[RADIATOR] always Rejected:

Rocky.Li rocky.li at italkbb.com.au
Mon Apr 12 21:54:00 CDT 2010 

Thank you very much . I have resolved the problem . my configuration file is
not set up correctly. 

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Tuesday, April 13, 2010 12:17 PM
To: Rocky.Li
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] always Rejected:


Hello Rocky -

I am guessing your Radiator 

>From the debug in one of your other emails it looks like the dictionary file
is not found.

regards

Hugh


On 13 Apr 2010, at 12:08, Rocky.Li wrote:

> Hello Hugh-
> 
> I run  radiusd to do test and it authenticated successful .but if I use
> /etc/init.d/radiator start , It authenticated unsuccessful. I  ured the
same
> radius.cfg . 
> Why, is there anything wrong with my radiator?
> 
> Thank you.
> 
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au] 
> Sent: Tuesday, April 13, 2010 11:15 AM
> To: Rocky.Li
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] always Rejected:
> 
> 
> Hello Rocky -
> 
> The radpwtst utility by default will send an authentication request for
> "mike" with password "fred", followed by an accounting start and an
> accounting stop.
> 
> You will need to use a username and password present in the database for
the
> authentication to succeed.
> 
> Here is the help for radpwtst:
> 
> 
> Radiator-4.6 hugh$ perl radpwtst -h
> 
> usage: radpwtst [-h] [-time] [-iterations n] 
>          [-trace [level]] [-s server] [-secret secret] [-retries n]
>          [-noauth] [-noacct][-nostart] [-nostop] [-status] 
>          [-chap] [-mschap] [-mschapv2] [-eapmd5] [-eapotp] [-eapgtc]
[-sip]
> [-leap]
>          [-motp_secret xxxxxxxxxxxxxxxx] [-eaphex xxxxxxxxxxxxx]
>          [-accton] [-acctoff] [-framed_ip_address address]
>          [-auth_port port] [-acct_port port] [-identifier n]
>          [-user username] [-password password] 
>          [-nas_ip_address address] [-nas_identifier string]
>          [-nas_port port] [-nas_port_type type] [-service_type service] 
>          [-calling_station_id string] [-called_station_id string] 
>          [-session_id string] [-interactive]
>          [-delay_time n] [-session_time n] [-input_octets n]
>          [-output_octets n] [-timeout n] [-dictionary file,file]
>          [-gui] [-class string] [-useoldascendpasswords]
>          [-code requestcode] [-raw data] [-rawfile filename] 
> 	  [-rawfileseq filename]
>          [-outport port] [-bind_address dotted-ip-address]
>          [-options optionfile]
>          [attribute=value]... 
> 
> 
> See also section 8 in the Radiator 4.6 reference manual ("doc/ref.pdf").
> 
> regards
> 
> Hugh
> 
> 
> On 13 Apr 2010, at 11:00, Rocky.Li wrote:
> 
>> Hello, I  use mysqlcreate.sql create mysql database and config-file liake
>> this:
>> <Realm DEFAULT>
>>   <AuthBy SQL>
>> 	# Adjust DBSource, DBUsername, DBAuth to suit your DB
>> 
>> 	DBSource	dbi:mysql:radius
>> 	DBUsername	mikem
>> 	DBAuth		fred
>> 
>> 	# You can customise the SQL query used to get user details with the
>>       # AuthSelect parameter:
>> 	  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0
>> 	# You can use statement caching and bound variables with
>> AuthSelectParam:
>> 	#  AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=?
>> 	#  AuthSelectParam %u
>> 	# You can control what is done with each field returned from the
>> 	#  AuthSelect query with the AuthColumnDef parameter:
>> 	  AuthColumnDef 0, User-Password, check
>> 
>> 	# You may want to tailor these for your ACCOUNTING table
>> 	# You can add your own columns to store whatever you like
>> 	AccountingTable	ACCOUNTING
>> 	AcctColumnDef	USERNAME,User-Name
>> 	AcctColumnDef	TIME_STAMP,Timestamp,integer
>> 	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
>> 	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
