[RADIATOR] Radiator: Request Denied , AuthBy RADMIN result: REJECT, Check item User-Name expression '' does not match 'test101' in request

Scott scottshaw at 163.com
Wed Jun 13 20:21:20 CDT 2012


Hello Heikki
Thanks so much for your reply. I verified again and got some error. Then I deleted that config file, copy the radmin.cfg from goodie folder to programfiles-radiator and rename it to radius.cfg. As I am using MS SQL server, so I changed the lines related to DBsource to  (DBSource dbi:ODBC:radmin)
 
I also tried to comment out the line related to user-name in the default radmin.cfg file but same issue.
 
AcctColumnDef USERNAME,User-Name
 
I run radpwtst bug to same error and debug info as below, can you advise where I missing something or wrong? thanks!Scott
 
client:
C:\Perl\bin>perl radpwtst -user test1 -password P at ssw0rd123
sending Access-Request...
Rejected: Request Denied
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK

debug inf:
 
Thu Jun 14 09:12:52 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jun 14 09:12:52 2012: DEBUG:  Deleting session for test1, 203.63.154.1, 1234
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'delete from RADONLINE where NASID
ENTIFIER='203.63.154.1' and NASPORT=01234':
Thu Jun 14 09:12:52 2012: DEBUG: Handling with Radius::AuthRADMIN:
Thu Jun 14 09:12:52 2012: DEBUG: Handling with Radius::AuthRADMIN:
Thu Jun 14 09:12:52 2012: DEBUG: Query is: 'select PASS_WORD, STATICADDRESS, TIM
ELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
 USERNAME='test1'':
Thu Jun 14 09:12:52 2012: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, IVALUE, S
VALUE, ITEM_TYPE from RADSTCONFIG where NAME='1' order by ITEM_TYPE':
Thu Jun 14 09:12:52 2012: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, IVALUE, S
VALUE, ITEM_TYPE from RADCONFIG where NAME='test1' order by ITEM_TYPE':
Thu Jun 14 09:12:52 2012: DEBUG: Radius::AuthRADMIN looks for match with test1 [
test1]
Thu Jun 14 09:12:52 2012: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT, ACCTS
ESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='test1'':
Thu Jun 14 09:12:52 2012: DEBUG: ValidFrom date converted to: 1210648500
Thu Jun 14 09:12:52 2012: DEBUG: Expiration date converted to: 1557676800
Thu Jun 14 09:12:52 2012: DEBUG: Radius::AuthRADMIN REJECT: Check item User-Name
 expression '' does not match 'test1' in request: test1 [test1]
Thu Jun 14 09:12:52 2012: DEBUG: AuthBy RADMIN result: REJECT, Check item User-N
ame expression '' does not match 'test1' in request
Thu Jun 14 09:12:52 2012: INFO: Access rejected for test1: Check item User-Name
expression '' does not match 'test1' in request
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'insert into RADAUTHLOG (TIME_STAM
P, USERNAME, TYPE, REASON) values (1339636372, 'test1', 0, 'Check item User-Name
 expression '''' does not match ''test1'' in request')':
Thu Jun 14 09:12:52 2012: ERR: do failed for 'insert into RADAUTHLOG (TIME_STAMP
, USERNAME, TYPE, REASON) values (1339636372, 'test1', 0, 'Check item User-Name
expression '''' does not match ''test1'' in request')': [Microsoft][ODBC SQL Ser
ver Driver][SQL Server]String or binary data would be truncated. (SQL-22001)
[Microsoft][ODBC SQL Server Driver][SQL Server]The statement has been terminated
. (SQL-01000)(DBD: Execute immediate failed err=-1)
Thu Jun 14 09:12:52 2012: ERR: do failed for 'insert into RADAUTHLOG (TIME_STAMP
, USERNAME, TYPE, REASON) values (1339636372, 'test1', 0, 'Check item User-Name
expression '''' does not match ''test1'' in request')': [Microsoft][ODBC SQL Ser
