Hello,
We are setting up test Wireless network so that our client radio will authenticate against our Platypus database. The issue is that our client radios are being rejected with a Bad Password message (We have checked and the passwords are correct). But if we set up radius so that the client radio authenticates against a flat file (WifiClients), it works. One thing that I have noticed in our Failure log is that the bad password isn't shown. I have pasted my config below and attached it along with part of our logfile and Failurelog. We are using Radiator version 4.16 We are using Ubiquiti PowerBeams and NanoBeams in our test network. LogDir /var/log/radius DbDir /etc/radiator AuthPort 1645,1812 AcctPort 1646,1813 Trace 4 ##################################################### ## NAS Client IPs ## ##################################################### ##Test NAS for Wireless <Client xxx.xx.x.xxx> Secret xxxxx Identifier AP DupInterval 0 </Client> ##################################################### ## Authorization ## ##################################################### #Authorization Using Flat File <AuthBy FILE> Identifier WifiClients Filename /etc/radiator/WifiClients </AuthBy> #Authorization using Radius Application <AuthBy FREERADIUSSQL> Identifier CheckPLATYPUS DBSource dbi:Sybase:Platypus DBUsername xxxxxxx DBAuth xxxxxxx AuthCheck SELECT id,UserName,case Attribute when 'Cleartext-Password' then 'User-Password' else Attribute end,Value,op FROM freeradius_service_radcheck WHERE Username = ? ORDER BY id AuthReply SELECT id,UserName,Attribute,Value,op FROM freeradius_service_radreply WHERE Username = ? ORDER BY id AuthGroupCheck SELECT freeradius_service_radgroupcheck.id,freeradius_service_radgroupcheck.GroupNa me,freeradius_service_radgroupcheck.Attribute,freeradius_service_radgroupche ck.Value,freeradius_service_radgroupcheck.op FROM freeradius_service_radgroupcheck,freeradius_service_radusergroup WHERE freeradius_service_radusergroup.Username = ? AND freeradius_service_radusergroup.GroupName = freeradius_service_radgroupcheck.GroupName ORDER BY freeradius_service_radgroupcheck.id AuthGroupReply SELECT freeradius_service_radgroupreply.id,freeradius_service_radgroupreply.GroupNa me,freeradius_service_radgroupreply.Attribute,freeradius_service_radgrouprep ly.Value,freeradius_service_radgroupreply.op FROM freeradius_service_radgroupreply,freeradius_service_radusergroup WHERE freeradius_service_radusergroup.Username = ? AND freeradius_service_radusergroup.GroupName = freeradius_service_radgroupreply.GroupName ORDER BY freeradius_service_radgroupreply.id AcctStartQuery INSERT into freeradius_service_radacct (AcctSessionId, AcctUniqueId, UserName, GroupName, Realm, NASIPAddress, NASPort, NASPortType, AcctStartTime, AcctStopTime,AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, XAscendSessionSvrKey) VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', %0, null, '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%J', '1900-01-01 00:00:00', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0', null) AcctUpdateQuery UPDATE freeradius_service_radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = cast(((0%{Acct-Input-Gigawords} * 4294967296) + %{Acct-Input-Octets}) as numeric(18,0)), AcctOutputOctets = cast(((0%{Acct-Output-Gigawords} * 4294967296) + %{Acct-Output-Octets}) as numeric(18,0)) WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = %0 AND NASIPAddress= '%{NAS-IP-Address}' AcctStopQuery UPDATE freeradius_service_radacct SET AcctStopTime = '%J', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = cast(((0%{Acct-Input-Gigawords} * 4294967296) + %{Acct-Input-Octets}) as numeric(18,0)), AcctOutputOctets = cast(((0%{Acct-Output-Gigawords} * 4294967296) + %{Acct-Output-Octets}) as numeric(18,0)), AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = %0 AND NASIPAddress = '%{NAS-IP-Address}' </AuthBy> ##################################################### ## Access-Request - Handler Requests ## ##################################################### #Authorize Clients by Billing System - Platypus - Wireless <Handler Request-Type = Access-Request, Realm=myisp.ca, Client-Identifier=AP, TunnelledByTTLS=1> RewriteUsername s/^(.*)\\(.*)/$2\@$1/ RewriteUsername s/^(.*)\/(.*)/$2\@$1/ RewriteUsername s/^([^@]+).*/$1/ RewriteUsername s/(.*)/$1\@dsl.myisp.ca/ RewriteUsername tr/A-Z/a-z/ RewriteUsername s/\s+//g PreProcessingHook sub { my $p = ${$_[0]};\ if ($p->code() eq 'Accounting-Request'){\ my $key = $p->get_attr('User-Name') . ',' \ . $p->get_attr('Acct-Session-Id') . ',' \ . $p->get_attr('NAS-IP-Address') . ',' \ . $p->get_attr('NAS-Port');\ my $hash = Digest::MD5::md5_hex($key);\ $p->add_attr('Acct-Unique-Session-Id', $hash);\ }} AuthByPolicy ContinueUntilAccept AuthBy CheckPLATYPUS AuthLog Logger Authlog Syslog AuthLog AuthSyslog </Handler> #Authorize Clients by Flat File - ClientFile <Handler Request-Type = Access-Request, Realm=myisp.ca> AuthByPolicy ContinueUntilAccept AuthBy WifiClients AuthLog Logger AuthLog Syslog AuthLog AuthSyslog </Handler> ## Outter Handler ## <Handler Request-Type = Access-Request, Realm=some.other.realm> <AuthBy FILE> Filename /etc/radius/anuser EAPType TTLS, TLS, MSCHAP-V2, PEAP EAPTLS_CAFile /usr/share/doc/packages/Radiator/certificates/demoCA/cacert.pem EAPTLS_CertificateFile /usr/share/doc/packages/Radiator/certificates/cert-srv.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile /usr/share/doc/packages/Radiator/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever EAPTLS_MaxFragmentSize 1000 AutoMPPEKeys EAPAnonymous anonymous@some.other.realm </AuthBy> </Handler> Thanks, Bryce.
radius.cfg
Description: Binary data
Failurelog.log
Description: Binary data
logfile.log
Description: Binary data
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator