This is really annoying me.
I've already posted this, but I'm going to put it in a more
comprehensive way.
We are using Radiator 2.16.3 + OpenLDAP + MySQL
We use LDAP for authentication and MySQL por IP allocation.
This configuration works fine with radpwtst, the authentication is ok
and the IP allocation works fine. But when we try a dial-in access we
got the request rejected for an empty password. If we setup our ppp
client with the refuse-chap option, Radiator gets a User-Password
attribute (instead CHAP-Password) and everyting is ok.
I include the config file and the log file with two accesses. The first
failed and the second successful.
Thanks for your help
***************** Configuration File ***************************
Foreground
LogStdout
LogDir .
DbDir /opt/servicios/RadSQL
# User a lower trace level in production systems:
Trace 4
BindAddress yyy.yyy.yyy.98
# Radius proxy
<Client zzz.zzz.zzz.52>
Secret xxxxxx
</Client>
# Radius proxy
<Client zzz.zzz.zzz.48>
Secret xxxxxx
</Client>
# You will probably want to change this to suit your site.
<Client yyy.yyy.yyy.98>
Secret xxxxxx
DupInterval 0
</Client>
<AddressAllocator SQL>
Identifier myallocator
DBSource dbi:mysql:radius:172.16.20.150
DBUsername xxxxxxx
DBAuth xxxxxxx
<AddressPool pool1>
Subnetmask 255.255.255.240
Range xxx.xxx.xxx.98 xxx.xxx.xxx.126
</AddressPool>
</AddressAllocator>
<Realm pruebasql>
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
<AuthBy LDAP2>
Host 172.16.20.150
Port 389
AuthDN cn=xxxxx,car=xxxxx
AuthPassword xxxxxx
BaseDN rlm=pruebasql,car=xxxxxx
UsernameAttr uid
PasswordAttr userpassword
ReplyAttr replyitems
Debug 255
</AuthBy>
<AuthBy DYNADDRESS>
Allocator myallocator
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
</AuthBy>
MaxSessions 10
AcctLogFileName %L/detail-pruebasql
</Realm>
****************************************************************
******************** Log File ****************************
Mon Oct 30 10:25:45 2000: DEBUG: Packet dump:
*** Received from aaa.aa.216.52 port 34071 ....
Code: Access-Request -----------------------> FAILED ACCESS
Identifier: 5
Authentic: <194><204><155>3<206><164>&<246><240>P<241><221>O~I<152>
Attributes:
User-Name = "user2@pruebasql"
CHAP-Password = "<3> <18>2-<133>P<15>Z<232><232>P<237><11>$ <191>"
NAS-Port = 528
Acct-Session-Id = "34538485"
USR-Interface-Index = 1784
Tunnel-Supports-Tags = 0
Service-Type = Framed-User
Framed-Protocol = PPP
Chassis-Call-Slot = 3
Chassis-Call-Span = 1
Chassis-Call-Channel = 16
Connect-Speed = 300_BPS
Calling-Station-Id = "98519xxxx"
Called-Station-Id = "90166xxxx"
NAS-Port-Type = Async
Mon Oct 30 10:25:45 2000: DEBUG: Handling request with Handler
'Realm=pruebasql'
Mon Oct 30 10:25:45 2000: DEBUG: Rewrote user name to user2
Mon Oct 30 10:25:45 2000: DEBUG: Deleting session for user2@pruebasql,
aaa.aa.216.52, 528
Mon Oct 30 10:25:45 2000: DEBUG: Handling with Radius::AuthLDAP2
Mon Oct 30 10:25:45 2000: DEBUG: Radius::AuthLDAP2 rejected user2
because of an empty password
Mon Oct 30 10:25:45 2000: INFO: Access rejected for user2: Empty
password
Mon Oct 30 10:25:45 2000: DEBUG: Packet dump:
*** Sending to aaa.aa.216.52 port 34071 ....
Code: Access-Reject
Identifier: 5
Authentic: <194><204><155>3<206><164>&<246><240>P<241><221>O~I<152>
Attributes:
Port-Message = "Request Denied"
Mon Oct 30 10:27:43 2000: DEBUG: Packet dump:
