[RADIATOR] pam_radius_auth and Radiator
Sami Keski-Kasari
samikk at archred.com
Tue Mar 2 03:11:04 CST 2010
Hi Chris,
How long is your shared secret?
I have had some problems with pairing some radius implementations with
radiator if shared secret is very long.
But anyway I second Hugh that problem is somehow related to shared secret.
--
Sami
2.3.2010 6.00, Chris Bland kirjoitti:
> Hugh Irvine wrote:
>
>> Hello Chris -
>>
>> If the same test with the same username and the same password works for radpwtst, then the only difference is the shared secrets.
>>
>> Can you send me the contents of the user record and a trace 5 debug showing both tests?
>>
>> regards
>>
>> Hugh
>>
>>
> Hugh,
>
> For testing I created a user ctest stored in a database . The sqlauth
> statement returns password 'ctest' in clear text.
>
> Mon Mar 1 22:40:46 2010: DEBUG: Finished reading configuration file
> '/usr/local/adm/etc/radius.cfg.test'
> Mon Mar 1 22:40:46 2010: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Mon Mar 1 22:40:46 2010: DEBUG: Creating authentication port 0.0.0.0:5794
> Mon Mar 1 22:40:46 2010: DEBUG: Creating accounting port 0.0.0.0:5795
> Mon Mar 1 22:40:46 2010: NOTICE: Server started: Radiator 3.14 on rolemodel
> Mon Mar 1 22:43:23 2010: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 34369 ....
>
> ======================= radpwtst =======================
> Packet length = 105
> 01 bc 00 69 31 32 33 34 35 36 37 38 39 30 31 32
> 33 34 35 36 01 07 63 74 65 73 74 06 06 00 00 00
> 02 04 06 cb 3f 9a 01 20 0e 32 30 33 2e 36 33 2e
> 31 35 34 2e 31 05 06 00 00 04 d2 1e 0b 31 32 33
> 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33 32
> 31 3d 06 00 00 00 00 02 12 d0 5c 24 cf f2 99 77
> 54 c4 14 0b 0e d3 47 80 dc
> Code: Access-Request
> Identifier: 188
> Authentic: 1234567890123456
> Attributes:
> User-Name = "ctest"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> <208>\$<207><242><153>wT<196><20><11><14><211>G<128><220>
>
> Mon Mar 1 22:43:23 2010: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 1 22:43:23 2010: DEBUG: Deleting session for ctest,
> 203.63.154.1, 1234
> Mon Mar 1 22:43:23 2010: DEBUG: Handling with Radius::AuthSQL
> Mon Mar 1 22:43:23 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
> Mon Mar 1 22:43:23 2010: DEBUG: Query is: 'select password from
> subscribers where username='ctest'':
> Mon Mar 1 22:43:23 2010: DEBUG: Radius::AuthSQL looks for match with
> ctest [ctest]
> Mon Mar 1 22:43:23 2010: DEBUG: Radius::AuthSQL ACCEPT: : ctest [ctest]
> Mon Mar 1 22:43:23 2010: DEBUG: AuthBy SQL result: ACCEPT,
> Mon Mar 1 22:43:23 2010: DEBUG: Access accepted for ctest
> Mon Mar 1 22:43:23 2010: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 34369 ....
>
> Packet length = 20
> 02 bc 00 14 fa df d1 fe 02 c7 ed 59 c6 b5 ff b7
> 60 9b 03 e8
> Code: Access-Accept
> Identifier: 188
> Authentic: 1234567890123456
> Attributes:
>
> Mon Mar 1 22:43:24 2010: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 34369 ....
>
> Packet length = 109
> 04 bd 00 6d 29 09 d9 7d 8a c3 3e 14 1d e6 55 82
> 6b d4 23 e1 01 07 63 74 65 73 74 06 06 00 00 00
> 02 04 06 cb 3f 9a 01 20 0e 32 30 33 2e 36 33 2e
> 31 35 34 2e 31 05 06 00 00 04 d2 3d 06 00 00 00
> 00 2c 0a 30 30 30 30 31 32 33 34 28 06 00 00 00
> 01 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38
> 37 36 35 34 33 32 31 29 06 00 00 00 00
> Code: Accounting-Request
> Identifier: 189
> Authentic: )<9><217>}<138><195>><20><29><230>U<130>k<212>#<225>
> Attributes:
> User-Name = "ctest"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> Acct-Delay-Time = 0
>
> Mon Mar 1 22:43:24 2010: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 1 22:43:24 2010: DEBUG: Adding session for ctest,
> 203.63.154.1, 1234
> Mon Mar 1 22:43:24 2010: DEBUG: Handling with Radius::AuthSQL
> Mon Mar 1 22:43:24 2010: DEBUG: Handling accounting with Radius::AuthSQL
> Mon Mar 1 22:43:24 2010: DEBUG: AuthBy SQL result: ACCEPT,
> Mon Mar 1 22:43:24 2010: DEBUG: Accounting accepted
> Mon Mar 1 22:43:24 2010: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 34369 ....
