<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoPlainText>I have added this in the below handler. Is this correct place? Also when I restart the radius to read the new file it gives me an error “<b>Tue Apr 30 13:26:48 2019: ERR: Unknown keyword 'IgnoreAcctSignature' in /opt2/radiator/radius.cfg line 65” <o:p></o:p></b></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><Handler><o:p></o:p></p><p class=MsoPlainText>PreProcessingHook file:"/etc/radiator/changeUserName"<o:p></o:p></p><p class=MsoPlainText><AuthBy SQL><o:p></o:p></p><p class=MsoPlainText> DBSource dbi:Sybase:xxxx<o:p></o:p></p><p class=MsoPlainText> DBUsername xxxx<o:p></o:p></p><p class=MsoPlainText> DBAuth xxx<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText> DefaultSimultaneousUse 1<o:p></o:p></p><p class=MsoPlainText> CaseInsensitivePasswords<o:p></o:p></p><p class=MsoPlainText> <span style='font-size:22.0pt'>IgnoreAcctSignature<o:p></o:p></span></p><p class=MsoPlainText><span style='font-size:22.0pt'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:22.0pt'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-size:22.0pt'>Ejaz <o:p></o:p></span></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>-----Original Message-----<br>From: Hugh Irvine [mailto:hugh@open.com.au] <br>Sent: Tuesday, April 30, 2019 1:20 PM<br>To: MEjaz <mejaz@cyberia.net.sa><br>Cc: Heikki Vatiainen <hvn@open.com.au>; radiator@lists.open.com.au<br>Subject: Re: [RADIATOR] Bad-authenticator</p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Hello -<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>You can try setting IgnoreAcctSignature in the Client clause, but make doubly sure the shared secret is correct.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>regards<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Hugh<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>> On 30 Apr 2019, at 19:39, MEjaz <<a href="mailto:mejaz@cyberia.net.sa"><span style='color:windowtext;text-decoration:none'>mejaz@cyberia.net.sa</span></a>> wrote:<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> I made sure from the NAS side the secret is same as what I have <o:p></o:p></p><p class=MsoPlainText>> configured in Client clause.<o:p></o:p></p><p class=MsoPlainText>> Is there any other clue?<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> Thanks in advance..<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> -----Original Message-----<o:p></o:p></p><p class=MsoPlainText>> From: radiator [<a href="mailto:radiator-bounces@lists.open.com.au"><span style='color:windowtext;text-decoration:none'>mailto:radiator-bounces@lists.open.com.au</span></a>] On Behalf <o:p></o:p></p><p class=MsoPlainText>> Of Heikki Vatiainen<o:p></o:p></p><p class=MsoPlainText>> Sent: Monday, April 29, 2019 8:49 PM<o:p></o:p></p><p class=MsoPlainText>> To: <a href="mailto:radiator@lists.open.com.au"><span style='color:windowtext;text-decoration:none'>radiator@lists.open.com.au</span></a><o:p></o:p></p><p class=MsoPlainText>> Subject: Re: [RADIATOR] Bad-authenticator<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> On 29/04/2019 12.38, MEjaz wrote:<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>>> I'm getting a "Bad Authenticator" message using > Radiator. Cisco, <o:p></o:p></p><p class=MsoPlainText>>> O/S is Solaris. And with MSSQL database.<o:p></o:p></p><p class=MsoPlainText>>> Any idea how to fix this? Any help would be appreciated!<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> Check that the secret within <Client 212.119.67.28> matches what's <o:p></o:p></p><p class=MsoPlainText>> configured on that IP address (RADIUS client). You'll see this error <o:p></o:p></p><p class=MsoPlainText>> when the server (Radiator) and client (NAS) shared secrets are not equal.<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> Note that the shared secret is not for encrypting the whole message. <o:p></o:p></p><p class=MsoPlainText>> This is why you see most of the values in clear text in RADIUS <o:p></o:p></p><p class=MsoPlainText>> requests even if the secret is not correct.<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> Thanks,<o:p></o:p></p><p class=MsoPlainText>> Heikki<o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> --<o:p></o:p></p><p class=MsoPlainText>> Heikki Vatiainen <<a href="mailto:hvn@open.com.au"><span style='color:windowtext;text-decoration:none'>hvn@open.com.au</span></a>><o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> Radiator: the most portable, flexible and configurable RADIUS server <o:p></o:p></p><p class=MsoPlainText>> anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active <o:p></o:p></p><p class=MsoPlainText>> Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, <o:p></o:p></p><p class=MsoPlainText>> TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.<o:p></o:p></p><p class=MsoPlainText>> _______________________________________________<o:p></o:p></p><p class=MsoPlainText>> radiator mailing list<o:p></o:p></p><p class=MsoPlainText>> <a href="mailto:radiator@lists.open.com.au"><span style='color:windowtext;text-decoration:none'>radiator@lists.open.com.au</span></a><o:p></o:p></p><p class=MsoPlainText>> <a href="https://lists.open.com.au/mailman/listinfo/radiator"><span style='color:windowtext;text-decoration:none'>https://lists.open.com.au/mailman/listinfo/radiator</span></a><o:p></o:p></p><p class=MsoPlainText>> <o:p></o:p></p><p class=MsoPlainText>> _______________________________________________<o:p></o:p></p><p class=MsoPlainText>> radiator mailing list<o:p></o:p></p><p class=MsoPlainText>> <a href="mailto:radiator@lists.open.com.au"><span style='color:windowtext;text-decoration:none'>radiator@lists.open.com.au</span></a><o:p></o:p></p><p class=MsoPlainText>> <a href="https://lists.open.com.au/mailman/listinfo/radiator"><span style='color:windowtext;text-decoration:none'>https://lists.open.com.au/mailman/listinfo/radiator</span></a><o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>--<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Hugh Irvine<o:p></o:p></p><p class=MsoPlainText><a href="mailto:hugh@open.com.au"><span style='color:windowtext;text-decoration:none'>hugh@open.com.au</span></a><o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. <o:p></o:p></p><p class=MsoPlainText>Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p></div></body></html>