*** Received from aaa.aa.216.52 port 34071 ....
Code: Access-Request ----------------------------->SUCCESSFUL
ACCESS
Identifier: 9
Authentic: <3>-<179>d<31><254><231>s<6><211><134>6<247><236>H<29>
Attributes:
User-Name = "user2@pruebasql"
User-Password = "<208><233><128>#$[<18><22>#<176>EF$<157><254><202>"
NAS-Port = 534
Acct-Session-Id = "34931520"
USR-Interface-Index = 1790
Tunnel-Supports-Tags = 0
Service-Type = Framed-User
Framed-Protocol = PPP
Chassis-Call-Slot = 3
Chassis-Call-Span = 1
Chassis-Call-Channel = 22
Connect-Speed = 300_BPS
Calling-Station-Id = "98519xxxx"
Called-Station-Id = "90166xxxx"
NAS-Port-Type = Async
Mon Oct 30 10:27:43 2000: DEBUG: Handling request with Handler
'Realm=pruebasql'
Mon Oct 30 10:27:43 2000: DEBUG: Rewrote user name to user2
Mon Oct 30 10:27:43 2000: DEBUG: Deleting session for user2@pruebasql,
aaa.aa.216.52, 534
Mon Oct 30 10:27:43 2000: DEBUG: Handling with Radius::AuthLDAP2
Mon Oct 30 10:27:43 2000: DEBUG: Connecting to bbb.bb.20.150, port 389
Mon Oct 30 10:27:46 2000: DEBUG: LDAP got result for uid=user2,
rlm=pruebasql, car=carrier
Mon Oct 30 10:27:46 2000: DEBUG: LDAP got userpassword: user2
Mon Oct 30 10:27:46 2000: DEBUG: LDAP got replyitems: PoolHint=pool1
Mon Oct 30 10:27:46 2000: DEBUG: Radius::AuthLDAP2 looks for match with
user2
Mon Oct 30 10:27:46 2000: DEBUG: Radius::AuthLDAP2 ACCEPT:
Mon Oct 30 10:27:46 2000: DEBUG: Handling with Radius::AuthDYNADDRESS
Mon Oct 30 10:27:46 2000: DEBUG: Query is: select YIADDR, SUBNETMASK,
DNSSERVER from RADPOOL where
POOL='pool1' and STATE=0 order by TIME_STAMP
Mon Oct 30 10:27:46 2000: DEBUG: do query is: update RADPOOL set
STATE=1, TIME_STAMP=972901666,
EXPIRY=972988066, USERNAME='user2' where YIADDR='zzz.zzz.19.113'
Mon Oct 30 10:27:46 2000: DEBUG: Access accepted for user2
Mon Oct 30 10:27:46 2000: DEBUG: Packet dump:
*** Sending to aaa.aa.216.52 port 34071 ....
Code: Access-Accept
Identifier: 9
Authentic: <3>-<179>d<31><254><231>s<6><211><134>6<247><236>H<29>
Attributes:
Framed-IP-Netmask = 255.255.255.240
Framed-IP-Address = zzz.zzz.19.113
Mon Oct 30 10:27:46 2000: DEBUG: Packet dump:
