On 06/20/2012 01:17 PM, Mike Puchol wrote:
> I'm having a weird issue with some users, when they login, they get
> rejected for no apparent reason, reason being Bad Password. In one case,
> the first attempt was a reject, and some 20 seconds later, a second
> attempt was successful. Here is the log of the event:
Try this with the AuthBy:
TranslatePasswordHook sub {main::log($main::LOG_DEBUG, "Passwords:
Expected $_[0]. Received " . $_[4]->decodedPassword() ); return $_[0]; }
This will log the password from SQL and decoded password from the
request. If you are using e.g., CHAP then there is no password to decode
but you will at least see what SQL returns.
Heikki
> 21:23:38: Deleting session for 1234567890, 10.1.0.1, 5
> 21:23:38: do query is: 'DELETE FROM RADONLINE WHERE
> USERNAME='1234567890' AND CALLINGSTATIONID='00-2C-DE-AD-BE-EF':
> 21:23:38: Query is: 'SELECT
> PASSWORD,MAXDAILYSESSION,SESSIONTIMEOUT,BANDWIDTHDOWN,BANDWIDTHUP FROM
> SUBSCRIBERS WHERE USERNAME='1234567890'':
> 21:23:38: Radius::AuthSQL looks for match with 1234567890 [1234567890]
> 21:23:38: Radius::AuthSQL REJECT: Bad Password: 1234567890 [1234567890]
> 21:23:38: INFO: Access rejected for 1234567890: Bad Password
> User-Name = "1234567890"
> 21:24:01: Deleting session for 1234567890, 10.1.0.1, 5
> 21:24:01: do query is: 'DELETE FROM RADONLINE WHERE
> USERNAME='1234567890' AND CALLINGSTATIONID='00-2C-DE-AD-BE-EF':
> 21:24:01: Query is: 'SELECT
> PASSWORD,MAXDAILYSESSION,SESSIONTIMEOUT,BANDWIDTHDOWN,BANDWIDTHUP FROM
> SUBSCRIBERS WHERE USERNAME='1234567890'':
> 21:24:01: Radius::AuthSQL looks for match with 1234567890 [1234567890]
> 21:24:01: Query is: 'SELECT SUM(ACCTSESSIONTIME) FROM RADSESSIONS WHERE
> USERNAME='1234567890' AND
> TO_CHAR(TIMESTAMP,'DDMMYYYY')=TO_CHAR(SYSDATE,'DDMMYYYY') AND
> NASIDENTIFIER='00-2C-DE-AD-CC-DD'':
> 21:24:01: Radius::AuthSQL ACCEPT:: 1234567890 [1234567890]
> 21:24:01: Access accepted for 1234567890
>
> The user was by the time correctly inserted into the DB, so I'm not sure
> what could be happening here. The password is entered on the captive
> portal automatically, so there is no possibility of user error in this
> respect.
>
> Cheers,
>
> Mike
>
>
>
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
