(RADIATOR) Chilispot

Derek Slaven dereks at CSL.WS
Thu May 24 19:55:40 CDT 2007


Hello Hugh,
I have tried using AuthBy FILE but still the same problem.  Shared secrets are the same so no problems there.  However, authentication fails and indicates that the password submitted from Chilispot is incorrect.
When I check the password log file this is what it shows.

Tue May 22 13:38:02 2007:1179880682:dereks:i¥‰g)Aˆ¥Zªz?®I:password:FAIL
Tue May 22 13:45:01 2007:1179881101:dereks:Ë~ç·ßà<s”$†¯:password:FAIL
Tue May 22 14:34:10 2007:1179884050:dereks:¢
pŒÓ²KïdsóXÖ.:password:FAIL

It appears that radiator cannot make sense of the password that is sent to it from Chilispot.  Would you have any clues what could cause this?

Cheers,
Derek

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Friday, 11 May 2007 12:24 p.m.
To: Derek Slaven
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Chilispot


Hello Derek -

The first thing I would check is the shared secrets.

You should probably start with a simple AuthBy FILE to begin with,  
and once you have that working correctly you can go on to using SQL.

regards

Hugh


On 12 May 2007, at 07:17, Derek Slaven wrote:

> Hi,
>
> Trying to create a hotspot using Chilispot which connects to Win2k3  
> radius server.  Running a trace 5 debug on radiator produces a  
> report saying connection reject due to bad password.  These are the  
> applications I am using for this environment.  I have included the  
> debug report below
>
>
>
> Perl 5.6.1
>
> Radiator 3.17.1
>
> SQL2000sp3
>
>
>
> Cheers,
>
> Derek
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Thu May 10 16:28:26 2007: NOTICE: Server started: Radiator 3.17.1  
> on radius4
>
> Thu May 10 16:30:08 2007: DEBUG: Packet dump:
>
> *** Received from 192.168.1.1 port 2067 ....
>
>
>
> Packet length = 197
>
> 01 00 00 c5 e5 f2 3a 36 a9 98 71 fd ce a6 22 f6
>
> 28 e5 89 e9 01 08 64 65 72 65 6b 73 02 12 d6 4f
>
> e4 06 ab f8 3b 5e 23 97 c6 b6 81 5b 8e 18 04 06
>
> 00 00 00 00 06 06 00 00 00 01 08 06 c0 a8 b6 04
>
> 1f 13 30 30 2d 31 32 2d 31 37 2d 46 39 2d 31 44
>
> 2d 32 38 1e 13 30 30 2d 31 41 2d 37 30 2d 36 45
>
> 2d 46 37 2d 37 32 20 07 66 72 6f 64 6f 2c 12 34
>
> 36 34 33 66 66 32 34 30 30 30 30 30 30 30 32 3d
>
> 06 00 00 00 13 05 06 00 00 00 02 50 12 2c 38 7f
>
> 81 8a b0 a8 71 18 a5 75 29 7c fc 20 c4 1a 28 00
>
> 00 37 2a 03 22 68 74 74 70 3a 2f 2f 31 39 32 2e
>
> 31 36 38 2e 31 38 32 2e 31 3a 33 39 39 30 2f 6c
>
> 6f 67 6f 66 66
>
> Code:       Access-Request
>
> Identifier: 0
>
> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246> 
> (<229><137><233>
>
> Attributes:
>
>         User-Name = "dereks"
>
>         User-Password =  
> <214>O<228><6><171><248>;^#<151><198><182><129>[<142><24
>
> >
>
>         NAS-IP-Address = 0.0.0.0
>
>         Service-Type = Login-User
>
>         Framed-IP-Address = 192.168.182.4
>
>         Calling-Station-Id = "00-12-17-F9-1D-28"
>
>         Called-Station-Id = "00-1A-70-6E-F7-72"
>
>         NAS-Identifier = "frodo"
>
>         Acct-Session-Id = "4643ff2400000002"
>
>         NAS-Port-Type = Wireless-IEEE-802-11
>
>         NAS-Port = 2
>
>         Message-Authenticator = , 
> 8<127><129><138><176><168>q<24><165>u)|<252> <1
>
> 96>
>
>         WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
>
>
>
> Thu May 10 16:30:08 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
>
> Thu May 10 16:30:08 2007: DEBUG: Rewrote user name to dereks
>
> Thu May 10 16:30:08 2007: DEBUG:  Deleting session for dereks,  
> 0.0.0.0, 2
>
> Thu May 10 16:30:08 2007: DEBUG: Handling with Radius::AuthEMERALD
>
> Thu May 10 16:30:08 2007: DEBUG: Handling with Radius::AuthEMERALD:
>
> Thu May 10 16:30:08 2007: DEBUG: Query is: 'select DateAdd(Day,  
> ma.extension+ma.
>
> overdue, maExpireDate),
>
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,  
> sa.AccountType,
>
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>
> from masteraccounts ma, subaccounts sa
>
> where (sa.login = 'dereks' or sa.shell = 'dereks')
>
> and ma.customerid = sa.customerid
>
> and sa.active <> 0 and ma.active <> 0':
>
> Thu May 10 16:30:09 2007: DEBUG: Select results: 2008-05-10  
> 16:30:09.107, 2008-0
>
> 5-10 16:30:09.107, 1271, PPP, idontthinkso, dereks, , , 2
>
> Thu May 10 16:30:09 2007: DEBUG: Query is: 'select  
> ra.RadAttributeID, ra.RadVend
>
> orID,
>
> ra.RadVendorType,
>
> Data, Value, Type, RadCheck
>
> from RadConfigs rc, RadAttributes ra
>
> where ra.RadAttributeID = rc.RadAttributeID
>
> and ra.RadVendorID = rc.RadVendorID
>
> and ra.RadVendorType = rc.RadVendorType
>
> and rc.AccountID=1271':
>
> Thu May 10 16:30:09 2007: DEBUG: Query is: 'select  
> ra.RadAttributeID, ra.RadVend
>
> orID,
>
> ra.RadVendorType,
>
> Data, Value, Type, RadCheck
>
> from RadATConfigs rc, RadAttributes ra
>
> where ra.RadAttributeID = rc.RadAttributeID
>
> and ra.RadVendorID = rc.RadVendorID
>
> and ra.RadVendorType = rc.RadVendorType
>
> and rc.AccountType='PPP'':
>
> Thu May 10 16:30:09 2007: DEBUG: Radius::AuthEMERALD looks for  
> match with dereks
>
>  [dereks]
>
> Thu May 10 16:30:09 2007: DEBUG: Radius::AuthEMERALD REJECT: Bad  
> Password: derek
>
> s [dereks]
>
> Thu May 10 16:30:10 2007: DEBUG: Query is: 'select DateAdd(Day,  
> ma.extension+ma.
>
> overdue, maExpireDate),
>
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,  
> sa.AccountType,
>
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>
> from masteraccounts ma, subaccounts sa
>
> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
>
> and ma.customerid = sa.customerid
>
> and sa.active <> 0 and ma.active <> 0':
>
> Thu May 10 16:30:10 2007: DEBUG: AuthBy EMERALD result: REJECT, Bad  
> Password
>
> Thu May 10 16:30:10 2007: INFO: Access rejected for dereks: Bad  
> Password
>
> Thu May 10 16:30:10 2007: DEBUG: Packet dump:
>
> *** Sending to 192.168.1.1 port 2067 ....
>
>
>
> Packet length = 36
>
> 03 00 00 24 b9 ae 52 2d 42 eb 43 f8 3a 4c b8 75
>
> 2b 70 6a 66 12 10 52 65 71 75 65 73 74 20 44 65
>
> 6e 69 65 64
>
> Code:       Access-Reject
>
> Identifier: 0
>
> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246> 
> (<229><137><233>
>
> Attributes:
>
>         Reply-Message = "Request Denied"
>
>
>
> Thu May 10 16:30:10 2007: DEBUG: Packet dump:
>
> *** Received from 192.168.1.1 port 2067 ....
>
>
>
> Packet length = 197
>
> 01 00 00 c5 e5 f2 3a 36 a9 98 71 fd ce a6 22 f6
>
> 28 e5 89 e9 01 08 64 65 72 65 6b 73 02 12 d6 4f
>
> e4 06 ab f8 3b 5e 23 97 c6 b6 81 5b 8e 18 04 06
>
> 00 00 00 00 06 06 00 00 00 01 08 06 c0 a8 b6 04
>
> 1f 13 30 30 2d 31 32 2d 31 37 2d 46 39 2d 31 44
>
> 2d 32 38 1e 13 30 30 2d 31 41 2d 37 30 2d 36 45
>
> 2d 46 37 2d 37 32 20 07 66 72 6f 64 6f 2c 12 34
>
> 36 34 33 66 66 32 34 30 30 30 30 30 30 30 32 3d
>
> 06 00 00 00 13 05 06 00 00 00 02 50 12 2c 38 7f
>
> 81 8a b0 a8 71 18 a5 75 29 7c fc 20 c4 1a 28 00
>
> 00 37 2a 03 22 68 74 74 70 3a 2f 2f 31 39 32 2e
>
> 31 36 38 2e 31 38 32 2e 31 3a 33 39 39 30 2f 6c
>
> 6f 67 6f 66 66
>
> Code:       Access-Request
>
> Identifier: 0
>
> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246> 
> (<229><137><233>
>
> Attributes:
>
>         User-Name = "dereks"
>
>         User-Password =  
> <214>O<228><6><171><248>;^#<151><198><182><129>[<142><24