*** Received from aaa.aa.216.52 port 34071 ....
Code: Accounting-Request
Identifier: 10
Authentic: =+}<190><174><145><227><230><27><175>59<28><171><187><234>
Attributes:
User-Name = "user2@pruebasql"
Acct-Status-Type = Start
Acct-Session-Id = "34931520"
Acct-Delay-Time = 0
Acct-Authentic = RADIUS
Service-Type = Framed-User
NAS-Port-Type = Async
NAS-Port = 534
USR-Modem-Training-Time = 12
USR-Interface-Index = 1790
Chassis-Call-Slot = 3
Chassis-Call-Span = 1
Chassis-Call-Channel = 22
Unauthenticated-Time = 4
Calling-Station-Id = "98519xxxx"
Called-Station-Id = "90166xxxx"
Modulation-Type = v34
Simplified-MNP-Levels = ccittV42
Simplified-V42bis-Usage = ccittV42bis
Connect-Speed = 33600_BPS
Framed-Protocol = PPP
Framed-IP-Address = zzz.zzz.19.113
VTS-Session-Key =
"<222>q<160><217><135><0><141><234><183>H<139>Z<133><223><160><27>"
Call-Arrived-time = 152443549
Timestamp = 972897965
Mon Oct 30 10:27:46 2000: DEBUG: Handling request with Handler
'Realm=pruebasql'
Mon Oct 30 10:27:46 2000: DEBUG: Rewrote user name to user2
Mon Oct 30 10:27:46 2000: DEBUG: Adding session for user2@pruebasql,
aaa.aa.216.52, 534
Mon Oct 30 10:27:46 2000: DEBUG: Handling with Radius::AuthLDAP2
Mon Oct 30 10:27:46 2000: DEBUG: Handling with Radius::AuthDYNADDRESS
Mon Oct 30 10:27:46 2000: DEBUG: Accounting accepted
Mon Oct 30 10:27:46 2000: DEBUG: Packet dump:
*** Sending to aaa.aa.216.52 port 34071 ....
Code: Accounting-Response
Identifier: 10
Authentic: =+}<190><174><145><227><230><27><175>59<28><171><187><234>
Attributes:
Mon Oct 30 10:32:23 2000: DEBUG: Packet dump:
*** Received from aaa.aa.216.52 port 34071 ....
Code: Accounting-Request
Identifier: 11
Authentic: *<226><134>y<173><29>L(?vH<183><203><246><226><252>
Attributes:
User-Name = "user2@pruebasql"
Acct-Status-Type = Stop
Acct-Session-Id = "34931520"
Acct-Delay-Time = 0
Acct-Authentic = RADIUS
Service-Type = Framed-User
NAS-Port-Type = Async
NAS-Port = 534
USR-Modem-Training-Time = 12
USR-Interface-Index = 1790
Chassis-Call-Slot = 3
Chassis-Call-Span = 1
Chassis-Call-Channel = 22
Unauthenticated-Time = 4
Calling-Station-Id = "98519xxxx"
Called-Station-Id = "90166xxxx"
Modulation-Type = v34
Simplified-MNP-Levels = ccittV42
Simplified-V42bis-Usage = ccittV42bis
Connect-Speed = 33600_BPS
Framed-Protocol = PPP
Framed-IP-Address = zzz.zzz.19.113
VTS-Session-Key =
"<222>q<160><217><135><0><141><234><183>H<139>Z<133><223><160><27>"
Call-Arrived-time = 152443549
Call-Lost-time = 152443841
Acct-Session-Time = 280
Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST
Disconnect-Reason = drv_user_req_drop
Acct-Input-Octets = 34336
Acct-Output-Octets = 55214
Acct-Input-Packets = 705
Acct-Output-Packets = 538
Timestamp = 972898241
Mon Oct 30 10:32:23 2000: DEBUG: Handling request with Handler
'Realm=pruebasql'
Mon Oct 30 10:32:23 2000: DEBUG: Rewrote user name to user2
Mon Oct 30 10:32:23 2000: DEBUG: Deleting session for user2@pruebasql,
aaa.aa.216.52, 534
Mon Oct 30 10:32:23 2000: DEBUG: Handling with Radius::AuthLDAP2
Mon Oct 30 10:32:23 2000: DEBUG: Handling with Radius::AuthDYNADDRESS
Mon Oct 30 10:32:23 2000: DEBUG: do query is: update RADPOOL set
STATE=0, TIME_STAMP=972901943
where YIADDR='zzz.zzz.19.113'
Mon Oct 30 10:32:23 2000: DEBUG: Accounting accepted
Mon Oct 30 10:32:23 2000: DEBUG: Packet dump:
*** Sending to aaa.aa.216.52 port 34071 ....
Code: Accounting-Response
Identifier: 11
Authentic: *<226><134>y<173><29>L(?vH<183><203><246><226><252>
Attributes:
****************************************************************
--
--------------------------------------------------------------------
Ignacio Paredes | email: [EMAIL PROTECTED]
Eurocomercial | Tfno: +34 91 4359687
Informatica y Comunicaciones | Fax: +34 91 4313240
--------------------------------------------------------------------
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.