Hello,

Your config looks fine.
However, Ascends can be configured to query radius for some components of their
internal configuration, and that is what you are seeing.
If you do not wish to use these, you will have to change your MAX
configuration.

Radiator is correctly rejecting those "pseudo-users" because they are not in
your user database.

Hope that helps.

Cheers.

On Jul 14, 12:11am, postmaster wrote:
> Subject: (RADIATOR) Why is radiator rejecting auth request ?
>
> Hello,
>
> I am using Radiator-2.13.1 on Solaris 2.5.1. I have radiator setup to
> do mSQL Accounting and Auth by File. My radius.cfg is shown below:
>
> Note: NAS is is Ascend MAX
> -----------------------------------------------------------------------------
> Foreground
> LogStdout
> AuthPort        1645
> AcctPort        1646
> LogDir          .
> # LogFile               %L/%Y-logfile
> DbDir           .
> DictionaryFile  %D/dictionary.ascend
> FingerProg      /bin/finger
> Trace 4
>
> <Client DEFAULT>
>         Secret  xxxxxxx
>         NasType Ascend
> </Client>
>
> <Realm DEFAULT>
>         AuthByPolicy ContinueUntilAccept
>         RewriteUsername tr/[A-Z]/[a-z]/
>         MaxSessions 1
>         RejectHasReason
>         <AuthBy SQL>
>                 AuthSelect
>                 DBSource        dbi:mSQL:radius
>                 AccountingTable ACCOUNTING
>                 AcctColumnDef   Username,User-Name
>                 AcctColumnDef  the_date,Timestamp,formatted-date,'%e-%m-%Y'
>                 AcctColumnDef the_time,Timestamp,formatted-date,'%H:%M:%S'
>                 AcctColumnDef   NAS_Identifier,NAS-Identifier
>                 AcctColumnDef   NAS_Port,NAS-Port,integer
>                 AcctColumnDef   Acct_Status_Type,Acct-Status-Type
>                 AcctColumnDef   Acct_Delay_Time,Acct-Delay-Time,integer
>                 AcctColumnDef   Acct_Session_Id,Acct-Session-Id
>                 AcctColumnDef Acct_Session_Time,Acct-Session-Time,integer
>                 AcctColumnDef Acct_Input_Octets,Acct-Input-Octets,integer
>                 AcctColumnDef Acct_Output_Octets,Acct-Output-Octets,integer
>                 AcctColumnDef   Acct_Term_Cause,Acct-Terminate-Cause
>                 AcctColumnDef   Framed_Address,Framed-IP-Address
>                 AcctColumnDef   Framed_Protocol,Framed-Protocol
>                 AcctColumnDef   Connect_Rate,Ascend-Data-Rate
>                 AcctColumnDef   Disconnect_Cause,Ascend-Disconnect-Cause
>                 AcctColumnDef   First_Destination,Ascend-First-Dest
>                 AcctColumnDef   Client_Port_DNIS,Client-Port-DNIS
>         </AuthBy>
> #       If SQL fails then authenticate from flat file
>         <AuthBy FILE>
>                 DefaultSimultaneousUse 1
>                 Filename ./users
>         </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
>         DBSource        dbi:mSQL:radius
>
>         AddQuery insert into RADONLINE (Username, Time_Stamp, \
>         NAS_Identifier, NAS_Port, Acct_Session_Id, Framed_Address, \
>         Nas_Port_Type, Service_Type) values ('%n', %{Timestamp},'%N', \
>         %{NAS-Port}, '%{Acct-Session-Id}', '%{Framed-IP-Address}', \
>         '%{Port-Type}', '%{Service-Type}')
>
>         DeleteQuery delete from RADONLINE where Username='%n' and \
>         NAS_Identifier='%N' and NAS_Port=%{NAS-Port}
>
>         ClearNasQuery delete from RADONLINE where NAS_Identifier='%N'
>
>         CountQuery select NAS_Identifier, NAS_Port, Acct_Session_Id from \
>         RADONLINE where Username='%n'
> </SessionDatabase>
>
>
> -------------------------------------------------------------------
>
> this works fine in 'radpwtst'. But, when the users connect, I get the foll
> errors, Has anyone seen these errors: If so, please let me know:
>
> Note: Note that instead of the actual Username it's sending incorrect data
>       like 'route-max4-1', "pools-max4", "permconn-max4-1" as the
>       username.
>
> PS: the xxx.xxx.xxx.xxx are the actual IP Addresses.
>
> *** Received from xxx.xxx.xxx.xxx port 1025 ....
> Code:       Access-Request
> Identifier: 1
> Authentic:  ...................................
> Attributes:
>         User-Name = "route-max4-1"
>         User-Password = "............."
>         NAS-Identifier = xxx.xxx.xxx.xxx
>         NAS-Port = 0
>         NAS-Port-Type = Virtual
>         Service-Type = Dialout-Framed-User
>
> Tue Jul 13 23:54:16 1999: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jul 13 23:54:16 1999: DEBUG: Rewrote user name to route-max4-1
> Tue Jul 13 23:54:16 1999: DEBUG: Query is: select NAS_Identifier,
> NAS_Port, Acct_Session_Id from RADONLINE where Username='route-max4-1'
>
> Tue Jul 13 23:54:16 1999: DEBUG: Handling with Radius::AuthSQL
> Tue Jul 13 23:54:16 1999: DEBUG: Handling with Radius::AuthFILE
> Tue Jul 13 23:54:16 1999: DEBUG: Radius::AuthFILE looks for match with
> route-max4-1
> Tue Jul 13 23:54:16 1999: INFO: Access rejected for route-max4-1: No such
> user
> Tue Jul 13 23:54:16 1999: DEBUG: Packet dump:
> *** Sending to xxx.xxx.xxx.xxx port 1025 ....
> Code:       Access-Reject
> Identifier: 1
> Authentic:  ..................................................
> Attributes:
>         Reply-Message = "Request Denied"
>         Reply-Message = "No such user"
>
> Tue Jul 13 23:54:16 1999: DEBUG: Packet dump:
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from postmaster



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to