(RADIATOR) Chilispot

Hugh Irvine hugh at open.com.au
Thu May 24 23:35:00 CDT 2007


Hello Derek -

You should test the Radiator part of this independently with the  
radpwtst utility included in the Radiator distribution.


	cd /your/Radaitor/distribution

	perl radpwtst -auth_port .... -acct_port ..... -secret ..... - 
user ...... -password ......


Here is the help for radpwtst:

Radiator-3.17.1 hugh$ perl radpwtst -h

usage: radpwtst [-h] [-time] [-iterations n]
           [-trace [level]] [-s server] [-secret secret]
           [-noauth] [-noacct][-nostart] [-nostop] [-status]
           [-chap] [-mschap] [-mschapv2] [-eapmd5] [-eapotp] [- 
eapgtc] [-sip]
           [-eaphex xxxxxxxxxxxxx]
           [-accton] [-acctoff] [-framed_ip_address address]
           [-auth_port port] [-acct_port port] [-identifier n]
           [-user username] [-password password]
           [-nas_ip_address address] [-nas_identifier string]
           [-nas_port port] [-nas_port_type type] [-service_type  
service]
           [-calling_station_id string] [-called_station_id string]
           [-session_id string] [-interactive]
           [-delay_time n] [-session_time n] [-input_octets n]
           [-output_octets n] [-timeout n] [-dictionary file,file]
           [-gui] [-class string] [-useoldascendpasswords]
           [-code requestcode] [-raw data] [-rawfile filename]
           [-rawfileseq filename]
           [-outport port] [-bind_address dotted-ip-address]
           [attribute=value]...


I am fairly certain that the problem is incorrect shared secrets.

regards

Hugh


On 25 May 2007, at 10:55, Derek Slaven wrote:

