[RADIATOR] Radiator: Request Denied , AuthBy RADMIN result: REJECT, Check item User-Name expression '' does not match 'test101' in request
Scott
scottshaw at 163.com
Wed Jun 13 20:21:20 CDT 2012
Hello Heikki
Thanks so much for your reply. I verified again and got some error. Then I deleted that config file, copy the radmin.cfg from goodie folder to programfiles-radiator and rename it to radius.cfg. As I am using MS SQL server, so I changed the lines related to DBsource to (DBSource dbi:ODBC:radmin)
I also tried to comment out the line related to user-name in the default radmin.cfg file but same issue.
AcctColumnDef USERNAME,User-Name
I run radpwtst bug to same error and debug info as below, can you advise where I missing something or wrong? thanks!Scott
client:
C:\Perl\bin>perl radpwtst -user test1 -password P at ssw0rd123
sending Access-Request...
Rejected: Request Denied
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK
debug inf:
Thu Jun 14 09:12:52 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jun 14 09:12:52 2012: DEBUG: Deleting session for test1, 203.63.154.1, 1234
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'delete from RADONLINE where NASID
ENTIFIER='203.63.154.1' and NASPORT=01234':
Thu Jun 14 09:12:52 2012: DEBUG: Handling with Radius::AuthRADMIN:
Thu Jun 14 09:12:52 2012: DEBUG: Handling with Radius::AuthRADMIN:
Thu Jun 14 09:12:52 2012: DEBUG: Query is: 'select PASS_WORD, STATICADDRESS, TIM
ELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where
USERNAME='test1'':
Thu Jun 14 09:12:52 2012: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, IVALUE, S
VALUE, ITEM_TYPE from RADSTCONFIG where NAME='1' order by ITEM_TYPE':
Thu Jun 14 09:12:52 2012: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, IVALUE, S
VALUE, ITEM_TYPE from RADCONFIG where NAME='test1' order by ITEM_TYPE':
Thu Jun 14 09:12:52 2012: DEBUG: Radius::AuthRADMIN looks for match with test1 [
test1]
Thu Jun 14 09:12:52 2012: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT, ACCTS
ESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='test1'':
Thu Jun 14 09:12:52 2012: DEBUG: ValidFrom date converted to: 1210648500
Thu Jun 14 09:12:52 2012: DEBUG: Expiration date converted to: 1557676800
Thu Jun 14 09:12:52 2012: DEBUG: Radius::AuthRADMIN REJECT: Check item User-Name
expression '' does not match 'test1' in request: test1 [test1]
Thu Jun 14 09:12:52 2012: DEBUG: AuthBy RADMIN result: REJECT, Check item User-N
ame expression '' does not match 'test1' in request
Thu Jun 14 09:12:52 2012: INFO: Access rejected for test1: Check item User-Name
expression '' does not match 'test1' in request
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'insert into RADAUTHLOG (TIME_STAM
P, USERNAME, TYPE, REASON) values (1339636372, 'test1', 0, 'Check item User-Name
expression '''' does not match ''test1'' in request')':
Thu Jun 14 09:12:52 2012: ERR: do failed for 'insert into RADAUTHLOG (TIME_STAMP
, USERNAME, TYPE, REASON) values (1339636372, 'test1', 0, 'Check item User-Name
expression '''' does not match ''test1'' in request')': [Microsoft][ODBC SQL Ser
ver Driver][SQL Server]String or binary data would be truncated. (SQL-22001)
[Microsoft][ODBC SQL Server Driver][SQL Server]The statement has been terminated
. (SQL-01000)(DBD: Execute immediate failed err=-1)
Thu Jun 14 09:12:52 2012: ERR: do failed for 'insert into RADAUTHLOG (TIME_STAMP
, USERNAME, TYPE, REASON) values (1339636372, 'test1', 0, 'Check item User-Name
expression '''' does not match ''test1'' in request')': [Microsoft][ODBC SQL Ser
ver Driver][SQL Server]String or binary data would be truncated. (SQL-22001)
[Microsoft][ODBC SQL Server Driver][SQL Server]The statement has been terminated
. (SQL-01000)(DBD: Execute immediate failed err=-1)
Thu Jun 14 09:12:52 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1188 ....
Code: Access-Reject
Identifier: 247
Authentic: i<2><150><25>F<211><205><230>GQ<149>z<172><5><251>8
Attributes:
Reply-Message = "Request Denied"
Thu Jun 14 09:12:52 2012: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1188 ....
Code: Accounting-Request
Identifier: 248
Authentic: dRn<249>g<170><14><142>H<169><202><245><183><233>z:
Attributes:
User-Name = "test1"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Thu Jun 14 09:12:52 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jun 14 09:12:52 2012: DEBUG: Adding session for test1, 203.63.154.1, 1234
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'delete from RADONLINE where NASID
ENTIFIER='203.63.154.1' and NASPORT=01234':
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
SERVICETYPE) values ('test1', '203.63.154.1', 1234, '00001234', 1339636372, '',
'Async', 'Framed-User')':
Thu Jun 14 09:12:52 2012: DEBUG: Handling with Radius::AuthRADMIN:
Thu Jun 14 09:12:52 2012: DEBUG: Handling accounting with Radius::AuthRADMIN
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'update RADUSERS set TIMELEFT=TIME
LEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAM
E='test1'':
Thu Jun 14 09:12:52 2012: DEBUG: do query is: 'insert into RADUSAGE (ACCTDELAYTI
ME,ACCTSESSIONID,ACCTSTATUSTYPE,DNIS,NASIDENTIFIER,NASPORT,TIME_STAMP) values (0
,'00001234',1,'123456789','203.63.154.1',1234,1339636372)':
Thu Jun 14 09:12:52 2012: DEBUG: AuthBy RADMIN result: ACCEPT,
Thu Jun 14 09:12:52 2012: DEBUG: Accounting accepted
Thu Jun 14 09:12:52 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1188 ....
