[RADIATOR] Weird issue with Bad Password rejects

Mike Puchol puchol at me.com
Wed Jun 20 07:03:27 CDT 2012


Thanks Heikki, the hook is working, I'll see what goes on next time it happens.

Cheers,

Mike 

On Wednesday, June 20, 2012 at 13:15 , Heikki Vatiainen wrote:

> On 06/20/2012 01:17 PM, Mike Puchol wrote:
> 
> > I'm having a weird issue with some users, when they login, they get
> > rejected for no apparent reason, reason being Bad Password. In one case,
> > the first attempt was a reject, and some 20 seconds later, a second
> > attempt was successful. Here is the log of the event:
> > 
> 
> 
> Try this with the AuthBy:
> 
> 
> TranslatePasswordHook sub {main::log($main::LOG_DEBUG, "Passwords:
> Expected $_[0]. Received " . $_[4]->decodedPassword() ); return $_[0]; }
> 
> This will log the password from SQL and decoded password from the
> request. If you are using e.g., CHAP then there is no password to decode
> but you will at least see what SQL returns.
> 
> Heikki
> 
> 
> > 21:23:38: Deleting session for 1234567890, 10.1.0.1, 5
> > 21:23:38: do query is: 'DELETE FROM RADONLINE WHERE
> > USERNAME='1234567890' AND CALLINGSTATIONID='00-2C-DE-AD-BE-EF': 
> > 21:23:38: Query is: 'SELECT
> > PASSWORD,MAXDAILYSESSION,SESSIONTIMEOUT,BANDWIDTHDOWN,BANDWIDTHUP FROM
> > SUBSCRIBERS WHERE USERNAME='1234567890'': 
> > 21:23:38: Radius::AuthSQL looks for match with 1234567890 [1234567890]
> > 21:23:38: Radius::AuthSQL REJECT: Bad Password: 1234567890 [1234567890]
> > 21:23:38: INFO: Access rejected for 1234567890: Bad Password
> > User-Name = "1234567890"
> > 21:24:01: Deleting session for 1234567890, 10.1.0.1, 5
> > 21:24:01: do query is: 'DELETE FROM RADONLINE WHERE
> > USERNAME='1234567890' AND CALLINGSTATIONID='00-2C-DE-AD-BE-EF': 
> > 21:24:01: Query is: 'SELECT
> > PASSWORD,MAXDAILYSESSION,SESSIONTIMEOUT,BANDWIDTHDOWN,BANDWIDTHUP FROM
> > SUBSCRIBERS WHERE USERNAME='1234567890'': 
> > 21:24:01: Radius::AuthSQL looks for match with 1234567890 [1234567890]
> > 21:24:01: Query is: 'SELECT SUM(ACCTSESSIONTIME) FROM RADSESSIONS WHERE
> > USERNAME='1234567890' AND
> > TO_CHAR(TIMESTAMP,'DDMMYYYY')=TO_CHAR(SYSDATE,'DDMMYYYY') AND
> > NASIDENTIFIER='00-2C-DE-AD-CC-DD'': 
> > 21:24:01: Radius::AuthSQL ACCEPT:: 1234567890 [1234567890]
> > 21:24:01: Access accepted for 1234567890
> > 
> > The user was by the time correctly inserted into the DB, so I'm not sure
> > what could be happening here. The password is entered on the captive
> > portal automatically, so there is no possibility of user error in this
> > respect.
> > 
> > Cheers,
> > 
> > Mike
> > 
> > 
> > 
> > _______________________________________________
> > radiator mailing list
> > radiator at open.com.au (mailto:radiator at open.com.au)
> > http://www.open.com.au/mailman/listinfo/radiator
> > 
> 
> 
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au (mailto:hvn at open.com.au)>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au (mailto:radiator at open.com.au)
> http://www.open.com.au/mailman/listinfo/radiator
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120620/5778efc5/attachment.html 


More information about the radiator mailing list