[RADIATOR] pam_radius_auth and Radiator

Christopher Bland chris at fdu.edu
Mon Mar 1 12:04:03 CST 2010


Yes

Sami Keski-Kasari wrote:
> Hi Chris,
>
> Are you sure that the secret is same in radiator config and in 
> pam_radius-module config?
>
> -- 
> Sami
>
>
> 1.3.2010 19.30, Christopher Bland kirjoitti:
>> Forgot to mention that I am using pam_radius-1.3.17 on a Fedora 11 
>> box for development.
>>
>> -Chris
>>
>> Chris Bland wrote:
>>> Hi guys,
>>>
>>> I am trying to setup a linux box to authenticate using radius.  I pulled 
>>> down the pam_radius_auth module from freeradius.org.  It will not work, 
>>> I keep getting bad encrypted password errors.  When I use radpwtst  
>>> locallly I authenticate fine.  It's only comming from my server I have 
>>> issues.  II verified all suggestions under 54 on 
>>> http://www.open.com.au/faq.html   My config looks like this:
>>>
>>> #Foreground
>>> LogStdout
>>> LogDir        /var/log/radius-test      
>>> DbDir        .   
>>> Trace        5
>>> PidFile     /var/log/radius-test/radiusd.pid
>>> AuthPort    5794
>>> AcctPort    5795
>>> DefineGlobalVar Max 7200
>>> DictionaryFile /etc/radiator/dictionary
>>>
>>> # Clients to suit your site.
>>> <Client 132.238.3.162>
>>> Secret xxxxx
>>> DupInterval 0
>>> </Client>
>>> ################################################################
>>> <Client localhost>
>>>     Secret xxxxxx
>>>     DupInterval 0
>>> </Client>
>>> ################################################################
>>> <AuthBy SQL>
>>>     Identifier LOCALDBAUTH
>>>     DBSource    dbi:mysql:radius_test:localhost
>>>     DBUsername     dbuser   
>>>     DBAuth        xxxxxx
>>>     DefaultSimultaneousUse 1
>>>     AccountingTable    subscribers
>>>     AuthSelect    select password from subscribers where username='%n'
>>> </AuthBy>
>>> ################################################################
>>> <Realm DEFAULT>
>>>     AuthByPolicy ContinueAlways
>>>     AuthBy LOCALDBAUTH
>>>     MaxSessions 1
>>> </Realm>
>>>
>>> This what I see in the logs
>>>
>>> Mon Mar  1 11:56:10 2010: DEBUG: Packet dump:
>>> *** Received from 132.238.3.162 port 29364 ....
>>>
>>> Packet length = 93
>>> 01 8e 00 5d 76 0d 15 43 90 f7 6b 52 bd 43 1a d8
>>> 67 9f 98 14 01 06 73 61 75 6c 02 12 50 f7 58 3d
>>> 76 84 db 2b 43 1d 81 ce d2 17 b1 2d 04 06 84 ee
>>> 03 ac 20 06 73 73 68 64 05 06 00 00 6e b3 3d 06
>>> 00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c 73
>>> 77 6f 72 74 68 2e 66 64 75 2e 65 64 75
>>> Code:       Access-Request
>>> Identifier: 142
>>> Authentic:  v<13><21>C<144><247>kR<189>C<26><216>g<159><152><20>
>>> Attributes:
>>>         User-Name = "test"
>>>         User-Password = P<247>X=v<132><219>+C<29><129><206><210><23><177>-
>>>         NAS-IP-Address = 132.238.3.162
>>>         NAS-Identifier = "sshd"
>>>         NAS-Port = 28339
>>>         NAS-Port-Type = Virtual
>>>         Service-Type = Authenticate-Only
>>>         Calling-Station-Id = "bancroft1fl-usas-246t.fdu.edu"
>>>
>>> Mon Mar  1 11:56:10 2010: DEBUG: Handling request with Handler 
>>> 'Realm=DEFAULT'
>>> Mon Mar  1 11:56:10 2010: DEBUG:  Deleting session for test, 
>>> 132.238.3.162, 28339
>>> Mon Mar  1 11:56:10 2010: DEBUG: Handling with Radius::AuthSQL
>>> Mon Mar  1 11:56:10 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
>>> Mon Mar  1 11:56:10 2010: DEBUG: Query is: 'select password from 
>>> subscribers where username='test'':
>>> Mon Mar  1 11:56:10 2010: DEBUG: Radius::AuthSQL looks for match with 
>>> test [test]
>>> Mon Mar  1 11:56:10 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password: 
>>> test [test]
>>> Mon Mar  1 11:56:10 2010: DEBUG: Query is: 'select password from 
>>> subscribers where username='DEFAULT'':
>>> Mon Mar  1 11:56:10 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
>>> Mon Mar  1 11:56:10 2010: INFO: Access rejected for test: Bad Password
>>> Mon Mar  1 11:56:10 2010: DEBUG: Packet dump:
>>> *** Sending to 132.238.3.162 port 29364 ....
>>>
>>> Packet length = 36
>>> 03 8e 00 24 4c 1e f9 0e a3 df 1a 71 dc 03 4c ed
>>> a7 f2 d8 43 12 10 52 65 71 75 65 73 74 20 44 65
>>> 6e 69 65 64
>>> Code:       Access-Reject
>>> Identifier: 142
>>> Authentic:  v<13><21>C<144><247>kR<189>C<26><216>g<159><152><20>
>>> Attributes:
>>>         Reply-Message = "Request Denied"
>>>
