[RADIATOR] always Rejected:

Rocky.Li rocky.li at italkbb.com.au
Mon Apr 12 21:08:35 CDT 2010


Hello Hugh-

 I run  radiusd to do test and it authenticated successful .but if I use
/etc/init.d/radiator start , It authenticated unsuccessful. I  ured the same
radius.cfg . 
Why, is there anything wrong with my radiator?

Thank you.

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Tuesday, April 13, 2010 11:15 AM
To: Rocky.Li
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] always Rejected:


Hello Rocky -

The radpwtst utility by default will send an authentication request for
"mike" with password "fred", followed by an accounting start and an
accounting stop.

You will need to use a username and password present in the database for the
authentication to succeed.

Here is the help for radpwtst:


Radiator-4.6 hugh$ perl radpwtst -h

usage: radpwtst [-h] [-time] [-iterations n] 
          [-trace [level]] [-s server] [-secret secret] [-retries n]
          [-noauth] [-noacct][-nostart] [-nostop] [-status] 
          [-chap] [-mschap] [-mschapv2] [-eapmd5] [-eapotp] [-eapgtc] [-sip]
[-leap]
          [-motp_secret xxxxxxxxxxxxxxxx] [-eaphex xxxxxxxxxxxxx]
          [-accton] [-acctoff] [-framed_ip_address address]
          [-auth_port port] [-acct_port port] [-identifier n]
          [-user username] [-password password] 
          [-nas_ip_address address] [-nas_identifier string]
          [-nas_port port] [-nas_port_type type] [-service_type service] 
          [-calling_station_id string] [-called_station_id string] 
          [-session_id string] [-interactive]
          [-delay_time n] [-session_time n] [-input_octets n]
          [-output_octets n] [-timeout n] [-dictionary file,file]
          [-gui] [-class string] [-useoldascendpasswords]
          [-code requestcode] [-raw data] [-rawfile filename] 
	  [-rawfileseq filename]
          [-outport port] [-bind_address dotted-ip-address]
          [-options optionfile]
          [attribute=value]... 


See also section 8 in the Radiator 4.6 reference manual ("doc/ref.pdf").

regards

Hugh


On 13 Apr 2010, at 11:00, Rocky.Li wrote:

> Hello, I  use mysqlcreate.sql create mysql database and config-file liake
> this:
> <Realm DEFAULT>
>    <AuthBy SQL>
> 	# Adjust DBSource, DBUsername, DBAuth to suit your DB
> 
> 	DBSource	dbi:mysql:radius
> 	DBUsername	mikem
> 	DBAuth		fred
> 
> 	# You can customise the SQL query used to get user details with the
>        # AuthSelect parameter:
> 	  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0
> 	# You can use statement caching and bound variables with
> AuthSelectParam:
> 	#  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=?
> 	#  AuthSelectParam %u
> 	# You can control what is done with each field returned from the
> 	#  AuthSelect query with the AuthColumnDef parameter:
> 	  AuthColumnDef 0, User-Password, check
> 
> 	# You may want to tailor these for your ACCOUNTING table
> 	# You can add your own columns to store whatever you like
> 	AccountingTable	ACCOUNTING
> 	AcctColumnDef	USERNAME,User-Name
> 	AcctColumnDef	TIME_STAMP,Timestamp,integer
> 	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
> 	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
> 	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
> 	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> 	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
> 	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
> 	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
> 	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
> 	AcctColumnDef	NASPORT,NAS-Port,integer
> 	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
> 
> 	# You can arrange to log accounting to a file if the
> 	# SQL insert fails with AcctFailedLogFileName
> 	# That way you could recover from a broken SQL
> 	# server
> 	#AcctFailedLogFileName %D/missedaccounting
> 
> 	# Alternatively, you can arrange to save failed SQL accounting
> insert queries to a text
> 	# file with SQLRecoveryFile
> 	SQLRecoveryFile %D/missedaccounting
> 
> 	# You can run a hook whenever Radiator (re)connects to the database.
> This
> 	# can be useful for doing database-specific config or setup
> 	# The hook is called like hook($object, $handle)
> 	# $object is the SqlDb object that is doing the connecting,
> 	# and $handle is the database handle if the newly connected database
> 	# This example shows how to set some connection specific attributes
> 	# for Interbase
> 	#ConnectionHook sub {$_[1]->func(-access_mode => 'read_write',\
>        #	-isolation_level => 'read_committed',\
>        #	-lock_resolution => 'wait',\
>        #	'ib_set_tx_param')}
> 
> 	# You can implement queries to get total session times in order
> 	# to enforce Max-All-Session, Max-Daily-Session,
> 	# Max-Hourly-Session and Max-Monthly-Session check items
> 	# %0 is replaced bythe username and %1 is replaced by the untx time
> of
> 	# the start of the time interval convcerned.
> 	#AcctTotalQuery SELECT SUM(AcctSessionTime) FROM radacct WHERE
> UserName=%0
> 	#AcctTotalSinceQuery SELECT SUM(AcctSessionTime - GREATEST((%1 -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName=%0 AND
> UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > %1
>    </AuthBy>
> </Realm>
> 
> 
> When start the server and use radpwtst to do test :
> 
> [root at centos /]# /etc/init.d/radiator restart
> Shutting down Radiator:                                    [  OK  ]
> Starting Radiator: Tue Apr 13 20:58:53 2010: DEBUG: Adding Clients from
SQL
> database
> Tue Apr 13 20:58:53 2010: DEBUG: Query is: 'select 
>        NASIDENTIFIER,
>        SECRET,
>        IGNOREACCTSIGNATURE,
>        DUPINTERVAL,
>        DEFAULTREALM,
>        NASTYPE,
>        SNMPCOMMUNITY,
>        LIVINGSTONOFFS,
>        LIVINGSTONHOLE,
>        FRAMEDGROUPBASEADDRESS,
>        FRAMEDGROUPMAXPORTSPERCLASSC,
>        REWRITEUSERNAME,
>        NOIGNOREDUPLICATES,
>        PREHANDLERHOOK from RADCLIENTLIST': 
> Tue Apr 13 20:58:53 2010: DEBUG: ClientListSQL adds Client 203.63.154.1
> Tue Apr 13 20:58:53 2010: DEBUG: Finished reading configuration file
> '/etc/radiator/radius.cfg'
> This Radiator license will expire on 2011-02-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your license period, contact admin at open.com.au
> 
>                                                           [  OK  ]
> [root at centos /]# radpwtst
> sending Access-Request...
> Rejected: 
> sending Accounting-Request Start...
> OK
> sending Accounting-Request Stop...
> OK
> [root at centos /]#
> 
> 
> Why always Rejected? And it insert some data like 1271062216 into
TIME_STAMP
> colmon? 
> 
> Thank you for your assistance.
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list