[RADIATOR] FW: always Rejected:

Rocky.Li rocky.li at italkbb.com.au
Mon Apr 12 20:32:18 CDT 2010



-----Original Message-----
From: Rocky.Li [mailto:rocky.li at italkbb.com.au] 
Sent: Tuesday, April 13, 2010 11:29 AM
To: 'Hugh Irvine'
Subject: RE: [RADIATOR] always Rejected:

Hello Hugh

Thank you for your reply. 
I know the default user and password. There is an user named mikem and
password is fred in the SUBSCRIBERS table.

Here is the information in the logfile 
Tue Apr 13 21:18:03 2010: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 34519 ....
Code:       Accounting-Request
Identifier: 80
Authentic:  a<173>V{UV<150><142><190><213>X<192>K<140>m<135>
Attributes:

Tue Apr 13 21:18:03 2010: ERR: Attribute number 5 is not defined in your
dictionary
Tue Apr 13 21:18:03 2010: ERR: Attribute number 40 is not defined in your
dictionary
Tue Apr 13 21:18:03 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Apr 13 21:18:03 2010: ERR: Attribute number 4 is not defined in your
dictionary
Tue Apr 13 21:18:03 2010: ERR: Attribute number 32 is not defined in your
dictionary
Tue Apr 13 21:18:03 2010: ERR: Attribute number 44 is not defined in your
dictionary
Tue Apr 13 21:18:03 2010: ERR: Attribute number 8 is not defined in your
dictionary
Tue Apr 13 21:18:03 2010: ERR: Attribute number 41 is not defined in your
dictionary
Tue Apr 13 21:18:03 2010: DEBUG: Handling with Radius::AuthSQL: 
Tue Apr 13 21:18:03 2010: DEBUG: Handling accounting with Radius::AuthSQL
Tue Apr 13 21:18:03 2010: DEBUG: do query is: 'insert into ACCOUNTING
(TIME_STAMP) values (1271157483)': 
Tue Apr 13 21:18:03 2010: DEBUG: AuthBy SQL result: ACCEPT, 
Tue Apr 13 21:18:03 2010: DEBUG: Accounting accepted
Tue Apr 13 21:18:03 2010: ERR: Attribute number 211 is not defined in your
dictionary
Tue Apr 13 21:18:03 2010: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 34519 ....
Code:       Accounting-Response
Identifier: 80
Authentic:  <188><128><144>V<178>C<137><167><172>+<175><253><5>-<242><171>
Attributes:

Tue Apr 13 21:21:31 2010: NOTICE: SIGTERM received: stopping

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Tuesday, April 13, 2010 11:15 AM
To: Rocky.Li
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] always Rejected:


Hello Rocky -

The radpwtst utility by default will send an authentication request for
"mike" with password "fred", followed by an accounting start and an
accounting stop.

You will need to use a username and password present in the database for the
authentication to succeed.

Here is the help for radpwtst:


Radiator-4.6 hugh$ perl radpwtst -h

usage: radpwtst [-h] [-time] [-iterations n] 
          [-trace [level]] [-s server] [-secret secret] [-retries n]
          [-noauth] [-noacct][-nostart] [-nostop] [-status] 
          [-chap] [-mschap] [-mschapv2] [-eapmd5] [-eapotp] [-eapgtc] [-sip]
[-leap]
          [-motp_secret xxxxxxxxxxxxxxxx] [-eaphex xxxxxxxxxxxxx]
          [-accton] [-acctoff] [-framed_ip_address address]
          [-auth_port port] [-acct_port port] [-identifier n]
          [-user username] [-password password] 
          [-nas_ip_address address] [-nas_identifier string]
          [-nas_port port] [-nas_port_type type] [-service_type service] 
          [-calling_station_id string] [-called_station_id string] 
          [-session_id string] [-interactive]
          [-delay_time n] [-session_time n] [-input_octets n]
          [-output_octets n] [-timeout n] [-dictionary file,file]
          [-gui] [-class string] [-useoldascendpasswords]
          [-code requestcode] [-raw data] [-rawfile filename] 
	  [-rawfileseq filename]
          [-outport port] [-bind_address dotted-ip-address]
          [-options optionfile]
          [attribute=value]... 


