[RADIATOR] always Rejected:

Hugh Irvine hugh at open.com.au
Mon Apr 12 21:17:18 CDT 2010


Hello Rocky -

I am guessing your Radiator configuration file is not set up correctly.

From the debug in one of your other emails it looks like the dictionary file is not found.

regards

Hugh


On 13 Apr 2010, at 12:08, Rocky.Li wrote:

> Hello Hugh-
> 
> I run  radiusd to do test and it authenticated successful .but if I use
> /etc/init.d/radiator start , It authenticated unsuccessful. I  ured the same
> radius.cfg . 
> Why, is there anything wrong with my radiator?
> 
> Thank you.
> 
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au] 
> Sent: Tuesday, April 13, 2010 11:15 AM
> To: Rocky.Li
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] always Rejected:
> 
> 
> Hello Rocky -
> 
> The radpwtst utility by default will send an authentication request for
> "mike" with password "fred", followed by an accounting start and an
> accounting stop.
> 
> You will need to use a username and password present in the database for the
> authentication to succeed.
> 
> Here is the help for radpwtst:
> 
> 
> Radiator-4.6 hugh$ perl radpwtst -h
> 
> usage: radpwtst [-h] [-time] [-iterations n] 
>          [-trace [level]] [-s server] [-secret secret] [-retries n]
>          [-noauth] [-noacct][-nostart] [-nostop] [-status] 
>          [-chap] [-mschap] [-mschapv2] [-eapmd5] [-eapotp] [-eapgtc] [-sip]
> [-leap]
>          [-motp_secret xxxxxxxxxxxxxxxx] [-eaphex xxxxxxxxxxxxx]
>          [-accton] [-acctoff] [-framed_ip_address address]
>          [-auth_port port] [-acct_port port] [-identifier n]
>          [-user username] [-password password] 
>          [-nas_ip_address address] [-nas_identifier string]
>          [-nas_port port] [-nas_port_type type] [-service_type service] 
>          [-calling_station_id string] [-called_station_id string] 
>          [-session_id string] [-interactive]
>          [-delay_time n] [-session_time n] [-input_octets n]
>          [-output_octets n] [-timeout n] [-dictionary file,file]
>          [-gui] [-class string] [-useoldascendpasswords]
>          [-code requestcode] [-raw data] [-rawfile filename] 
> 	  [-rawfileseq filename]
>          [-outport port] [-bind_address dotted-ip-address]
>          [-options optionfile]
>          [attribute=value]... 
> 
> 
> See also section 8 in the Radiator 4.6 reference manual ("doc/ref.pdf").
> 
> regards
> 
> Hugh
> 
> 
> On 13 Apr 2010, at 11:00, Rocky.Li wrote:
> 
>> Hello, I  use mysqlcreate.sql create mysql database and config-file liake
>> this:
>> <Realm DEFAULT>
>>   <AuthBy SQL>
>> 	# Adjust DBSource, DBUsername, DBAuth to suit your DB
>> 
>> 	DBSource	dbi:mysql:radius
>> 	DBUsername	mikem
>> 	DBAuth		fred
>> 
>> 	# You can customise the SQL query used to get user details with the
>>       # AuthSelect parameter:
>> 	  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0
>> 	# You can use statement caching and bound variables with
>> AuthSelectParam:
>> 	#  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=?
>> 	#  AuthSelectParam %u
>> 	# You can control what is done with each field returned from the
>> 	#  AuthSelect query with the AuthColumnDef parameter:
>> 	  AuthColumnDef 0, User-Password, check
>> 
>> 	# You may want to tailor these for your ACCOUNTING table
>> 	# You can add your own columns to store whatever you like
>> 	AccountingTable	ACCOUNTING
>> 	AcctColumnDef	USERNAME,User-Name
>> 	AcctColumnDef	TIME_STAMP,Timestamp,integer
>> 	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
>> 	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
>> 	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
>> 	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>> 	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
