(RADIATOR) Decryption problem

Vasko Mitrov Thu, 23 Mar 2000 08:09:23 -0800
> Hello,We are ISP from Bulgaria and we use Radiator Radius Server .  We
> have a RAC Bay Networks 8000 and IBM RISC 6000 with OS AIX4.3.
> We have a problem with password decryption.When the password is
> transmitted between Bay 8000 and Radius Server its decryption is wrong.
> The problem is only when we use the Radius Server on AIX. On Linux it
> works fine. The strange thing is that 'radpwtst' utility works ok.
>
> This is radius.cfg file:
>
> #******************* GLOBAL OPTIONS ***********************************#
>
> Foreground
> LogStdout
> Trace           4
> AuthPort        1645
> AcctPort        1646
> #BindAddress    212.7.195.33
> LogDir          /notes/radius
> DbDir           /etc/raddb
> LogFile         %L/%d-%m-%Y-radius.log
> DictionaryFile  %D/dictionary
> #DictionaryFile  %D/dictionary.cistron
> PidFile         %L/radiusd.pid
> #Syslog
> SnmpgetProg     /usr/local/bin/snmpget
> SocketQueueLength 1000000
> #****************** END OF GLOBAL OPTIONS ******************************
>
> #****************** DEFINING CLIENTS ***********************************
>
> #+++++++++++++++++++Defining BAY 8000 Clent ++++++++++++++++++++++++++++
>
> <Client 212.7.195.38>
>         Secret
> #       RewriteUsername         tr/A-Z/a-z/
> #       RewriteUsername         s/^([^@]+).*/$1/
>         DupInterval             1
>         #NoIgnoreDuplicates     Access-Request
>         NasType                 Bay8000SNMP
>         SNMPCommunity           Security
>         FramedGroupBaseAddress  212.7.195.96
> #       FramedGroupBaseAddress  195.75.203.128
>         #FramedGroupMaxPortPerClassC    20
> #       DefaultRealm            bay
> #       IdenticalClients        localhost
> </Client>
> #++++++++++++++++++End Of Defining BAY 8000 Clent ++++++++++++++++++++++
>
> #++++++++++++++++++ Defining Linux +++++++++++++++++++++++++++++++++++++
>
> <Client 212.7.195.42>
>         Secret
>        RewriteUsername         tr/A-Z/a-z/
>         FramedGroupBaseAddress  212.7.195.140
>         DupInterval 1
> #      DefaultRealm    bay
> </Client>
> #+++++++++++++++++ End Defining Linix ++++++++++++++++++++++++++++++++++
>
> #+++++++++++++++++ Defining Cisco Router 2621 Clent ++++++++++++++++++++
>
> <Client 212.7.195.44>
>         Secret
>         DupInterval             1
>         NasType                 Cisco
>         SNMPCommunity           Security
>         FramedGroupBaseAddress  195.75.203.128
> </Client>
> #+++++++++++++++++ End Of Defining Cisco Router 2621 Client ++++++++++++
>
> <SessionDatabase SQL>
>         # This database spec usually should be exactly the same
>         # as in <AuthBy RADMIN> above
>         Identifier      radmin
>         DBSource        dbi:mysql:host=localhost;database=radmin
>         DBUsername      mysql
>         DBAuth
> </SessionDatabase>
>
> #<Log SQL>
> #       DBSource        dbi:mysql:host=localhost;database=radmin
> #       DBUsername      mysql
> #       DBAuth
> #       Table           RADLOG
> #       Trace           4
> #</Log>
>
> <Realm DEFAULT>
> #======================== Otorizacia chrez GRUPA
> ===========================
>      <AuthBy GROUP>
>         AuthByPolicy            ContinueUntilAccept
>         RewriteUsername         s/^([^@]+).*/$1/
>         RewriteUsername         tr/A-Z/a-z/
> # ======================= Otorizacia chrez RADMIN
> ==========================
> <AuthBy RADMIN>
>                 DBSource        dbi:mysql:host=localhost;database=radmin
>
>                 DBUsername      mysql
>                 DBAuth
>                 AuthSelect      select PASS_WORD from RADUSERS where
> USERNAME='%n'
> #              AuthSelect      select
> PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,MAXIDLETI
> ME,FRAMED_FILTER_ID,FRAMED_NETMASK from RADUSERS where USERNAME='%n'
>                 AuthColumnDef   User-Password, check
>
> #                AccountingTable RADUSAGE
> #                AcctColumnDef   USERNAME,User-Name
> #                AcctColumnDef   TIME_STAMP,Timestamp,integer
> #                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
>
> #                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
> #                AcctColumnDef
> ACCTINPUTOCTETS,Acct-Input-Octets,integer
> #                AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> #                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
> #                AcctColumnDef
> ACCTSESSIONTIME,Acct-Session-Time,integer
> #                AcctColumnDef
> ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> #                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
> #               AcctColumnDef   NASIDENTIFIER,NAS-Identifier
> #                AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
> #                AcctColumnDef   NASPORT,NAS-Port,integer