>
> >
>
>         NAS-IP-Address = 0.0.0.0
>
>         Service-Type = Login-User
>
>         Framed-IP-Address = 192.168.182.4
>
>         Calling-Station-Id = "00-12-17-F9-1D-28"
>
>         Called-Station-Id = "00-1A-70-6E-F7-72"
>
>         NAS-Identifier = "frodo"
>
>         Acct-Session-Id = "4643ff2400000002"
>
>         NAS-Port-Type = Wireless-IEEE-802-11
>
>         NAS-Port = 2
>
>         Message-Authenticator = , 
> 8<127><129><138><176><168>q<24><165>u)|<252> <1
>
> 96>
>
>         WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
>
>
>
> Thu May 10 16:30:11 2007: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
>
> Thu May 10 16:30:11 2007: DEBUG: Rewrote user name to dereks
>
> Thu May 10 16:30:11 2007: DEBUG:  Deleting session for dereks,  
> 0.0.0.0, 2
>
> Thu May 10 16:30:11 2007: DEBUG: Handling with Radius::AuthEMERALD
>
> Thu May 10 16:30:11 2007: DEBUG: Handling with Radius::AuthEMERALD:
>
> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select DateAdd(Day,  
> ma.extension+ma.
>
> overdue, maExpireDate),
>
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,  
> sa.AccountType,
>
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>
> from masteraccounts ma, subaccounts sa
>
> where (sa.login = 'dereks' or sa.shell = 'dereks')
>
> and ma.customerid = sa.customerid
>
> and sa.active <> 0 and ma.active <> 0':
>
> Thu May 10 16:30:11 2007: DEBUG: Select results: 2008-05-10  
> 16:30:11.607, 2008-0
>
> 5-10 16:30:11.607, 1271, PPP, idontthinkso, dereks, , , 2
>
> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select  
> ra.RadAttributeID, ra.RadVend
>
> orID,
>
> ra.RadVendorType,
>
> Data, Value, Type, RadCheck
>
> from RadConfigs rc, RadAttributes ra
>
> where ra.RadAttributeID = rc.RadAttributeID
>
> and ra.RadVendorID = rc.RadVendorID
>
> and ra.RadVendorType = rc.RadVendorType
>
> and rc.AccountID=1271':
>
> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select  
> ra.RadAttributeID, ra.RadVend
>
> orID,
>
> ra.RadVendorType,
>
> Data, Value, Type, RadCheck
>
> from RadATConfigs rc, RadAttributes ra
>
> where ra.RadAttributeID = rc.RadAttributeID
>
> and ra.RadVendorID = rc.RadVendorID
>
> and ra.RadVendorType = rc.RadVendorType
>
> and rc.AccountType='PPP'':
>
> Thu May 10 16:30:12 2007: DEBUG: Radius::AuthEMERALD looks for  
> match with dereks
>
>  [dereks]
>
> Thu May 10 16:30:12 2007: DEBUG: Radius::AuthEMERALD REJECT: Bad  
> Password: derek
>
> s [dereks]
>
> Thu May 10 16:30:12 2007: DEBUG: Query is: 'select DateAdd(Day,  
> ma.extension+ma.
>
> overdue, maExpireDate),
>
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,  
> sa.AccountType,
>
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>
> from masteraccounts ma, subaccounts sa
>
> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
>
> and ma.customerid = sa.customerid
>
> and sa.active <> 0 and ma.active <> 0':
>
> Thu May 10 16:30:12 2007: DEBUG: AuthBy EMERALD result: REJECT, Bad  
> Password
>
> Thu May 10 16:30:12 2007: INFO: Access rejected for dereks: Bad  
> Password
>
> Thu May 10 16:30:12 2007: DEBUG: Packet dump:
>
> *** Sending to 192.168.1.1 port 2067 ....
>
>
>
> Packet length = 36
>
> 03 00 00 24 b9 ae 52 2d 42 eb 43 f8 3a 4c b8 75
>
> 2b 70 6a 66 12 10 52 65 71 75 65 73 74 20 44 65
>
> 6e 69 65 64
>
> Code:       Access-Reject
>
> Identifier: 0
>
> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246> 
> (<229><137><233>
>
> Attributes:
>
>         Reply-Message = "Request Denied"
>
>
>
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.






--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list