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPOR
Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPO
Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:02 2007: ERR: Attribute number 66 is not defined in 
your dictionary
Wed Mar 14 13:29:02 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code:       Accounting-Request
Identifier: 7
Authentic:  <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
Attributes:
         User-Name = "user1"
         NAS-Port = 1831
         Service-Type = Framed
         Framed-Protocol = PPP
         Framed-IP-Address = 10.0.200.140
         Class = "testme"
         Calling-Station-Id = "192.168.254.254"
         Acct-Status-Type = Start
         Acct-Session-Id = "FB0003EB"
         Acct-Authentic = RADIUS
         Acct-Delay-Time = 0
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:29:02 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:02 2007: DEBUG:  Adding session for user1, 10.0.202.2, 1831
Wed Mar 14 13:29:02 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:02 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:02 2007: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, 
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
Wed Mar 14 13:29:02 2007: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.0
Wed Mar 14 13:29:02 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:02 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:02 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure
Wed Mar 14 13:29:03 2007: ERR: Attribute number 66 is not defined in 
your dictionary
Wed Mar 14 13:29:03 2007: DEBUG: Packet dump:
*** Received from 10.0.202.2 port 1563 ....
Code:       Accounting-Request
Identifier: 7
Authentic:  <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
Attributes:
         User-Name = "user1"
         NAS-Port = 1831
         Service-Type = Framed
         Framed-Protocol = PPP
         Framed-IP-Address = 10.0.200.140
         Class = "testme"
         Calling-Station-Id = "192.168.254.254"
         Acct-Status-Type = Start
         Acct-Session-Id = "FB0003EB"
         Acct-Authentic = RADIUS
         Acct-Delay-Time = 0
         NAS-IP-Address = 10.0.202.2
         NAS-Port-Type = Virtual

Wed Mar 14 13:29:03 2007: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Mar 14 13:29:03 2007: DEBUG:  Adding session for user1, 10.0.202.2, 1831
Wed Mar 14 13:29:03 2007: DEBUG: Handling with Radius::AuthRADMIN
Wed Mar 14 13:29:03 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Wed Mar 14 13:29:03 2007: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, 
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
Wed Mar 14 13:29:03 2007: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.0
Wed Mar 14 13:29:03 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:03 2007: ERR: do failed for 'insert into RADUSAGE 
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) 
values (0,'FB0003EB',1,'192.168.254.254','10.
Wed Mar 14 13:29:03 2007: DEBUG: AuthBy RADMIN result: IGNORE, Database failure





---------------------------------------------------------------------------------------------------------------------------------------

afasdf# cat radmin_otp_internode.cfg
# radmin_otp_internode.cfg
#
# Example Radiator configuration file showing how to do One-Time-Passwords
# delivered by SMS, using the Internode NodeText Gateway, a 
commercial SMS gateway
# available from Internode in Australia.
#
# The NodeText Gateway is a high reliability, high performance SMS Gateway
# for Australian SMS numbers. Works with GSM, CDMA. Works with Telstra, Optus
# and Vodafone networks. Billing of SMS delivery charges can be to the sender,
# or the receiver. The Internode NodeText Gateway can also apply a 
range of special
# features, such as name to SMS number translation etc. Multiple recipients,
# message splitting etc are supported.
# They also offer an email-to-SMS gateway.
#
# The NodeText Gateway requires a username and password to 
authenticate the sender,
# you have to get these from Internode when you sign up for the service.
#
# As per 'NodeText Gateway User Guide', 22/05/2006
# Internode SMS gateway access for Australian SMS number is available
# from http://www.internode.on.net
# and
# http://www.internode.on.net/products/sms.htm
#
# This fully working example allows your users to be administered with Radmin,
# using One-Time-Passwords delivered to the user by SMS.
#
# When a valid user attempts to log in with an empty password,
# AuthBy OTP will generate a new random password (according to a configurable
# pattern) and send it to the users SMS number. The SMS number is stored in the
# Radmin Full Name field as a complete SMS number including the '61' Australian
# country code prefix, eg '61414999999'
# When the user receives the OTP via SMS, they then log in again
# with the password they received
#
# To test:
# Install Radiator
# Install RAdmin
# Create a new user in RAdmin, enter their Australian SMS number in the RAdmin
#  Full Name field
# Get an SMS senders account from Internode
# Modify this config file by changing YOURINTERNODEUSER, YOURINTERNODEPASS
# Run Radiator with this config file:
#  perl radius goodies/radmin_otp_internode.cfg -trace 4
# Test with radpwtst:
#  perl radpwtst -interactive -noacct -user THERADMINUSERNAME -password ""
#  OTP Challenge: Wait for your password via SMS
#  EnterYourSMSPasswordHere
#
# You should consider this file to be a starting point only
# $Id $

Foreground
LogStdout
AuthPort        1645
AcctPort        1646
LogFile         %L/logfile2
LogDir          /var/log/radius
DbDir           /etc/radiator
DictionaryFile %D/dictionary.cisco
PreClientHook file:"%D/alterNASPort"

SnmpgetProg /usr/local/bin/snmpget
SnmpwalkProg /usr/local/bin/snmpwalk


Trace 4

# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.

