Hello Stephen, On Thu, 28 Mar 2002 03:48, Stephen Malenshek wrote: > I am having a very difficult time with this product. I have read and > reread the documentation on several occasions and evidently I am just to > stupid to figure this out. The following is the error messages that I > am getting:
Hello Stephen, the main problem is that your DEFAULT Realm is using AuthBy SQL with the default AuthSelect (which is select PASSWORD from SUBSCRIBERS where USERNAME=%0). However, your subscribers table calls the password field passwd. I suggest you change your Realm clause to be like this: <Realm DEFAULT> <AuthBy SQL> DBSource dbi:Pg:dbname=radius;host=xxx.xxx.xxx.xxx DBUsername xxxxx DBAuth xxxxxx AuthSelect select passwd from subscribers where username = %0 </AuthBy> </Realm> and go from there. You also have two Realm DEFAULT clause. I suggest you remove the one that has the AuthBy FILE in it. There is a lot of other (prob unneccessary) stuff in your config file. You might want to consider starting with goodies/sql.cfg as a simple SQL configuration example (use the AuthSelect I show above.) Cheers. > > Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from > SUBSCRIBERS where USERNAME='stephen'': ERROR: Attribute 'password' not > found > Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from > SUBSCRIBERS where USERNAME='stephen'': ERROR: Attribute 'password' not > found > Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from > SUBSCRIBERS where USERNAME='DEFAULT'': ERROR: Attribute 'password' not > found > Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from > SUBSCRIBERS where USERNAME='DEFAULT'': ERROR: Attribute 'password' not > found > Tue Mar 26 10:12:03 2002: INFO: Access rejected for stephen: No such > user > > The following is the radius.cfg: > > #Foreground > #LogStdout > LogDir /var/log/radius > DbDir /etc/raddb > Trace 3 > > <Client DEFAULT> > Secret xxxxxx > DupInterval 0 > </Client> > > <Realm DEFAULT> > <AuthBy FILE> > Filename %D/users > </AuthBy> > AcctLogFileName %L/detail > </Realm> > > > <Realm DEFAULT> > <AuthBy SQL> > DBSource > dbi:Pg:dbname=radius;host=xxx.xxx.xxx.xxx > DBUsername xxxxx > DBAuth xxxxxx > </AuthBy> > </Realm> > > > # <Handler Service-Type=Call-Check> > # RewriteUsername s/^([^@]+).*/$1/ > # <AuthBy FILE> > # Filename %D/call-check > # </AuthBy> > # </Handler> > > <Handler Realm=DEFAULT,Acct-Status-Type=/.+/> > RewriteUsername s/^([^@]+).*/$1/ > RewriteUsername s/^P(.*)$/$1/ > RewriteUsername tr/[A-Z]/[a-z]/ > AcctLogFileName %L/detail-%Y-%m > # AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name} > WtmpFileName %L/wtmp > # PasswordLogFileName %L/password-%Y-%m > # PreAuthHook sub { print "Here I am in PreAuthHook\n" } > # PostAuthHook sub { print "Here I am in PostAuthHook\n" } > > #AuthByPolicy ContinueWhileReject > #AuthByPolicy ContinueUntilAccept > AuthByPolicy DoAllAuths > <AuthBy SQL> > Fork > Identifier AcctSTART > AuthSelect > DBSource dbi:Pg:dbname=radius;host= > xxx.xxx.xxx.xxx > DBUsername xxxxx > DBAuth xxxxxx > # DBSource dbi:Pg:radius:backuphost > # DBUsername aUser > # DBAuth aPassWord > AccountingStartsOnly > AcctSQLStatement insert into ACCOUNTING \ > ( \ > username,calledstationid,nasidentifier,\ > clientip,nasport,nasporttype,\ > acctstatustype,acctdelaytime,acctsessionid,\ > time_stamp,servicetype,framedprotocol,\ > framedipaddress,requestauth,\ > start_time,stop_time,\ > connect_info\ > ) \ > values \ > (\ > ip_to_int('%{User-Name}',\ > '%{Called-Station-Id}',\ > '%{NAS-IP-Address}',\ > '%{Client-IP-Address}',\ > '%{NAS-Port}',\ > '%{NAS-Port-Type}',\ > '%{Acct-Status-Type}',\ > '%{Acct-Delay-Time}',\ > '%{Acct-Session-Id}',\ > '%{Timestamp}',\ > '%{Service-Type}',\ > '%{Framed-Protocol}',\ > '%{Framed-IP-Address}',\ > '%{Request-Authenticator}\ > # From_unixtime(%{Timestamp}),\ > # 0,\ > # '%{Connect-Info}'\ > ) > </AuthBy> > <AuthBy SQL> > Fork > Identifier AcctSTOP > AuthSelect > DBSource dbi:Pg:dbname=radius;host= > xxx.xxx.xxx.xxx > DBUsername xxxxx > DBAuth xxxxxx > # DBSource dbi:mysql:db:backuphost > # DBUsername aUser > # DBAuth aPassWord > AccountingStopsOnly > AcctSQLStatement insert into ACCOUNTING \ > ( \ > nasport,nasporttype,acctinputoctets,\ > acctoutputoctets,acctinputpackets,acctoutputpackets,\ > > acctstatustype,acctdelaytime,acctsessionid,acctsessiontime,\ > > acctterminatecause,time_stamp,servicetype,framedprotocol,\ > framedipaddress,requestauth,\ > start_time,stop_time,\ > connect_info\ > ) \ > values \ > (\ > ip_to_int('%{User-Name}',\ > '%{Called-Station-Id}',\ > '%{NAS-IP-Address}',\ > '%{NAS-Port}',\ > '%{NAS-Port-Type}',\ > '%{Acct-Input-Octets}',\ > '%{Acct-Output-Octets}',\ > '%{Acct-Input-Packets}',\ > '%{Acct-Output-Packets}',\ > '%{Acct-Status-Type}',\ > '%{Acct-Delay-Time}',\ > '%{Acct-Session-Id}',\ > '%{Acct-Session-Time}',\ > '%{Acct-Terminate-Cause}',\ > '%{Timestamp}',\ > '%{Service-Type}',\ > '%{Framed-Protocol}',\ > '%{Framed-IP-Address}',\ > '%{Request-Authenticator}\ > # From_unixtime(%{Timestamp}),\ > # 0,\ > # '%{Connect-Info}'\ > ) > AcctSQLStatement update usertime set \ > time_on = %{Acct-Session-Time,NULL},\ > InBytes = %{Acct-Input-Octets,NULL},\ > OutBytes = %{Acct-Output-Octets,NULL},\ > term_cause = %{Acct-Terminate-Cause,integerNULL},\ > stop_time = From_unixtime(%{Timestamp}),\ > terminate_detail = '%{LE-Terminate-Detail}',\ > connect_info = concat(connect_info ,";", > '%{Connect-Info}') \ > WHERE \ > server = ip_to_int('%{NAS-IP-Address}') AND \ > id = '%{Acct-Session-Id}' AND \ > name = '%{User-Name}' AND \ > port = '%{NAS-Port}' > </AuthBy> > <AuthBy TEST> > # Return a Packet > </AuthBy> > </Handler> > > <Handler Realm=DEFAULT,Proxy-State="0"> > RewriteUsername s/^([^@]+).*/$1/ > RewriteUsername s/^P(.*)$/$1/ > RewriteUsername tr/[A-Z]/[a-z]/ > AcctLogFileName %L/roam-detail-auth-%Y-%m > PasswordLogFileName %L/password-roam-%Y-%m > AuthByPolicy ContinueWhileReject > #AuthByPolicy ContinueUntilAccept > #AuthByPolicy DoAllAuths > <AuthBy SQL> > DBSource dbi:Pg:dbname=radius;host= > xxx.xxx.xxx.xxx > DBUsername xxxxx > DBAuth xxxxxx > # DBSource dbi:mysql:db:backuphost > # DBUsername aUser > # DBAuth aPassWord > AuthSelect select \ > > if(pw_iscrypt=0,passwd,concat('{crypt}',passwd)),\ > port_limit,\ > radius_check,\ > concat(\ > > if("%{Service-Type}"="Framed-User","Service-Type=Framed-User,",""),\ > if(server=3,"NAS-Port-Type = Async,",""),\ > > if(type=2,"Time=Al1550-0930,SaSu0000-2400","")\ > ),\ > radius_reply,\ > concat(\ > if("%{Service-Type}"="Framed-User",\ > > "Service-Type=Framed-User,Framed-Compression=Van-Jacobson-TCP-IP,Framed- > MTU=1500,Framed-Protocol=PPP,",""),\ > if("%{Service-Type}"="Framed-User" && > filter.name>"" > ,\ > > concat("Filter-Id=",filter.name,","),""),\ > > if("%{Service-Type}"="Framed-User",if(ISNULL(static_ip) || > static_ip='',\ > > 'Framed-IP-Address=255.255.255.254,',concat("Framed-IP-Address=",static_ > ip,",")),\ > ""),\ > > if("%{Service-Type}"="Framed-User",if(ISNULL(static_netmask) || > static_netmask='',\ > > 'Framed-IP-Netmask=255.255.255.254,',concat("Framed-IP-Netmask=",static_ > netmask,",")),\ > ""),\ > > if("%{Service-Type}"<>"Framed-User","Service-Type=Login-User,Login-IP-Ho > st=phobos.kiss.de,Login-Service=Rlogin,","")\ > ),\ > if(expires<"1990-01-01",NULL,expires),\ > port_limit \ > FROM accounts left outer join filter ON > accounts.filter=filter.id \ > WHERE \ > accounts.name = '%n' AND active <> 0 AND > (type <= OR type =3) AND \ > (server IN ('1','2','3') OR server = > ip_to_int('%N') > ) > # type=3 : only-radius > # type=0 : normal > # type<0 : Versch. restrictions > # server 0 = NONE > # server 1 = ALL > # server 2 = ISDN > # server 3 = Analog > AuthColumnDef 0,User-Password,check > AuthColumnDef 1,Simultaneous-Use,check > AuthColumnDef 2,GENERIC,check > AuthColumnDef 3,GENERIC,check > AuthColumnDef 4,GENERIC,reply > AuthColumnDef 5,GENERIC,reply > AuthColumnDef 6,Expires,check > AuthColumnDef 7,Port-Limit,reply > # > StripFromReply Filter-Id > </AuthBy> > </Handler> > > <Handler Realm=DEFAULT> > RewriteUsername s/^([^@]+).*/$1/ > RewriteUsername s/^P(.*)$/$1/ > RewriteUsername tr/[A-Z]/[a-z]/ > AcctLogFileName %L/detail-auth-%Y-%m > # AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name} > WtmpFileName %L/wtmp > # PasswordLogFileName %L/password-%Y-%m > # PreAuthHook sub { print "Here I am in PreAuthHook\n" } > # PostAuthHook sub { print "Here I am in PostAuthHook\n" } > AuthByPolicy ContinueWhileReject > #AuthByPolicy ContinueUntilAccept > #AuthByPolicy DoAllAuths > <AuthBy SQL> > DBSource dbi:Pg:dbname=radius;host=65.67.76.100 > DBUsername radacct > DBAuth 5qweh*ujnbhtr > # DBSource dbi:mysql:db:backuphost > # DBUsername aUser > # DBAuth aPassWord > AuthSelect select \ > > if(pw_iscrypt=0,passwd,concat('{crypt}',passwd)),\ > port_limit,\ > radius_check,\ > concat(\ > > if("%{Service-Type}"="Framed-User","Service-Type=Framed-User,",""),\ > if(server=3,"NAS-Port-Type = Async,",""),\ > > if(type=2,"Time=Al1550-0930,SaSu0000-2400","")\ > ),\ > radius_reply,\ > concat(\ > if("%{Service-Type}"="Framed-User",\ > > "Service-Type=Framed-User,Framed-Compression=Van-Jacobson-TCP-IP,Framed- > MTU=1500,Framed-Protocol=PPP,",""),\ > if("%{Service-Type}"="Framed-User" && > filter.name>"" > ,\ > > concat("Filter-Id=",filter.name,","),""),\ > > if("%{Service-Type}"="Framed-User",if(ISNULL(static_ip) || > static_ip='',\ > > 'Framed-IP-Address=255.255.255.254,',concat("Framed-IP-Address=",static_ > ip,",")),\ > ""),\ > > if("%{Service-Type}"="Framed-User",if(ISNULL(static_netmask) || > static_netmask='',\ > > 'Framed-IP-Netmask=255.255.255.254,',concat("Framed-IP-Netmask=",static_ > netmask,",")),\ > ""),\ > > if("%{Service-Type}"<>"Framed-User","Service-Type=Login-User,Login-IP-Ho > st=phobos.kiss.de,Login-Service=Rlogin,","")\ > ),\ > if(expires<"1990-01-01",NULL,expires),\ > port_limit \ > FROM accounts left outer join filter ON > accounts.filter=filter.id \ > WHERE \ > accounts.name = '%n' AND active <> 0 AND > (type <= 0 OR type =3) AND \ > (server IN ('1','2','3') OR server = > ip_to_int('%N') > ) > # type=3 : only-radius > # type=0 : normal > # type<0 : Versch. restrictions > # server 0 = NONE > # server 1 = ALL > # server 2 = ISDN > # server 3 = Analog > AuthColumnDef 0,User-Password,check > AuthColumnDef 1,Simultaneous-Use,check > AuthColumnDef 2,GENERIC,check > AuthColumnDef 3,GENERIC,check > AuthColumnDef 4,GENERIC,reply > AuthColumnDef 5,GENERIC,reply > AuthColumnDef 6,Expires,check > AuthColumnDef 7,Port-Limit,reply > </AuthBy> > <AuthBy FILE> > Filename %D/users > </AuthBy> > </Handler> > > <SessionDatabase SQL> > DBSource dbi:Pg:dbname=radius;host= xxx.xxx.xxx.xxx > DBUsername xxxxx > DBAuth xxxxxx > # DBSource dbi:mysql:db:backuphost > # DBUsername aUser > # DBAuth aPassWord > AddQuery insert into RADONLINE \ > (USERNAME, CALLEDSTATIONID, NASIDENTIFIER, NASPORT,\ > ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, \ > NASPORTTYPE, SERVICETYPE) \ > values (\ > '%n', %{Called-Station-Id}, '%N', %{NAS-Port,NULL}, \ > '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}',\ > '%{NAS-Port-Type}', '%{Service-Type}') > DeleteQuery delete from RADONLINE \ > where USERNAME='%n' and \ > NASIDENTIFIER='%N' and NASPORT=%{NAS-Port,NULL} > ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N' > CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from > RADONLINE w > here USERNAME='%n' > > </SessionDatabase> > > > This is a list of tables that I have specified in the database. > > List of relations > Name | Type | Owner > ----------------------+-------+---------- > accounting | table | postgres > groupradius | table | postgres > radclientlist | table | postgres > radlog | table | postgres > radonline | table | postgres > radpool | table | postgres > radsqlradius | table | postgres > radsqlradiusindirect | table | postgres > radstatslog | table | postgres > subscribers | table | postgres > (10 rows) > > radius=# \d accounting > Table "accounting" > Attribute | Type | Modifier > --------------------+-----------------------+---------- > username | character varying(50) | > realm | character varying(50) | > calledstationid | integer | > nasidentifier | character varying(50) | > nasipaddress | character varying(50) | > clientip | character varying(25) | > nasport | integer | > nasporttype | character varying(30) | > acctinputoctets | integer | > acctoutputoctets | integer | > acctinputpackets | integer | > acctoutputpackets | integer | > acctstatustype | character varying(10) | > acctdelaytime | integer | > acctsessionid | character varying(30) | > acctsessiontime | integer | > acctterminatecause | integer | > time_stamp | integer | > servicetype | character varying(80) | > framedprotocol | character varying(50) | > framedipaddress | character varying(22) | > requestauth | character varying(50) | > start_time | character varying(50) | > stop_time | character varying(50) | > connect_info | character varying(50) | > Index: accounting_i > > radius=# \d radclientlist > Table "radclientlist" > Attribute | Type | Modifier > ------------------------------+-----------------------+---------- > nasidentifier | character varying(50) | not null > secret | character varying(50) | not null > ignoreacctsignature | integer | > dupinterval | integer | > defaultrealm | character varying(50) | > nastype | character varying(20) | > snmpcommunity | character varying(20) | > livingstonoffs | integer | > livingstonhole | integer | > framedgroupbaseaddress | character varying(50) | > framedgroupmaxportsperclassc | integer | > rewriteusername | character varying(50) | > noignoreduplicates | character varying(50) | > prehandlerhook | character varying(50) | > Index: nasidentifier_i > > radius=# \d radlog > Table "radlog" > Attribute | Type | Modifier > ------------+------------------------+---------- > time_stamp | integer | > priority | integer | > message | character varying(200) | > > radius=# \d radonline > Table "radonline" > Attribute | Type | Modifier > -----------------+-----------------------+---------- > username | character varying(50) | > calledstationid | character varying(20) | > nasidentifier | character varying(50) | > nasport | integer | > acctsessionid | character varying(30) | > time_stamp | integer | > framedipaddress | character varying(22) | > nasporttype | character varying(10) | > servicetype | character varying(20) | > Indices: radonline_i, > radonline_i2 > > radius=# \d radpool > Table "radpool" > Attribute | Type | Modifier > ------------+-----------------------+---------- > state | integer | not null > time_stamp | integer | > expiry | integer | > username | character varying(50) | > pool | character varying(50) | not null > yiaddr | character varying(50) | not null > subnetmask | character varying(50) | not null > dnsserver | character varying(50) | > Indices: radpool_i, > radpool_i2 > > radius=# \d radsqlradius > Table "radsqlradius" > Attribute | Type | Modifier > ----------------------------+-----------------------+---------- > targetname | character varying(50) | > host1 | character varying(50) | > host2 | character varying(50) | > secret | character varying(50) | > authport | character varying(20) | > acctport | character varying(20) | > retries | integer | > retrytimeout | integer | > useoldascendpasswords | integer | > serverhasbrokenportnumbers | integer | > serverhasbrokenaddresses | integer | > ignorereplysignature | integer | > failurepolicy | integer | > Index: radsqlradius_i > > radius=# \d radsqlradiusindirect > Table "radsqlradiusindirect" > Attribute | Type | Modifier > ------------+-----------------------+---------- > sourcename | character varying(50) | > targetname | character varying(50) | > Index: radsqlradiusindirect_i > > radius=# \d radstatslog > Table "radstatslog" > Attribute | Type | Modifier > -----------------------------+-----------------------+---------- > time_stamp | integer | > type | character varying(20) | > identifier | character varying(30) | > accessaccepts | integer | > accesschallenges | integer | > accessrejects | integer | > accessrequests | integer | > accountingrequests | integer | > accountingresponses | integer | > badauthaccessrequests | integer | > badauthaccountingrequests | integer | > badauthrequests | integer | > droppedaccessrequests | integer | > droppedaccountingrequests | integer | > droppedrequests | integer | > dupaccessrequests | integer | > dupaccountingrequests | integer | > duplicaterequests | integer | > malformedaccessrequests | integer | > malformedaccountingrequests | integer | > proxiednoreply | integer | > proxiedrequests | integer | > requests | integer | > responsetime | numeric(12,6) | > > radius=# \d subscribers > Table "subscribers" > Attribute | Type | Modifier > -----------+------------------------+---------- > username | character varying(50) | not null > realname | character varying(50) | > passwd | character varying(50) | > epasswd | character varying(50) | > uid | integer | > gid | integer | > homedir | character varying(50) | > shell | character varying(50) | > checkattr | character varying(200) | > replyattr | character varying(200) | > Indices: realname_i, > subscribers_pkey, > username_i > > > Please forgive me if this is not the proper way to post to this list, > but I have wasted 3 days trying to figure the proper structure out for > this product. The documentation for a PostgreSQL documentation is > sparse and everything I have has been adapted from the > wimsComplexConfig.txt file located in the goodies directory. I have not > found any place that I can specify anything for SUBSCRIBERS for > authentication in the radius.cfg file and I do not know what structure > needs to be added to make this happen. This is my first implementation > with this product, but I have had a lot of experience with Cistron, and > trying to convert from one to the other is a little bit of a stretch. > Thanks in advance for any help that you might provide. > > > Stephen Malenshek > Valuelinx Corporation > [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.