[RADIATOR] pam_radius_auth and Radiator

Chris Bland chris at fdu.edu
Fri May 14 19:11:14 CDT 2010 

Hi guys,

I am using pam_radius-1.3.17 on a Fedora 11 box and Radiator 3.14 for 
development.  I am having password authentication issues for 
users at realm.  I started with the radius.cfg.simple.  It works fine with 
non realm usernames.  I intend to ultimately have users authenticate 
with their email address.  I have tried two approaches and I keep getting

Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
test [test at fdu.edu]
Fri May 14 19:59:49 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password

My first attempt was put user at realm in the my users file.  I get Bad 
Password error.  I also tried to putting a rewrite in the client clause 
to see if I could authenticate against the working user name.  I still 
get Bad Password error

*************************Using 
rewrite******************************************

<Client 132.238.3.162>
        Secret mysecret
        DupInterval 0
        RewriteUsername s/^([^@]+).*/$1/
</Client>

Fri May 14 19:58:57 2010: DEBUG: Packet dump:
*** Received from 132.238.3.162 port 3878 ....
Code:       Access-Request
Identifier: 223
Authentic:  <147><229>%<171><31>Lm/<178><160><13><228><10><128><29>8
Attributes:
    User-Name = "test"
    User-Password = b5<161><164><238>!<174><7><146>+V<18>n<208><132><146>
    NAS-IP-Address = 132.238.3.162
    NAS-Identifier = "alpha"
    NAS-Port = 2853
    NAS-Port-Type = Virtual
    Service-Type = Authenticate-Only
    Calling-Station-Id = "rolemodel.fdu.edu"

Fri May 14 19:58:57 2010: DEBUG: Rewrote user name to test
Fri May 14 19:58:57 2010: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Fri May 14 19:58:57 2010: DEBUG:  Deleting session for test, 
132.238.3.162, 2853
Fri May 14 19:58:57 2010: DEBUG: Handling with Radius::AuthFILE:
Fri May 14 19:58:57 2010: DEBUG: Reading users file ./users.alpha
Fri May 14 19:58:57 2010: DEBUG: Radius::AuthFILE looks for match with 
test [test]
Fri May 14 19:58:57 2010: DEBUG: Radius::AuthFILE ACCEPT: : test [test]
Fri May 14 19:58:57 2010: DEBUG: AuthBy FILE result: ACCEPT,
Fri May 14 19:58:57 2010: DEBUG: Access accepted for test
Fri May 14 19:58:57 2010: DEBUG: Packet dump:
*** Sending to 132.238.3.162 port 3878 ....
Code:       Access-Accept
Identifier: 223
Authentic:  <147><229>%<171><31>Lm/<178><160><13><228><10><128><29>8
Attributes:


Fri May 14 19:59:49 2010: DEBUG: Packet dump:
*** Received from 132.238.3.162 port 3902 ....
Code:       Access-Request
Identifier: 8
Authentic:  a<178><R<9>7<208>r<130><148><8><144><6><165><222><27>
Attributes:
    User-Name = "test at fdu.edu"
    User-Password = 
<166>NE<171><242><155>H<216>")<7><255><185><137><176><249>
    NAS-IP-Address = 132.238.3.162
    NAS-Identifier = "alpha"
    NAS-Port = 2877
    NAS-Port-Type = Virtual
    Service-Type = Authenticate-Only
    Calling-Station-Id = "rolemodel.fdu.edu"

Fri May 14 19:59:49 2010: DEBUG: Rewrote user name to test
Fri May 14 19:59:49 2010: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Fri May 14 19:59:49 2010: DEBUG:  Deleting session for test at fdu.edu, 
132.238.3.162, 2877
Fri May 14 19:59:49 2010: DEBUG: Handling with Radius::AuthFILE:
Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE looks for match with 
test [test at fdu.edu]
Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
test [test at fdu.edu]
Fri May 14 19:59:49 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
Fri May 14 19:59:49 2010: INFO: Access rejected for test: Bad Password
Fri May 14 19:59:49 2010: DEBUG: Packet dump:
*** Sending to 132.238.3.162 port 3902 ....
Code:       Access-Reject
Identifier: 8
Authentic:  a<178><R<9>7<208>r<130><148><8><144><6><165><222><27>
Attributes:
    Reply-Message = "Bad Password"