<Client DEFAULT>
         Secret  SETECASTRONOMY
         DupInterval 0
         NasType Cisco
</Client>


# Handle everyone with RADMIN, then OTP
<Realm DEFAULT>
         # Ensure we first check the username validity with Radmin
         # and then check the password with OTP afterwards
         AuthByPolicy ContinueWhileAccept

         # Check username validity etc with RAdmin:
         <AuthBy RADMIN>

                 # Change DBSource, DBUsername, DBAuth for your database
                 # See the reference manual. You will also have to
                 # change the one in <SessionDatabse SQL> below
                 # so its the same
                 DBSource        dbi:mysql:radmin:localhost
                 DBUsername      radmin
                 DBAuth          SETECASTRONOMY

                 # Never look up the DEFAULT user
                 NoDefault

                 # AuthBy OTP below will check the password
                 NoCheckPassword

                 # Here we set up a custom select query that gets the FULLNAME
                 # column, where we are storing the users SMS number
                 AuthSelect select PASS_WORD, STATICADDRESS, 
TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO, 
FULLNAME from RADUSERS where USERNAME=%0

                 # Here we add the users SMS number from the FULLNAME column
                 # to the incoming request
                 # so AuthBy OTP will get it below
                 AuthColumnDef 0, SMS-Number, request

                 # You can add to or change these if you want, but you
                 # will probably want to change the database schema first
                 AccountingTable RADUSAGE
                 AcctColumnDef   USERNAME,User-Name
                 AcctColumnDef   PASS_WORD,Password
                 AcctColumnDef   TIME_STAMP,Timestamp,integer
                 AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
                 AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                 AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                 AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                 AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                 AcctColumnDef 
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
                 AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
                 AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
                 AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                 AcctColumnDef   NASPORT,NAS-Port,integer
                 AcctColumnDef   DNIS,Called-Station-Id
                 AcctColumnDef   CALLINGSTATIONID,Calling-Station-Id

                 # This updates the time and octets left
                 # for this user
                 AcctSQLStatement update RADUSERS set 
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, 
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, 
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

         </AuthBy>

  </AuthBy>


         # If the username is valid etc then we get to here and issue or check
         # the One-Time-Pasword
         <AuthBy OTP>
                 # This hook generates a new random password and sends it
                 # to the users SMS number (which we got from the 
FULLNAME column
                 # in the Radmin database above), using the Internode NodeText
                 # https gateway.
                 # You have to edit 'user' and 'pass' with the username
                 # and password of your Internode SMS sender account
                 # You can configure 'test' to 1 to prevent sending 
and charging
                 # of the SMS by Internode
                 ChallengeHook sub {\
                  use Radius::SMS::Internode;\
                  my ($self, $user, $p, $context) = @_;\
                  $context->{otp_password} = $self->generate_password();\
                  my $errormsg = $self->sms_internode(\
                    debug => '-',\
                    user => 'YOURINTERNODEUSER',\
                    pass => 'YOURINTERNODEPASS',\
                    dest => $p->get_attr('SMS-Number'),\
                    msg   => "Password: $context->{otp_password}",\
                    test => 1);\
                  return (defined $errormsg) ? undef : 'Wait for your 
password via SMS';\
                 }

         </AuthBy>

         # This clause logs all authentication successes and failures 
to the RADAUTHLOG table
         # Suitable for use with RAdmin version 1.6 or later
         <AuthLog SQL>
                 # This database spec usually should be exactly the same
                 # as in <AuthBy RADMIN> above
                 DBSource        dbi:mysql:radmin:localhost
                 DBUsername      radmin
                 DBAuth          SETECASTRONOMY

                 LogSuccess
                 SuccessQuery insert into RADAUTHLOG (TIME_STAMP, 
USERNAME, TYPE) values (%t, '%n', 1)
                 LogFailure
                 FailureQuery insert into RADAUTHLOG (TIME_STAMP, 
USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
         </AuthLog>

</Realm>

<SessionDatabase SQL>
         # This database spec usually should be exactly the same
         # as in <AuthBy RADMIN> above
         DBSource        dbi:mysql:radmin:localhost
         DBUsername      radmin
         DBAuth          SETECASTRONOMY

</SessionDatabase>


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list