[RADIATOR] pam_radius_auth and Radiator
Sami Keski-Kasari
samikk at archred.com
Mon Mar 1 11:39:23 CST 2010
Hi Chris,
Are you sure that the secret is same in radiator config and in
pam_radius-module config?
--
Sami
1.3.2010 19.30, Christopher Bland kirjoitti:
> Forgot to mention that I am using pam_radius-1.3.17 on a Fedora 11 box
> for development.
>
> -Chris
>
> Chris Bland wrote:
>> Hi guys,
>>
>> I am trying to setup a linux box to authenticate using radius. I pulled
>> down the pam_radius_auth module from freeradius.org. It will not work,
>> I keep getting bad encrypted password errors. When I use radpwtst
>> locallly I authenticate fine. It's only comming from my server I have
>> issues. II verified all suggestions under 54 on
>> http://www.open.com.au/faq.html My config looks like this:
>>
>> #Foreground
>> LogStdout
>> LogDir /var/log/radius-test
>> DbDir .
>> Trace 5
>> PidFile /var/log/radius-test/radiusd.pid
>> AuthPort 5794
>> AcctPort 5795
>> DefineGlobalVar Max 7200
>> DictionaryFile /etc/radiator/dictionary
>>
>> # Clients to suit your site.
>> <Client 132.238.3.162>
>> Secret xxxxx
>> DupInterval 0
>> </Client>
>> ################################################################
>> <Client localhost>
>> Secret xxxxxx
>> DupInterval 0
>> </Client>
>> ################################################################
>> <AuthBy SQL>
>> Identifier LOCALDBAUTH
>> DBSource dbi:mysql:radius_test:localhost
>> DBUsername dbuser
>> DBAuth xxxxxx
>> DefaultSimultaneousUse 1
>> AccountingTable subscribers
>> AuthSelect select password from subscribers where username='%n'
>> </AuthBy>
>> ################################################################
>> <Realm DEFAULT>
>> AuthByPolicy ContinueAlways
>> AuthBy LOCALDBAUTH
>> MaxSessions 1
>> </Realm>
>>
>> This what I see in the logs
>>
>> Mon Mar 1 11:56:10 2010: DEBUG: Packet dump:
>> *** Received from 132.238.3.162 port 29364 ....
>>
>> Packet length = 93
>> 01 8e 00 5d 76 0d 15 43 90 f7 6b 52 bd 43 1a d8
>> 67 9f 98 14 01 06 73 61 75 6c 02 12 50 f7 58 3d
>> 76 84 db 2b 43 1d 81 ce d2 17 b1 2d 04 06 84 ee
>> 03 ac 20 06 73 73 68 64 05 06 00 00 6e b3 3d 06
>> 00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c 73
>> 77 6f 72 74 68 2e 66 64 75 2e 65 64 75
>> Code: Access-Request
>> Identifier: 142
>> Authentic: v<13><21>C<144><247>kR<189>C<26><216>g<159><152><20>
>> Attributes:
>> User-Name = "test"
>> User-Password = P<247>X=v<132><219>+C<29><129><206><210><23><177>-
>> NAS-IP-Address = 132.238.3.162
>> NAS-Identifier = "sshd"
>> NAS-Port = 28339
>> NAS-Port-Type = Virtual
>> Service-Type = Authenticate-Only
>> Calling-Station-Id = "bancroft1fl-usas-246t.fdu.edu"
>>
>> Mon Mar 1 11:56:10 2010: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Mon Mar 1 11:56:10 2010: DEBUG: Deleting session for test,
>> 132.238.3.162, 28339
>> Mon Mar 1 11:56:10 2010: DEBUG: Handling with Radius::AuthSQL
>> Mon Mar 1 11:56:10 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
>> Mon Mar 1 11:56:10 2010: DEBUG: Query is: 'select password from
>> subscribers where username='test'':
>> Mon Mar 1 11:56:10 2010: DEBUG: Radius::AuthSQL looks for match with
>> test [test]
>> Mon Mar 1 11:56:10 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password:
>> test [test]
>> Mon Mar 1 11:56:10 2010: DEBUG: Query is: 'select password from
>> subscribers where username='DEFAULT'':
>> Mon Mar 1 11:56:10 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
>> Mon Mar 1 11:56:10 2010: INFO: Access rejected for test: Bad Password
>> Mon Mar 1 11:56:10 2010: DEBUG: Packet dump:
>> *** Sending to 132.238.3.162 port 29364 ....
