[RADIATOR] pam_radius_auth and Radiator

Christopher Bland chris at fdu.edu
Mon Mar 1 11:30:49 CST 2010 

Forgot to mention that I am using pam_radius-1.3.17 on a Fedora 11 box 
for development.

-Chris

Chris Bland wrote:
> Hi guys,
>
> I am trying to setup a linux box to authenticate using radius.  I pulled 
> down the pam_radius_auth module from freeradius.org.  It will not work, 
> I keep getting bad encrypted password errors.  When I use radpwtst  
> locallly I authenticate fine.  It's only comming from my server I have 
> issues.  II verified all suggestions under 54 on 
> http://www.open.com.au/faq.html   My config looks like this:
>
> #Foreground
> LogStdout
> LogDir        /var/log/radius-test      
> DbDir        .   
> Trace        5
> PidFile     /var/log/radius-test/radiusd.pid
> AuthPort    5794
> AcctPort    5795
> DefineGlobalVar Max 7200
> DictionaryFile /etc/radiator/dictionary
>
> # Clients to suit your site.
> <Client 132.238.3.162>
> Secret xxxxx
> DupInterval 0
> </Client>
> ################################################################
> <Client localhost>
>     Secret xxxxxx
>     DupInterval 0
> </Client>
> ################################################################
> <AuthBy SQL>
>     Identifier LOCALDBAUTH
>     DBSource    dbi:mysql:radius_test:localhost
>     DBUsername     dbuser   
>     DBAuth        xxxxxx
>     DefaultSimultaneousUse 1
>     AccountingTable    subscribers
>     AuthSelect    select password from subscribers where username='%n'
> </AuthBy>
> ################################################################
> <Realm DEFAULT>
>     AuthByPolicy ContinueAlways
>     AuthBy LOCALDBAUTH
>     MaxSessions 1
> </Realm>
>
> This what I see in the logs
>
> Mon Mar  1 11:56:10 2010: DEBUG: Packet dump:
> *** Received from 132.238.3.162 port 29364 ....
>
> Packet length = 93
> 01 8e 00 5d 76 0d 15 43 90 f7 6b 52 bd 43 1a d8
> 67 9f 98 14 01 06 73 61 75 6c 02 12 50 f7 58 3d
> 76 84 db 2b 43 1d 81 ce d2 17 b1 2d 04 06 84 ee
> 03 ac 20 06 73 73 68 64 05 06 00 00 6e b3 3d 06
> 00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c 73
> 77 6f 72 74 68 2e 66 64 75 2e 65 64 75
> Code:       Access-Request
> Identifier: 142
> Authentic:  v<13><21>C<144><247>kR<189>C<26><216>g<159><152><20>
> Attributes:
>         User-Name = "test"
>         User-Password = P<247>X=v<132><219>+C<29><129><206><210><23><177>-
>         NAS-IP-Address = 132.238.3.162
>         NAS-Identifier = "sshd"
>         NAS-Port = 28339
>         NAS-Port-Type = Virtual
>         Service-Type = Authenticate-Only
>         Calling-Station-Id = "bancroft1fl-usas-246t.fdu.edu"
>
> Mon Mar  1 11:56:10 2010: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Mon Mar  1 11:56:10 2010: DEBUG:  Deleting session for test, 
> 132.238.3.162, 28339
> Mon Mar  1 11:56:10 2010: DEBUG: Handling with Radius::AuthSQL
> Mon Mar  1 11:56:10 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
> Mon Mar  1 11:56:10 2010: DEBUG: Query is: 'select password from 
> subscribers where username='test'':
> Mon Mar  1 11:56:10 2010: DEBUG: Radius::AuthSQL looks for match with 
> test [test]
> Mon Mar  1 11:56:10 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password: 
> test [test]
> Mon Mar  1 11:56:10 2010: DEBUG: Query is: 'select password from 
> subscribers where username='DEFAULT'':
> Mon Mar  1 11:56:10 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
> Mon Mar  1 11:56:10 2010: INFO: Access rejected for test: Bad Password
> Mon Mar  1 11:56:10 2010: DEBUG: Packet dump:
> *** Sending to 132.238.3.162 port 29364 ....
>
> Packet length = 36
> 03 8e 00 24 4c 1e f9 0e a3 df 1a 71 dc 03 4c ed
