[RADIATOR] pam_radius_auth and Radiator

Chris Bland chris at fdu.edu
Fri May 14 19:22:46 CDT 2010


Hugh,

My users file looks like this
ctest Password = ctest
test Password = tuesday
test at fdu.edu Password = tuesday

My config looks like this

Foreground
#DefineGlobalVar Max 7200

# Set up
LogStdout
LogDir        /var/log/radius-alpha       
DbDir        .
PidFile     /var/log/radius-alpha/radiusd.pid
AuthPort    5794
AcctPort    5795
DictionaryFile /etc/radiator/dictionary


# User a lower trace level in production systems:
Trace         4

#
#***********************************************************************
# Authorized Clients
#***********************************************************************
#
<Client 132.238.3.162>
    Secret mysecret
    DupInterval 0
#    RewriteUsername s/^([^@]+).*/$1/
</Client>

<Client DEFAULT>
    Secret    mysecret
    DupInterval 0
</Client>

#
#***********************************************************************
# Log file for authentication requests
#***********************************************************************
#
<AuthLog FILE>
    Identifier LOCALFILE
    Filename %L/authlog.alpha
    LogSuccess 1
    LogFailure 1
    SuccessFormat %1:%U:%P:OK
</AuthLog FILE>
#
#***********************************************************************
# Default authentication for users
#***********************************************************************
#
<Realm DEFAULT>
    AuthByPolicy ContinueAlways
    <AuthBy FILE>
        Filename ./users.alpha
    </AuthBy>
    AuthLog LOCALFILE
RejectHasReason
</Realm>



