(RADIATOR) Problem with OTP/Radmin and Cisco VPN 3000

Hugh Irvine hugh at open.com.au
Wed Mar 14 19:10:23 CST 2007


Hello Haakan -

You have an extraneous </AuthBy> in your configuration before the  
<AuthBy OTP> which is confusing the parser.

>                 # This updates the time and octets left
>                 # for this user
>                 AcctSQLStatement update RADUSERS set  
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},  
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},  
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
>         </AuthBy>
>
>  </AuthBy>
>
>
>         # If the username is valid etc then we get to here and  
> issue or check
>         # the One-Time-Pasword
>         <AuthBy OTP>

You should remove the second </AuthBy> above.

hope that helps

regards

Hugh


On 15 Mar 2007, at 01:02, Haakan Olofsson wrote:

> Hello
>
> I simply love your radius server.. but now when i try to make this  
> otp-part work. basicly its from your goodiesdirectory, and it seems  
> like i never get to the otp-part in this config.
>
> OS: 	FreeBSD 6.2-RELEASE #0
> Perl: 	v5.8.8
>
> VPN:	Cisco VPN 3000
> VPN-klient:	Cisco vpn klient for windows, mac, linux aswell a  
> ported version for FBSD
>
>
>
> I have this Radius server running in a cisco vpn 3000 enviroment,  
> together with Ciscos vpnclient
>
> At first it checks the grouppassword and after that, the user shall  
> login.
> I get it logged in by using password since i dont get the OTP part  
> to work
> in the bottom of the mail you will find the cfg file
>
> The password stated is not used by us. :) 		
>
>
> Hope to hear from you soon...
>
> With regards
>
> Haakan Olofsson
>
> afasdf# radiusd -config_file /etc/radiator/radmin_otp_internode.cfg
> Wed Mar 14 13:28:55 2007: DEBUG: Finished reading configuration  
> file '/etc/radiator/radmin_otp_internode.cfg'
> This Radiator license will expire on 2007-05-30
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your license period, contact admin at open.com.au
>
> Wed Mar 14 13:28:55 2007: DEBUG: Reading dictionary file '/etc/ 
> radiator/dictionary.cisco'
> Wed Mar 14 13:28:55 2007: DEBUG: Creating authentication port  
> 0.0.0.0:1645
> Wed Mar 14 13:28:55 2007: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Mar 14 13:28:55 2007: NOTICE: Server started: Radiator 3.16 on  
> test.radius.server (LOCKED)
> Wed Mar 14 13:28:59 2007: ERR: Attribute number 66 is not defined  
> in your dictionary
> Wed Mar 14 13:28:59 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code:       Accounting-Request
> Identifier: 6
> Authentic:   
> w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
> Attributes:
>         User-Name = "user1"
>         NAS-Port = 1830
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Framed-IP-Address = 10.0.200.140
>         Class = "testme"
>         Calling-Station-Id = "192.168.254.254"
>         Acct-Status-Type = Stop
>         Acct-Input-Octets = 0
>         Acct-Output-Octets = 0
>         Acct-Session-Id = "FB0003EA"
>         Acct-Session-Time = 51
>         Acct-Input-Packets = 0
>         Acct-Output-Packets = 0
>         Acct-Terminate-Cause = User-Request
>         Acct-Authentic = RADIUS
>         Acct-Delay-Time = 0
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:28:59 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:28:59 2007: DEBUG:  Deleting session for user1,  
> 10.0.202.2, 1830
> Wed Mar 14 13:28:59 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:28:59 2007: DEBUG: Handling accounting with  
> Radius::AuthRADMIN
> Wed Mar 14 13:28:59 2007: DEBUG: do query is: 'update RADUSERS set  
> TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,  
> OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
> Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPOR
> Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:00 2007: DEBUG: AuthBy RADMIN result: IGNORE,  
> Database failure
> Wed Mar 14 13:29:00 2007: ERR: Attribute number 66 is not defined  
> in your dictionary
> Wed Mar 14 13:29:00 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code:       Accounting-Request
> Identifier: 6
> Authentic:   
> w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
> Attributes:
>         User-Name = "user1"
>         NAS-Port = 1830
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Framed-IP-Address = 10.0.200.140
>         Class = "testme"
>         Calling-Station-Id = "192.168.254.254"
>         Acct-Status-Type = Stop
>         Acct-Input-Octets = 0
>         Acct-Output-Octets = 0
>         Acct-Session-Id = "FB0003EA"
>         Acct-Session-Time = 51
>         Acct-Input-Packets = 0
>         Acct-Output-Packets = 0
>         Acct-Terminate-Cause = User-Request
>         Acct-Authentic = RADIUS
>         Acct-Delay-Time = 0
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:00 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:00 2007: DEBUG:  Deleting session for user1,  
