(RADIATOR) Chilispot

Hugh Irvine hugh at open.com.au
Fri May 11 18:23:35 CDT 2007 

Hello Derek -

The first thing I would check is the shared secrets.

You should probably start with a simple AuthBy FILE to begin with,  
and once you have that working correctly you can go on to using SQL.

regards

Hugh


On 12 May 2007, at 07:17, Derek Slaven wrote:

> Hi,
>
> Trying to create a hotspot using Chilispot which connects to Win2k3  
> radius server.  Running a trace 5 debug on radiator produces a  
> report saying connection reject due to bad password.  These are the  
> applications I am using for this environment.  I have included the  
> debug report below
>
>
>
> Perl 5.6.1
>
> Radiator 3.17.1
>
> SQL2000sp3
>
>
>
> Cheers,
>
> Derek
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Thu May 10 16:28:26 2007: NOTICE: Server started: Radiator 3.17.1  
> on radius4
>
> Thu May 10 16:30:08 2007: DEBUG: Packet dump:
>
> *** Received from 192.168.1.1 port 2067 ....
>
>
>
> Packet length = 197
>
> 01 00 00 c5 e5 f2 3a 36 a9 98 71 fd ce a6 22 f6
>
> 28 e5 89 e9 01 08 64 65 72 65 6b 73 02 12 d6 4f
>
> e4 06 ab f8 3b 5e 23 97 c6 b6 81 5b 8e 18 04 06
>
> 00 00 00 00 06 06 00 00 00 01 08 06 c0 a8 b6 04
>
> 1f 13 30 30 2d 31 32 2d 31 37 2d 46 39 2d 31 44
>
> 2d 32 38 1e 13 30 30 2d 31 41 2d 37 30 2d 36 45
>
> 2d 46 37 2d 37 32 20 07 66 72 6f 64 6f 2c 12 34
>
> 36 34 33 66 66 32 34 30 30 30 30 30 30 30 32 3d
>
> 06 00 00 00 13 05 06 00 00 00 02 50 12 2c 38 7f
>
> 81 8a b0 a8 71 18 a5 75 29 7c fc 20 c4 1a 28 00
>
> 00 37 2a 03 22 68 74 74 70 3a 2f 2f 31 39 32 2e
>
> 31 36 38 2e 31 38 32 2e 31 3a 33 39 39 30 2f 6c
>
> 6f 67 6f 66 66
>
> Code:       Access-Request
>
> Identifier: 0
>
> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246> 
> (<229><137><233>
>
> Attributes:
>
>         User-Name = "dereks"
>
>         User-Password =  
> <214>O<228><6><171><248>;^#<151><198><182><129>[<142><24
>
> >
>
>         NAS-IP-Address = 0.0.0.0
>
>         Service-Type = Login-User
>
>         Framed-IP-Address = 192.168.182.4
>
>         Calling-Station-Id = "00-12-17-F9-1D-28"
>
>         Called-Station-Id = "00-1A-70-6E-F7-72"
>
>         NAS-Identifier = "frodo"
>
>         Acct-Session-Id = "4643ff2400000002"
>
>         NAS-Port-Type = Wireless-IEEE-802-11
>
>         NAS-Port = 2
>
>         Message-Authenticator = , 
> 8<127><129><138><176><168>q<24><165>u)|<252> <1
>
> 96>
>
>         WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
>
>
>
> Thu May 10 16:30:08 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
>
> Thu May 10 16:30:08 2007: DEBUG: Rewrote user name to dereks
>
> Thu May 10 16:30:08 2007: DEBUG:  Deleting session for dereks,  
> 0.0.0.0, 2
>
> Thu May 10 16:30:08 2007: DEBUG: Handling with Radius::AuthEMERALD
>
> Thu May 10 16:30:08 2007: DEBUG: Handling with Radius::AuthEMERALD:
>
> Thu May 10 16:30:08 2007: DEBUG: Query is: 'select DateAdd(Day,  
> ma.extension+ma.
>
> overdue, maExpireDate),
>
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,  
> sa.AccountType,
>
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>
> from masteraccounts ma, subaccounts sa
>
> where (sa.login = 'dereks' or sa.shell = 'dereks')
>
> and ma.customerid = sa.customerid
>
> and sa.active <> 0 and ma.active <> 0':
>
> Thu May 10 16:30:09 2007: DEBUG: Select results: 2008-05-10  
