Re: (RADIATOR) New Radiator Installation

Hugh Irvine Fri, 07 Jul 2000 16:46:32 -0700

Hello Mike -

On Sat, 08 Jul 2000, [EMAIL PROTECTED] wrote:
> I just inherited our newly installed Radiator system.  It is version 2.16.1
> and it is installed on a Sun Soloris box.  It is setup for authby with LDAP
> and accounting to an Oracle database.  I can not get any passwords to be
> accepted when running radpwtst and Radiator times out after each attempt.
> Below are my config file and a level 4 trace log.  Could you please give me
> a pointer as to what I need to be looking at to resolve this problem.  All
> is running on a test system, so nothing is live.  I do not understand why
> Radiator returns the message: There was no password attribute found for
> MTURNER.  Userpassword does exist in LDAP.  It doesn't matter what password
> I use, encrypted or not.  The follow software has been installed:
>       Radiator v2.16.1
>       Perl DBI v1.13
>       Perl DBD for Oracle v1.03
>       Perl MD5 v1.7
>       Perl LDAP v1.42
> 
> # simple.cfg
> AuthPort 1812
> AcctPort 1813
> Trace 4
> Foreground
> LogStdout
> LogDir          /a/hq/mach/aprilia/home/polgara/MTURNER/radius
> DbDir           /a/hq/mach/aprilia/home/polgara/MTURNER/radius/raddb
> # You will probably want to change this to suit your site.
> <Client 10.4.178.1>
>         Secret Superdupper
>         # base for Framed-Group = 0
>         FramedGroupBaseAddress 192.168.4.1
>         DupInterval 0
> </Client>
> <Client 172.16.101.41>
>         Secret Superdupper
>         DupInterval 0
> </Client>
> <Client DEFAULT>
>         Secret  mysecret
>         # base for Framed-Group = 0
>         FramedGroupBaseAddress 192.168.4.1
>         DupInterval 0
> </Client>
> <Realm DEFAULT>
>         <AuthBy LDAP>
>                 Host    flarion.hq.ferg.com
>                 BaseDN  o=FEI, c=US
>                 UsernameAttr    cn
>                 EncryptedPasswordAttr   userpassword
>         </AuthBy>
>         # Log accounting to the detail file in LogDir
>         AcctLogFileName %L/detail
> </Realm>
> <SessionDatabase SQL>
>         # This database spec usually should be exactly the same
>         # as in <AuthBy RADMIN> above
>         DBSource        dbi:Oracle:RDD1.HQ.FERG.COM
>         DBUsername      radius
>         DBAuth          radius
> </SessionDatabase>
> 
> 
> MTURNER@elias:radius > radiusd -config_file ./radius.cfg
> Fri Jul  7 14:01:58 2000: INFO: Server started: Radiator 2.16.1
> Fri Jul  7 14:03:47 2000: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 34583 ....
> Code:       Access-Request
> Identifier: 61
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "MTURNER"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         User-Password =
> "<161><211><7><245><247>\<4><246><188>8<9><160><216>}x<1
> 53>"
> 
> Fri Jul  7 14:03:47 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Jul  7 14:03:47 2000: DEBUG:  Deleting session for MTURNER,
> 203.63.154.1, 12
> 34
> Fri Jul  7 14:03:47 2000: DEBUG: do query is: delete from RADONLINE where
> NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
> 
> Fri Jul  7 14:03:47 2000: DEBUG: Handling with Radius::AuthLDAP
> Fri Jul  7 14:03:47 2000: DEBUG: Connecting to flarion.hq.ferg.com, port 389
> Fri Jul  7 14:03:47 2000: DEBUG: LDAP got result for cn=MTURNER, o=FEI, c=US
> Fri Jul  7 14:03:47 2000: ERR: There was no password attribute found for
> MTURNER
> . Check your LDAP database.
> FFri Jul  7 14:03:47 2000: DEBUG: Radius::AuthLDAP looks for match with
> MTURNER
> Fri Jul  7 14:03:47 2000: DEBUG: Radius::AuthLDAP REJECT: Bad Encrypted
> password
> Fri Jul  7 14:03:47 2000: DEBUG: Connecting to flarion.hq.ferg.com, port 389
> Fri Jul  7 14:03:47 2000: DEBUG: No entries for DEFAULT found in LDAP
> database
> Fri Jul  7 14:03:47 2000: INFO: Access rejected for MTURNER: Bad Encrypted
> passw
> ord
> Fri Jul  7 14:03:47 2000: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 34583 ....
> Code:       Access-Reject
> Identifier: 61
> Authentic:  1234567890123456
> Attributes:
>         Reply-Message = "Request Denied"
> 
> Fri Jul  7 14:03:47 2000: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 34583 ....
> Code:       Accounting-Request
> Identifier: 62
> Authentic:  ?<241><0>==Z<201><230>W<172><26><231><230><150><129>r
> Attributes:
>         User-Name = "MTURNER"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         Acct-Session-Id = "00001234"
>         Acct-Status-Type = Start
> 
> Fri Jul  7 14:03:47 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Jul  7 14:03:47 2000: DEBUG:  Adding session for MTURNER, 203.63.154.1,
> 1234
> Fri Jul  7 14:03:47 2000: DEBUG: do query is: delete from RADONLINE where
> NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
> 
> Fri Jul  7 14:03:47 2000: DEBUG: do query is: insert into RADONLINE
> (USERNAME, N
> ASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
> NASPORTTYPE,
> SERVICETYPE) values ('MTURNER', '203.63.154.1', 01234, '00001234',
> 962993027, ''
> , 'Async', 'Framed-User')
> 
> Fri Jul  7 14:03:47 2000: DEBUG: Handling with Radius::AuthLDAP
> Fri Jul  7 14:03:47 2000: DEBUG: Accounting accepted
> Fri Jul  7 14:03:47 2000: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 34583 ....
> Code:       Accounting-Response
> Identifier: 62
> Authentic:  ?<241><0>==Z<201><230>W<172><26><231><230><150><129>r
> Attributes:
> 
> Fri Jul  7 14:03:47 2000: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 34583 ....
> Code:       Accounting-Request
> Identifier: 63
> Authentic:  <150>b<201><208>Oi<30><231><162>7<159><5><204>hr<0>
> Attributes:
>         User-Name = "MTURNER"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         Acct-Session-Id = "00001234"
>         Acct-Status-Type = Stop
>         Acct-Delay-Time = 0
>         Acct-Session-Time = 1000
>         Acct-Input-Octets = 20000
>         Acct-Output-Octets = 30000
> 
> Fri Jul  7 14:03:47 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Jul  7 14:03:47 2000: DEBUG:  Deleting session for MTURNER,
> 203.63.154.1, 12
> 34
> Fri Jul  7 14:03:47 2000: DEBUG: do query is: delete from RADONLINE where
> NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
> 
> Fri Jul  7 14:03:47 2000: DEBUG: Handling with Radius::AuthLDAP
> Fri Jul  7 14:03:48 2000: DEBUG: Accounting accepted
> Fri Jul  7 14:03:48 2000: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 34583 ....
> Code:       Accounting-Response
> Identifier: 63
> