[RADIATOR] Problems with Secret and SQLClientList

Herrmann, Daniel daniel.herrmann at igd.fraunhofer.de
Mon Sep 1 07:12:06 CDT 2014 

Hello,

we are using the Radiator for RADIUS authentication of network clients. Our frontend writes the NAS clients to a database, where we have a view, which is then queried by Radiator. The view looks like this:

--- schnipp ---
mysql> select * from view_clients;
+----+--------+--------------------+-------------------+----------------+
| id | name   | ip                            | secret                   | module          |
+----+--------+--------------------+-------------------+----------------+
|  4 | test1    | 146.140.16.XX     | cisco                    | mab                   |
|  2 | wlc001 | 192.168.135.254 | asdasdasd         | eduroam         |
|  3 | wlc002 | 192.168.135.253 | asdasdasd        | eduroam         |
|  2 | wlc001 | 192.168.135.254 | asdasdasd        | mab                   |
|  3 | wlc002 | 192.168.135.253 | asdasdasd        | mab                   |
+----+--------+-----------------+----------------------+-----------------+
--- schnapp ---

We then use the following ClientListSQL Statement to retrieve the clients:

--- schnipp ---
<ClientListSQL>
    DBSource dbi:mysql:main
    DBUsername radiator
    DBAuth asdsadasdasdasdasd
    GetClientQuery SELECT `ip`, `secret`, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, `module` FROM `view_clients`
    RefreshPeriod 60
</ClientListSQL>
--- schnapp ---

We thus read out the IP address, the secret and the module, which we use as identifier in the Handler:

<Handler Client-Identifier=mab,Service-Type=/Call-Check|Login-User/,User-Name=/^\w{12}$/i>

In general, this configuration is working fine. The Clients are retrieved correctly, requests from unknown clients are ignored and the Client-Identifier matching based on the module also works great. However, the secret does not work. When  testing the authentification with NTRadPing, Radiator answers to my (known) client, nevertheless which secret I use. If I use "cisco", I get an answer, if I use "7jnasdfjksa" I also get the answer. What can cause Radiator not to check the secret sent among the request?

Thanks in advance and best regards
Daniel


---
Daniel Herrmann
Competence Center Lan (CC-LAN)

Fraunhofer-Institut für Graphische Datenverarbeitung IGD
Fraunhoferstr. 5  |  64283 Darmstadt  |  Germany
Tel +49 6151 155-346  |  Fax +49 6151 155-399
daniel.herrmann at igd.fraunhofer.de<mailto:daniel.herrmann at igd.fraunhofer.de> | www.igd.fraunhofer.de/<http://www.igd.fraunhofer.de/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140901/1da97df5/attachment.html

More information about the radiator mailing list