-Chris

Hugh Irvine wrote:
> Hello Chris -
>
> I will need to see a copy of the configuration file together with the contents of the users file.
>
> regards
>
> Hugh
>
>
> On 15 May 2010, at 10:11, Chris Bland wrote:
>
>   
>> Hi guys,
>>
>> I am using pam_radius-1.3.17 on a Fedora 11 box and Radiator 3.14 for 
>> development.  I am having password authentication issues for 
>> users at realm.  I started with the radius.cfg.simple.  It works fine with 
>> non realm usernames.  I intend to ultimately have users authenticate 
>> with their email address.  I have tried two approaches and I keep getting
>>
>> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
>> test [test at fdu.edu]
>> Fri May 14 19:59:49 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
>>
>> My first attempt was put user at realm in the my users file.  I get Bad 
>> Password error.  I also tried to putting a rewrite in the client clause 
>> to see if I could authenticate against the working user name.  I still 
>> get Bad Password error
>>
>> *************************Using 
>> rewrite******************************************
>>
>> <Client 132.238.3.162>
>>        Secret mysecret
>>        DupInterval 0
>>        RewriteUsername s/^([^@]+).*/$1/
>> </Client>
>>
>> Fri May 14 19:58:57 2010: DEBUG: Packet dump:
>> *** Received from 132.238.3.162 port 3878 ....
>> Code:       Access-Request
>> Identifier: 223
>> Authentic:  <147><229>%<171><31>Lm/<178><160><13><228><10><128><29>8
>> Attributes:
>>    User-Name = "test"
>>    User-Password = b5<161><164><238>!<174><7><146>+V<18>n<208><132><146>
>>    NAS-IP-Address = 132.238.3.162
>>    NAS-Identifier = "alpha"
>>    NAS-Port = 2853
>>    NAS-Port-Type = Virtual
>>    Service-Type = Authenticate-Only
>>    Calling-Station-Id = "rolemodel.fdu.edu"
>>
>> Fri May 14 19:58:57 2010: DEBUG: Rewrote user name to test
>> Fri May 14 19:58:57 2010: DEBUG: Handling request with Handler 
>> 'Realm=DEFAULT'
>> Fri May 14 19:58:57 2010: DEBUG:  Deleting session for test, 
>> 132.238.3.162, 2853
>> Fri May 14 19:58:57 2010: DEBUG: Handling with Radius::AuthFILE:
>> Fri May 14 19:58:57 2010: DEBUG: Reading users file ./users.alpha
>> Fri May 14 19:58:57 2010: DEBUG: Radius::AuthFILE looks for match with 
>> test [test]
>> Fri May 14 19:58:57 2010: DEBUG: Radius::AuthFILE ACCEPT: : test [test]
>> Fri May 14 19:58:57 2010: DEBUG: AuthBy FILE result: ACCEPT,
>> Fri May 14 19:58:57 2010: DEBUG: Access accepted for test
>> Fri May 14 19:58:57 2010: DEBUG: Packet dump:
>> *** Sending to 132.238.3.162 port 3878 ....
>> Code:       Access-Accept
>> Identifier: 223
>> Authentic:  <147><229>%<171><31>Lm/<178><160><13><228><10><128><29>8
>> Attributes:
>>
>>
>> Fri May 14 19:59:49 2010: DEBUG: Packet dump:
>> *** Received from 132.238.3.162 port 3902 ....
>> Code:       Access-Request
>> Identifier: 8
>> Authentic:  a<178><R<9>7<208>r<130><148><8><144><6><165><222><27>
>> Attributes:
>>    User-Name = "test at fdu.edu"
>>    User-Password = 
>> <166>NE<171><242><155>H<216>")<7><255><185><137><176><249>
>>    NAS-IP-Address = 132.238.3.162
>>    NAS-Identifier = "alpha"
>>    NAS-Port = 2877
>>    NAS-Port-Type = Virtual
>>    Service-Type = Authenticate-Only
>>    Calling-Station-Id = "rolemodel.fdu.edu"
>>
>> Fri May 14 19:59:49 2010: DEBUG: Rewrote user name to test
>> Fri May 14 19:59:49 2010: DEBUG: Handling request with Handler 
>> 'Realm=DEFAULT'
>> Fri May 14 19:59:49 2010: DEBUG:  Deleting session for test at fdu.edu, 
>> 132.238.3.162, 2877
>> Fri May 14 19:59:49 2010: DEBUG: Handling with Radius::AuthFILE:
>> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE looks for match with 
>> test [test at fdu.edu]
>> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
>> test [test at fdu.edu]
>> Fri May 14 19:59:49 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
>> Fri May 14 19:59:49 2010: INFO: Access rejected for test: Bad Password
>> Fri May 14 19:59:49 2010: DEBUG: Packet dump:
>> *** Sending to 132.238.3.162 port 3902 ....
>> Code:       Access-Reject
>> Identifier: 8
>> Authentic:  a<178><R<9>7<208>r<130><148><8><144><6><165><222><27>
>> Attributes:
>>    Reply-Message = "Bad Password"
>>
>>
>>
>>
>>
>> ********************Removing rewrite and adding test at fdu.edu to uses 
>> file****************
>>
>> Fri May 14 20:03:02 2010: DEBUG: Packet dump:
>> *** Received from 132.238.3.162 port 3920 ....
>> Code:       Access-Request
>> Identifier: 60
>> Authentic:  <226><191><25><189>pJ{<238>4<155><188><1><179><18>A<
>> Attributes:
>>    User-Name = "test"
>>    User-Password = 9O<23>Z<134><169><163><7>V<209><160>n<130><178>Fi
>>    NAS-IP-Address = 132.238.3.162
>>    NAS-Identifier = "alpha"
>>    NAS-Port = 2895
>>    NAS-Port-Type = Virtual
>>    Service-Type = Authenticate-Only
>>    Calling-Station-Id = "rolemodel.fdu.edu"
>>
>> Fri May 14 20:03:02 2010: DEBUG: Handling request with Handler 
>> 'Realm=DEFAULT'
>> Fri May 14 20:03:02 2010: DEBUG:  Deleting session for test, 
>> 132.238.3.162, 2895
>> Fri May 14 20:03:02 2010: DEBUG: Handling with Radius::AuthFILE:
>> Fri May 14 20:03:02 2010: DEBUG: Reading users file ./users.alpha
>> Fri May 14 20:03:02 2010: DEBUG: Radius::AuthFILE looks for match with 
>> test [test]
>> Fri May 14 20:03:02 2010: DEBUG: Radius::AuthFILE ACCEPT: : test [test]
>> Fri May 14 20:03:02 2010: DEBUG: AuthBy FILE result: ACCEPT,
>> Fri May 14 20:03:02 2010: DEBUG: Access accepted for test
>> Fri May 14 20:03:02 2010: DEBUG: Packet dump:
>> *** Sending to 132.238.3.162 port 3920 ....
>> Code:       Access-Accept
>> Identifier: 60
>> Authentic:  <226><191><25><189>pJ{<238>4<155><188><1><179><18>A<
>> Attributes:
>>
>> Fri May 14 20:03:10 2010: DEBUG: Packet dump:
>> *** Received from 132.238.3.162 port 3945 ....
>> Code:       Access-Request
>> Identifier: 98
>> Authentic:  @B<215><195><202><136>aq<141><197><144><31><131><12><249><154>
>> Attributes:
>>    User-Name = "test at fdu.edu"
>>    User-Password = 
>> <17><134><222><212><30><16><185>FJu<210><223>EU<203><143>
>>    NAS-IP-Address = 132.238.3.162
>>    NAS-Identifier = "alpha"
>>    NAS-Port = 2920
>>    NAS-Port-Type = Virtual
>>    Service-Type = Authenticate-Only
>>    Calling-Station-Id = "rolemodel.fdu.edu"
>>
>> Fri May 14 20:03:10 2010: DEBUG: Handling request with Handler 
>> 'Realm=DEFAULT'
>> Fri May 14 20:03:10 2010: DEBUG:  Deleting session for test at fdu.edu, 
>> 132.238.3.162, 2920
>> Fri May 14 20:03:10 2010: DEBUG: Handling with Radius::AuthFILE:
>> Fri May 14 20:03:10 2010: DEBUG: Radius::AuthFILE looks for match with 
>> test at fdu.edu [test at fdu.edu]
>> Fri May 14 20:03:10 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: 
>> test at fdu.edu [test at fdu.edu]
>> Fri May 14 20:03:10 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
>> Fri May 14 20:03:10 2010: INFO: Access rejected for test at fdu.edu: Bad 
>> Password
>> Fri May 14 20:03:10 2010: DEBUG: Packet dump:
>> *** Sending to 132.238.3.162 port 3945 ....
>> Code:       Access-Reject
>> Identifier: 98
>> Authentic:  @B<215><195><202><136>aq<141><197><144><31><131><12><249><154>
>> Attributes:
>>    Reply-Message = "Bad Password"
>>
>>
>> -Chris
>>
>> -- 
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>     
>
>
>
> NB: 
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
>
>   



More information about the radiator mailing list