Hello Froilan -
On Sat, 10 Jun 2000, Froilan Mendoza wrote:
> Hello Hugh,
>
> Thanks for responding ...
>
> On Sat, 10 Jun 2000, Hugh Irvine wrote:
>
> > I notice that your Postgress table definitions are in lower case, and your
> > AuthSelect is in upper case. Is this correct?
>
> Postgres is not case-sensitive.
>
> radiator=> select PASSWORD from SUBSCRIBERS where USERNAME = 'mikem';
> password
> --------
> fred
> (1 row)
>
>
> > Also, if you want to use the
> > "checkattr" and "replyattr" fields, you will need to modify your AuthSelect
> > statement together with the corresponding AuthColumnDef's.
>
> Of course. Only I would like to do the most simple auth method first
> before complicating things for me :)
>
>
> > And does the inbound test packet in fact contain a password of "fred"?
>
> Of course. I even tried NULLING the password in the postgres database (as
> it said in the docs that if the password is NULL, it would accept ANY
> password), to no avail.
>
> > You might try something like this:
> >
> > <Realm testroy>
> > RewriteUsername s/^([^@]+).*/$1/
> > <AuthBy SQL>
> > DBSource dbi:Pg:dbname=radiator
> > DBUsername postgres
> > DBAuth MYPOSTGRESPASSWORD
> >
> > AuthSelect select password from subscribers where \
> > username='%n'
> > AuthColumnDef 0, User-Password, check
> >
> > AccountingTable accounting
> > AcctColumnDef USERNAME,User-Name
> > AcctColumnDef TIME_STAMP,Timestamp,integer
> > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > AcctColumnDef NASIDENTIFIER,NAS-Identifier
> > AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> > AcctColumnDef NASPORT,NAS-Port,integer
> > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> >
> > </AuthyBy>
> >
> > </Realm>
> >
> > If the field names are indeed case-sensitive, you will have to change the
> > AcctColumnDef's as well.
>
>
> I did, however, still tried your config above, changing the case of the
> letters. I still get this:
>
> Sat Jun 10 10:44:37 2000: DEBUG: Handling request with Handler
> 'Realm=testroy'
> Sat Jun 10 10:44:37 2000: DEBUG: Rewrote user name to mikem
> Sat Jun 10 10:44:37 2000: DEBUG: Deleting session for mikem@testroy,
> 208.155.152.42, 1025
> Sat Jun 10 10:44:37 2000: DEBUG: Handling with Radius::AuthSQL
> Sat Jun 10 10:44:37 2000: DEBUG: Handling with Radius::AuthSQL
> Sat Jun 10 10:44:37 2000: DEBUG: Query is: select password from
> subscribers where username='mikem'
>
> Sat Jun 10 10:44:37 2000: DEBUG: Radius::AuthSQL looks for match with
> mikem
> Sat Jun 10 10:44:37 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Sat Jun 10 10:44:37 2000: DEBUG: Query is: select password from
> subscribers where username='DEFAULT'
>
> Sat Jun 10 10:44:37 2000: INFO: Access rejected for mikem: Bad Password
> Sat Jun 10 10:44:37 2000: DEBUG: Packet dump:
> *** Sending to 208.155.152.42 port 1645 ....
>
>
> Additional question -- Why do I get Query is: select password from
> subscribers where username='DEFAULT'. This might be the cause ...
>
Well, the only other thing I can think of is that you are getting the encrypted
password instead of the plaintext password for some reason. You could try:
> > AuthSelect select password from subscribers where \
> > username='%n'
> > AuthColumnDef 0, Encrypted-Password, check
Just to see what happens.
Radiator will always look for a DEFAULT user unless you disable that feature.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
