Hello Andrew -
On Wednesday 28 February 2001 21:20, Andrew Chant wrote:
> Hi,
>
> Having just recently purchased Radiator, we are having a few problems with
> some authentication, I was hoping that someone here may have a sugestion
> as to what is happening.
>
> My dialup port provider prefers CHAP over PAP, so most requests are CHAP,
> and as far as I am aware work fine, here is a packet trace of a request;
>
> Request (f9) - xx.xx.xx.xx:57699 -> xx.xx.xx.xx:1645 (L128)
> User-Name Len 23 "usernamewashere"
> CHAP-Password Len 19 "passwordwashere"
> NAS-IP-Address Len 6 xx.xx.xx.xx
> NAS-Port Len 6 20025
> Service-Type Len 6 Framed-User
> Framed-Protocol Len 6 PPP
> Called-Station-Id Len 8 "xxxx"
> Calling-Station-Id Len 13 "xxxx"
> Proxy-State Len 15 "xxxx"
> NAS-Port-Type Len 6 ISDN
>
Correct, the presence of a "CHAP-Password" indicates a CHAP request.
> This is an example of a request which works fine. However, the following
> is an example of what I am getting, which is causing errors;
>
> Request (c1) - xx.xx.xx.xx:57581 -> xx.xx.xx.xx:1645 (L127)
> User-Name Len 23 "sameusernamewashere"
> NAS-IP-Address Len 6 xx.xx.xx.xx
> NAS-Port Len 6 20118
> Service-Type Len 6 Framed-User
> Framed-Protocol Len 6 PPP
> Called-Station-Id Len 8 "xxx"
> Calling-Station-Id Len 13 "xxx"
> Proxy-State Len 15 "xxx"
> NAS-Port-Type Len 6 ISDN
> User-Password Len 18 "passwordwashere"
>
> This request is causing "Bad Password" errors, and needless to say my
> customers are not likeing it. My gut feeling says this is a PAP request,
> and for some reason it does not like it, but I am no expert.
>
Correct, the presence of a "User-Password" indicates a PAP request.
> Here follows the segments of my conf I think are significant to this;
>
> ======
> <Realm DEFAULT>
> <AuthBy SQL>
> AccountingStopsOnly
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> AuthColumnDef 0, Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
> AuthSelect select SUBSCRIBERS.PASSWORD, GROUPS.CHECKATTR,
> GROUPS.REPLYATTR from SUBSCRIBERS, GROUPS where SUBSCRIBERS.USERNAME='%n'
> AND GROUPS.GROUPNAME = SUBSCRIBERS.GROUPNAME
> DBAuth xxxxx
> DBSource DBI:mysql:radius
> DBUsername xxxx
> Identifier authmysql
> </AuthBy>
> # AccountingHandled
> # AuthBy authmysql
> # AuthByPolicy ContinueWhileIgnore
> RejectHasReason
> SessionDatabase mysqlsess
> AuthLog myauthlogger
> </Realm>
>
> <Client xx.xx.xx.xx>
> Description clientproxy1
> DupInterval 2
> Secret xxxxxxxxxxxx
> IgnoreAcctSignature
> NasType unknown
> </Client>
>
> <Client xx.xx.xx.xx>
> Description clientproxy2
> DupInterval 2
> Secret xxxxxxxxxxxx
> IgnoreAcctSignature
> NasType unknown
> </Client>
>
> =======
>
I will need to see a trace 4 debug from Radiator showing the problem, and it
would also be helpful to see the actual contents of the "CHAP-Password",
"User-Password" and the database field containing the password.
Also, what version of Radiator are you running, on what hardware/software
platform and with what version of Perl and Perl modules?
Please send the above direct to me rather than to the list.
thanks
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
