(RADIATOR) CDB format ?
Hi list, I'm working on a project for a former employer. One of their brands is on BSDi servers with the BSDi password database as authentication. I installed Radiator and everything is working fine. But now, they want to support CHAP (UUNet), so we need a separate users database with the clear text passwords. We already sniff passwords with Radiator fantastic sniffer so this is not the problem. I wanted to export the passwd file made by Radiator in CDB (with a Perl script) but after the documentation, I just don't know what I should put in the database. So after all those words, what is the CDB format I should use ??? For the record, it's a old PC with BSDi 4.01 and MySQL won't compile on it. If someone have other suggestions, I'm open to anything that can support CHAP :-) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Framed-IP of 0.0.0.0
I got this when someone connect in ISDN at two channels, the second record is showing this IP. Ascend Max TNT Hello everyone, We're using 2.18.2. Recently we started to see FRAMEDIPADDRESS of 0.0.0.0 in RADONLINE. These records create a problem when checking for Simultaneous-Use. Is this a problem with the Ascend NASes that we use? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Shadow Perl module and Radiator
Hello Pascal - I have just noticed this in the trace output: Wed Aug 15 13:07:11 2001: DEBUG: Handling with Radius::AuthSYSTEM Wed Aug 15 13:07:11 2001: DEBUG: getpwnam got test2001, *NP*, 8878, 700, , , Test Test, /home/test2001, /bin/ksh Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM looks for match with test2001 Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM REJECT_IMMEDIATE: Bad Encrypted password Wed Aug 15 13:07:11 2001: INFO: Access rejected for test2001: Bad Encrypted password Notice the *NP* for the password field - this will always be a Bad Encrypted Password. What happens when you use an AuthBy UNIX and point it at the shadow password file (usually /etc/shadow)? All users are in NIS+. When I use AuthBy NIS+, I get a Access-Reject but the reason of the failure is empty in the log and the reply. Using standard fields and tables of NIS+. On Thursday 16 August 2001 22:16, Pascal Robert wrote: I'm using radpwtest to test it, it's using PAP right ? Hello Pascal - It looks like you are using CHAP authentication? If so, it won't work. You can only use PAP authentication with encrypted passwords. hth Hugh On Thursday 16 August 2001 03:20, Pascal Robert wrote: Hi, I'm trying to get a legacy realm working, it's a Solaris 2.6 SPARC system. I installed the Shadow module as indicated in the documentation (in fact, it's two modules: Shadowf.pm and Shadows.pm), but all auth fails: Wed Aug 15 13:07:11 2001: DEBUG: Handling with Radius::AuthSYSTEM Wed Aug 15 13:07:11 2001: DEBUG: getpwnam got test2001, *NP*, 8878, 700, , , Test Test, /home/test2001, /bin/ksh Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM looks for match with test2001 Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM REJECT_IMMEDIATE: Bad Encrypted password Wed Aug 15 13:07:11 2001: INFO: Access rejected for test2001: Bad Encrypted password This is the realm in my configuration file: Realm mlink.net RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ RejectHasReason AcctLogFileName %L/detail.%Y%m%d PasswordLogFileName %L/mlink.passwd.%Y%m%d AuthBy SYSTEM UseGetspnamf /AuthBy /Realm All accounts that I tested are showing the same behaviour, even if the password on the system are all good. Any ideas ? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Shadow Perl module and Radiator
I'm using radpwtest to test it, it's using PAP right ? Hello Pascal - It looks like you are using CHAP authentication? If so, it won't work. You can only use PAP authentication with encrypted passwords. hth Hugh On Thursday 16 August 2001 03:20, Pascal Robert wrote: Hi, I'm trying to get a legacy realm working, it's a Solaris 2.6 SPARC system. I installed the Shadow module as indicated in the documentation (in fact, it's two modules: Shadowf.pm and Shadows.pm), but all auth fails: Wed Aug 15 13:07:11 2001: DEBUG: Handling with Radius::AuthSYSTEM Wed Aug 15 13:07:11 2001: DEBUG: getpwnam got test2001, *NP*, 8878, 700, , , Test Test, /home/test2001, /bin/ksh Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM looks for match with test2001 Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM REJECT_IMMEDIATE: Bad Encrypted password Wed Aug 15 13:07:11 2001: INFO: Access rejected for test2001: Bad Encrypted password This is the realm in my configuration file: Realm mlink.net RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ RejectHasReason AcctLogFileName %L/detail.%Y%m%d PasswordLogFileName %L/mlink.passwd.%Y%m%d AuthBy SYSTEM UseGetspnamf /AuthBy /Realm All accounts that I tested are showing the same behaviour, even if the password on the system are all good. Any ideas ? -- +--+ | Pascal Robert Inter.net Canada | | | | http://www.ca.inter.net/[EMAIL PROTECTED] | +--+ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Shadow Perl module and Radiator
Hi, I'm trying to get a legacy realm working, it's a Solaris 2.6 SPARC system. I installed the Shadow module as indicated in the documentation (in fact, it's two modules: Shadowf.pm and Shadows.pm), but all auth fails: Wed Aug 15 13:07:11 2001: DEBUG: Handling with Radius::AuthSYSTEM Wed Aug 15 13:07:11 2001: DEBUG: getpwnam got test2001, *NP*, 8878, 700, , , Test Test, /home/test2001, /bin/ksh Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM looks for match with test2001 Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM REJECT_IMMEDIATE: Bad Encrypted password Wed Aug 15 13:07:11 2001: INFO: Access rejected for test2001: Bad Encrypted password This is the realm in my configuration file: Realm mlink.net RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ RejectHasReason AcctLogFileName %L/detail.%Y%m%d PasswordLogFileName %L/mlink.passwd.%Y%m%d AuthBy SYSTEM UseGetspnamf /AuthBy /Realm All accounts that I tested are showing the same behaviour, even if the password on the system are all good. Any ideas ? -- +--+ | Pascal Robert Inter.net Canada | | | | http://www.ca.inter.net/[EMAIL PROTECTED] | +--+ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Bad authenticator in request from DEFAULT ?