> 10.0.202.2, 1830
> Wed Mar 14 13:29:00 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:00 2007: DEBUG: Handling accounting with  
> Radius::AuthRADMIN
> Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'update RADUSERS set  
> TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,  
> OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
> Wed Mar 14 13:29:00 2007: DEBUG: do query is: 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPOR
> Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:00 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:00 2007: DEBUG: AuthBy RADMIN result: IGNORE,  
> Database failure
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined  
> in your dictionary
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 22 (vendor 3076) is  
> not defined in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1552 ....
> Code:       Access-Request
> Identifier: 23
> Authentic:  <245><246>FOrw<246>$<239><18><236><31><160>!<188>l
> Attributes:
>         User-Name = "testme"
>         User-Password = "<145>Bt<218>Y<252><161>"<143><31>) 
> <211><220><222><7>m"
>         NAS-Port = 0
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Called-Station-Id = "192.168.1.250"
>         Calling-Station-Id = "192.168.254.254"
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG:  Deleting session for testme,  
> 10.0.202.2, 0
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined  
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,  
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,  
> VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,  
> VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where  
> NAME='testme' order by ITEM_TYPE':
> Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match  
> with testme [testme]
> Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to:  
> 1173713699
> Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to:  
> 1205280000
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set  
> BADLOGINS=0 where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Sending to 10.0.202.2 port 1552 ....
> Code:       Access-Accept
> Identifier: 23
> Authentic:  <245><246>FOrw<246>$<239><18><236><31><160>!<188>l
> Attributes:
>
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1552 ....
> Code:       Access-Request
> Identifier: 24
> Authentic:  &<209><16><139><172><191>6>crt)f<146>R<221>
> Attributes:
>         User-Name = "testme"
>         User-Password =  
> "(<9>q<131>s<161><228>:<199><143><0><18><155><133><177><30>"
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG:  Deleting session for testme,  
> 10.0.202.2,
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined  
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,  
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,  
> VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,  
> VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where  
> NAME='testme' order by ITEM_TYPE':
> Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match  
> with testme [testme]
> Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to:  
> 1173713699
> Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to:  
> 1205280000
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set  
> BADLOGINS=0 where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Sending to 10.0.202.2 port 1552 ....
> Code:       Access-Accept
> Identifier: 24
> Authentic:  &<209><16><139><172><191>6>crt)f<146>R<221>
> Attributes:
>
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1552 ....
> Code:       Access-Request
> Identifier: 25
> Authentic:  ? 
> <233><155>dP<153><217><28>D<200><230><156><136><238><183>\
> Attributes:
>         User-Name = "testme"
>         User-Password = "<6><182>n<203>,7f<132>V<16>J<245>"D|<31>"
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG:  Deleting session for testme,  
> 10.0.202.2,
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 79 is not defined  
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select PASS_WORD,  
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS,  
> VALIDFROM, VALIDTO, FULLNAME from RADUSERS where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: Query is: 'select ATTR_ID,  
> VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where  
> NAME='testme' order by ITEM_TYPE':
> Wed Mar 14 13:29:01 2007: DEBUG: Radius::AuthRADMIN looks for match  
> with testme [testme]
> Wed Mar 14 13:29:01 2007: DEBUG: ValidFrom date converted to:  
> 1173713699
> Wed Mar 14 13:29:01 2007: DEBUG: Expiration date converted to:  
> 1205280000
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set  
> BADLOGINS=0 where USERNAME='testme'':
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Wed Mar 14 13:29:01 2007: DEBUG: Access accepted for testme
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Sending to 10.0.202.2 port 1552 ....
> Code:       Access-Accept
> Identifier: 25
> Authentic:  ? 