> #                AcctColumnDef   DNIS,Called-Station-Id
> #                AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Tim
> e}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Ou
> tput-Octets} where USERNAME='%n'
>                 AddToReply Framed-Protocol = PPP,\
>                         Service-Type=Framed-User,\
>                         Annex-Primary-DNS-Server=212.7.195.1
>                         DefaultSimultaneousUse  1
>                         FramedGroup             0
>         </AuthBy>
> #======================== Krai na otorizacia chrez RADMIN
> ======================
>
> #======================== Otorizacia chrez systemni password
> ===================
> #       <AuthBy SYSTEM>
> #                       Identifier System
> #                       AddToReply      Service-Type=Framed-User,\
> #                                       Framed-Protocol=PPP
> #                       DefaultSimultaneousUse  1
> #                       FramedGroup     0
> #        </AuthBy>
> #======================== Krai na Otorizacia chrez System
> ======================
>
> #====================Otorizacia chrez file
> =====================================
> #       <AuthBy FILE>
> #
> #       </AuthBy>
> #===================Krai na otorizacia chrez file
> ==============================
> #       MaxSessions             2
> #       AcctLogFileFormat       %{Timestamp} %{Acct-Sesion-Id}
> %{User-Name}
> #       WtmpFileName            %L/wtmp
> #       ExcludeFromPasswordLog  root
>          RejectHasReason
>
>         </AythBy>
> #===================Krai na otorizacia chrez GRUPA
> =============================
>         PasswordLogFileName     %L/password.log
>         AcctLogFileName              %L/bay.detail
>
> </Realm>
> #--------------------------------------------------------
>
> Here is an extraction from radius.log :
>
> Wed Mar 15 15:50:08 2000: DEBUG: Packet dump:
> *** Received from 212.7.195.38 port 1120 ....
> Code:       Access-Request
> Identifier: 224
> Authentic:
> $<240><1><27><18><224><255><10><2><224><15><250><242><224><14><0>
> Attributes:
>         User-Name = "hilti"
>         User-Password = "<163>+E<170>%<139><9>UO14<198><229><1><11>#"
>         Service-Type = NAS-Prompt-User
>         NAS-IP-Address = 212.7.195.38
>         NAS-Port = 25
>         NAS-Port-Type = Async
>         Called-Station-Id = "96093"
>         Signature = "gt<31>'7<158>=<5><155><202><210>;<228><184>ZB"
>
> Wed Mar 15 15:50:08 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 15 15:50:08 2000: DEBUG: radmin Deleting session for hilti,
> 212.7.195.38, 25
> Wed Mar 15 15:50:08 2000: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='21
> 2.7.195.38' and NASPORT=25
> Wed Mar 15 15:50:08 2000: DEBUG: Handling with Radius::AuthGROUP
> Wed Mar 15 15:50:08 2000: DEBUG: Rewrote user name to hilti
> Wed Mar 15 15:50:08 2000: DEBUG: Rewrote user name to hilti
> Wed Mar 15 15:50:08 2000: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 15 15:50:08 2000: DEBUG: do query is: insert into RADMESSAGES
> (TIME_STAMP, TYPE, ME
> SSAGE)
> values (953128208, 4, 'Handling with Radius::AuthRADMIN')
>
> Wed Mar 15 15:50:08 2000: DEBUG: Handling with Radius::AuthRADMIN
> Wed Mar 15 15:50:08 2000: DEBUG: do query is: insert into RADMESSAGES
> (TIME_STAMP, TYPE, ME
> SSAGE)
> values (953128208, 4, 'Handling with Radius::AuthRADMIN')
>
> Wed Mar 15 15:50:08 2000: DEBUG: Query is: select PASS_WORD from
> RADUSERS where USERNAME='h
> ilti'
>
> Wed Mar 15 15:50:08 2000: DEBUG: Radius::AuthRADMIN looks for match with
> hilti
> Wed Mar 15 15:50:08 2000: DEBUG: do query is: insert into RADMESSAGES
> (TIME_STAMP, TYPE, ME
> SSAGE)
> values (953128208, 4, 'Radius::AuthRADMIN looks for match with hilti')
>
> Wed Mar 15 15:50:08 2000: DEBUG: Decoded password is
> A<211>n<134><200><218>q<22>.sG<29><200
> >V<252><27>
> Wed Mar 15 15:50:08 2000: DEBUG: Radius::AuthRADMIN REJECT: Bad Password
>
> Wed Mar 15 15:50:08 2000: DEBUG: do query is: insert into RADMESSAGES
> (TIME_STAMP, TYPE, ME
> SSAGE)
> values (953128208, 4, 'Radius::AuthRADMIN REJECT: Bad Password')
>
> Wed Mar 15 15:50:08 2000: DEBUG: do query is: update RADUSERS set
> BADLOGINS=BADLOGINS+1 whe
> re USERNAME='hilti'
>
> Wed Mar 15 15:50:08 2000: DEBUG: Query is: select PASS_WORD from
> RADUSERS where USERNAME='D
> EFAULT'
>
> Wed Mar 15 15:50:08 2000: INFO: Access rejected for hilti: Bad Password
> Wed Mar 15 15:50:08 2000: DEBUG: Packet dump:
> *** Sending to 212.7.195.38 port 1120 ....
> Code:       Access-Reject
> Identifier: 224
> Authentic:
> $<240><1><27><18><224><255><10><2><224><15><250><242><224><14><0>
> Attributes:
>         Reply-Message = "Request Denied"
>
> Please help us...
> Best Regards  Vasko Mitrov, Elsys LTD.3


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Decryption problem

Reply via email to