>
> Packet length = 20
> 05 bd 00 14 20 ad 65 94 3d 27 8e d4 b6 9e d7 42
> fa cb 28 f4
> Code: Accounting-Response
> Identifier: 189
> Authentic: )<9><217>}<138><195>><20><29><230>U<130>k<212>#<225>
> Attributes:
>
> Mon Mar 1 22:43:24 2010: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 34369 ....
>
> Packet length = 127
> 04 be 00 7f 8d 2e 7f 44 01 37 37 c4 1b fc 2a d3
> 66 44 b1 ec 01 07 63 74 65 73 74 06 06 00 00 00
> 02 04 06 cb 3f 9a 01 20 0e 32 30 33 2e 36 33 2e
> 31 35 34 2e 31 05 06 00 00 04 d2 3d 06 00 00 00
> 00 2c 0a 30 30 30 30 31 32 33 34 28 06 00 00 00
> 02 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38
> 37 36 35 34 33 32 31 29 06 00 00 00 00 2e 06 00
> 00 03 e8 2a 06 00 00 4e 20 2b 06 00 00 75 30
> Code: Accounting-Request
> Identifier: 190
> Authentic:<141>.<127>D<1>77<196><27><252>*<211>fD<177><236>
> Attributes:
> User-Name = "ctest"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Stop
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> Acct-Delay-Time = 0
> Acct-Session-Time = 1000
> Acct-Input-Octets = 20000
> Acct-Output-Octets = 30000
>
> Mon Mar 1 22:43:24 2010: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 1 22:43:24 2010: DEBUG: Deleting session for ctest,
> 203.63.154.1, 1234
> Mon Mar 1 22:43:24 2010: DEBUG: Handling with Radius::AuthSQL
> Mon Mar 1 22:43:24 2010: DEBUG: Handling accounting with Radius::AuthSQL
> Mon Mar 1 22:43:24 2010: DEBUG: AuthBy SQL result: ACCEPT,
> Mon Mar 1 22:43:24 2010: DEBUG: Accounting accepted
> Mon Mar 1 22:43:24 2010: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 34369 ....
>
> Packet length = 20
> 05 be 00 14 49 9e 05 a3 c8 63 c7 2e 59 e6 f8 d4
> c8 43 e9 de
> Code: Accounting-Response
> Identifier: 190
> Authentic:<141>.<127>D<1>77<196><27><252>*<211>fD<177><236>
> Attributes:
>
> ==================== pam_radius_auth ====================
>
> Mon Mar 1 22:44:15 2010: DEBUG: Packet dump:
> *** Received from 132.238.3.162 port 29573 ....
>
> Packet length = 94
> 01 32 00 5e ad d9 12 6a 40 14 e8 07 cf be 18 2b
> f8 4a c0 b0 01 07 63 74 65 73 74 02 12 d7 b4 01
> d6 c7 de 53 23 db 91 dd 4f 14 53 a7 53 04 06 84
> ee 03 ac 20 06 73 73 68 64 05 06 00 00 6f 84 3d
> 06 00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c
> 73 77 6f 72 74 68 2e 66 64 75 2e 65 64 75
> Code: Access-Request
> Identifier: 50
> Authentic:<173><217><18>j@<20><232><7><207><190><24>+<248>J<192><176>
> Attributes:
> User-Name = "ctest"
> User-Password =
> <215><180><1><214><199><222>S#<219><145><221>O<20>S<167>S
> NAS-IP-Address = 132.238.3.162
> NAS-Identifier = "sshd"
> NAS-Port = 28548
> NAS-Port-Type = Virtual
> Service-Type = Authenticate-Only
> Calling-Station-Id = "bancroft-usas-246t.fdu.edu"
>
> Mon Mar 1 22:44:15 2010: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 1 22:44:15 2010: DEBUG: Deleting session for ctest,
> 132.238.3.162, 28548
> Mon Mar 1 22:44:15 2010: DEBUG: Handling with Radius::AuthSQL
> Mon Mar 1 22:44:15 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
> Mon Mar 1 22:44:15 2010: DEBUG: Query is: 'select password from
> subscribers where username='ctest'':
> Mon Mar 1 22:44:15 2010: DEBUG: Radius::AuthSQL looks for match with
> ctest [ctest]
> Mon Mar 1 22:44:15 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password:
> ctest [ctest]
> Mon Mar 1 22:44:15 2010: DEBUG: Query is: 'select password from
> subscribers where username='DEFAULT'':
> Mon Mar 1 22:44:15 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
> Mon Mar 1 22:44:15 2010: INFO: Access rejected for ctest: Bad Password
> Mon Mar 1 22:44:15 2010: DEBUG: Packet dump:
> *** Sending to 132.238.3.162 port 29573 ....
>
> Packet length = 36
> 03 32 00 24 46 2a 7d 0b de 8d f6 7c d2 39 2f 22
> 9d a9 23 ca 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64
> Code: Access-Reject
> Identifier: 50
> Authentic:<173><217><18>j@<20><232><7><207><190><24>+<248>J<192><176>
> Attributes:
> Reply-Message = "Request Denied"
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
More information about the radiator
mailing list