Code: Accounting-Response
Identifier: 248
Authentic: dRn<249>g<170><14><142>H<169><202><245><183><233>z:
Attributes:
Thu Jun 14 09:12:53 2012: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1188 ....
Code: Accounting-Request
Identifier: 249
Authentic: <158><245>"<162>*_<162><237><173><139><218>"^<28><5><227>
Attributes:
User-Name = "test1"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Thu Jun 14 09:12:53 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jun 14 09:12:53 2012: DEBUG: Deleting session for test1, 203.63.154.1, 1234
Thu Jun 14 09:12:53 2012: DEBUG: do query is: 'delete from RADONLINE where NASID
ENTIFIER='203.63.154.1' and NASPORT=01234':
Thu Jun 14 09:12:53 2012: DEBUG: Handling with Radius::AuthRADMIN:
Thu Jun 14 09:12:53 2012: DEBUG: Handling accounting with Radius::AuthRADMIN
Thu Jun 14 09:12:53 2012: DEBUG: do query is: 'update RADUSERS set TIMELEFT=TIME
LEFT-01000, OCTETSINLEFT=OCTETSINLEFT-020000, OCTETSOUTLEFT=OCTETSOUTLEFT-030000
where USERNAME='test1'':
Thu Jun 14 09:12:53 2012: DEBUG: do query is: 'insert into RADUSAGE (ACCTDELAYTI
ME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE
,DNIS,NASIDENTIFIER,NASPORT,TIME_STAMP) values (0,20000,30000,'00001234',
Thu Jun 14 09:12:53 2012: DEBUG: AuthBy RADMIN result: ACCEPT,
Thu Jun 14 09:12:53 2012: DEBUG: Accounting accepted
Thu Jun 14 09:12:53 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1188 ....
Code: Accounting-Response
Identifier: 249
Authentic: <158><245>"<162>*_<162><237><173><139><218>"^<28><5><227>
Attributes:
the config file
# radmin.cfg
#
# Example Radiator configuration file to interface to the
# Radmin user management package from Open System Consultants
# (http://www.open.com.au/radmin)
#
# You can add extra items to your RADUSERS table and make
# Radiator take note of them with, for example:
# AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
# MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
# FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
# from RADUSERS where \
# USERNAME='%n' and BADLOGINS < 5 and \
# VALIDFROM < %t and VALIDTO > %t
# AuthColumnDef 0,Framed-IP-Netmask,reply
# AuthColumnDef 1,Filter-Id,reply
# AuthColumnDef 2,Idle-Timeout,reply
# note that the numbering of AuthColumnDef starts with the
# field following the first 4 minumum and required fields.
#
# You should consider this file to be a starting point only
# $Id $
Foreground
LogStdout
LogDir .
DbDir .
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
DBSource dbi:ODBC:radmin
DBUsername radmin
DBAuth radminpw
# If RefreshPeriod is set to non-zero, it specifies the period in seconds that the client list will
# be refreshed by rereading the database. Each RefreshPeriod,
# any Clients previously created by this ClientList are cleared
# and a new set of clients read from the database.
# Clients defined in the configuration file will not be clobbered.
# The same effect can be got by signalling the process with with SIGHUP
#RefreshPeriod 600
</ClientListSQL>
# Handle everyone with RADMIN
<Realm DEFAULT>
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:ODBC:radmin
DBUsername radmin
DBAuth radminpw
# Never look up the DEFAULT user
NoDefault
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
#AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
# If you intend to use rcrypt reversible encryption
# for passwords in your Radmin database, you must
# RcryptKey here to be the same secret key you
# defined in your Radmin Site.pm, and also set
# PasswordFormat in your Site.pm.
# RcryptKey mysecret
# If you intend to use Unix encryption in your database,
# you will need to set EncryptedPasssword here,
# as well as setting PasswordFormat in your Site.pm
# EncryptedPassword
# You can change the max bad login count from the default
# of 5 with something like
# MaxBadLogins 10
</AuthBy>
# This clause logs all authentication successes and failures to the RADAUTHLOG table
# Suitable for use with RAdmin version 1.6 or later
<AuthLog SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:ODBC:radmin
DBUsername radmin
DBAuth radminpw
LogSuccess
SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE) values (%t, '%n', 1)
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
</AuthLog>
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:ODBC:radmin
DBUsername radmin
DBAuth radminpw
</SessionDatabase>
# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg
At 2012-06-13 22:42:14,"Heikki Vatiainen" <hvn at open.com.au> wrote:
>On 06/13/2012 06:53 AM, Scott wrote:
>> hi team, I am testing radiator with radmin with MS SQL server on windows
>> platform. I use default cfg file without issue. but when I use this
>> config file below to test with new created users on radmin, it's always
>> rejected, any advice please?
>
>The log shows you have User-Name as a check item. The expected value is
>empty ('') and your User-Name in the request is 'test101'. This is why
>it fails.
>
>I tried the configuration file you had attached. It seems not to be the
>same configuration file you used when you saw the error. The attached
>configuration file works fine with Radmin and I did not see any problems
>with User-Name check item. The default Radmin configuration does not use
>User-Name as a check item.
>
>Note: Radiator 4.2 is very old. You should consider upgrading.
>
>Thanks!
>Heikki
>
>
>--
>Heikki Vatiainen <hvn at open.com.au>
>
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>NetWare etc.
>_______________________________________________
>radiator mailing list
>radiator at open.com.au
>http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120614/a8fa9131/attachment-0001.html
More information about the radiator
mailing list