[RADIATOR] pam_radius_auth and Radiator
Hugh Irvine
hugh at open.com.au
Fri May 14 21:09:41 CDT 2010
Hello Chris -
This is very strange - can you please send me a trace 5 debug with the packet dumps so we can see what is happening?
thanks and regards
Hugh
On 15 May 2010, at 10:22, Chris Bland wrote:
> Hugh,
>
> My users file looks like this
> ctest Password = ctest
> test Password = tuesday
> test at fdu.edu Password = tuesday
>
> My config looks like this
>
> Foreground
> #DefineGlobalVar Max 7200
>
> # Set up
> LogStdout
> LogDir /var/log/radius-alpha DbDir .
> PidFile /var/log/radius-alpha/radiusd.pid
> AuthPort 5794
> AcctPort 5795
> DictionaryFile /etc/radiator/dictionary
>
>
> # User a lower trace level in production systems:
> Trace 4
>
> #
> #***********************************************************************
> # Authorized Clients
> #***********************************************************************
> #
> <Client 132.238.3.162>
> Secret mysecret
> DupInterval 0
> # RewriteUsername s/^([^@]+).*/$1/
> </Client>
>
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> #
> #***********************************************************************
> # Log file for authentication requests
> #***********************************************************************
> #
> <AuthLog FILE>
> Identifier LOCALFILE
> Filename %L/authlog.alpha
> LogSuccess 1
> LogFailure 1
> SuccessFormat %1:%U:%P:OK
> </AuthLog FILE>
> #
> #***********************************************************************
> # Default authentication for users
> #***********************************************************************
> #
> <Realm DEFAULT>
> AuthByPolicy ContinueAlways
> <AuthBy FILE>
> Filename ./users.alpha
> </AuthBy>
> AuthLog LOCALFILE
> RejectHasReason
> </Realm>
>
>
>
> -Chris
>
> Hugh Irvine wrote:
>> Hello Chris -
>>
>> I will need to see a copy of the configuration file together with the contents of the users file.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 15 May 2010, at 10:11, Chris Bland wrote:
>>
>>
>>> Hi guys,
>>>
>>> I am using pam_radius-1.3.17 on a Fedora 11 box and Radiator 3.14 for development. I am having password authentication issues for users at realm. I started with the radius.cfg.simple. It works fine with non realm usernames. I intend to ultimately have users authenticate with their email address. I have tried two approaches and I keep getting
>>>
>>> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: test [test at fdu.edu]
>>> Fri May 14 19:59:49 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
>>>
>>> My first attempt was put user at realm in the my users file. I get Bad Password error. I also tried to putting a rewrite in the client clause to see if I could authenticate against the working user name. I still get Bad Password error
>>>
>>> *************************Using rewrite******************************************
>>>
>>> <Client 132.238.3.162>
>>> Secret mysecret
>>> DupInterval 0
>>> RewriteUsername s/^([^@]+).*/$1/
>>> </Client>
>>>
>>> Fri May 14 19:58:57 2010: DEBUG: Packet dump:
>>> *** Received from 132.238.3.162 port 3878 ....
>>> Code: Access-Request
>>> Identifier: 223
>>> Authentic: <147><229>%<171><31>Lm/<178><160><13><228><10><128><29>8
>>> Attributes:
>>> User-Name = "test"
>>> User-Password = b5<161><164><238>!<174><7><146>+V<18>n<208><132><146>
>>> NAS-IP-Address = 132.238.3.162
>>> NAS-Identifier = "alpha"
>>> NAS-Port = 2853
>>> NAS-Port-Type = Virtual
>>> Service-Type = Authenticate-Only
>>> Calling-Station-Id = "rolemodel.fdu.edu"
>>>
>>> Fri May 14 19:58:57 2010: DEBUG: Rewrote user name to test
>>> Fri May 14 19:58:57 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>>> Fri May 14 19:58:57 2010: DEBUG: Deleting session for test, 132.238.3.162, 2853
>>> Fri May 14 19:58:57 2010: DEBUG: Handling with Radius::AuthFILE:
>>> Fri May 14 19:58:57 2010: DEBUG: Reading users file ./users.alpha
>>> Fri May 14 19:58:57 2010: DEBUG: Radius::AuthFILE looks for match with test [test]
>>> Fri May 14 19:58:57 2010: DEBUG: Radius::AuthFILE ACCEPT: : test [test]
>>> Fri May 14 19:58:57 2010: DEBUG: AuthBy FILE result: ACCEPT,
>>> Fri May 14 19:58:57 2010: DEBUG: Access accepted for test
>>> Fri May 14 19:58:57 2010: DEBUG: Packet dump:
>>> *** Sending to 132.238.3.162 port 3878 ....
>>> Code: Access-Accept
>>> Identifier: 223
>>> Authentic: <147><229>%<171><31>Lm/<178><160><13><228><10><128><29>8
>>> Attributes:
>>>
>>>
>>> Fri May 14 19:59:49 2010: DEBUG: Packet dump:
>>> *** Received from 132.238.3.162 port 3902 ....