> 16:30:09.107, 2008-0
>
> 5-10 16:30:09.107, 1271, PPP, idontthinkso, dereks, , , 2
>
> Thu May 10 16:30:09 2007: DEBUG: Query is: 'select  
> ra.RadAttributeID, ra.RadVend
>
> orID,
>
> ra.RadVendorType,
>
> Data, Value, Type, RadCheck
>
> from RadConfigs rc, RadAttributes ra
>
> where ra.RadAttributeID = rc.RadAttributeID
>
> and ra.RadVendorID = rc.RadVendorID
>
> and ra.RadVendorType = rc.RadVendorType
>
> and rc.AccountID=1271':
>
> Thu May 10 16:30:09 2007: DEBUG: Query is: 'select  
> ra.RadAttributeID, ra.RadVend
>
> orID,
>
> ra.RadVendorType,
>
> Data, Value, Type, RadCheck
>
> from RadATConfigs rc, RadAttributes ra
>
> where ra.RadAttributeID = rc.RadAttributeID
>
> and ra.RadVendorID = rc.RadVendorID
>
> and ra.RadVendorType = rc.RadVendorType
>
> and rc.AccountType='PPP'':
>
> Thu May 10 16:30:09 2007: DEBUG: Radius::AuthEMERALD looks for  
> match with dereks
>
>  [dereks]
>
> Thu May 10 16:30:09 2007: DEBUG: Radius::AuthEMERALD REJECT: Bad  
> Password: derek
>
> s [dereks]
>
> Thu May 10 16:30:10 2007: DEBUG: Query is: 'select DateAdd(Day,  
> ma.extension+ma.
>
> overdue, maExpireDate),
>
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,  
> sa.AccountType,
>
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>
> from masteraccounts ma, subaccounts sa
>
> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
>
> and ma.customerid = sa.customerid
>
> and sa.active <> 0 and ma.active <> 0':
>
> Thu May 10 16:30:10 2007: DEBUG: AuthBy EMERALD result: REJECT, Bad  
> Password
>
> Thu May 10 16:30:10 2007: INFO: Access rejected for dereks: Bad  
> Password
>
> Thu May 10 16:30:10 2007: DEBUG: Packet dump:
>
> *** Sending to 192.168.1.1 port 2067 ....
>
>
>
> Packet length = 36
>
> 03 00 00 24 b9 ae 52 2d 42 eb 43 f8 3a 4c b8 75
>
> 2b 70 6a 66 12 10 52 65 71 75 65 73 74 20 44 65
>
> 6e 69 65 64
>
> Code:       Access-Reject
>
> Identifier: 0
>
> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246> 
> (<229><137><233>
>
> Attributes:
>
>         Reply-Message = "Request Denied"
>
>
>
> Thu May 10 16:30:10 2007: DEBUG: Packet dump:
>
> *** Received from 192.168.1.1 port 2067 ....
>
>
>
> Packet length = 197
>
> 01 00 00 c5 e5 f2 3a 36 a9 98 71 fd ce a6 22 f6
>
> 28 e5 89 e9 01 08 64 65 72 65 6b 73 02 12 d6 4f
>
> e4 06 ab f8 3b 5e 23 97 c6 b6 81 5b 8e 18 04 06
>
> 00 00 00 00 06 06 00 00 00 01 08 06 c0 a8 b6 04
>
> 1f 13 30 30 2d 31 32 2d 31 37 2d 46 39 2d 31 44
>
> 2d 32 38 1e 13 30 30 2d 31 41 2d 37 30 2d 36 45
>
> 2d 46 37 2d 37 32 20 07 66 72 6f 64 6f 2c 12 34
>
> 36 34 33 66 66 32 34 30 30 30 30 30 30 30 32 3d
>
> 06 00 00 00 13 05 06 00 00 00 02 50 12 2c 38 7f
>
> 81 8a b0 a8 71 18 a5 75 29 7c fc 20 c4 1a 28 00
>
> 00 37 2a 03 22 68 74 74 70 3a 2f 2f 31 39 32 2e
>
> 31 36 38 2e 31 38 32 2e 31 3a 33 39 39 30 2f 6c
>
> 6f 67 6f 66 66
>
> Code:       Access-Request
>
> Identifier: 0
>
> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246> 
> (<229><137><233>
>
> Attributes:
>
>         User-Name = "dereks"
>
>         User-Password =  
> <214>O<228><6><171><248>;^#<151><198><182><129>[<142><24
>
> >
>
>         NAS-IP-Address = 0.0.0.0
>
>         Service-Type = Login-User
>
>         Framed-IP-Address = 192.168.182.4
>
>         Calling-Station-Id = "00-12-17-F9-1D-28"
>
>         Called-Station-Id = "00-1A-70-6E-F7-72"