>>> Mon Mar  1 11:56:48 2010: DEBUG: Packet dump:
>>> *** Received from 132.238.3.162 port 29364 ....
>>>
>>> Packet length = 93
>>> 01 7a 00 5d f0 3a b4 ed ff b7 af bd 6f 4c 73 2a
>>> 18 85 e1 ad 01 06 73 61 75 6c 02 12 71 ca ae a4
>>> af 9e 6e 09 42 29 f4 b0 76 77 86 41 04 06 84 ee
>>> 03 ac 20 06 73 73 68 64 05 06 00 00 6e b3 3d 06
>>> 00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c 73
>>> 77 6f 72 74 68 2e 66 64 75 2e 65 64 75
>>>
>>>
>>> Code:       Access-Request
>>> Identifier: 122
>>> Authentic:  <240>:<180><237><255><183><175><189>oLs*<24><133><225><173>
>>> Attributes:
>>>         User-Name = "test"
>>>         User-Password = q<202><174><164><175><158>n<9>B)<244><176>vw<134>A
>>>         NAS-IP-Address = 132.238.3.162
>>>         NAS-Identifier = "sshd"
>>>         NAS-Port = 28339
>>>         NAS-Port-Type = Virtual
>>>         Service-Type = Authenticate-Only
>>>         Calling-Station-Id = "bancroft1fl-usas-246t.fdu.edu"
>>>
>>> Mon Mar  1 11:56:48 2010: DEBUG: Handling request with Handler 
>>> 'Realm=DEFAULT'
>>> Mon Mar  1 11:56:48 2010: DEBUG:  Deleting session for test, 
>>> 132.238.3.162, 28339
>>> Mon Mar  1 11:56:48 2010: DEBUG: Handling with Radius::AuthSQL
>>> Mon Mar  1 11:56:48 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
>>> Mon Mar  1 11:56:48 2010: DEBUG: Query is: 'select password from 
>>> subscribers where username='test'':
>>> Mon Mar  1 11:56:48 2010: DEBUG: Radius::AuthSQL looks for match with 
>>> test [test]
>>> Mon Mar  1 11:56:48 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password: 
>>> test [test]
>>> Mon Mar  1 11:56:48 2010: DEBUG: Query is: 'select password from 
>>> subscribers where username='DEFAULT'':
>>> Mon Mar  1 11:56:48 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
>>> Mon Mar  1 11:56:48 2010: INFO: Access rejected for test: Bad Password
>>> Mon Mar  1 11:56:48 2010: DEBUG: Packet dump:
>>> *** Sending to 132.238.3.162 port 29364 ....
>>>
>>> Packet length = 36
>>> 03 7a 00 24 eb 47 fb f9 35 8e 29 2d 79 4a e0 73
>>> 1e 85 f5 8a 12 10 52 65 71 75 65 73 74 20 44 65
>>> 6e 69 65 64
>>> Code:       Access-Reject
>>> Identifier: 122
>>> Authentic:  <240>:<180><237><255><183><175><189>oLs*<24><133><225><173>
>>> Attributes:
>>>         Reply-Message = "Request Denied"
>>>
>>> -Chris
>>>
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>>   
>>
>>
>> -- 
>> fdu logo 	
>> Christopher Bland
>> Systems Manager
>> Information Systems and Technology
>> *1000 River Road, Teaneck NJ 07666*
>> Mail Stop: T-BH1-01
>> phone: 201-692-2414 | fax: 201-692-2494 | email: chris at fdu.edu 
>> <mailto:chris at fdu.edu>
>> "Fairleigh Dickinson University will never
>>                                  ask for your password. Please do not 
>> share it with others!"
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
fdu logo 	
Christopher Bland
Systems Manager
Information Systems and Technology
*1000 River Road, Teaneck NJ 07666*
Mail Stop: T-BH1-01
phone: 201-692-2414 | fax: 201-692-2494 | email: chris at fdu.edu 
<mailto:chris at fdu.edu>
"Fairleigh Dickinson University will never
                                 ask for your password. Please do not 
share it with others!"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 5126 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0008.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 306 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0009.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 116 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0010.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 853 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0011.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: small-full-fdu.gif
Type: image/gif
Size: 5126 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0012.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phone.gif
Type: image/gif
Size: 306 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0013.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fax.gif
Type: image/gif
Size: 116 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0014.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mail.gif
Type: image/gif
Size: 853 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20100301/4fddc4ef/attachment-0015.gif 


More information about the radiator mailing list