Hi,
I really hope you don't mind a maybe stupid question but it really eats
up my days... The question is: why hasn't my testuser the slightest chance
of authentication?
I'm playing a bit with a MySQL database that later will include the users
database, but currently only has one valid testuser, trish:
$ mysql -u radiususer -p
[...]
mysql> use radius;
mysql> select * from SUBSCRIBERS where USERNAME='trish';
+----------+---------------+-------------------+
| USERNAME | PASSWORD | HOMEDIR |
+----------+---------------+-------------------+
| trish | 71e5e1e45222b | /local/home/trish |
[...]
My radius.cfg looks like this:
----
Foreground
LogStdout
LogDir /local/home/trish/Radiator-config
DbDir /local/home/trish/Radiator-config
FingerProg /usr/bin/finger
Trace 5
include %D/clients.cfg
<Realm DEFAULT>
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername radiususer
DBAuth blafasel
FailureBackoffTime 300
AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
#AuthColumnDef 1, User-Password, check
AuthColumnDef 1, Encrypted-Password, check
</AuthBy>
</Realm>
----
When running radpwtst -user trish -password xyz (no matter whether xyz equals
the correct password or not), the debug output looks like this:
----
Wed Jun 7 19:08:15 2000: INFO: Server started: Radiator 2.16
Wed Jun 7 19:08:20 2000: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3981 ....
Packet length = 77
[...]
Code: Access-Request
Identifier: 125
Authentic: 1234567890123456
Attributes:
User-Name = "trish"
Service-Type = Framed-User
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
User-Password = "<155><231>><207><195>=<4><246><188>8<9><160><216>}x<153>"
Wed Jun 7 19:08:20 2000: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jun 7 19:25:00 2000: DEBUG: Deleting session for trish, 203.63.154.1, 1234
Wed Jun 7 19:25:00 2000: DEBUG: Handling with Radius::AuthSQL
Wed Jun 7 19:25:00 2000: DEBUG: Query is: select PASSWORD from SUBSCRIBERS where
USERNAME='trish'
Wed Jun 7 19:25:00 2000: DEBUG: Radius::AuthSQL looks for match with trish
Wed Jun 7 19:25:00 2000: DEBUG: Radius::AuthSQL ACCEPT:
Wed Jun 7 19:25:00 2000: DEBUG: Access accepted for trish
Wed Jun 7 19:25:00 2000: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 4018 ....
Code: Access-Accept
Identifier: 105
Authentic: 1234567890123456
Attributes:
Wed Jun 7 19:25:00 2000: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 4018 ....
Packet length = 67
[...]
Code: Accounting-Request
Identifier: 106
Authentic: <230><222>C{<146>pR<10><192><8><177><143>H<191><151><198>
Attributes:
User-Name = "trish"
Service-Type = Framed-User
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Wed Jun 7 19:25:00 2000: WARNING: Bad authenticator in request from 127.0.0.1
(203.63.154.1)
Wed Jun 7 19:25:05 2000: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 4018 ....
Packet length = 91
[...]
Code: Accounting-Request
Identifier: 107
Authentic: <254><167>o<234>)<143><198><179>X<231>?<138>y<194>0<202>
Attributes:
User-Name = "trish"
Service-Type = Framed-User
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Wed Jun 7 19:25:05 2000: WARNING: Bad authenticator in request from 127.0.0.1
(203.63.154.1)
----
@row in AuthSQL.pm's sub findUser gets the correct PASSWORD from the database,
thus, the problem should have to do with comparing. I tried both,
Encrypted-Password, and User-Password, without success, just to make sure.
Any hints where I should see next?
Thanks a lot
Patricia
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