> <233><155>dP<153><217><28>D<200><230><156><136><238><183>\
> Attributes:
>
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined  
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code:       Accounting-Request
> Identifier: 7
> Authentic:  <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
> Attributes:
>         User-Name = "user1"
>         NAS-Port = 1831
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Framed-IP-Address = 10.0.200.140
>         Class = "testme"
>         Calling-Station-Id = "192.168.254.254"
>         Acct-Status-Type = Start
>         Acct-Session-Id = "FB0003EB"
>         Acct-Authentic = RADIUS
>         Acct-Delay-Time = 0
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG:  Adding session for user1,  
> 10.0.202.2, 1831
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling accounting with  
> Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set  
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,  
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.0
> Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: IGNORE,  
> Database failure
> Wed Mar 14 13:29:01 2007: ERR: Attribute number 66 is not defined  
> in your dictionary
> Wed Mar 14 13:29:01 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code:       Accounting-Request
> Identifier: 6
> Authentic:   
> w<179>Z<248><236><20><219>ME<134><180><180><208><203><174><194>
> Attributes:
>         User-Name = "user1"
>         NAS-Port = 1830
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Framed-IP-Address = 10.0.200.140
>         Class = "testme"
>         Calling-Station-Id = "192.168.254.254"
>         Acct-Status-Type = Stop
>         Acct-Input-Octets = 0
>         Acct-Output-Octets = 0
>         Acct-Session-Id = "FB0003EA"
>         Acct-Session-Time = 51
>         Acct-Input-Packets = 0
>         Acct-Output-Packets = 0
>         Acct-Terminate-Cause = User-Request
>         Acct-Authentic = RADIUS
>         Acct-Delay-Time = 0
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:01 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:01 2007: DEBUG:  Deleting session for user1,  
> 10.0.202.2, 1830
> Wed Mar 14 13:29:01 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: Handling accounting with  
> Radius::AuthRADMIN
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'update RADUSERS set  
> TIMELEFT=TIMELEFT-051, OCTETSINLEFT=OCTETSINLEFT-00,  
> OCTETSOUTLEFT=OCTETSOUTLEFT-00 where USERNAME='user1'':
> Wed Mar 14 13:29:01 2007: DEBUG: do query is: 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPOR
> Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:01 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESS 
> IONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CALLINGSTATIONID,FRAMEDIPADD 
> RESS,NASIDENTIFIER,NASPO
> Wed Mar 14 13:29:01 2007: DEBUG: AuthBy RADMIN result: IGNORE,  
> Database failure
> Wed Mar 14 13:29:02 2007: ERR: Attribute number 66 is not defined  
> in your dictionary
> Wed Mar 14 13:29:02 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code:       Accounting-Request
> Identifier: 7
> Authentic:  <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
> Attributes:
>         User-Name = "user1"
>         NAS-Port = 1831
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Framed-IP-Address = 10.0.200.140
>         Class = "testme"
>         Calling-Station-Id = "192.168.254.254"
>         Acct-Status-Type = Start
>         Acct-Session-Id = "FB0003EB"
>         Acct-Authentic = RADIUS
>         Acct-Delay-Time = 0
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:02 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:02 2007: DEBUG:  Adding session for user1,  
> 10.0.202.2, 1831
> Wed Mar 14 13:29:02 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:02 2007: DEBUG: Handling accounting with  
> Radius::AuthRADMIN
> Wed Mar 14 13:29:02 2007: DEBUG: do query is: 'update RADUSERS set  
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,  
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
> Wed Mar 14 13:29:02 2007: DEBUG: do query is: 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.0
> Wed Mar 14 13:29:02 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:02 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:02 2007: DEBUG: AuthBy RADMIN result: IGNORE,  
> Database failure
> Wed Mar 14 13:29:03 2007: ERR: Attribute number 66 is not defined  
> in your dictionary
> Wed Mar 14 13:29:03 2007: DEBUG: Packet dump:
> *** Received from 10.0.202.2 port 1563 ....
> Code:       Accounting-Request
> Identifier: 7
> Authentic:  <131><23>c<253>^<179><11>%<248><12>p<130><197>d<228><175>
> Attributes:
>         User-Name = "user1"
>         NAS-Port = 1831
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Framed-IP-Address = 10.0.200.140
>         Class = "testme"
>         Calling-Station-Id = "192.168.254.254"
>         Acct-Status-Type = Start
>         Acct-Session-Id = "FB0003EB"
