(RADIATOR) Problem with OTP/Radmin and Cisco VPN 3000
Hugh Irvine
hugh at open.com.au
Wed Mar 14 19:10:23 CST 2007
Hello Haakan -
You have an extraneous </AuthBy> in your configuration before the
<AuthBy OTP> which is confusing the parser.
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> </AuthBy>
>
> </AuthBy>
>
>
> # If the username is valid etc then we get to here and
> issue or check
> # the One-Time-Pasword
> <AuthBy OTP>
You should remove the second </AuthBy> above.
hope that helps
regards
Hugh
On 15 Mar 2007, at 01:02, Haakan Olofsson wrote:
> Hello
>
> I simply love your radius server.. but now when i try to make this
> otp-part work. basicly its from your goodiesdirectory, and it seems
> like i never get to the otp-part in this config.
>
> OS: FreeBSD 6.2-RELEASE #0
> Perl: v5.8.8
>
> VPN: Cisco VPN 3000
> VPN-klient: Cisco vpn klient for windows, mac, linux aswell a
> ported version for FBSD
>
>
>
> I have this Radius server running in a cisco vpn 3000 enviroment,
> together with Ciscos vpnclient
>
> At first it checks the grouppassword and after that, the user shall
> login.
> I get it logged in by using password since i dont get the OTP part
> to work
> in the bottom of the mail you will find the cfg file
>
> The password stated is not used by us. :)
>
>
> Hope to hear from you soon...
>
> With regards
>
> Haakan Olofsson
>
> afasdf# radiusd -config_file /etc/radiator/radmin_otp_internode.cfg
> Wed Mar 14 13:28:55 2007: DEBUG: Finished reading configuration
> file '/etc/radiator/radmin_otp_internode.cfg'
> This Radiator license will expire on 2007-05-30
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your license period, contact admin at open.com.au
>
> Wed Mar 14 13:28:55 2007: DEBUG: Reading dictionary file '/etc/
> radiator/dictionary.cisco'
> Wed Mar 14 13:28:55 2007: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Wed Mar 14 13:28:55 2007: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Mar 14 13:28:55 2007: NOTICE: Server started: Radiator 3.16 on
> test.radius.server (LOCKED)
> Wed Mar 14 13:28:59 2007: ERR: Attribute number 66 is not defined
> in your dictionary
> Wed Mar 14 13:28:59 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code: Accounting-Request
> Identifier: 6
> Authentic:
> w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
> Attributes:
> User-Name = "user1"
> NAS-Port = 1830
> Service-Type = Framed
> Framed-Protocol = PPP
> Framed-IP-Address = 10.0.200.140
> Class = "testme"
> Calling-Station-Id = "192.168.254.254"
> Acct-Status-Type = Stop
> Acct-Input-Octets = 0
> Acct-Output-Octets = 0
> Acct-Session-Id = "FB0003EA"
> Acct-Session-Time = 51
> Acct-Input-Packets = 0
> Acct-Output-Packets = 0
> Acct-Terminate-Cause = User-Request
> Acct-Authentic = RADIUS
> Acct-Delay-Time = 0
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:28:59 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:28:59 2007: DEBUG: Deleting session for user1,
> 10.0.202.2, 1830
> Wed Mar 14 13:28:59 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:28:59 2007: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Wed Mar 14 13:28:59 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,
> OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
> Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPOR
> Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:00 2007: DEBUG: AuthBy RADMIN result: IGNORE,
> Database failure
> Wed Mar 14 13:29:00 2007: ERR: Attribute number 66 is not defined
> in your dictionary
> Wed Mar 14 13:29:00 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code: Accounting-Request
> Identifier: 6
> Authentic:
> w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
> Attributes:
> User-Name = "user1"
> NAS-Port = 1830
> Service-Type = Framed
> Framed-Protocol = PPP
> Framed-IP-Address = 10.0.200.140
> Class = "testme"
> Calling-Station-Id = "192.168.254.254"
> Acct-Status-Type = Stop
> Acct-Input-Octets = 0
> Acct-Output-Octets = 0
> Acct-Session-Id = "FB0003EA"
> Acct-Session-Time = 51
> Acct-Input-Packets = 0
> Acct-Output-Packets = 0
> Acct-Terminate-Cause = User-Request
> Acct-Authentic = RADIUS
> Acct-Delay-Time = 0
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:00 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:00 2007: DEBUG: Deleting session for user1,
> 10.0.202.2, 1830
> Wed Mar 14 13:29:00 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:00 2007: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,
> OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
> Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPOR
> Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:00 2007: DEBUG: AuthBy RADMIN result: IGNORE,
> Database failure
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined
> in your dictionary
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 22 (vendor 3076) is
> not defined in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1552 ....