On 5/31/01 19:40, Hugh Irvine [EMAIL PROTECTED] wrote: Now, I have two other problems. The log file reports that Attributes 197 and 255 (Ascend-Xmit-Rate and Ascend-Data-Rate) are missing, even if they do are in the dictionnary (and accounting logs those attributes, strange). Can you please send me the trace 4 debug from Radiator showing what is happening? I'm getting: Sat Jun 2 23:59:26 2001: ERR: Attribute number 38947 (vendor 429) is not defined in your dictionary Sat Jun 2 23:59:44 2001: ERR: Attribute number 197 (vendor 529) is not defined in your dictionary Sat Jun 2 23:59:44 2001: ERR: Attribute number 255 (vendor 529) is not defined in your dictionary -- +--+ | Pascal Robert Inter.net Canada | | | | Gestionnaire technique de projets /Technical Project Manager | | | | http://www.ca.inter.net/[EMAIL PROTECTED] | +--+ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Bad authenticator in request from DEFAULT ?
On 5/28/01 20:06, Hugh Irvine [EMAIL PROTECTED] wrote: Hello Pascal - This is usually due to the shared secrets not being set correctly. Ok, I resolved this issue. For some reasons, I have some IdenticalClients lines that were more than 80 chars and it didn't like it. Now, I have two other problems. The log file reports that Attributes 197 and 255 (Ascend-Xmit-Rate and Ascend-Data-Rate) are missing, even if they do are in the dictionnary (and accounting logs those attributes, strange). The other is that all outgoing proxy requests timeout: *** Received from 212.87.192.40 port 4901 Code: Access-Request Identifier: 69 Authentic: 1791691792403025143165_240253206kQ Attributes: User-Name = [EMAIL PROTECTED] User-Password = 225Qh16623i243228146:221c252\l/ Wed May 30 13:34:46 2001: DEBUG: Handling request with Handler 'Realm=pa.inter.net' Wed May 30 13:34:46 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 212.87.192.40, Wed May 30 13:34:46 2001: DEBUG: Handling with Radius::AuthRADIUS Wed May 30 13:34:46 2001: DEBUG: Packet dump: *** Sending to 38.210.35.139 port 1645 Code: Access-Request Identifier: 2 Authentic: 1791691792403025143165_240253206kQ Attributes: User-Name = [EMAIL PROTECTED] User-Password = 3\~Uo167187127132182169165136623723=31{?243207 160164179254yruC Wed May 30 13:34:47 2001: DEBUG: Timed out, retransmitting Wed May 30 13:34:47 2001: DEBUG: Packet dump: *** Sending to 38.210.35.139 port 1645 Code: Access-Request Identifier: 2 Authentic: 1791691792403025143165_240253206kQ Attributes: User-Name = [EMAIL PROTECTED] User-Password = 3\~Uo167187127132182169165136623723=31{?243207 160164179254yruC Wed May 30 13:34:48 2001: DEBUG: Packet dump: -- +--+ | Pascal Robert Inter.net Canada | | | | Gestionnaire technique de projets /Technical Project Manager | | | | http://www.ca.inter.net/[EMAIL PROTECTED] | +--+ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) DefaultReply and AddToReply
Hi, I'm working with a demo with Radiator and I have a small problem. One of our wholesalers want some more attributes in the reply. So I used AddToReply to add them to the Accept-Request answer, but I also need to send some generic attributes if the request has failed (bad username or password, etc.). I tried with a DefaultReply but when the request is rejected, the attributes are not sending back to the proxy server. Realm config: Realm ca.inter.net RewriteUsername s/^([^@]+).*/$1/ RejectHasReason AuthBy FILE Filename ./users AddToReplyIfNotExist User-Name = 1, User-Password = 1, User-Service = Framed-User, Ascend-Assign-IP-Pool= 0, Ascend-Idle-Limit = 1200, Proxy-State = 1 DefaultReply User-Name = 0, User-Password = 0, User-Service = Framed-User, Ascend-Assign-IP-Pool= 0, Ascend-Idle-Limit = 1200, Proxy-State = 1 NoDefault /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName ./detail /Realm The only attribute that is sent back is: *** Sending to 127.0.0.1 port 49259 Code: Access-Reject Identifier: 221 Authentic: 1234567890123456 Attributes: Reply-Message = Bad Password -- +--+ | Pascal Robert Inter.net Canada | | | | Gestionnaire technique de projets /Technical Project Manager | | | | http://www.ca.inter.net/[EMAIL PROTECTED] | +--+ === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.