>         Acct-Authentic = RADIUS
>         Acct-Delay-Time = 0
>         NAS-IP-Address = 10.0.202.2
>         NAS-Port-Type = Virtual
>
> Wed Mar 14 13:29:03 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Mar 14 13:29:03 2007: DEBUG:  Adding session for user1,  
> 10.0.202.2, 1831
> Wed Mar 14 13:29:03 2007: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 14 13:29:03 2007: DEBUG: Handling accounting with  
> Radius::AuthRADMIN
> Wed Mar 14 13:29:03 2007: DEBUG: do query is: 'update RADUSERS set  
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,  
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='user1'':
> Wed Mar 14 13:29:03 2007: DEBUG: do query is: 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.0
> Wed Mar 14 13:29:03 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:03 2007: ERR: do failed for 'insert into RADUSAGE  
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CALLINGSTATIONID,FRAMEDIPA 
> DDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'FB0003EB',1,'192.168.254.254','10.
> Wed Mar 14 13:29:03 2007: DEBUG: AuthBy RADMIN result: IGNORE,  
> Database failure
>
>
>
>
>
> ---------------------------------------------------------------------- 
> -----------------------------------------------------------------
>
> afasdf# cat radmin_otp_internode.cfg
> # radmin_otp_internode.cfg
> #
> # Example Radiator configuration file showing how to do One-Time- 
> Passwords
> # delivered by SMS, using the Internode NodeText Gateway, a  
> commercial SMS gateway
> # available from Internode in Australia.
> #
> # The NodeText Gateway is a high reliability, high performance SMS  
> Gateway
> # for Australian SMS numbers. Works with GSM, CDMA. Works with  
> Telstra, Optus
> # and Vodafone networks. Billing of SMS delivery charges can be to  
> the sender,
> # or the receiver. The Internode NodeText Gateway can also apply a  
> range of special
> # features, such as name to SMS number translation etc. Multiple  
> recipients,
> # message splitting etc are supported.
> # They also offer an email-to-SMS gateway.
> #
> # The NodeText Gateway requires a username and password to  
> authenticate the sender,
> # you have to get these from Internode when you sign up for the  
> service.
> #
> # As per 'NodeText Gateway User Guide', 22/05/2006
> # Internode SMS gateway access for Australian SMS number is available
> # from http://www.internode.on.net
> # and
> # http://www.internode.on.net/products/sms.htm
> #
> # This fully working example allows your users to be administered  
> with Radmin,
> # using One-Time-Passwords delivered to the user by SMS.
> #
> # When a valid user attempts to log in with an empty password,
> # AuthBy OTP will generate a new random password (according to a  
> configurable
> # pattern) and send it to the users SMS number. The SMS number is  
> stored in the
> # Radmin Full Name field as a complete SMS number including the  
> '61' Australian
> # country code prefix, eg '61414999999'
> # When the user receives the OTP via SMS, they then log in again
> # with the password they received
> #
> # To test:
> # Install Radiator
> # Install RAdmin
> # Create a new user in RAdmin, enter their Australian SMS number in  
> the RAdmin
> #  Full Name field
> # Get an SMS senders account from Internode
> # Modify this config file by changing YOURINTERNODEUSER,  
> YOURINTERNODEPASS
> # Run Radiator with this config file:
> #  perl radius goodies/radmin_otp_internode.cfg -trace 4
> # Test with radpwtst:
> #  perl radpwtst -interactive -noacct -user THERADMINUSERNAME - 
> password ""
> #  OTP Challenge: Wait for your password via SMS
> #  EnterYourSMSPasswordHere
> #
> # You should consider this file to be a starting point only
> # $Id $
>
> Foreground
> LogStdout
> AuthPort        1645
> AcctPort        1646
> LogFile         %L/logfile2
> LogDir          /var/log/radius
> DbDir           /etc/radiator
> DictionaryFile %D/dictionary.cisco
> PreClientHook file:"%D/alterNASPort"
>
> SnmpgetProg /usr/local/bin/snmpget
> SnmpwalkProg /usr/local/bin/snmpwalk
>
>
> Trace 4
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
>
> <Client DEFAULT>
>         Secret  SETECASTRONOMY
>         DupInterval 0
>         NasType Cisco
> </Client>
>
>
> # Handle everyone with RADMIN, then OTP
> <Realm DEFAULT>
>         # Ensure we first check the username validity with Radmin
>         # and then check the password with OTP afterwards
>         AuthByPolicy ContinueWhileAccept
>
>         # Check username validity etc with RAdmin:
>         <AuthBy RADMIN>
>
>                 # Change DBSource, DBUsername, DBAuth for your  
> database
>                 # See the reference manual. You will also have to
>                 # change the one in <SessionDatabse SQL> below
>                 # so its the same
>                 DBSource        dbi:mysql:radmin:localhost
>                 DBUsername      radmin
>                 DBAuth          SETECASTRONOMY
>