> Code: Access-Request
> Identifier: 23
> Authentic: <245><246>FOrw<246>$<239><18><236><31><160>!<188>l
> Attributes:
> User-Name = "testme"
> User-Password = "<145>Bt<218>Y<252><161>"<143><31>)
> <211><220><222><7>m"
> NAS-Port = 0
> Service-Type = Framed
> Framed-Protocol = PPP
> Called-Station-Id = "192.168.1.250"
> Calling-Station-Id = "192.168.254.254"
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG: Deleting session for testme,
> 10.0.202.2, 0
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
> VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,
> VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where
> NAME='testme' order by ITEM_TYPE':
> Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match
> with testme [testme]
> Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to:
> 1173713699
> Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to:
> 1205280000
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Sending to 10.0.202.2 port 1552 ....
> Code: Access-Accept
> Identifier: 23
> Authentic: <245><246>FOrw<246>$<239><18><236><31><160>!<188>l
> Attributes:
>
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1552 ....
> Code: Access-Request
> Identifier: 24
> Authentic: &<209><16><139><172><191>6>crt)f<146>R<221>
> Attributes:
> User-Name = "testme"
> User-Password =
> "(<9>q<131>s<161><228>:<199><143><0><18><155><133><177><30>"
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG: Deleting session for testme,
> 10.0.202.2,
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
> VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,
> VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where
> NAME='testme' order by ITEM_TYPE':
> Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match
> with testme [testme]
> Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to:
> 1173713699
> Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to:
> 1205280000
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Sending to 10.0.202.2 port 1552 ....
> Code: Access-Accept
> Identifier: 24
> Authentic: &<209><16><139><172><191>6>crt)f<146>R<221>
> Attributes:
>
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1552 ....
> Code: Access-Request
> Identifier: 25
> Authentic: ?
> <233><155>dP<153><217><28>D<200><230><156><136><238><183>\
> Attributes:
> User-Name = "testme"
> User-Password = "<6><182>n<203>,7f<132>V<16>J<245>"D|<31>"
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG: Deleting session for testme,
> 10.0.202.2,
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,
> VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,
> VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where
> NAME='testme' order by ITEM_TYPE':
> Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match
> with testme [testme]
> Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to:
> 1173713699
> Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to:
> 1205280000
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Sending to 10.0.202.2 port 1552 ....
> Code: Access-Accept
> Identifier: 25
> Authentic: ?
> <233><155>dP<153><217><28>D<200><230><156><136><238><183>\
> Attributes:
>
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code: Accounting-Request
> Identifier: 7
> Authentic: <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
> Attributes:
> User-Name = "user1"
> NAS-Port = 1831
> Service-Type = Framed
> Framed-Protocol = PPP
> Framed-IP-Address = 10.0.200.140
> Class = "testme"
> Calling-Station-Id = "192.168.254.254"
> Acct-Status-Type = Start
> Acct-Session-Id = "FB0003EB"
> Acct-Authentic = RADIUS
> Acct-Delay-Time = 0
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG: Adding session for user1,
> 10.0.202.2, 1831
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.0
> Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: IGNORE,
> Database failure
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code: Accounting-Request
> Identifier: 6
> Authentic:
> w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
> Attributes:
> User-Name = "user1"
> NAS-Port = 1830
> Service-Type = Framed
> Framed-Protocol = PPP
> Framed-IP-Address = 10.0.200.140
> Class = "testme"
> Calling-Station-Id = "192.168.254.254"
> Acct-Status-Type = Stop
> Acct-Input-Octets = 0
> Acct-Output-Octets = 0
> Acct-Session-Id = "FB0003EA"
> Acct-Session-Time = 51
> Acct-Input-Packets = 0
> Acct-Output-Packets = 0
