[RADIATOR] Problem with pam_radius

Francisco Rodrigo Cortinas Maseda francisco.cortinas at jazztel.com
Wed Mar 30 06:21:07 CDT 2011


Hi,

My SQL connection is OK, for other reasons the connection between the SQL server and Radiator is not been use for 20 seconds, the SQL servers drops it down.

On the other hand, I have stated before that the secret is not the problem; the config of the secret at radius:

<Client 10.0.124.53>
        Secret laboratorio
        Identifier BBDD_Labo
</Client>

The config at the server:

10.0.124.52:1940 laboratorio


They are the same, and the password is correctly configured at the database, because i can test it from the radpwtst utility and is ok. The config of the authby SQL:

<AuthBy SQL>
        Identifier SERVERS
        DBSource dbi:mysql:auth_oss:127.0.0.1:3306
        DBUsername  root
        DBAuth root
        NoDefault
        NoDefaultIfFound
        Timeout 10
        FailureBackoffTime 20
        AuthSelect SELECT password FROM usuarios WHERE username='%{User-Name}'
        AuthColumnDef 0, Password, check
        AccountingTable
</AuthBy>




The radpwtst command is being sent from the server im also trying to connect to using pam_radius, and that is not the radius server.

Any ideas?

-----Mensaje original-----
De: Christian Kratzer [mailto:ck-lists at cksoft.de]
Enviado el: miércoles, 30 de marzo de 2011 9:23
Para: Francisco Rodrigo Cortinas Maseda
CC: radiator at open.com.au
Asunto: Re: [RADIATOR] Problem with pam_radius

Hi,

On Wed, 30 Mar 2011, Francisco Rodrigo Cortinas Maseda wrote:
<snipp/>
> Tue Mar 22 09:19:00 2011: DEBUG: Handling request with Handler 'NAS-Identifier="sshd"'
> Tue Mar 22 09:19:00 2011: DEBUG:  Deleting session for frcm, 127.0.0.1, 26576
> Tue Mar 22 09:19:00 2011: DEBUG: Decoded password is <198>* uVf<204><1>w<227>-<190>V..<15>
> Tue Mar 22 09:19:00 2011: DEBUG: Handling with Radius::AuthSQL
> Tue Mar 22 09:19:00 2011: DEBUG: Handling with Radius::AuthSQL: SERVERS
> Tue Mar 22 09:19:00 2011: DEBUG: Query is: 'SELECT password FROM usuarios WHERE username='frcm'':
> Tue Mar 22 09:19:00 2011: ERR: Execute failed for 'SELECT password FROM usuarios WHERE username='frcm'': Lost connection to MySQL server during query

you have a problem with the connection to your sql server.


> Tue Mar 22 09:19:00 2011: DEBUG: Radius::AuthSQL looks for match with frcm [frcm]
> Tue Mar 22 09:19:00 2011: DEBUG: Decoded password is <198>* uVf<204><1>w<227>-<190>V..<15>

this still looks a lot like a mismatched secret.

> Tue Mar 22 09:19:00 2011: DEBUG: Radius::AuthSQL REJECT: Bad Password: frcm [frcm]
> Tue Mar 22 09:19:00 2011: DEBUG: AuthBy SQL result: REJECT, Bad Password
> Tue Mar 22 09:19:00 2011: INFO: Access rejected for frcm: Bad Password
> Tue Mar 22 09:19:00 2011: DEBUG: Packet dump:
> *** Sending to 10.0.124.53 port 27601 ....
> Code:       Access-Reject
> Identifier: 108
> Authentic:  7<22><216>m<171>zD<191><238>@<181>[zl=<253>
> Attributes:
>        Called-Station-Id = "<198>* uVf<204><1>w<227>-<190>V..<15>"
>        Reply-Message = "Bad Password"
>
> If I use the radpwtst utility on the server where I am trying to authenticate from using pam_radius, the password is correctly decoded and is showed up correctly on the trace4.

you secret is ok for the Client from 127.0.0.1 but mismatched for the Client clause that the server with pam_radius is using.

Greetings
Christian

--
Christian Kratzer                      CK Software GmbH
Email:   ck at cksoft.de                  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer

Antes de imprimir este e-mail piense bien si es necesario hacerlo.


--------------------------------------------------------------------------------

Este mensaje es privado y CONFIDENCIAL y se dirige exclusivamente a su destinatario. Si usted ha recibido este mensaje por error, no debe revelar, copiar, distribuir o usarlo en ningún sentido. Le rogamos lo comunique al remitente y borre dicho mensaje y cualquier documento adjunto que pudiera contener. El correo electrónico via Internet no permite asegurar la confidencialidad de los mensajes que se transmiten ni su integridad o correcta recepción. JAZZTEL no asume responsabilidad por estas circunstancias. Si el destinatario de este mensaje no consintiera la utilización del correo electrónico via Internet y la grabación de los mensajes, rogamos lo ponga en nuestro conocimiento de forma inmediata.Cualquier opinión expresada en este mensaje pertenece únicamente al autor remitente, y no representa necesariamente la opinión de JAZZTEL, a no ser que expresamente se diga y el remitente esté autorizado para hacerlo.


--------------------------------------------------------------------------------


This message is private and CONFIDENTIAL and it is intended exclusively for its addressee. If you receive this message in error, you should not disclose, copy, distribute this e-mail or use it in any other way. Please inform the sender and delete the message and attachments from your system.Internet e-mail neither guarantees the confidentiality nor the integrity or proper receipt of the messages sent. JAZZTEL does not assume any liability for those circumstances. If the addressee of this message does not consent to the use of Internet e-mail and message recording, please notify us immediately.Any views or opinions contained in this message are solely those of the author, and do not necessarily represent those of JAZZTEL, unless otherwise specifically stated and the sender is authorised to do so.


--------------------------------------------------------------------------------


More information about the radiator mailing list