>                 # Never look up the DEFAULT user
>                 NoDefault
>
>                 # AuthBy OTP below will check the password
>                 NoCheckPassword
>
>                 # Here we set up a custom select query that gets  
> the FULLNAME
>                 # column, where we are storing the users SMS number
>                 AuthSelect select PASS_WORD, STATICADDRESS,  
> TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,  
> FULLNAME from RADUSERS where USERNAME=%0
>
>                 # Here we add the users SMS number from the  
> FULLNAME column
>                 # to the incoming request
>                 # so AuthBy OTP will get it below
>                 AuthColumnDef 0, SMS-Number, request
>
>                 # You can add to or change these if you want, but you
>                 # will probably want to change the database schema  
> first
>                 AccountingTable RADUSAGE
>                 AcctColumnDef   USERNAME,User-Name
>                 AcctColumnDef   PASS_WORD,Password
>                 AcctColumnDef   TIME_STAMP,Timestamp,integer
>                 AcctColumnDef   ACCTSTATUSTYPE,Acct-Status- 
> Type,integer
>                 AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>                 AcctColumnDef   ACCTINPUTOCTETS,Acct-Input- 
> Octets,integer
>                 AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output- 
> Octets,integer
>                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>                 AcctColumnDef   ACCTSESSIONTIME,Acct-Session- 
> Time,integer
>                 AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate- 
> Cause,integer
>                 AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>                 AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
>                 AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>                 AcctColumnDef   NASPORT,NAS-Port,integer
>                 AcctColumnDef   DNIS,Called-Station-Id
>                 AcctColumnDef   CALLINGSTATIONID,Calling-Station-Id
>
>                 # This updates the time and octets left
>                 # for this user
>                 AcctSQLStatement update RADUSERS set  
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},  
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},  
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
>         </AuthBy>
>
>  </AuthBy>
>
>
>         # If the username is valid etc then we get to here and  
> issue or check
>         # the One-Time-Pasword
>         <AuthBy OTP>
>                 # This hook generates a new random password and  
> sends it
>                 # to the users SMS number (which we got from the  
> FULLNAME column
>                 # in the Radmin database above), using the  
> Internode NodeText
>                 # https gateway.
>                 # You have to edit 'user' and 'pass' with the username
>                 # and password of your Internode SMS sender account
>                 # You can configure 'test' to 1 to prevent sending  
> and charging
>                 # of the SMS by Internode
>                 ChallengeHook sub {\
>                  use Radius::SMS::Internode;\
>                  my ($self, $user, $p, $context) = @_;\
>                  $context->{otp_password} = $self->generate_password 
> ();\
>                  my $errormsg = $self->sms_internode(\
>                    debug => '-',\
>                    user => 'YOURINTERNODEUSER',\
>                    pass => 'YOURINTERNODEPASS',\
>                    dest => $p->get_attr('SMS-Number'),\
>                    msg   => "Password: $context->{otp_password}",\
>                    test => 1);\
>                  return (defined $errormsg) ? undef : 'Wait for  
> your password via SMS';\
>                 }
>
>         </AuthBy>
>
>         # This clause logs all authentication successes and  
> failures to the RADAUTHLOG table
>         # Suitable for use with RAdmin version 1.6 or later
>         <AuthLog SQL>
>                 # This database spec usually should be exactly the  
> same
>                 # as in <AuthBy RADMIN> above
>                 DBSource        dbi:mysql:radmin:localhost
>                 DBUsername      radmin
>                 DBAuth          SETECASTRONOMY
>
>                 LogSuccess
>                 SuccessQuery insert into RADAUTHLOG (TIME_STAMP,  
> USERNAME, TYPE) values (%t, '%n', 1)
>                 LogFailure
>                 FailureQuery insert into RADAUTHLOG (TIME_STAMP,  
> USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
>         </AuthLog>
>
> </Realm>
>
> <SessionDatabase SQL>
>         # This database spec usually should be exactly the same
>         # as in <AuthBy RADMIN> above
>         DBSource        dbi:mysql:radmin:localhost
>         DBUsername      radmin
>         DBAuth          SETECASTRONOMY
>
> </SessionDatabase>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list