>> 	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
>> 	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
>> 	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
>> 	AcctColumnDef	NASPORT,NAS-Port,integer
>> 	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
>> 
>> 	# You can arrange to log accounting to a file if the
>> 	# SQL insert fails with AcctFailedLogFileName
>> 	# That way you could recover from a broken SQL
>> 	# server
>> 	#AcctFailedLogFileName %D/missedaccounting
>> 
>> 	# Alternatively, you can arrange to save failed SQL accounting
>> insert queries to a text
>> 	# file with SQLRecoveryFile
>> 	SQLRecoveryFile %D/missedaccounting
>> 
>> 	# You can run a hook whenever Radiator (re)connects to the database.
>> This
>> 	# can be useful for doing database-specific config or setup
>> 	# The hook is called like hook($object, $handle)
>> 	# $object is the SqlDb object that is doing the connecting,
>> 	# and $handle is the database handle if the newly connected database
>> 	# This example shows how to set some connection specific attributes
>> 	# for Interbase
>> 	#ConnectionHook sub {$_[1]->func(-access_mode => 'read_write',\
>>       #	-isolation_level => 'read_committed',\
>>       #	-lock_resolution => 'wait',\
>>       #	'ib_set_tx_param')}
>> 
>> 	# You can implement queries to get total session times in order
>> 	# to enforce Max-All-Session, Max-Daily-Session,
>> 	# Max-Hourly-Session and Max-Monthly-Session check items
>> 	# %0 is replaced bythe username and %1 is replaced by the untx time
>> of
>> 	# the start of the time interval convcerned.
>> 	#AcctTotalQuery SELECT SUM(AcctSessionTime) FROM radacct WHERE
>> UserName=%0
>> 	#AcctTotalSinceQuery SELECT SUM(AcctSessionTime - GREATEST((%1 -
>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName=%0 AND
>> UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > %1
>>   </AuthBy>
>> </Realm>
>> 
>> 
>> When start the server and use radpwtst to do test :
>> 
>> [root at centos /]# /etc/init.d/radiator restart
>> Shutting down Radiator:                                    [  OK  ]
>> Starting Radiator: Tue Apr 13 20:58:53 2010: DEBUG: Adding Clients from
> SQL
>> database
>> Tue Apr 13 20:58:53 2010: DEBUG: Query is: 'select 
>>       NASIDENTIFIER,
>>       SECRET,
>>       IGNOREACCTSIGNATURE,
>>       DUPINTERVAL,
>>       DEFAULTREALM,
>>       NASTYPE,
>>       SNMPCOMMUNITY,
>>       LIVINGSTONOFFS,
>>       LIVINGSTONHOLE,
>>       FRAMEDGROUPBASEADDRESS,
>>       FRAMEDGROUPMAXPORTSPERCLASSC,
>>       REWRITEUSERNAME,
>>       NOIGNOREDUPLICATES,
>>       PREHANDLERHOOK from RADCLIENTLIST': 
>> Tue Apr 13 20:58:53 2010: DEBUG: ClientListSQL adds Client 203.63.154.1
>> Tue Apr 13 20:58:53 2010: DEBUG: Finished reading configuration file
>> '/etc/radiator/radius.cfg'
>> This Radiator license will expire on 2011-02-01
>> This Radiator license will stop operating after 1000 requests
>> To purchase an unlimited full source version of Radiator, see
>> http://www.open.com.au/ordering.html
>> To extend your license period, contact admin at open.com.au
>> 
>>                                                          [  OK  ]
>> [root at centos /]# radpwtst
>> sending Access-Request...
>> Rejected: 
>> sending Accounting-Request Start...
>> OK
>> sending Accounting-Request Stop...
>> OK
>> [root at centos /]#
>> 
>> 
>> Why always Rejected? And it insert some data like 1271062216 into
> TIME_STAMP
>> colmon? 
>> 
>> Thank you for your assistance.
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> 
> NB: 
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> 



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list