> Acct-Terminate-Cause = User-Request
> Acct-Authentic = RADIUS
> Acct-Delay-Time = 0
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG: Deleting session for user1,
> 10.0.202.2, 1830
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,
> OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPOR
> Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: IGNORE,
> Database failure
> Wed Mar 14 13:29:02 2007: ERR: Attribute number 66 is not defined
> in your dictionary
> Wed Mar 14 13:29:02 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code: Accounting-Request
> Identifier: 7
> Authentic: <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
> Attributes:
> User-Name = "user1"
> NAS-Port = 1831
> Service-Type = Framed
> Framed-Protocol = PPP
> Framed-IP-Address = 10.0.200.140
> Class = "testme"
> Calling-Station-Id = "192.168.254.254"
> Acct-Status-Type = Start
> Acct-Session-Id = "FB0003EB"
> Acct-Authentic = RADIUS
> Acct-Delay-Time = 0
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:02 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:02 2007: DEBUG: Adding session for user1,
> 10.0.202.2, 1831
> Wed Mar 14 13:29:02 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:02 2007: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Wed Mar 14 13:29:02 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
> Wed Mar 14 13:29:02 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.0
> Wed Mar 14 13:29:02 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:02 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:02 2007: DEBUG: AuthBy RADMIN result: IGNORE,
> Database failure
> Wed Mar 14 13:29:03 2007: ERR: Attribute number 66 is not defined
> in your dictionary
> Wed Mar 14 13:29:03 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code: Accounting-Request
> Identifier: 7
> Authentic: <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
> Attributes:
> User-Name = "user1"
> NAS-Port = 1831
> Service-Type = Framed
> Framed-Protocol = PPP
> Framed-IP-Address = 10.0.200.140
> Class = "testme"
> Calling-Station-Id = "192.168.254.254"
> Acct-Status-Type = Start
> Acct-Session-Id = "FB0003EB"
> Acct-Authentic = RADIUS
> Acct-Delay-Time = 0
> NAS-IP-Address = 10.0.202.2
> NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:03 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:03 2007: DEBUG: Adding session for user1,
> 10.0.202.2, 1831
> Wed Mar 14 13:29:03 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:03 2007: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Wed Mar 14 13:29:03 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
> Wed Mar 14 13:29:03 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.0
> Wed Mar 14 13:29:03 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:03 2007: ERR: do failed for 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:03 2007: DEBUG: AuthBy RADMIN result: IGNORE,
> Database failure
>
>
>
>
>
> ----------------------------------------------------------------------
> -----------------------------------------------------------------
>
> afasdf# cat radmin_otp_internode.cfg
> # radmin_otp_internode.cfg
> #
> # Example Radiator configuration file showing how to do One-Time-
> Passwords
> # delivered by SMS, using the Internode NodeText Gateway, a
> commercial SMS gateway
> # available from Internode in Australia.
> #
> # The NodeText Gateway is a high reliability, high performance SMS
> Gateway
> # for Australian SMS numbers. Works with GSM, CDMA. Works with
> Telstra, Optus
> # and Vodafone networks. Billing of SMS delivery charges can be to
> the sender,
> # or the receiver. The Internode NodeText Gateway can also apply a
> range of special
> # features, such as name to SMS number translation etc. Multiple
> recipients,
> # message splitting etc are supported.
> # They also offer an email-to-SMS gateway.
> #
> # The NodeText Gateway requires a username and password to
> authenticate the sender,
> # you have to get these from Internode when you sign up for the
> service.
> #
> # As per 'NodeText Gateway User Guide', 22/05/2006
> # Internode SMS gateway access for Australian SMS number is available
> # from http://www.internode.on.net
> # and
> # http://www.internode.on.net/products/sms.htm
> #
> # This fully working example allows your users to be administered
> with Radmin,
> # using One-Time-Passwords delivered to the user by SMS.