See also section 8 in the Radiator 4.6 reference manual ("doc/ref.pdf").

regards

Hugh


On 13 Apr 2010, at 11:00, Rocky.Li wrote:

> Hello, I  use mysqlcreate.sql create mysql database and config-file liake
> this:
> <Realm DEFAULT>
>    <AuthBy SQL>
> 	# Adjust DBSource, DBUsername, DBAuth to suit your DB
> 
> 	DBSource	dbi:mysql:radius
> 	DBUsername	mikem
> 	DBAuth		fred
> 
> 	# You can customise the SQL query used to get user details with the
>        # AuthSelect parameter:
> 	  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0
> 	# You can use statement caching and bound variables with
> AuthSelectParam:
> 	#  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=?
> 	#  AuthSelectParam %u
> 	# You can control what is done with each field returned from the
> 	#  AuthSelect query with the AuthColumnDef parameter:
> 	  AuthColumnDef 0, User-Password, check
> 
> 	# You may want to tailor these for your ACCOUNTING table
> 	# You can add your own columns to store whatever you like
> 	AccountingTable	ACCOUNTING
> 	AcctColumnDef	USERNAME,User-Name
> 	AcctColumnDef	TIME_STAMP,Timestamp,integer
> 	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
> 	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
> 	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
> 	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> 	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
> 	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
> 	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
> 	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
> 	AcctColumnDef	NASPORT,NAS-Port,integer
> 	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
> 
> 	# You can arrange to log accounting to a file if the
> 	# SQL insert fails with AcctFailedLogFileName
> 	# That way you could recover from a broken SQL
> 	# server
> 	#AcctFailedLogFileName %D/missedaccounting
> 
> 	# Alternatively, you can arrange to save failed SQL accounting
> insert queries to a text
> 	# file with SQLRecoveryFile
> 	SQLRecoveryFile %D/missedaccounting
> 
> 	# You can run a hook whenever Radiator (re)connects to the database.
> This
> 	# can be useful for doing database-specific config or setup
> 	# The hook is called like hook($object, $handle)
> 	# $object is the SqlDb object that is doing the connecting,
> 	# and $handle is the database handle if the newly connected database
> 	# This example shows how to set some connection specific attributes
> 	# for Interbase
> 	#ConnectionHook sub {$_[1]->func(-access_mode => 'read_write',\
>        #	-isolation_level => 'read_committed',\
>        #	-lock_resolution => 'wait',\
>        #	'ib_set_tx_param')}
> 
> 	# You can implement queries to get total session times in order
> 	# to enforce Max-All-Session, Max-Daily-Session,
> 	# Max-Hourly-Session and Max-Monthly-Session check items
> 	# %0 is replaced bythe username and %1 is replaced by the untx time
> of
> 	# the start of the time interval convcerned.
> 	#AcctTotalQuery SELECT SUM(AcctSessionTime) FROM radacct WHERE
> UserName=%0
> 	#AcctTotalSinceQuery SELECT SUM(AcctSessionTime - GREATEST((%1 -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName=%0 AND
> UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > %1
>    </AuthBy>
> </Realm>
> 
> 
> When start the server and use radpwtst to do test :
> 
> [root at centos /]# /etc/init.d/radiator restart
> Shutting down Radiator:                                    [  OK  ]
> Starting Radiator: Tue Apr 13 20:58:53 2010: DEBUG: Adding Clients from
SQL
> database
> Tue Apr 13 20:58:53 2010: DEBUG: Query is: 'select 
>        NASIDENTIFIER,
>        SECRET,
>        IGNOREACCTSIGNATURE,
>        DUPINTERVAL,
>        DEFAULTREALM,
>        NASTYPE,
>        SNMPCOMMUNITY,
>        LIVINGSTONOFFS,
>        LIVINGSTONHOLE,
>        FRAMEDGROUPBASEADDRESS,
>        FRAMEDGROUPMAXPORTSPERCLASSC,
>        REWRITEUSERNAME,
>        NOIGNOREDUPLICATES,
>        PREHANDLERHOOK from RADCLIENTLIST': 
> Tue Apr 13 20:58:53 2010: DEBUG: ClientListSQL adds Client 203.63.154.1
> Tue Apr 13 20:58:53 2010: DEBUG: Finished reading configuration file
> '/etc/radiator/radius.cfg'
> This Radiator license will expire on 2011-02-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your license period, contact admin at open.com.au
> 
>                                                           [  OK  ]
> [root at centos /]# radpwtst
> sending Access-Request...
> Rejected: 
> sending Accounting-Request Start...
> OK
> sending Accounting-Request Stop...
> OK
> [root at centos /]#
> 
> 
> Why always Rejected? And it insert some data like 1271062216 into
TIME_STAMP
> colmon? 
> 
> Thank you for your assistance.
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list