[RADIATOR] pam_radius_auth and Radiator

Hugh Irvine hugh at open.com.au
Fri May 14 19:15:53 CDT 2010 

Hello Chris -

I will need to see a copy of the configuration file together with the contents of the users file.

regards

Hugh


On 15 May 2010, at 10:11, Chris Bland wrote:

> Hi guys,
> 
> I am using pam_radius-1.3.17 on a Fedora 11 box and Radiator 3.14 for 
> development.  I am having password authentication issues for 
> users at realm.  I started with the radius.cfg.simple.  It works fine with 
> non realm usernames.  I intend to ultimately have users authenticate 
> with their email address.  I have tried two approaches and I keep getting
> 
> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
> test [test at fdu.edu]
> Fri May 14 19:59:49 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
> 
> My first attempt was put user at realm in the my users file.  I get Bad 
> Password error.  I also tried to putting a rewrite in the client clause 
> to see if I could authenticate against the working user name.  I still 
> get Bad Password error
> 
> *************************Using 
> rewrite******************************************
> 
> <Client 132.238.3.162>
>        Secret mysecret
>        DupInterval 0
>        RewriteUsername s/^([^@]+).*/$1/
> </Client>
> 
> Fri May 14 19:58:57 2010: DEBUG: Packet dump:
> *** Received from 132.238.3.162 port 3878 ....
> Code:       Access-Request
> Identifier: 223
> Authentic:  <147><229>%<171><31>Lm/<178><160><13><228><10><128><29>8
> Attributes:
>    User-Name = "test"
>    User-Password = b5<161><164><238>!<174><7><146>+V<18>n<208><132><146>
>    NAS-IP-Address = 132.238.3.162
>    NAS-Identifier = "alpha"
>    NAS-Port = 2853
>    NAS-Port-Type = Virtual
>    Service-Type = Authenticate-Only
>    Calling-Station-Id = "rolemodel.fdu.edu"
> 
> Fri May 14 19:58:57 2010: DEBUG: Rewrote user name to test
> Fri May 14 19:58:57 2010: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Fri May 14 19:58:57 2010: DEBUG:  Deleting session for test, 
> 132.238.3.162, 2853
> Fri May 14 19:58:57 2010: DEBUG: Handling with Radius::AuthFILE:
> Fri May 14 19:58:57 2010: DEBUG: Reading users file ./users.alpha
> Fri May 14 19:58:57 2010: DEBUG: Radius::AuthFILE looks for match with 
> test [test]
> Fri May 14 19:58:57 2010: DEBUG: Radius::AuthFILE ACCEPT: : test [test]
> Fri May 14 19:58:57 2010: DEBUG: AuthBy FILE result: ACCEPT,
> Fri May 14 19:58:57 2010: DEBUG: Access accepted for test
> Fri May 14 19:58:57 2010: DEBUG: Packet dump:
> *** Sending to 132.238.3.162 port 3878 ....
> Code:       Access-Accept
> Identifier: 223
> Authentic:  <147><229>%<171><31>Lm/<178><160><13><228><10><128><29>8
> Attributes:
> 
> 
> Fri May 14 19:59:49 2010: DEBUG: Packet dump:
> *** Received from 132.238.3.162 port 3902 ....
> Code:       Access-Request
> Identifier: 8
> Authentic:  a<178><R<9>7<208>r<130><148><8><144><6><165><222><27>
> Attributes:
>    User-Name = "test at fdu.edu"
>    User-Password = 
> <166>NE<171><242><155>H<216>")<7><255><185><137><176><249>
>    NAS-IP-Address = 132.238.3.162
>    NAS-Identifier = "alpha"
>    NAS-Port = 2877
>    NAS-Port-Type = Virtual
>    Service-Type = Authenticate-Only
>    Calling-Station-Id = "rolemodel.fdu.edu"
> 
> Fri May 14 19:59:49 2010: DEBUG: Rewrote user name to test
> Fri May 14 19:59:49 2010: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Fri May 14 19:59:49 2010: DEBUG:  Deleting session for test at fdu.edu, 
> 132.238.3.162, 2877
> Fri May 14 19:59:49 2010: DEBUG: Handling with Radius::AuthFILE:
> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE looks for match with 
> test [test at fdu.edu]
> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
> test [test at fdu.edu]
> Fri May 14 19:59:49 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
> Fri May 14 19:59:49 2010: INFO: Access rejected for test: Bad Password
> Fri May 14 19:59:49 2010: DEBUG: Packet dump:
> *** Sending to 132.238.3.162 port 3902 ....
> Code:       Access-Reject
> Identifier: 8
> Authentic:  a<178><R<9>7<208>r<130><148><8><144><6><165><222><27>
> Attributes:
>    Reply-Message = "Bad Password"
> 
> 
> 
> 
> 
> ********************Removing rewrite and adding test at fdu.edu to uses 
> file****************
> 
> Fri May 14 20:03:02 2010: DEBUG: Packet dump:
> *** Received from 132.238.3.162 port 3920 ....
> Code:       Access-Request
> Identifier: 60
> Authentic:  <226><191><25><189>pJ{<238>4<155><188><1><179><18>A<
> Attributes:
>    User-Name = "test"
>    User-Password = 9O<23>Z<134><169><163><7>V<209><160>n<130><178>Fi
>    NAS-IP-Address = 132.238.3.162
>    NAS-Identifier = "alpha"
>    NAS-Port = 2895
>    NAS-Port-Type = Virtual
>    Service-Type = Authenticate-Only
>    Calling-Station-Id = "rolemodel.fdu.edu"
> 
> Fri May 14 20:03:02 2010: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Fri May 14 20:03:02 2010: DEBUG:  Deleting session for test, 
> 132.238.3.162, 2895
> Fri May 14 20:03:02 2010: DEBUG: Handling with Radius::AuthFILE:
> Fri May 14 20:03:02 2010: DEBUG: Reading users file ./users.alpha
> Fri May 14 20:03:02 2010: DEBUG: Radius::AuthFILE looks for match with 
> test [test]
> Fri May 14 20:03:02 2010: DEBUG: Radius::AuthFILE ACCEPT: : test [test]
> Fri May 14 20:03:02 2010: DEBUG: AuthBy FILE result: ACCEPT,
> Fri May 14 20:03:02 2010: DEBUG: Access accepted for test
> Fri May 14 20:03:02 2010: DEBUG: Packet dump:
> *** Sending to 132.238.3.162 port 3920 ....
> Code:       Access-Accept
> Identifier: 60
> Authentic:  <226><191><25><189>pJ{<238>4<155><188><1><179><18>A<
> Attributes:
> 
> Fri May 14 20:03:10 2010: DEBUG: Packet dump:
> *** Received from 132.238.3.162 port 3945 ....
> Code:       Access-Request
> Identifier: 98
> Authentic:  @B<215><195><202><136>aq<141><197><144><31><131><12><249><154>
> Attributes:
>    User-Name = "test at fdu.edu"
>    User-Password = 
> <17><134><222><212><30><16><185>FJu<210><223>EU<203><143>
>    NAS-IP-Address = 132.238.3.162
>    NAS-Identifier = "alpha"
>    NAS-Port = 2920
>    NAS-Port-Type = Virtual
>    Service-Type = Authenticate-Only
>    Calling-Station-Id = "rolemodel.fdu.edu"
> 
> Fri May 14 20:03:10 2010: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Fri May 14 20:03:10 2010: DEBUG:  Deleting session for test at fdu.edu, 
> 132.238.3.162, 2920
> Fri May 14 20:03:10 2010: DEBUG: Handling with Radius::AuthFILE:
> Fri May 14 20:03:10 2010: DEBUG: Radius::AuthFILE looks for match with 
> test at fdu.edu [test at fdu.edu]
> Fri May 14 20:03:10 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
> test at fdu.edu [test at fdu.edu]
> Fri May 14 20:03:10 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
> Fri May 14 20:03:10 2010: INFO: Access rejected for test at fdu.edu: Bad 
> Password
> Fri May 14 20:03:10 2010: DEBUG: Packet dump:
> *** Sending to 132.238.3.162 port 3945 ....
> Code:       Access-Reject
> Identifier: 98
> Authentic:  @B<215><195><202><136>aq<141><197><144><31><131><12><249><154>
> Attributes:
>    Reply-Message = "Bad Password"
> 
> 
> -Chris
> 
> -- 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list