> #
> # When a valid user attempts to log in with an empty password,
> # AuthBy OTP will generate a new random password (according to a
> configurable
> # pattern) and send it to the users SMS number. The SMS number is
> stored in the
> # Radmin Full Name field as a complete SMS number including the
> '61' Australian
> # country code prefix, eg '61414999999'
> # When the user receives the OTP via SMS, they then log in again
> # with the password they received
> #
> # To test:
> # Install Radiator
> # Install RAdmin
> # Create a new user in RAdmin, enter their Australian SMS number in
> the RAdmin
> # Full Name field
> # Get an SMS senders account from Internode
> # Modify this config file by changing YOURINTERNODEUSER,
> YOURINTERNODEPASS
> # Run Radiator with this config file:
> # perl radius goodies/radmin_otp_internode.cfg -trace 4
> # Test with radpwtst:
> # perl radpwtst -interactive -noacct -user THERADMINUSERNAME -
> password ""
> # OTP Challenge: Wait for your password via SMS
> # EnterYourSMSPasswordHere
> #
> # You should consider this file to be a starting point only
> # $Id $
>
> Foreground
> LogStdout
> AuthPort 1645
> AcctPort 1646
> LogFile %L/logfile2
> LogDir /var/log/radius
> DbDir /etc/radiator
> DictionaryFile %D/dictionary.cisco
> PreClientHook file:"%D/alterNASPort"
>
> SnmpgetProg /usr/local/bin/snmpget
> SnmpwalkProg /usr/local/bin/snmpwalk
>
>
> Trace 4
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
>
> <Client DEFAULT>
> Secret SETECASTRONOMY
> DupInterval 0
> NasType Cisco
> </Client>
>
>
> # Handle everyone with RADMIN, then OTP
> <Realm DEFAULT>
> # Ensure we first check the username validity with Radmin
> # and then check the password with OTP afterwards
> AuthByPolicy ContinueWhileAccept
>
> # Check username validity etc with RAdmin:
> <AuthBy RADMIN>
>
> # Change DBSource, DBUsername, DBAuth for your
> database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth SETECASTRONOMY
>
> # Never look up the DEFAULT user
> NoDefault
>
> # AuthBy OTP below will check the password
> NoCheckPassword
>
> # Here we set up a custom select query that gets
> the FULLNAME
> # column, where we are storing the users SMS number
> AuthSelect select PASS_WORD, STATICADDRESS,
> TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,
> FULLNAME from RADUSERS where USERNAME=%0
>
> # Here we add the users SMS number from the
> FULLNAME column
> # to the incoming request
> # so AuthBy OTP will get it below
> AuthColumnDef 0, SMS-Number, request
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema
> first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef PASS_WORD,Password
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-
> Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-
> Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-
> Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-
> Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-
> Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
>
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> </AuthBy>
>
> </AuthBy>
>
>
> # If the username is valid etc then we get to here and
> issue or check
> # the One-Time-Pasword
> <AuthBy OTP>
> # This hook generates a new random password and
> sends it
> # to the users SMS number (which we got from the
> FULLNAME column
> # in the Radmin database above), using the
> Internode NodeText
> # https gateway.
> # You have to edit 'user' and 'pass' with the username
> # and password of your Internode SMS sender account
> # You can configure 'test' to 1 to prevent sending
> and charging
> # of the SMS by Internode
> ChallengeHook sub {\
> use Radius::SMS::Internode;\
> my ($self, $user, $p, $context) = @_;\
> $context->{otp_password} = $self->generate_password
> ();\
> my $errormsg = $self->sms_internode(\
> debug => '-',\
> user => 'YOURINTERNODEUSER',\
> pass => 'YOURINTERNODEPASS',\
> dest => $p->get_attr('SMS-Number'),\
> msg => "Password: $context->{otp_password}",\
> test => 1);\
> return (defined $errormsg) ? undef : 'Wait for
> your password via SMS';\
> }
>
> </AuthBy>
>
> # This clause logs all authentication successes and
> failures to the RADAUTHLOG table
> # Suitable for use with RAdmin version 1.6 or later
> <AuthLog SQL>
> # This database spec usually should be exactly the
> same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth SETECASTRONOMY
>
> LogSuccess
> SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME, TYPE) values (%t, '%n', 1)
> LogFailure
> FailureQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
> </AuthLog>
>
> </Realm>
>
> <SessionDatabase SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth SETECASTRONOMY
>
> </SessionDatabase>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list