ver Driver][SQL Server]String or binary data would be truncated. (SQL-22001)
[Microsoft][ODBC SQL Server Driver][SQL Server]The statement has been terminated
. (SQL-01000)(DBD: Execute immediate failed err=-1)
Thu Jun 14 09:12:52 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1188 ....
Code:       Access-Reject
Identifier: 247
Authentic:  i<2><150><25>F<211><205><230>GQ<149>z<172><5><251>8
Attributes:
        Reply-Message = "Request Denied"
Thu Jun 14 09:12:52 2012: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1188 ....
Code:       Accounting-Request
Identifier: 248
Authentic:  dRn<249>g<170><14><142>H<169><202><245><183><233>z:
Attributes:
        User-Name = "test1"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
Thu Jun 14 09:12:52 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jun 14 09:12:52 2012: DEBUG:  Adding session for test1, 203.63.154.1, 1234
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'delete from RADONLINE where NASID
ENTIFIER='203.63.154.1' and NASPORT=01234':
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
 SERVICETYPE) values ('test1', '203.63.154.1', 1234, '00001234', 1339636372, '',
 'Async', 'Framed-User')':
Thu Jun 14 09:12:52 2012: DEBUG: Handling with Radius::AuthRADMIN:
Thu Jun 14 09:12:52 2012: DEBUG: Handling accounting with Radius::AuthRADMIN
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'update RADUSERS set TIMELEFT=TIME
LEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAM
E='test1'':
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'insert into RADUSAGE (ACCTDELAYTI
ME,ACCTSESSIONID,ACCTSTATUSTYPE,DNIS,NASIDENTIFIER,NASPORT,TIME_STAMP) values (0
,'00001234',1,'123456789','203.63.154.1',1234,1339636372)':
Thu Jun 14 09:12:52 2012: DEBUG: AuthBy RADMIN result: ACCEPT,
Thu Jun 14 09:12:52 2012: DEBUG: Accounting accepted
Thu Jun 14 09:12:52 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1188 ....
Code:       Accounting-Response
Identifier: 248
Authentic:  dRn<249>g<170><14><142>H<169><202><245><183><233>z:
Attributes:
Thu Jun 14 09:12:53 2012: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1188 ....
Code:       Accounting-Request
Identifier: 249
Authentic:  <158><245>"<162>*_<162><237><173><139><218>"^<28><5><227>
Attributes:
        User-Name = "test1"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Stop
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
        Acct-Session-Time = 1000
        Acct-Input-Octets = 20000
        Acct-Output-Octets = 30000
Thu Jun 14 09:12:53 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jun 14 09:12:53 2012: DEBUG:  Deleting session for test1, 203.63.154.1, 1234
Thu Jun 14 09:12:53 2012: DEBUG: do query is: 'delete from RADONLINE where NASID
ENTIFIER='203.63.154.1' and NASPORT=01234':
Thu Jun 14 09:12:53 2012: DEBUG: Handling with Radius::AuthRADMIN:
Thu Jun 14 09:12:53 2012: DEBUG: Handling accounting with Radius::AuthRADMIN
Thu Jun 14 09:12:53 2012: DEBUG: do query is: 'update RADUSERS set TIMELEFT=TIME
LEFT-01000, OCTETSINLEFT=OCTETSINLEFT-020000, OCTETSOUTLEFT=OCTETSOUTLEFT-030000
 where USERNAME='test1'':
Thu Jun 14 09:12:53 2012: DEBUG: do query is: 'insert into RADUSAGE (ACCTDELAYTI
ME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE
,DNIS,NASIDENTIFIER,NASPORT,TIME_STAMP) values (0,20000,30000,'00001234',
Thu Jun 14 09:12:53 2012: DEBUG: AuthBy RADMIN result: ACCEPT,
Thu Jun 14 09:12:53 2012: DEBUG: Accounting accepted
Thu Jun 14 09:12:53 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1188 ....
Code:       Accounting-Response
Identifier: 249
Authentic:  <158><245>"<162>*_<162><237><173><139><218>"^<28><5><227>
Attributes:

