[RADIATOR] Problems with Secret and SQLClientList

Mon, 01 Sep 2014 05:13:28 -0700 

Hello,

we are using the Radiator for RADIUS authentication of network clients. Our 
frontend writes the NAS clients to a database, where we have a view, which is 
then queried by Radiator. The view looks like this:

--- schnipp ---
mysql> select * from view_clients;
+----+--------+--------------------+-------------------+----------------+
| id | name   | ip                            | secret                   | 
module          |
+----+--------+--------------------+-------------------+----------------+
|  4 | test1    | 146.140.16.XX     | cisco                    | mab            
       |
|  2 | wlc001 | 192.168.135.254 | asdasdasd         | eduroam         |
|  3 | wlc002 | 192.168.135.253 | asdasdasd        | eduroam         |
|  2 | wlc001 | 192.168.135.254 | asdasdasd        | mab                   |
|  3 | wlc002 | 192.168.135.253 | asdasdasd        | mab                   |
+----+--------+-----------------+----------------------+-----------------+
--- schnapp ---

We then use the following ClientListSQL Statement to retrieve the clients:

--- schnipp ---
<ClientListSQL>
    DBSource dbi:mysql:main
    DBUsername radiator
    DBAuth asdsadasdasdasdasd
    GetClientQuery SELECT `ip`, `secret`, NULL, NULL, NULL, NULL, NULL, NULL, 
NULL, NULL, NULL, NULL, NULL, NULL, `module` FROM `view_clients`
    RefreshPeriod 60
</ClientListSQL>
--- schnapp ---

We thus read out the IP address, the secret and the module, which we use as 
identifier in the Handler:

<Handler 
Client-Identifier=mab,Service-Type=/Call-Check|Login-User/,User-Name=/^\w{12}$/i>

In general, this configuration is working fine. The Clients are retrieved 
correctly, requests from unknown clients are ignored and the Client-Identifier 
matching based on the module also works great. However, the secret does not 
work. When  testing the authentification with NTRadPing, Radiator answers to my 
(known) client, nevertheless which secret I use. If I use "cisco", I get an 
answer, if I use "7jnasdfjksa" I also get the answer. What can cause Radiator 
not to check the secret sent among the request?

Thanks in advance and best regards
Daniel


---
Daniel Herrmann
Competence Center Lan (CC-LAN)

Fraunhofer-Institut für Graphische Datenverarbeitung IGD
Fraunhoferstr. 5  |  64283 Darmstadt  |  Germany
Tel +49 6151 155-346  |  Fax +49 6151 155-399
[email protected]<mailto:[email protected]> | 
www.igd.fraunhofer.de/<http://www.igd.fraunhofer.de/>


_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to