>>
>> Packet length = 36
>> 03 8e 00 24 4c 1e f9 0e a3 df 1a 71 dc 03 4c ed
>> a7 f2 d8 43 12 10 52 65 71 75 65 73 74 20 44 65
>> 6e 69 65 64
>> Code: Access-Reject
>> Identifier: 142
>> Authentic: v<13><21>C<144><247>kR<189>C<26><216>g<159><152><20>
>> Attributes:
>> Reply-Message = "Request Denied"
>>
>> Mon Mar 1 11:56:48 2010: DEBUG: Packet dump:
>> *** Received from 132.238.3.162 port 29364 ....
>>
>> Packet length = 93
>> 01 7a 00 5d f0 3a b4 ed ff b7 af bd 6f 4c 73 2a
>> 18 85 e1 ad 01 06 73 61 75 6c 02 12 71 ca ae a4
>> af 9e 6e 09 42 29 f4 b0 76 77 86 41 04 06 84 ee
>> 03 ac 20 06 73 73 68 64 05 06 00 00 6e b3 3d 06
>> 00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c 73
>> 77 6f 72 74 68 2e 66 64 75 2e 65 64 75
>>
>>
>> Code: Access-Request
>> Identifier: 122
>> Authentic:<240>:<180><237><255><183><175><189>oLs*<24><133><225><173>
>> Attributes:
>> User-Name = "test"
>> User-Password = q<202><174><164><175><158>n<9>B)<244><176>vw<134>A
>> NAS-IP-Address = 132.238.3.162
>> NAS-Identifier = "sshd"
>> NAS-Port = 28339
>> NAS-Port-Type = Virtual
>> Service-Type = Authenticate-Only
>> Calling-Station-Id = "bancroft1fl-usas-246t.fdu.edu"
>>
>> Mon Mar 1 11:56:48 2010: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Mon Mar 1 11:56:48 2010: DEBUG: Deleting session for test,
>> 132.238.3.162, 28339
>> Mon Mar 1 11:56:48 2010: DEBUG: Handling with Radius::AuthSQL
>> Mon Mar 1 11:56:48 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
>> Mon Mar 1 11:56:48 2010: DEBUG: Query is: 'select password from
>> subscribers where username='test'':
>> Mon Mar 1 11:56:48 2010: DEBUG: Radius::AuthSQL looks for match with
>> test [test]
>> Mon Mar 1 11:56:48 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password:
>> test [test]
>> Mon Mar 1 11:56:48 2010: DEBUG: Query is: 'select password from
>> subscribers where username='DEFAULT'':
>> Mon Mar 1 11:56:48 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
>> Mon Mar 1 11:56:48 2010: INFO: Access rejected for test: Bad Password
>> Mon Mar 1 11:56:48 2010: DEBUG: Packet dump:
>> *** Sending to 132.238.3.162 port 29364 ....
>>
>> Packet length = 36
>> 03 7a 00 24 eb 47 fb f9 35 8e 29 2d 79 4a e0 73
>> 1e 85 f5 8a 12 10 52 65 71 75 65 73 74 20 44 65
>> 6e 69 65 64
>> Code: Access-Reject
>> Identifier: 122
>> Authentic:<240>:<180><237><255><183><175><189>oLs*<24><133><225><173>
>> Attributes:
>> Reply-Message = "Request Denied"
>>
>> -Chris
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>
>
> --
> fdu logo
> Christopher Bland
> Systems Manager
> Information Systems and Technology
> *1000 River Road, Teaneck NJ 07666*
> Mail Stop: T-BH1-01
> phone: 201-692-2414 | fax: 201-692-2494 | email: chris at fdu.edu
> <mailto:chris at fdu.edu>
> "Fairleigh Dickinson University will never
> ask for your password. Please do not
> share it with others!"
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100301/b991d266/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 5126 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/b991d266/attachment.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 306 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/b991d266/attachment-0001.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 116 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/b991d266/attachment-0002.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 853 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/b991d266/attachment-0003.gif
More information about the radiator
mailing list