>>> Code: Access-Request
>>> Identifier: 8
>>> Authentic: a<178><R<9>7<208>r<130><148><8><144><6><165><222><27>
>>> Attributes:
>>> User-Name = "test at fdu.edu"
>>> User-Password = <166>NE<171><242><155>H<216>")<7><255><185><137><176><249>
>>> NAS-IP-Address = 132.238.3.162
>>> NAS-Identifier = "alpha"
>>> NAS-Port = 2877
>>> NAS-Port-Type = Virtual
>>> Service-Type = Authenticate-Only
>>> Calling-Station-Id = "rolemodel.fdu.edu"
>>>
>>> Fri May 14 19:59:49 2010: DEBUG: Rewrote user name to test
>>> Fri May 14 19:59:49 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>>> Fri May 14 19:59:49 2010: DEBUG: Deleting session for test at fdu.edu, 132.238.3.162, 2877
>>> Fri May 14 19:59:49 2010: DEBUG: Handling with Radius::AuthFILE:
>>> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE looks for match with test [test at fdu.edu]
>>> Fri May 14 19:59:49 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: test [test at fdu.edu]
>>> Fri May 14 19:59:49 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
>>> Fri May 14 19:59:49 2010: INFO: Access rejected for test: Bad Password
>>> Fri May 14 19:59:49 2010: DEBUG: Packet dump:
>>> *** Sending to 132.238.3.162 port 3902 ....
>>> Code: Access-Reject
>>> Identifier: 8
>>> Authentic: a<178><R<9>7<208>r<130><148><8><144><6><165><222><27>
>>> Attributes:
>>> Reply-Message = "Bad Password"
>>>
>>>
>>>
>>>
>>>
>>> ********************Removing rewrite and adding test at fdu.edu to uses file****************
>>>
>>> Fri May 14 20:03:02 2010: DEBUG: Packet dump:
>>> *** Received from 132.238.3.162 port 3920 ....
>>> Code: Access-Request
>>> Identifier: 60
>>> Authentic: <226><191><25><189>pJ{<238>4<155><188><1><179><18>A<
>>> Attributes:
>>> User-Name = "test"
>>> User-Password = 9O<23>Z<134><169><163><7>V<209><160>n<130><178>Fi
>>> NAS-IP-Address = 132.238.3.162
>>> NAS-Identifier = "alpha"
>>> NAS-Port = 2895
>>> NAS-Port-Type = Virtual
>>> Service-Type = Authenticate-Only
>>> Calling-Station-Id = "rolemodel.fdu.edu"
>>>
>>> Fri May 14 20:03:02 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>>> Fri May 14 20:03:02 2010: DEBUG: Deleting session for test, 132.238.3.162, 2895
>>> Fri May 14 20:03:02 2010: DEBUG: Handling with Radius::AuthFILE:
>>> Fri May 14 20:03:02 2010: DEBUG: Reading users file ./users.alpha
>>> Fri May 14 20:03:02 2010: DEBUG: Radius::AuthFILE looks for match with test [test]
>>> Fri May 14 20:03:02 2010: DEBUG: Radius::AuthFILE ACCEPT: : test [test]
>>> Fri May 14 20:03:02 2010: DEBUG: AuthBy FILE result: ACCEPT,
>>> Fri May 14 20:03:02 2010: DEBUG: Access accepted for test
>>> Fri May 14 20:03:02 2010: DEBUG: Packet dump:
>>> *** Sending to 132.238.3.162 port 3920 ....
>>> Code: Access-Accept
>>> Identifier: 60
>>> Authentic: <226><191><25><189>pJ{<238>4<155><188><1><179><18>A<
>>> Attributes:
>>>
>>> Fri May 14 20:03:10 2010: DEBUG: Packet dump:
>>> *** Received from 132.238.3.162 port 3945 ....
>>> Code: Access-Request
>>> Identifier: 98
>>> Authentic: @B<215><195><202><136>aq<141><197><144><31><131><12><249><154>
>>> Attributes:
>>> User-Name = "test at fdu.edu"
>>> User-Password = <17><134><222><212><30><16><185>FJu<210><223>EU<203><143>
>>> NAS-IP-Address = 132.238.3.162
>>> NAS-Identifier = "alpha"
>>> NAS-Port = 2920
>>> NAS-Port-Type = Virtual
>>> Service-Type = Authenticate-Only
>>> Calling-Station-Id = "rolemodel.fdu.edu"
>>>
>>> Fri May 14 20:03:10 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>>> Fri May 14 20:03:10 2010: DEBUG: Deleting session for test at fdu.edu, 132.238.3.162, 2920
>>> Fri May 14 20:03:10 2010: DEBUG: Handling with Radius::AuthFILE:
>>> Fri May 14 20:03:10 2010: DEBUG: Radius::AuthFILE looks for match with test at fdu.edu [test at fdu.edu]
>>> Fri May 14 20:03:10 2010: DEBUG: Radius::AuthFILE REJECT: Bad Password: test at fdu.edu [test at fdu.edu]
>>> Fri May 14 20:03:10 2010: DEBUG: AuthBy FILE result: REJECT, Bad Password
>>> Fri May 14 20:03:10 2010: INFO: Access rejected for test at fdu.edu: Bad Password
>>> Fri May 14 20:03:10 2010: DEBUG: Packet dump:
>>> *** Sending to 132.238.3.162 port 3945 ....
>>> Code: Access-Reject
>>> Identifier: 98
>>> Authentic: @B<215><195><202><136>aq<141><197><144><31><131><12><249><154>
>>> Attributes:
>>> Reply-Message = "Bad Password"
>>>
>>>
>>> -Chris
>>>
>>> --
>>>
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>>
>>
>>
>>
>> NB:
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
>>
>>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list