(RADIATOR) infinite loop on bad password

Tue, 04 Jul 2000 00:28:11 -0700 

Hi all,

it seems as though radiator (2.16.1) goes into an infinate loop when
issued with a bad password using radpwtst.  it may just be my config
file (below) that's not quite right.

What I want it to do:
it has to authenticate any user logging in from a proxied radius server
(another radiator, not directly controlled by me) - the username is in
the form of 'user@realm'.  the database contains the usernames,
passwords, and a 'disable' switch (au_authorised must be 'y' for a user
to log in).

System Info:
Machine is a P3/450 with 256mb ram.  It is a primary DNS server for
quite a few domain names.  It is also running qmail and apache, but not
very heavily.  It runs Linux (SuSE 6.4, freshly upgraded) kernel 2.2.13
(soon to be upgraded).  Perl version is 5.005_03.  It runs an AuthBySQL
to an Informix database - DBI is 1.14, DBD::Informix is 1.00.PC1.

Trace 4 Log extract:
Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL looks for match with
DEFAULT34532
Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
Tue Jul  4 16:36:28 2000: DEBUG: Query is: select au_password,
au_idletimeout, au_ipnumber from access_users where au_username =
'[EMAIL PROTECTED]' and au_authorised = 'y'

Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL looks for match with
DEFAULT34533
Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
Tue Jul  4 16:36:28 2000: DEBUG: Query is: select au_password,
au_idletimeout, au_ipnumber from access_users where au_username =
'[EMAIL PROTECTED]' and au_authorised = 'y'

Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL looks for match with
DEFAULT34534
Tue Jul  4 16:36:28 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
Tue Jul  4 16:36:28 2000: DEBUG: Query is: select au_password,
au_idletimeout, au_ipnumber from access_users where au_username =
'[EMAIL PROTECTED]' and au_authorised = 'y'

(this keeps repeating infinitely, until I kill the radius daemon)

Config File:
Trace 4

PidFile        /home/radius/radiusd.pid

AuthPort        1645
AcctPort        1646

LogDir          /home/radius/logs
DbDir           /home/radius/etc/raddb

LogFile %L/%Y-%m-%d.log

DictionaryFile %D/dictionary

<Client 127.0.0.1>
        Secret <secret>
</Client>

<Client 203.22.127.23>
        Secret <secret>
</Client>

<Client 203.22.127.8>
        Secret <secret>
</Client>

<Client 203.22.127.13>
        Secret <secret>
</Client>

<Client central.caverock.co.nz>
        Secret <secret>
</Client>

<Realm DEFAULT>
        MaxSessions     5
        AcctLogFileName %L/acc.log
        <AuthBy SQL>
                AddToReply      Service-Type =
"Framed-User",Framed-Protocol = "PPP",Framed-MTU = "1500"
                DBSource dbi:Informix:<database>
                DBUsername <username>
                DBAuth <password>

                AuthSelect select au_password, au_idletimeout,
au_ipnumber from access_users where au_username = '%u' and au_authorised
= 'y'
                AuthColumnDef 0, User-Password, check
                AuthColumnDef 1, Idle-Timeout, reply
                AuthColumnDef 2, Framed-IP-Address, reply

                AccountingTable access_data
                AccountingStopsOnly
                AcctColumnDef ad_username,User-Name
                AcctColumnDef ad_sessionid,Acct-Session-Id
                AcctColumnDef
ad_timestamp,Timestamp,formatted-date,'%Y-%m-%d %H:%M'
                AcctColumnDef ad_sessiontime,Acct-Session-Time,integer
                AcctColumnDef ad_indata,Acct-Input-Octets,integer
                AcctColumnDef ad_outdata,Acct-Output-Octets,integer
                AcctColumnDef ad_month,Timestamp,formatted-date,'%Y-%m'
        </AuthBy>
</Realm>

<Realm diggy.co.nz>
        RewriteUsername s/^([^@]+).*/$1/
        MaxSessions     5
        AcctLogFileName %L/acc.log
        <AuthBy DBFILE>
        Filename %D/diggyusers.db
        </AuthBy>
</Realm>

any help, or any suggestions on how to do this better would be greatly
appreciated!
---------------------------------------------------
Joel Michael
System Administrator
---------------------------------------------------
Diggy Internet Services  |   Ph: +61 7 3367 3555
90 Petrie Terrace        |   Fax: +61 7 3367 3544
Brisbane, Qld, 4000      |   Mob: 0401 039 462
Australia                |
---------------------------------------------------
"The system administrator is the god of the UNIX
system, so it's always a good thing to make friends
with your system administrator.  If you're working
in a corporate setting, the system administrator is
the person who sets up the system and makes sure it
runs properly.  They're the ones who can fix any
problems you may encounter, so your successful UNIX
experience may rely on their willingness to help
you."  -Teach Yourself Unix 4th Ed.
by Kevin Richard and Eric Foster-Johnson, pp.9.
---------------------------------------------------


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to