Re: (RADIATOR) infinite loop on bad password

Hugh Irvine Tue, 04 Jul 2000 01:53:20 -0700

Hello Joel -

On Tue, 04 Jul 2000, Joel Michael wrote:
> Hi all,
> 
> it seems as though radiator (2.16.1) goes into an infinate loop when
> issued with a bad password using radpwtst.  it may just be my config
> file (below) that's not quite right.
> 
> What I want it to do:
> it has to authenticate any user logging in from a proxied radius server
> (another radiator, not directly controlled by me) - the username is in
> the form of 'user@realm'.  the database contains the usernames,
> passwords, and a 'disable' switch (au_authorised must be 'y' for a user
> to log in).
> 
> System Info:
> Machine is a P3/450 with 256mb ram.  It is a primary DNS server for
> quite a few domain names.  It is also running qmail and apache, but not
> very heavily.  It runs Linux (SuSE 6.4, freshly upgraded) kernel 2.2.13
> (soon to be upgraded).  Perl version is 5.005_03.  It runs an AuthBySQL
> to an Informix database - DBI is 1.14, DBD::Informix is 1.00.PC1.
> 
> Trace 4 Log extract:
> Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT34532
> Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Tue Jul  4 16:36:28 2000: DEBUG: Query is: select au_password,
> au_idletimeout, au_ipnumber from access_users where au_username =
> '[EMAIL PROTECTED]' and au_authorised = 'y'
> 
> Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT34533
> Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Tue Jul  4 16:36:28 2000: DEBUG: Query is: select au_password,
> au_idletimeout, au_ipnumber from access_users where au_username =
> '[EMAIL PROTECTED]' and au_authorised = 'y'
> 
> Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT34534
> Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Tue Jul  4 16:36:28 2000: DEBUG: Query is: select au_password,
> au_idletimeout, au_ipnumber from access_users where au_username =
> '[EMAIL PROTECTED]' and au_authorised = 'y'
> 

How strange, your database is returning data for DEFAULT users. If you aren't
using DEFAULT's, I suggest you do this:

# set NoDefault for the AuthBy SQL
<Realm DEFAULT>
        MaxSessions     5
        AcctLogFileName %L/acc.log
        <AuthBy SQL>

                NoDefault

                AddToReply      Service-Type =
                "Framed-User",Framed-Protocol = "PPP",Framed-MTU = "1500"
                DBSource dbi:Informix:<database>
                DBUsername <username>
                DBAuth <password>
                .....

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) infinite loop on bad password

Reply via email to
