[RADIATOR] pam_radius_auth and Radiator

Chris Bland chris at fdu.edu
Mon Mar 1 22:00:08 CST 2010


Hugh Irvine wrote:
> Hello Chris -
>
> If the same test with the same username and the same password works for radpwtst, then the only difference is the shared secrets.
>
> Can you send me the contents of the user record and a trace 5 debug showing both tests?
>
> regards
>
> Hugh
>   
Hugh,

For testing I created a user ctest stored in a database .  The sqlauth 
statement returns password 'ctest' in clear text.

Mon Mar  1 22:40:46 2010: DEBUG: Finished reading configuration file 
'/usr/local/adm/etc/radius.cfg.test'
Mon Mar  1 22:40:46 2010: DEBUG: Reading dictionary file 
'/etc/radiator/dictionary'
Mon Mar  1 22:40:46 2010: DEBUG: Creating authentication port 0.0.0.0:5794
Mon Mar  1 22:40:46 2010: DEBUG: Creating accounting port 0.0.0.0:5795
Mon Mar  1 22:40:46 2010: NOTICE: Server started: Radiator 3.14 on rolemodel
Mon Mar  1 22:43:23 2010: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 34369 ....

======================= radpwtst =======================
Packet length = 105
01 bc 00 69 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 07 63 74 65 73 74 06 06 00 00 00
02 04 06 cb 3f 9a 01 20 0e 32 30 33 2e 36 33 2e
31 35 34 2e 31 05 06 00 00 04 d2 1e 0b 31 32 33
34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33 32
31 3d 06 00 00 00 00 02 12 d0 5c 24 cf f2 99 77
54 c4 14 0b 0e d3 47 80 dc
Code:       Access-Request
Identifier: 188
Authentic:  1234567890123456
Attributes:
    User-Name = "ctest"
    Service-Type = Framed-User
    NAS-IP-Address = 203.63.154.1
    NAS-Identifier = "203.63.154.1"
    NAS-Port = 1234
    Called-Station-Id = "123456789"
    Calling-Station-Id = "987654321"
    NAS-Port-Type = Async
    User-Password = 
<208>\$<207><242><153>wT<196><20><11><14><211>G<128><220>

Mon Mar  1 22:43:23 2010: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Mon Mar  1 22:43:23 2010: DEBUG:  Deleting session for ctest, 
203.63.154.1, 1234
Mon Mar  1 22:43:23 2010: DEBUG: Handling with Radius::AuthSQL
Mon Mar  1 22:43:23 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
Mon Mar  1 22:43:23 2010: DEBUG: Query is: 'select password from 
subscribers where username='ctest'':
Mon Mar  1 22:43:23 2010: DEBUG: Radius::AuthSQL looks for match with 
ctest [ctest]
Mon Mar  1 22:43:23 2010: DEBUG: Radius::AuthSQL ACCEPT: : ctest [ctest]
Mon Mar  1 22:43:23 2010: DEBUG: AuthBy SQL result: ACCEPT,
Mon Mar  1 22:43:23 2010: DEBUG: Access accepted for ctest
Mon Mar  1 22:43:23 2010: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 34369 ....

Packet length = 20
02 bc 00 14 fa df d1 fe 02 c7 ed 59 c6 b5 ff b7
60 9b 03 e8
Code:       Access-Accept
Identifier: 188
Authentic:  1234567890123456
Attributes:

Mon Mar  1 22:43:24 2010: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 34369 ....

Packet length = 109
04 bd 00 6d 29 09 d9 7d 8a c3 3e 14 1d e6 55 82
6b d4 23 e1 01 07 63 74 65 73 74 06 06 00 00 00
02 04 06 cb 3f 9a 01 20 0e 32 30 33 2e 36 33 2e
31 35 34 2e 31 05 06 00 00 04 d2 3d 06 00 00 00
00 2c 0a 30 30 30 30 31 32 33 34 28 06 00 00 00
01 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38
37 36 35 34 33 32 31 29 06 00 00 00 00
Code:       Accounting-Request
Identifier: 189
Authentic:  )<9><217>}<138><195>><20><29><230>U<130>k<212>#<225>
Attributes:
    User-Name = "ctest"
    Service-Type = Framed-User
    NAS-IP-Address = 203.63.154.1
    NAS-Identifier = "203.63.154.1"
    NAS-Port = 1234
    NAS-Port-Type = Async
    Acct-Session-Id = "00001234"
    Acct-Status-Type = Start
    Called-Station-Id = "123456789"
    Calling-Station-Id = "987654321"
    Acct-Delay-Time = 0

Mon Mar  1 22:43:24 2010: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Mon Mar  1 22:43:24 2010: DEBUG:  Adding session for ctest, 
203.63.154.1, 1234
Mon Mar  1 22:43:24 2010: DEBUG: Handling with Radius::AuthSQL
Mon Mar  1 22:43:24 2010: DEBUG: Handling accounting with Radius::AuthSQL
Mon Mar  1 22:43:24 2010: DEBUG: AuthBy SQL result: ACCEPT,
Mon Mar  1 22:43:24 2010: DEBUG: Accounting accepted
Mon Mar  1 22:43:24 2010: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 34369 ....