> Hello Hugh,
> I have tried using AuthBy FILE but still the same problem.  Shared  
> secrets are the same so no problems there.  However, authentication  
> fails and indicates that the password submitted from Chilispot is  
> incorrect.
> When I check the password log file this is what it shows.
>
> Tue May 22 13:38:02 2007:1179880682:dereks:i¥‰g)Aˆ¥Zªz? 
> ®I:password:FAIL
> Tue May 22 13:45:01  
> 2007:1179881101:dereks:Ë~ç·ßà<s”$†¯:password:FAIL
> Tue May 22 14:34:10 2007:1179884050:dereks:¢
> pŒÓ²KïdsóXÖ.:password:FAIL
>
> It appears that radiator cannot make sense of the password that is  
> sent to it from Chilispot.  Would you have any clues what could  
> cause this?
>
> Cheers,
> Derek
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Friday, 11 May 2007 12:24 p.m.
> To: Derek Slaven
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Chilispot
>
>
> Hello Derek -
>
> The first thing I would check is the shared secrets.
>
> You should probably start with a simple AuthBy FILE to begin with,
> and once you have that working correctly you can go on to using SQL.
>
> regards
>
> Hugh
>
>
> On 12 May 2007, at 07:17, Derek Slaven wrote:
>
>> Hi,
>>
>> Trying to create a hotspot using Chilispot which connects to Win2k3
>> radius server.  Running a trace 5 debug on radiator produces a
>> report saying connection reject due to bad password.  These are the
>> applications I am using for this environment.  I have included the
>> debug report below
>>
>>
>>
>> Perl 5.6.1
>>
>> Radiator 3.17.1
>>
>> SQL2000sp3
>>
>>
>>
>> Cheers,
>>
>> Derek
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Thu May 10 16:28:26 2007: NOTICE: Server started: Radiator 3.17.1
>> on radius4
>>
>> Thu May 10 16:30:08 2007: DEBUG: Packet dump:
>>
>> *** Received from 192.168.1.1 port 2067 ....
>>
>>
>>
>> Packet length = 197
>>
>> 01 00 00 c5 e5 f2 3a 36 a9 98 71 fd ce a6 22 f6
>>
>> 28 e5 89 e9 01 08 64 65 72 65 6b 73 02 12 d6 4f
>>
>> e4 06 ab f8 3b 5e 23 97 c6 b6 81 5b 8e 18 04 06
>>
>> 00 00 00 00 06 06 00 00 00 01 08 06 c0 a8 b6 04
>>
>> 1f 13 30 30 2d 31 32 2d 31 37 2d 46 39 2d 31 44
>>
>> 2d 32 38 1e 13 30 30 2d 31 41 2d 37 30 2d 36 45
>>
>> 2d 46 37 2d 37 32 20 07 66 72 6f 64 6f 2c 12 34
>>
>> 36 34 33 66 66 32 34 30 30 30 30 30 30 30 32 3d
>>
>> 06 00 00 00 13 05 06 00 00 00 02 50 12 2c 38 7f
>>
>> 81 8a b0 a8 71 18 a5 75 29 7c fc 20 c4 1a 28 00
>>
>> 00 37 2a 03 22 68 74 74 70 3a 2f 2f 31 39 32 2e
>>
>> 31 36 38 2e 31 38 32 2e 31 3a 33 39 39 30 2f 6c
>>
>> 6f 67 6f 66 66
>>
>> Code:       Access-Request
>>
>> Identifier: 0
>>
>> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246>
>> (<229><137><233>
>>
>> Attributes:
>>
>>         User-Name = "dereks"
>>
>>         User-Password =
>> <214>O<228><6><171><248>;^#<151><198><182><129>[<142><24
>>
>>>
>>
>>         NAS-IP-Address = 0.0.0.0
>>
>>         Service-Type = Login-User
>>
>>         Framed-IP-Address = 192.168.182.4
>>
>>         Calling-Station-Id = "00-12-17-F9-1D-28"
>>
>>         Called-Station-Id = "00-1A-70-6E-F7-72"
>>
>>         NAS-Identifier = "frodo"
>>
>>         Acct-Session-Id = "4643ff2400000002"
>>
>>         NAS-Port-Type = Wireless-IEEE-802-11
>>
>>         NAS-Port = 2
>>
>>         Message-Authenticator = ,
>> 8<127><129><138><176><168>q<24><165>u)|<252> <1
>>
>> 96>
>>
>>         WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
>>
>>
>>
>> Thu May 10 16:30:08 2007: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>>
>> Thu May 10 16:30:08 2007: DEBUG: Rewrote user name to dereks
>>
>> Thu May 10 16:30:08 2007: DEBUG:  Deleting session for dereks,
>> 0.0.0.0, 2
>>
>> Thu May 10 16:30:08 2007: DEBUG: Handling with Radius::AuthEMERALD
>>
>> Thu May 10 16:30:08 2007: DEBUG: Handling with Radius::AuthEMERALD:
