Hello Eric -
It looks to me like the shared secrets are not correct. radpwtst uses the shared secret "mysecret" by default, so in your case you should use "radpwtst -secret dogcat .....". regards Hugh On Tue, 8 Jan 2002 03:34, Eric Johnson wrote: > I am having problems authenticating with Radiator. I am running NT 4 with > MySQL as the database. My config script is set to first check the NT user > database and then the SQL database. When I use radpwtst I get a bad > authenticator reply and then 2 no reply's which I assume are because the > first request failed. I am using the default user to test. Included is > the trace file (first) and my config file (second). Thanks for your help. > > Mon Jan 7 10:07:34 2002: DEBUG: Packet dump: > *** Received from 127.0.0.1 port 3577 .... > Code: Access-Request > Identifier: 4 > Authentic: 1234567890123456 > Attributes: > User-Name = "mikem" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>" > > Mon Jan 7 10:07:34 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Mon Jan 7 10:07:34 2002: DEBUG: Deleting session for > mikem, 203.63.154.1, 1234 Mon Jan 7 10:07:34 2002: DEBUG: Handling with NT > Mon Jan 7 10:07:34 2002: DEBUG: Handling with Radius::AuthSQL > Mon Jan 7 10:07:34 2002: DEBUG: Handling with Radius::AuthSQL: CheckSQL > Mon Jan 7 10:07:34 2002: DEBUG: Query is: select PASSWORD from SUBSCRIBERS > where USERNAME='mikem' > > Mon Jan 7 10:07:34 2002: DEBUG: Radius::AuthSQL looks for match with mikem > Mon Jan 7 10:07:34 2002: DEBUG: Radius::AuthSQL REJECT: Bad Password > Mon Jan 7 10:07:34 2002: DEBUG: Query is: select PASSWORD from SUBSCRIBERS > where USERNAME='DEFAULT' > > Mon Jan 7 10:07:34 2002: INFO: Access rejected for mikem: Bad Password > Mon Jan 7 10:07:34 2002: DEBUG: Packet dump: > *** Sending to 127.0.0.1 port 3577 .... > Code: Access-Reject > Identifier: 4 > Authentic: 1234567890123456 > Attributes: > Reply-Message = "Request Denied" > > Mon Jan 7 10:07:34 2002: DEBUG: Packet dump: > *** Received from 127.0.0.1 port 3577 .... > Code: Accounting-Request > Identifier: 5 > Authentic: <141><245>j6<145><242><213>\;<218>x^^=<22>) > Attributes: > User-Name = "mikem" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Start > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > > Mon Jan 7 10:07:34 2002: WARNING: Bad authenticator in request from > 127.0.0.1 (203.63.154.1) Mon Jan 7 10:07:39 2002: DEBUG: Packet dump: > *** Received from 127.0.0.1 port 3577 .... > Code: Accounting-Request > Identifier: 6 > Authentic: d6B<159><200>u<138><152>FI<216><154><190>S<230>G > Attributes: > User-Name = "mikem" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Stop > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > Acct-Session-Time = 1000 > Acct-Input-Octets = 20000 > Acct-Output-Octets = 30000 > > Mon Jan 7 10:07:39 2002: WARNING: Bad authenticator in request from > 127.0.0.1 (203.63.154.1) > > Foreground > LogStdout > LogDir /Radiator/log > #Dictionary File is in current dir > DictionaryFile ./dictionary > Trace 4 > > <Client 127.0.0.1> > Secret dogcat > DupInterval 0 > </Client> > <AuthBy SQL> > > Identifier CheckSQL > > DBSource dbi:mysql:ISP > DBUsername admin > DBAuth lifter > AccountingTable ACCOUNTING > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > AcctColumnDef NASIDENTIFIER,NAS-Identifier > AcctColumnDef NASPORT,NAS-Port,integer > </AuthBy> > > > > <AuthBy NT> > > Identifier CheckNT > > # You must set the domain name here to suit your site > Domain ETHERNET1 > > # ON NT, optionally specify the name of the > # Primary Domain Controller, including the leading > # \\ slashes, to override the default domain controller > # for the domain you specified above > DomainController \\FEZZIK > > # On Unix, you MUST specify the Domain Controller > # name as the NT host name of the domain controller > # its not optional. This needs to be set to the NT > # name of the Primary Domain Controller, and further > # the NT name must be in the Unix hosts or DNS > DomainController FEZZIK > > # On NT, you can optionally check the > # "Grant dialin permission to user" flag in the > # user manager. Requires the > # Win32-RasAdmin Perl package to be installed first > # HonourDialinPermission > > # This will set up some standard reply items for > # your NAS, you may need others for your NAS > DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP > </AuthBy> > > <Realm DEFAULT> > AuthByPolicy ContinueUntilAccept > AuthBy CheckNT > AuthBy CheckSQL > # Log accounting to the detail file in LogDir > AcctLogFileName ./detail > </Realm> -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