 
 
the config file
 
 
# radmin.cfg
#
# Example Radiator configuration file to interface to the
# Radmin user management package from Open System Consultants
# (http://www.open.com.au/radmin)
#
# You can add extra items to your RADUSERS table and make
# Radiator take note of them with, for example:
# AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
#            MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
#            FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
#            from RADUSERS where \
#            USERNAME='%n' and BADLOGINS < 5 and \
#            VALIDFROM < %t and VALIDTO > %t
# AuthColumnDef   0,Framed-IP-Netmask,reply
# AuthColumnDef   1,Filter-Id,reply
# AuthColumnDef   2,Idle-Timeout,reply
# note that the numbering of AuthColumnDef starts with the
# field following the first 4 minumum and required fields.
#
# You should consider this file to be a starting point only
# $Id $
Foreground
LogStdout
LogDir  .
DbDir  .
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
<Client DEFAULT>
 Secret mysecret
 DupInterval 0
</Client>
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
 DBSource dbi:ODBC:radmin
 DBUsername radmin
 DBAuth  radminpw
 # If RefreshPeriod is set to non-zero, it specifies the period in seconds that the client list will
 # be refreshed by rereading the database. Each RefreshPeriod,
 # any Clients previously created by this ClientList are cleared
 # and a new set of clients read from the database.
 # Clients defined in the configuration file will not be clobbered.
 # The same effect can be got by signalling the process with with SIGHUP
 #RefreshPeriod 600
</ClientListSQL>
# Handle everyone with RADMIN
<Realm DEFAULT>
 <AuthBy RADMIN>
  # Change DBSource, DBUsername, DBAuth for your database
  # See the reference manual. You will also have to
  # change the one in <SessionDatabse SQL> below
  # so its the same
  DBSource dbi:ODBC:radmin
  DBUsername radmin
  DBAuth  radminpw
  # Never look up the DEFAULT user
  NoDefault
  # You can add to or change these if you want, but you
  # will probably want to change the database schema first
  AccountingTable RADUSAGE
  #AcctColumnDef USERNAME,User-Name
  AcctColumnDef TIME_STAMP,Timestamp,integer
  AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
  AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
  AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
  AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
  AcctColumnDef ACCTSESSIONID,Acct-Session-Id
  AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
  AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
  AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
  AcctColumnDef NASIDENTIFIER,NAS-IP-Address
  AcctColumnDef NASIDENTIFIER,NAS-Identifier
  AcctColumnDef NASPORT,NAS-Port,integer
  AcctColumnDef DNIS,Called-Station-Id
#  AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
  # This updates the time and octets left
  # for this user
  AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
  # These are the classic things to add to each users
  # reply to allow a PPP dialup session. It may be
  # different for your NAS. This will add some
  # reply items to everyone's reply
  AddToReply Framed-Protocol = PPP,\
          Framed-IP-Netmask = 255.255.255.255,\
          Framed-Routing = None,\
          Framed-MTU = 1500,\
   Framed-Compression = Van-Jacobson-TCP-IP
  # If you intend to use rcrypt reversible encryption
  # for passwords in your Radmin database, you must
  # RcryptKey here to be the same secret key you
  # defined in your Radmin Site.pm, and also set
  # PasswordFormat in your Site.pm.
  # RcryptKey mysecret
  # If you intend to use Unix encryption in your database,
  # you will need to set EncryptedPasssword here,
  # as well as setting PasswordFormat in your Site.pm
  # EncryptedPassword
  # You can change the max bad login count from the default
  # of 5 with something like
  # MaxBadLogins 10
 </AuthBy>
 # This clause logs all authentication successes and failures to the RADAUTHLOG table
 # Suitable for use with RAdmin version 1.6 or later
 <AuthLog SQL>
  # This database spec usually should be exactly the same
  # as in <AuthBy RADMIN> above
  DBSource dbi:ODBC:radmin
  DBUsername radmin
  DBAuth  radminpw
  LogSuccess
  SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE) values (%t, '%n', 1)
  LogFailure
  FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
 </AuthLog>
 
</Realm>
<SessionDatabase SQL>
 # This database spec usually should be exactly the same
 # as in <AuthBy RADMIN> above
 DBSource dbi:ODBC:radmin
 DBUsername radmin
 DBAuth  radminpw
</SessionDatabase>
# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg
 
 

 



At 2012-06-13 22:42:14,"Heikki Vatiainen" <hvn at open.com.au> wrote:
>On 06/13/2012 06:53 AM, Scott wrote:
>> hi team, I am testing radiator with radmin with MS SQL server on windows
>> platform. I use default cfg file without issue. but when I use this
>> config file below to test with new created users on radmin, it's always
>> rejected, any advice please?
>
>The log shows you have User-Name as a check item. The expected value is
>empty ('') and your User-Name in the request is 'test101'. This is why
>it fails.
>
>I tried the configuration file you had attached. It seems not to be the
>same configuration file you used when you saw the error. The attached
>configuration file works fine with Radmin and I did not see any problems
>with User-Name check item. The default Radmin configuration does not use
>User-Name as a check item.
>
>Note: Radiator 4.2 is very old. You should consider upgrading.
>
>Thanks!
>Heikki
>
>
>-- 
>Heikki Vatiainen <hvn at open.com.au>
>
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>NetWare etc.
>_______________________________________________
>radiator mailing list
>radiator at open.com.au
>http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120614/a8fa9131/attachment-0001.html 


More information about the radiator mailing list