********************Removing rewrite and adding test at fdu.edu to uses 
file****************

Fri May 14 20:03:02 2010: DEBUG: Packet dump:
*** Received from 132.238.3.162 port 3920 ....
Code:       Access-Request
Identifier: 60
Authentic:  <226><191><25><189>pJ{<238>4<155><188><1><179><18>A<
Attributes:
    User-Name = "test"
    User-Password = 9O<23>Z<134><169><163><7>V<209><160>n<130><178>Fi
    NAS-IP-Address = 132.238.3.162
    NAS-Identifier = "alpha"
    NAS-Port = 2895
    NAS-Port-Type = Virtual
    Service-Type = Authenticate-Only
    Calling-Station-Id = "rolemodel.fdu.edu"

Fri May 14 20:03:02 2010: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Fri May 14 20:03:02 2010: DEBUG:  Deleting session for test, 
132.238.3.162, 2895
Fri May 14 20:03:02 2010: DEBUG: Handling with Radius::AuthFILE:
Fri May 14 20:03:02 2010: DEBUG: Reading users file ./users.alpha
Fri May 14 20:03:02 2010: DEBUG: Radius::AuthFILE looks for match with 
test [test]
Fri May 14 20:03:02 2010: DEBUG: Radius::AuthFILE ACCEPT: : test [test]
Fri May 14 20:03:02 2010: DEBUG: AuthBy FILE result: ACCEPT,
Fri May 14 20:03:02 2010: DEBUG: Access accepted for test
Fri May 14 20:03:02 2010: DEBUG: Packet dump:
*** Sending to 132.238.3.162 port 3920 ....
Code:       Access-Accept
Identifier: 60
Authentic:  <226><191><25><189>pJ{<238>4<155><188><1><179><18>A<
Attributes:

Fri May 14 20:03:10 2010: DEBUG: Packet dump:
*** Received from 132.238.3.162 port 3945 ....
Code:       Access-Request
Identifier: 98
Authentic:  @B<215><195><202><136>aq<141><197><144><31><131><12><249><154>
Attributes:
    User-Name = "test at fdu.edu"
    User-Password = 
<17><134><222><212><30><16><185>FJu<210><223>EU<203><143>
    NAS-IP-Address = 132.238.3.162
    NAS-Identifier = "alpha"
    NAS-Port = 2920
    NAS-Port-Type = Virtual
    Service-Type = Authenticate-Only
    Calling-Station-Id = "rolemodel.fdu.edu"

Fri May 14 20:03:10 2010: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Fri May 14 20:03:10 2010: DEBUG:  Deleting session for test at fdu.edu, 
132.238.3.162, 2920
Fri May 14 20:03:10 2010: DEBUG: Handling with Radius::AuthFILE:
Fri May 14 20:03:10 2010: DEBUG: Radius::AuthFILE looks for match with 
test at fdu.edu [test at fdu.edu]
Fri May 14 20:03:10 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
test at fdu.edu [test at fdu.edu]
Fri May 14 20:03:10 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
Fri May 14 20:03:10 2010: INFO: Access rejected for test at fdu.edu: Bad 
Password
Fri May 14 20:03:10 2010: DEBUG: Packet dump:
*** Sending to 132.238.3.162 port 3945 ....
Code:       Access-Reject
Identifier: 98
Authentic:  @B<215><195><202><136>aq<141><197><144><31><131><12><249><154>
Attributes:
    Reply-Message = "Bad Password"


-Chris

--

More information about the radiator mailing list