[RADIATOR] Weird issue with Bad Password rejects

Heikki Vatiainen hvn at open.com.au
Wed Jun 20 06:15:54 CDT 2012


On 06/20/2012 01:17 PM, Mike Puchol wrote:

> I'm having a weird issue with some users, when they login, they get
> rejected for no apparent reason, reason being Bad Password. In one case,
> the first attempt was a reject, and some 20 seconds later, a second
> attempt was successful. Here is the log of the event:

Try this with the AuthBy:


    TranslatePasswordHook sub {main::log($main::LOG_DEBUG, "Passwords:
Expected $_[0]. Received " . $_[4]->decodedPassword() ); return $_[0]; }

This will log the password from SQL and decoded password from the
request. If you are using e.g., CHAP then there is no password to decode
but you will at least see what SQL returns.

Heikki


> 21:23:38:  Deleting session for 1234567890, 10.1.0.1, 5
> 21:23:38: do query is: 'DELETE FROM RADONLINE WHERE
> USERNAME='1234567890' AND CALLINGSTATIONID='00-2C-DE-AD-BE-EF': 
> 21:23:38: Query is: 'SELECT
> PASSWORD,MAXDAILYSESSION,SESSIONTIMEOUT,BANDWIDTHDOWN,BANDWIDTHUP FROM
> SUBSCRIBERS WHERE USERNAME='1234567890'': 
> 21:23:38: Radius::AuthSQL looks for match with 1234567890 [1234567890]
> 21:23:38: Radius::AuthSQL REJECT: Bad Password: 1234567890 [1234567890]
> 21:23:38: INFO: Access rejected for 1234567890: Bad Password
> User-Name = "1234567890"
> 21:24:01:  Deleting session for 1234567890, 10.1.0.1, 5
> 21:24:01: do query is: 'DELETE FROM RADONLINE WHERE
> USERNAME='1234567890' AND CALLINGSTATIONID='00-2C-DE-AD-BE-EF': 
> 21:24:01: Query is: 'SELECT
> PASSWORD,MAXDAILYSESSION,SESSIONTIMEOUT,BANDWIDTHDOWN,BANDWIDTHUP FROM
> SUBSCRIBERS WHERE USERNAME='1234567890'': 
> 21:24:01: Radius::AuthSQL looks for match with 1234567890 [1234567890]
> 21:24:01: Query is: 'SELECT SUM(ACCTSESSIONTIME) FROM RADSESSIONS WHERE
> USERNAME='1234567890' AND
> TO_CHAR(TIMESTAMP,'DDMMYYYY')=TO_CHAR(SYSDATE,'DDMMYYYY') AND
> NASIDENTIFIER='00-2C-DE-AD-CC-DD'': 
> 21:24:01: Radius::AuthSQL ACCEPT:: 1234567890 [1234567890]
> 21:24:01: Access accepted for 1234567890
> 
> The user was by the time correctly inserted into the DB, so I'm not sure
> what could be happening here. The password is entered on the captive
> portal automatically, so there is no possibility of user error in this
> respect.
> 
> Cheers,
> 
> Mike
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list