Re: (RADIATOR) AuthBy SQL question

Fri, 09 Jun 2000 18:21:22 -0700 


Hello Froilan -

On Fri, 09 Jun 2000, Froilan Mendoza wrote:
> Hello.
> 
> I am curious with AuthBy SQL and decided to try it out.  After a few
> tries, however, I can't get logged in, using the most basic AuthSelect and
> the tables/data contained in goodies/postgresCreate.sql.  I get this
> error complaining about incorrect password:
> 
> 
> Fri Jun  9 20:42:02 2000: DEBUG: Handling request with Handler
> 'Realm=testroy'
> Fri Jun  9 20:42:02 2000: DEBUG: Rewrote user name to mikem
> Fri Jun  9 20:42:02 2000: DEBUG: Deleting session for mikem@testroy,
> 208.155.152.42, 1025
> Fri Jun  9 20:42:02 2000: DEBUG: Handling with Radius::AuthSQL
> Fri Jun  9 20:42:02 2000: DEBUG: Handling with Radius::AuthSQL
> Fri Jun  9 20:42:02 2000: DEBUG: Query is: select PASSWORD from
> SUBSCRIBERS where USERNAME='mikem'
> 
> Fri Jun  9 20:42:02 2000: DEBUG: Radius::AuthSQL looks for match with
> mikem
> Fri Jun  9 20:42:02 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Fri Jun  9 20:42:02 2000: DEBUG: Query is: select PASSWORD from
> SUBSCRIBERS where USERNAME='DEFAULT'
> 
> 
> Here's my AuthBy SQL config:
> 
> <Realm testroy>
>         RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy SQL>
>                 DBSource        dbi:Pg:dbname=radiator
>                 DBUsername      postgres      
>                 DBAuth          MYPOSTGRESPASSWORD
>                 AccountingTable accounting
>                 AuthSelect      select PASSWORD from SUBSCRIBERS where
> USERNAME='%n'
>                 AuthColumnDef   0, User-Password, check
>                AcctColumnDef   USERNAME,User-Name
>                AcctColumnDef   TIME_STAMP,Timestamp,integer
>                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>                AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
>                AcctColumnDef   NASPORT,NAS-Port,integer
>                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
> 
>         </AuthyBy>
> 
> </Realm>
> 
> My subscribers table (from the goodies directory):
> 
> radiator=> select * from subscribers;
> username|password|encryptedpassword|checkattr                 |replyattr             
>                                                                  
> 
>--------+--------+-----------------+--------------------------+----------------------------------------------------------------------------------------
> mikem   |fred    |1xMKc0GIVUNbE    |Service-Type = Framed-User|Framed-Protocol = 
>PPP,Framed-IP-Netmask = 255.255.255.0,cisco-avpair = "testing testing" (1 row)
> 
> 
> What am I missing?
> 

I notice that your Postgress table definitions are in lower case, and your
AuthSelect is in upper case. Is this correct? Also, if you want to use the
"checkattr" and "replyattr" fields, you will need to modify your AuthSelect
statement together with the corresponding AuthColumnDef's.

And does the inbound test packet in fact contain a password of "fred"?

You might try something like this:

 <Realm testroy>
        RewriteUsername s/^([^@]+).*/$1/
        <AuthBy SQL>
                DBSource        dbi:Pg:dbname=radiator
                DBUsername      postgres      
                DBAuth          MYPOSTGRESPASSWORD

                AuthSelect      select password from subscribers where \
                        username='%n'
                AuthColumnDef   0, User-Password, check

                AccountingTable accounting
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
                AcctColumnDef   NASPORT,NAS-Port,integer
                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address

        </AuthyBy>

</Realm>

If the field names are indeed case-sensitive, you will have to change the
AcctColumnDef's as well.

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to