> a7 f2 d8 43 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64
> Code:       Access-Reject
> Identifier: 142
> Authentic:  v<13><21>C<144><247>kR<189>C<26><216>g<159><152><20>
> Attributes:
>         Reply-Message = "Request Denied"
>
> Mon Mar  1 11:56:48 2010: DEBUG: Packet dump:
> *** Received from 132.238.3.162 port 29364 ....
>
> Packet length = 93
> 01 7a 00 5d f0 3a b4 ed ff b7 af bd 6f 4c 73 2a
> 18 85 e1 ad 01 06 73 61 75 6c 02 12 71 ca ae a4
> af 9e 6e 09 42 29 f4 b0 76 77 86 41 04 06 84 ee
> 03 ac 20 06 73 73 68 64 05 06 00 00 6e b3 3d 06
> 00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c 73
> 77 6f 72 74 68 2e 66 64 75 2e 65 64 75
>
>
> Code:       Access-Request
> Identifier: 122
> Authentic:  <240>:<180><237><255><183><175><189>oLs*<24><133><225><173>
> Attributes:
>         User-Name = "test"
>         User-Password = q<202><174><164><175><158>n<9>B)<244><176>vw<134>A
>         NAS-IP-Address = 132.238.3.162
>         NAS-Identifier = "sshd"
>         NAS-Port = 28339
>         NAS-Port-Type = Virtual
>         Service-Type = Authenticate-Only
>         Calling-Station-Id = "bancroft1fl-usas-246t.fdu.edu"
>
> Mon Mar  1 11:56:48 2010: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Mon Mar  1 11:56:48 2010: DEBUG:  Deleting session for test, 
> 132.238.3.162, 28339
> Mon Mar  1 11:56:48 2010: DEBUG: Handling with Radius::AuthSQL
> Mon Mar  1 11:56:48 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
> Mon Mar  1 11:56:48 2010: DEBUG: Query is: 'select password from 
> subscribers where username='test'':
> Mon Mar  1 11:56:48 2010: DEBUG: Radius::AuthSQL looks for match with 
> test [test]
> Mon Mar  1 11:56:48 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password: 
> test [test]
> Mon Mar  1 11:56:48 2010: DEBUG: Query is: 'select password from 
> subscribers where username='DEFAULT'':
> Mon Mar  1 11:56:48 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
> Mon Mar  1 11:56:48 2010: INFO: Access rejected for test: Bad Password
> Mon Mar  1 11:56:48 2010: DEBUG: Packet dump:
> *** Sending to 132.238.3.162 port 29364 ....
>
> Packet length = 36
> 03 7a 00 24 eb 47 fb f9 35 8e 29 2d 79 4a e0 73
> 1e 85 f5 8a 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64
> Code:       Access-Reject
> Identifier: 122
> Authentic:  <240>:<180><237><255><183><175><189>oLs*<24><133><225><173>
> Attributes:
>         Reply-Message = "Request Denied"
>
> -Chris
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>   


-- 
fdu logo 	
Christopher Bland
Systems Manager
Information Systems and Technology
*1000 River Road, Teaneck NJ 07666*
Mail Stop: T-BH1-01
phone: 201-692-2414 | fax: 201-692-2494 | email: chris at fdu.edu 
<mailto:chris at fdu.edu>
"Fairleigh Dickinson University will never
                                 ask for your password. Please do not 
share it with others!"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100301/e60893d0/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: small-full-fdu.gif
Type: image/gif
Size: 5126 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/e60893d0/attachment-0004.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phone.gif
Type: image/gif
Size: 306 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/e60893d0/attachment-0005.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fax.gif
Type: image/gif
Size: 116 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/e60893d0/attachment-0006.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mail.gif
Type: image/gif
Size: 853 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/e60893d0/attachment-0007.gif

More information about the radiator mailing list