Packet length = 20
05 bd 00 14 20 ad 65 94 3d 27 8e d4 b6 9e d7 42
fa cb 28 f4
Code:       Accounting-Response
Identifier: 189
Authentic:  )<9><217>}<138><195>><20><29><230>U<130>k<212>#<225>
Attributes:

Mon Mar  1 22:43:24 2010: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 34369 ....

Packet length = 127
04 be 00 7f 8d 2e 7f 44 01 37 37 c4 1b fc 2a d3
66 44 b1 ec 01 07 63 74 65 73 74 06 06 00 00 00
02 04 06 cb 3f 9a 01 20 0e 32 30 33 2e 36 33 2e
31 35 34 2e 31 05 06 00 00 04 d2 3d 06 00 00 00
00 2c 0a 30 30 30 30 31 32 33 34 28 06 00 00 00
02 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38
37 36 35 34 33 32 31 29 06 00 00 00 00 2e 06 00
00 03 e8 2a 06 00 00 4e 20 2b 06 00 00 75 30
Code:       Accounting-Request
Identifier: 190
Authentic:  <141>.<127>D<1>77<196><27><252>*<211>fD<177><236>
Attributes:
    User-Name = "ctest"
    Service-Type = Framed-User
    NAS-IP-Address = 203.63.154.1
    NAS-Identifier = "203.63.154.1"
    NAS-Port = 1234
    NAS-Port-Type = Async
    Acct-Session-Id = "00001234"
    Acct-Status-Type = Stop
    Called-Station-Id = "123456789"
    Calling-Station-Id = "987654321"
    Acct-Delay-Time = 0
    Acct-Session-Time = 1000
    Acct-Input-Octets = 20000
    Acct-Output-Octets = 30000

Mon Mar  1 22:43:24 2010: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Mon Mar  1 22:43:24 2010: DEBUG:  Deleting session for ctest, 
203.63.154.1, 1234
Mon Mar  1 22:43:24 2010: DEBUG: Handling with Radius::AuthSQL
Mon Mar  1 22:43:24 2010: DEBUG: Handling accounting with Radius::AuthSQL
Mon Mar  1 22:43:24 2010: DEBUG: AuthBy SQL result: ACCEPT,
Mon Mar  1 22:43:24 2010: DEBUG: Accounting accepted
Mon Mar  1 22:43:24 2010: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 34369 ....

Packet length = 20
05 be 00 14 49 9e 05 a3 c8 63 c7 2e 59 e6 f8 d4
c8 43 e9 de
Code:       Accounting-Response
Identifier: 190
Authentic:  <141>.<127>D<1>77<196><27><252>*<211>fD<177><236>
Attributes:

==================== pam_radius_auth ====================

Mon Mar  1 22:44:15 2010: DEBUG: Packet dump:
*** Received from 132.238.3.162 port 29573 ....

Packet length = 94
01 32 00 5e ad d9 12 6a 40 14 e8 07 cf be 18 2b
f8 4a c0 b0 01 07 63 74 65 73 74 02 12 d7 b4 01
d6 c7 de 53 23 db 91 dd 4f 14 53 a7 53 04 06 84
ee 03 ac 20 06 73 73 68 64 05 06 00 00 6f 84 3d
06 00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c
73 77 6f 72 74 68 2e 66 64 75 2e 65 64 75
Code:       Access-Request
Identifier: 50
Authentic:  <173><217><18>j@<20><232><7><207><190><24>+<248>J<192><176>
Attributes:
    User-Name = "ctest"
    User-Password = 
<215><180><1><214><199><222>S#<219><145><221>O<20>S<167>S
    NAS-IP-Address = 132.238.3.162
    NAS-Identifier = "sshd"
    NAS-Port = 28548
    NAS-Port-Type = Virtual
    Service-Type = Authenticate-Only
    Calling-Station-Id = "bancroft-usas-246t.fdu.edu"

Mon Mar  1 22:44:15 2010: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Mon Mar  1 22:44:15 2010: DEBUG:  Deleting session for ctest, 
132.238.3.162, 28548
Mon Mar  1 22:44:15 2010: DEBUG: Handling with Radius::AuthSQL
Mon Mar  1 22:44:15 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
Mon Mar  1 22:44:15 2010: DEBUG: Query is: 'select password from 
subscribers where username='ctest'':
Mon Mar  1 22:44:15 2010: DEBUG: Radius::AuthSQL looks for match with 
ctest [ctest]
Mon Mar  1 22:44:15 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password: 
ctest [ctest]
Mon Mar  1 22:44:15 2010: DEBUG: Query is: 'select password from 
subscribers where username='DEFAULT'':
Mon Mar  1 22:44:15 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
Mon Mar  1 22:44:15 2010: INFO: Access rejected for ctest: Bad Password
Mon Mar  1 22:44:15 2010: DEBUG: Packet dump:
*** Sending to 132.238.3.162 port 29573 ....

Packet length = 36
03 32 00 24 46 2a 7d 0b de 8d f6 7c d2 39 2f 22
9d a9 23 ca 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 50
Authentic:  <173><217><18>j@<20><232><7><207><190><24>+<248>J<192><176>
Attributes:
    Reply-Message = "Request Denied"




More information about the radiator mailing list