>>
>> Thu May 10 16:30:08 2007: DEBUG: Query is: 'select DateAdd(Day,
>> ma.extension+ma.
>>
>> overdue, maExpireDate),
>>
>> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,
>> sa.AccountType,
>>
>> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>>
>> from masteraccounts ma, subaccounts sa
>>
>> where (sa.login = 'dereks' or sa.shell = 'dereks')
>>
>> and ma.customerid = sa.customerid
>>
>> and sa.active <> 0 and ma.active <> 0':
>>
>> Thu May 10 16:30:09 2007: DEBUG: Select results: 2008-05-10
>> 16:30:09.107, 2008-0
>>
>> 5-10 16:30:09.107, 1271, PPP, idontthinkso, dereks, , , 2
>>
>> Thu May 10 16:30:09 2007: DEBUG: Query is: 'select
>> ra.RadAttributeID, ra.RadVend
>>
>> orID,
>>
>> ra.RadVendorType,
>>
>> Data, Value, Type, RadCheck
>>
>> from RadConfigs rc, RadAttributes ra
>>
>> where ra.RadAttributeID = rc.RadAttributeID
>>
>> and ra.RadVendorID = rc.RadVendorID
>>
>> and ra.RadVendorType = rc.RadVendorType
>>
>> and rc.AccountID=1271':
>>
>> Thu May 10 16:30:09 2007: DEBUG: Query is: 'select
>> ra.RadAttributeID, ra.RadVend
>>
>> orID,
>>
>> ra.RadVendorType,
>>
>> Data, Value, Type, RadCheck
>>
>> from RadATConfigs rc, RadAttributes ra
>>
>> where ra.RadAttributeID = rc.RadAttributeID
>>
>> and ra.RadVendorID = rc.RadVendorID
>>
>> and ra.RadVendorType = rc.RadVendorType
>>
>> and rc.AccountType='PPP'':
>>
>> Thu May 10 16:30:09 2007: DEBUG: Radius::AuthEMERALD looks for
>> match with dereks
>>
>>  [dereks]
>>
>> Thu May 10 16:30:09 2007: DEBUG: Radius::AuthEMERALD REJECT: Bad
>> Password: derek
>>
>> s [dereks]
>>
>> Thu May 10 16:30:10 2007: DEBUG: Query is: 'select DateAdd(Day,
>> ma.extension+ma.
>>
>> overdue, maExpireDate),
>>
>> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,
>> sa.AccountType,
>>
>> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>>
>> from masteraccounts ma, subaccounts sa
>>
>> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
>>
>> and ma.customerid = sa.customerid
>>
>> and sa.active <> 0 and ma.active <> 0':
>>
>> Thu May 10 16:30:10 2007: DEBUG: AuthBy EMERALD result: REJECT, Bad
>> Password
>>
>> Thu May 10 16:30:10 2007: INFO: Access rejected for dereks: Bad
>> Password
>>
>> Thu May 10 16:30:10 2007: DEBUG: Packet dump:
>>
>> *** Sending to 192.168.1.1 port 2067 ....
>>
>>
>>
>> Packet length = 36
>>
>> 03 00 00 24 b9 ae 52 2d 42 eb 43 f8 3a 4c b8 75
>>
>> 2b 70 6a 66 12 10 52 65 71 75 65 73 74 20 44 65
>>
>> 6e 69 65 64
>>
>> Code:       Access-Reject
>>
>> Identifier: 0
>>
>> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246>
>> (<229><137><233>
>>
>> Attributes:
>>
>>         Reply-Message = "Request Denied"
>>
>>
>>
>> Thu May 10 16:30:10 2007: DEBUG: Packet dump:
>>
>> *** Received from 192.168.1.1 port 2067 ....
>>
>>
>>
>> Packet length = 197
>>
>> 01 00 00 c5 e5 f2 3a 36 a9 98 71 fd ce a6 22 f6
>>
>> 28 e5 89 e9 01 08 64 65 72 65 6b 73 02 12 d6 4f
>>
>> e4 06 ab f8 3b 5e 23 97 c6 b6 81 5b 8e 18 04 06
>>
>> 00 00 00 00 06 06 00 00 00 01 08 06 c0 a8 b6 04
>>
>> 1f 13 30 30 2d 31 32 2d 31 37 2d 46 39 2d 31 44
>>
>> 2d 32 38 1e 13 30 30 2d 31 41 2d 37 30 2d 36 45
>>
>> 2d 46 37 2d 37 32 20 07 66 72 6f 64 6f 2c 12 34
>>
>> 36 34 33 66 66 32 34 30 30 30 30 30 30 30 32 3d
>>
>> 06 00 00 00 13 05 06 00 00 00 02 50 12 2c 38 7f
>>
>> 81 8a b0 a8 71 18 a5 75 29 7c fc 20 c4 1a 28 00
>>
>> 00 37 2a 03 22 68 74 74 70 3a 2f 2f 31 39 32 2e
>>
>> 31 36 38 2e 31 38 32 2e 31 3a 33 39 39 30 2f 6c
>>
>> 6f 67 6f 66 66
>>
>> Code:       Access-Request
>>
>> Identifier: 0
>>
>> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246>
>> (<229><137><233>
>>
>> Attributes:
>>
>>         User-Name = "dereks"
>>
>>         User-Password =
>> <214>O<228><6><171><248>;^#<151><198><182><129>[<142><24
>>
