Re: (RADIATOR) Realm authentication problems

Mike McCauley Tue, 4 May 1999 07:03:34 -0700
Hello Fernando,

the prooblem is that you are logging in with fer8@interlinea2000, but in the
user dataabse, your username is just fer8.

Therefore you must add a rewriteUsername so that it strips the realm off before
authenticating:

<Realm interlinea2000>

        # This remove the realm from the user anme before authenticating,
        # because th user database does not have the realm on the username
        RewriteUsername s/^([^@]+).*/$1/


        PasswordLogFileName     %L/%d-%m-%y-password.log

        <AuthBy FILE>

                FramedGroup 0
                Filename %D/users.ftf
        </AuthBy>



Hope that helps.

Cheers.

On May 4, 10:47am, Fernando Martin wrote:
> Subject: (RADIATOR) Realm authentication problems
> Hi all,
>
> I have running radiator 2.13.1 with patches over NT 4.0 SP3. My nas a PM3
>
> I have defined a radius.cfg with two realms like this:
>
> ......
> # Realm Interlinea2000
> <Realm interlinea2000>
>
>       PasswordLogFileName     %L/%d-%m-%y-password.log
>
>       <AuthBy FILE>
>
>               FramedGroup 0
>               Filename %D/users.ftf
>       </AuthBy>
>
>       AcctLogFileName %L/%d-%m-%y-detail.log
>
>       AcctLogFileFormat %t %d %m %Y %n %a %{Acct-Status-Type} %{NAS-Port}
> %{Acct-Input-Octets} %{Acct-Output-Octets} %{Connect-Rate} %{Connect-Info}
>
> </Realm>
>
>
> # Default Realm
> <Realm DEFAULT>
>
>       PasswordLogFileName     %L/%d-%m-%y-password.log
>
>       <AuthBy FILE>
>               # SE seleeciona El FrameGoupBaseAddress 0 (Pool)
>               FramedGroup 0
>               Filename %D/users.ftf
>       </AuthBy>
>
>       AcctLogFileName %L/%d-%m-%y-detail.log
>
>       AcctLogFileFormat %t %d %m %Y %n %a %{Acct-Status-Type} %{NAS-Port}
> %{Acct-Input-Octets} %{Acct-Output-Octets} %{Connect-Rate} %{Connect-Info}
>
> </Realm>
> ......
>
> users.ftf has a user fer8:
> fer8    User-Password = "fer8"
>       Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>               Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>       Framed-Compression = Van-Jacobson-TCP-IP
>
>
> The problem is that I can not access with  username fer8@interlinea2000 and
> password fer8 . The system rejects me. But all seems to be ok !
>
> Whit trace 4 we can see that:
>
>
> Tue May  4 09:26:01 1999: DEBUG: Packet dump:
> *** Received from 194.224.0.62 port 1028 ....
> Code:       Access-Request
> Identifier: 129
> Authentic:
> <187>D<208><172><10><183><22><170>;<186><178><156><241><240><13><224>
> Attributes:
>       User-Name = "fer8@interlinea2000"
>       User-Password = "w<252><30>O<147> <189>Y'G<128><157><7>g<28>m"
>       NAS-IP-Address = 194.224.0.62
>       NAS-Port = 41
>       NAS-Port-Type = ISDN
>       Service-Type = Framed-User
>       Framed-Protocol = PPP
>       Called-Station-Id = "943319101"
>       Calling-Station-Id = "943639698"
>
> Tue May  4 09:26:01 1999: DEBUG: Handling request with Handler
> 'Realm=interlinea2000'
> Tue May  4 09:26:01 1999: DEBUG: Handling with Radius::AuthFILE
> Tue May  4 09:26:01 1999: DEBUG: Radius::AuthFILE looks for match with
> fer8@interlinea2000
> Tue May  4 09:26:01 1999: INFO: Access rejected for fer8@interlinea2000: No
> such user
> Tue May  4 09:26:01 1999: DEBUG: Packet dump:
> *** Sending to 194.224.0.62 port 1028 ....
> Code:       Access-Reject
> Identifier: 129
> Authentic:
> <187>D<208><172><10><183><22><170>;<186><178><156><241><240><13><224>
> Attributes:
>       Reply-Message = "Request Denied"
>
>
> So, it says:
>
> 'Realm=interlinea2000'
>  User-Name = "fer8@interlinea2000"
>  INFO: Access rejected for fer8@interlinea2000: No such user
>
> Why is user fer8@interlinea2000, and not fer8? I think the system detects
> realm: interlinea2000, so it must authenticate user fer8 no more. is it
right?
> How to solution that? Any idea?
>
> Thanks for your help and time.
>
> Best regards,
>
> PD: Sorry for my questions, too many this week, but I want to finish my
> radiator configuration. We are very close :-)
> Fernando Martin
> Interlinea2000
> http://www.i2000.es
> Voz:(943)-621033
> Fax:(943)-627340
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Fernando Martin



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Realm authentication problems

Reply via email to