>> 	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
>> 	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>> 	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
>> 	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
>> 	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
>> 	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
>> 	AcctColumnDef	NASPORT,NAS-Port,integer
>> 	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
>> 
>> 	# You can arrange to log accounting to a file if the
>> 	# SQL insert fails with AcctFailedLogFileName
>> 	# That way you could recover from a broken SQL
>> 	# server
>> 	#AcctFailedLogFileName %D/missedaccounting
>> 
>> 	# Alternatively, you can arrange to save failed SQL accounting
>> insert queries to a text
>> 	# file with SQLRecoveryFile
>> 	SQLRecoveryFile %D/missedaccounting
>> 
>> 	# You can run a hook whenever Radiator (re)connects to the database.
>> This
>> 	# can be useful for doing database-specific config or setup
>> 	# The hook is called like hook($object, $handle)
>> 	# $object is the SqlDb object that is doing the connecting,
>> 	# and $handle is the database handle if the newly connected database
>> 	# This example shows how to set some connection specific attributes
>> 	# for Interbase
>> 	#ConnectionHook sub {$_[1]->func(-access_mode => 'read_write',\
>>       #	-isolation_level => 'read_committed',\
>>       #	-lock_resolution => 'wait',\
>>       #	'ib_set_tx_param')}
>> 
>> 	# You can implement queries to get total session times in order
>> 	# to enforce Max-All-Session, Max-Daily-Session,
>> 	# Max-Hourly-Session and Max-Monthly-Session check items
>> 	# %0 is replaced bythe username and %1 is replaced by the untx time
>> of
>> 	# the start of the time interval convcerned.
>> 	#AcctTotalQuery SELECT SUM(AcctSessionTime) FROM radacct WHERE
>> UserName=%0
>> 	#AcctTotalSinceQuery SELECT SUM(AcctSessionTime - GREATEST((%1 -
>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName=%0 AND
>> UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > %1
>>   </AuthBy>
>> </Realm>
>> 
>> 
>> When start the server and use radpwtst to do test :
>> 
>> [root at centos /]# /etc/init.d/radiator restart
>> Shutting down Radiator:                                    [  OK  ]
>> Starting Radiator: Tue Apr 13 20:58:53 2010: DEBUG: Adding Clients from
> SQL
>> database
>> Tue Apr 13 20:58:53 2010: DEBUG: Query is: 'select 
>>       NASIDENTIFIER,
>>       SECRET,
>>       IGNOREACCTSIGNATURE,
>>       DUPINTERVAL,
>>       DEFAULTREALM,
>>       NASTYPE,
>>       SNMPCOMMUNITY,
>>       LIVINGSTONOFFS,
>>       LIVINGSTONHOLE,
>>       FRAMEDGROUPBASEADDRESS,
>>       FRAMEDGROUPMAXPORTSPERCLASSC,
>>       REWRITEUSERNAME,
>>       NOIGNOREDUPLICATES,
>>       PREHANDLERHOOK from RADCLIENTLIST': 
>> Tue Apr 13 20:58:53 2010: DEBUG: ClientListSQL adds Client 203.63.154.1
>> Tue Apr 13 20:58:53 2010: DEBUG: Finished reading configuration file
>> '/etc/radiator/radius.cfg'
>> This Radiator license will expire on 2011-02-01
>> This Radiator license will stop operating after 1000 requests
>> To purchase an unlimited full source version of Radiator, see
>> http://www.open.com.au/ordering.html
>> To extend your license period, contact admin at open.com.au
>> 
>>                                                          [  OK  ]
>> [root at centos /]# radpwtst
>> sending Access-Request...
>> Rejected: 
>> sending Accounting-Request Start...
>> OK
>> sending Accounting-Request Stop...
>> OK
>> [root at centos /]#
>> 
>> 
>> Why always Rejected? And it insert some data like 1271062216 into
> TIME_STAMP
>> colmon? 
>> 
>> Thank you for your assistance.
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> 
> NB: 
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> 



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list