>>>
>>
>>         NAS-IP-Address = 0.0.0.0
>>
>>         Service-Type = Login-User
>>
>>         Framed-IP-Address = 192.168.182.4
>>
>>         Calling-Station-Id = "00-12-17-F9-1D-28"
>>
>>         Called-Station-Id = "00-1A-70-6E-F7-72"
>>
>>         NAS-Identifier = "frodo"
>>
>>         Acct-Session-Id = "4643ff2400000002"
>>
>>         NAS-Port-Type = Wireless-IEEE-802-11
>>
>>         NAS-Port = 2
>>
>>         Message-Authenticator = ,
>> 8<127><129><138><176><168>q<24><165>u)|<252> <1
>>
>> 96>
>>
>>         WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
>>
>>
>>
>> Thu May 10 16:30:11 2007: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>>
>> Thu May 10 16:30:11 2007: DEBUG: Rewrote user name to dereks
>>
>> Thu May 10 16:30:11 2007: DEBUG:  Deleting session for dereks,
>> 0.0.0.0, 2
>>
>> Thu May 10 16:30:11 2007: DEBUG: Handling with Radius::AuthEMERALD
>>
>> Thu May 10 16:30:11 2007: DEBUG: Handling with Radius::AuthEMERALD:
>>
>> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select DateAdd(Day,
>> ma.extension+ma.
>>
>> overdue, maExpireDate),
>>
>> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,
>> sa.AccountType,
>>
>> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>>
>> from masteraccounts ma, subaccounts sa
>>
>> where (sa.login = 'dereks' or sa.shell = 'dereks')
>>
>> and ma.customerid = sa.customerid
>>
>> and sa.active <> 0 and ma.active <> 0':
>>
>> Thu May 10 16:30:11 2007: DEBUG: Select results: 2008-05-10
>> 16:30:11.607, 2008-0
>>
>> 5-10 16:30:11.607, 1271, PPP, idontthinkso, dereks, , , 2
>>
>> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select
>> ra.RadAttributeID, ra.RadVend
>>
>> orID,
>>
>> ra.RadVendorType,
>>
>> Data, Value, Type, RadCheck
>>
>> from RadConfigs rc, RadAttributes ra
>>
>> where ra.RadAttributeID = rc.RadAttributeID
>>
>> and ra.RadVendorID = rc.RadVendorID
>>
>> and ra.RadVendorType = rc.RadVendorType
>>
>> and rc.AccountID=1271':
>>
>> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select
>> ra.RadAttributeID, ra.RadVend
>>
>> orID,
>>
>> ra.RadVendorType,
>>
>> Data, Value, Type, RadCheck
>>
>> from RadATConfigs rc, RadAttributes ra
>>
>> where ra.RadAttributeID = rc.RadAttributeID
>>
>> and ra.RadVendorID = rc.RadVendorID
>>
>> and ra.RadVendorType = rc.RadVendorType
>>
>> and rc.AccountType='PPP'':
>>
>> Thu May 10 16:30:12 2007: DEBUG: Radius::AuthEMERALD looks for
>> match with dereks
>>
>>  [dereks]
>>
>> Thu May 10 16:30:12 2007: DEBUG: Radius::AuthEMERALD REJECT: Bad
>> Password: derek
>>
>> s [dereks]
>>
>> Thu May 10 16:30:12 2007: DEBUG: Query is: 'select DateAdd(Day,
>> ma.extension+ma.
>>
>> overdue, maExpireDate),
>>
>> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,
>> sa.AccountType,
>>
>> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>>
>> from masteraccounts ma, subaccounts sa
>>
>> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
>>
>> and ma.customerid = sa.customerid
>>
>> and sa.active <> 0 and ma.active <> 0':
>>
>> Thu May 10 16:30:12 2007: DEBUG: AuthBy EMERALD result: REJECT, Bad
>> Password
>>
>> Thu May 10 16:30:12 2007: INFO: Access rejected for dereks: Bad
>> Password
>>
>> Thu May 10 16:30:12 2007: DEBUG: Packet dump:
>>
>> *** Sending to 192.168.1.1 port 2067 ....
>>
>>
>>
>> Packet length = 36
>>
>> 03 00 00 24 b9 ae 52 2d 42 eb 43 f8 3a 4c b8 75
>>
>> 2b 70 6a 66 12 10 52 65 71 75 65 73 74 20 44 65
>>
>> 6e 69 65 64
>>
>> Code:       Access-Reject
>>
>> Identifier: 0
>>
>> Authentic:  <229><242>:6<169><152>q<253><206><166>"<246>
>> (<229><137><233>
>>
>> Attributes:
>>
>>         Reply-Message = "Request Denied"
>>
>>
>>
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
>
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list