Hello,
Your config looks fine.
However, Ascends can be configured to query radius for some components of their
internal configuration, and that is what you are seeing.
If you do not wish to use these, you will have to change your MAX
configuration.
Radiator is correctly rejecting those "pseudo-users" because they are not in
your user database.
Hope that helps.
Cheers.
On Jul 14, 12:11am, postmaster wrote:
> Subject: (RADIATOR) Why is radiator rejecting auth request ?
>
> Hello,
>
> I am using Radiator-2.13.1 on Solaris 2.5.1. I have radiator setup to
> do mSQL Accounting and Auth by File. My radius.cfg is shown below:
>
> Note: NAS is is Ascend MAX
> -----------------------------------------------------------------------------
> Foreground
> LogStdout
> AuthPort 1645
> AcctPort 1646
> LogDir .
> # LogFile %L/%Y-logfile
> DbDir .
> DictionaryFile %D/dictionary.ascend
> FingerProg /bin/finger
> Trace 4
>
> <Client DEFAULT>
> Secret xxxxxxx
> NasType Ascend
> </Client>
>
> <Realm DEFAULT>
> AuthByPolicy ContinueUntilAccept
> RewriteUsername tr/[A-Z]/[a-z]/
> MaxSessions 1
> RejectHasReason
> <AuthBy SQL>
> AuthSelect
> DBSource dbi:mSQL:radius
> AccountingTable ACCOUNTING
> AcctColumnDef Username,User-Name
> AcctColumnDef the_date,Timestamp,formatted-date,'%e-%m-%Y'
> AcctColumnDef the_time,Timestamp,formatted-date,'%H:%M:%S'
> AcctColumnDef NAS_Identifier,NAS-Identifier
> AcctColumnDef NAS_Port,NAS-Port,integer
> AcctColumnDef Acct_Status_Type,Acct-Status-Type
> AcctColumnDef Acct_Delay_Time,Acct-Delay-Time,integer
> AcctColumnDef Acct_Session_Id,Acct-Session-Id
> AcctColumnDef Acct_Session_Time,Acct-Session-Time,integer
> AcctColumnDef Acct_Input_Octets,Acct-Input-Octets,integer
> AcctColumnDef Acct_Output_Octets,Acct-Output-Octets,integer
> AcctColumnDef Acct_Term_Cause,Acct-Terminate-Cause
> AcctColumnDef Framed_Address,Framed-IP-Address
> AcctColumnDef Framed_Protocol,Framed-Protocol
> AcctColumnDef Connect_Rate,Ascend-Data-Rate
> AcctColumnDef Disconnect_Cause,Ascend-Disconnect-Cause
> AcctColumnDef First_Destination,Ascend-First-Dest
> AcctColumnDef Client_Port_DNIS,Client-Port-DNIS
> </AuthBy>
> # If SQL fails then authenticate from flat file
> <AuthBy FILE>
> DefaultSimultaneousUse 1
> Filename ./users
> </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
> DBSource dbi:mSQL:radius
>
> AddQuery insert into RADONLINE (Username, Time_Stamp, \
> NAS_Identifier, NAS_Port, Acct_Session_Id, Framed_Address, \
> Nas_Port_Type, Service_Type) values ('%n', %{Timestamp},'%N', \
> %{NAS-Port}, '%{Acct-Session-Id}', '%{Framed-IP-Address}', \
> '%{Port-Type}', '%{Service-Type}')
>
> DeleteQuery delete from RADONLINE where Username='%n' and \
> NAS_Identifier='%N' and NAS_Port=%{NAS-Port}
>
> ClearNasQuery delete from RADONLINE where NAS_Identifier='%N'
>
> CountQuery select NAS_Identifier, NAS_Port, Acct_Session_Id from \
> RADONLINE where Username='%n'
> </SessionDatabase>
>
>
> -------------------------------------------------------------------
>
> this works fine in 'radpwtst'. But, when the users connect, I get the foll
> errors, Has anyone seen these errors: If so, please let me know:
>
> Note: Note that instead of the actual Username it's sending incorrect data
> like 'route-max4-1', "pools-max4", "permconn-max4-1" as the
> username.
>
> PS: the xxx.xxx.xxx.xxx are the actual IP Addresses.
>
> *** Received from xxx.xxx.xxx.xxx port 1025 ....
> Code: Access-Request
> Identifier: 1
> Authentic: ...................................
> Attributes:
> User-Name = "route-max4-1"
> User-Password = "............."
> NAS-Identifier = xxx.xxx.xxx.xxx
> NAS-Port = 0
> NAS-Port-Type = Virtual
> Service-Type = Dialout-Framed-User
>
> Tue Jul 13 23:54:16 1999: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jul 13 23:54:16 1999: DEBUG: Rewrote user name to route-max4-1
> Tue Jul 13 23:54:16 1999: DEBUG: Query is: select NAS_Identifier,
> NAS_Port, Acct_Session_Id from RADONLINE where Username='route-max4-1'
>
> Tue Jul 13 23:54:16 1999: DEBUG: Handling with Radius::AuthSQL
> Tue Jul 13 23:54:16 1999: DEBUG: Handling with Radius::AuthFILE
> Tue Jul 13 23:54:16 1999: DEBUG: Radius::AuthFILE looks for match with
> route-max4-1
> Tue Jul 13 23:54:16 1999: INFO: Access rejected for route-max4-1: No such
> user
> Tue Jul 13 23:54:16 1999: DEBUG: Packet dump:
> *** Sending to xxx.xxx.xxx.xxx port 1025 ....
> Code: Access-Reject
> Identifier: 1
> Authentic: ..................................................
> Attributes:
> Reply-Message = "Request Denied"
> Reply-Message = "No such user"
>
> Tue Jul 13 23:54:16 1999: DEBUG: Packet dump:
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from postmaster
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