>
>         NAS-Identifier = "frodo"
>
>         Acct-Session-Id = "4643ff2400000002"
>
>         NAS-Port-Type = Wireless-IEEE-802-11
>
>         NAS-Port = 2
>
>         Message-Authenticator = , 
> 8<127><129><138><176><168>q<24><165>u)|<252> <1
>
> 96>
>
>         WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
>
>
>
> Thu May 10 16:30:11 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
>
> Thu May 10 16:30:11 2007: DEBUG: Rewrote user name to dereks
>
> Thu May 10 16:30:11 2007: DEBUG:  Deleting session for dereks,  
> 0.0.0.0, 2
>
> Thu May 10 16:30:11 2007: DEBUG: Handling with Radius::AuthEMERALD
>
> Thu May 10 16:30:11 2007: DEBUG: Handling with Radius::AuthEMERALD:
>
> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select DateAdd(Day,  
> ma.extension+ma.
>
> overdue, maExpireDate),
>
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,  
> sa.AccountType,
>
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>
> from masteraccounts ma, subaccounts sa
>
> where (sa.login = 'dereks' or sa.shell = 'dereks')
>
> and ma.customerid = sa.customerid
>
> and sa.active <> 0 and ma.active <> 0':
>
> Thu May 10 16:30:11 2007: DEBUG: Select results: 2008-05-10  
> 16:30:11.607, 2008-0
>
> 5-10 16:30:11.607, 1271, PPP, idontthinkso, dereks, , , 2
>
> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select  
> ra.RadAttributeID, ra.RadVend
>
> orID,
>
> ra.RadVendorType,
>
> Data, Value, Type, RadCheck
>
> from RadConfigs rc, RadAttributes ra
>
> where ra.RadAttributeID = rc.RadAttributeID
>
> and ra.RadVendorID = rc.RadVendorID
>
> and ra.RadVendorType = rc.RadVendorType
>
> and rc.AccountID=1271':
>
> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select  
> ra.RadAttributeID, ra.RadVend
>
> orID,
>
> ra.RadVendorType,
>
> Data, Value, Type, RadCheck
>
> from RadATConfigs rc, RadAttributes ra
>
> where ra.RadAttributeID = rc.RadAttributeID
>
> and ra.RadVendorID = rc.RadVendorID
>
> and ra.RadVendorType = rc.RadVendorType
>
> and rc.AccountType='PPP'':
>
> Thu May 10 16:30:12 2007: DEBUG: Radius::AuthEMERALD looks for  
> match with dereks
>
>  [dereks]
>
> Thu May 10 16:30:12 2007: DEBUG: Radius::AuthEMERALD REJECT: Bad  
> Password: derek
>
> s [dereks]
>
> Thu May 10 16:30:12 2007: DEBUG: Query is: 'select DateAdd(Day,  
> ma.extension+ma.
>
> overdue, maExpireDate),
>
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,  
> sa.AccountType,
>
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>
> from masteraccounts ma, subaccounts sa
>
> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
>
> and ma.customerid = sa.customerid
>
> and sa.active <> 0 and ma.active <> 0':
>
> Thu May 10 16:30:12 2007: DEBUG: AuthBy EMERALD result: REJECT, Bad  
> Password
>
> Thu May 10 16:30:12 2007: INFO: Access rejected for dereks: Bad  
> Password
>
> Thu May 10 16:30:12 2007: DEBUG: Packet dump:
>
> *** Sending to 192.168.1.1 port 2067 ....
>
>
>
> Packet length = 36
>
> 03 00 00 24 b9 ae 52 2d 42 eb 43 f8 3a 4c b8 75
>
> 2b 70 6a 66 12 10 52 65 71 75 65 73 74 20 44 65
>
> 6e 69 65 64
>
> Code:       Access-Reject
>
> Identifier: 0
>
> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246> 
> (<229><137><233>
>
> Attributes:
>
>         Reply-Message = "Request Denied"
>
>
>
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list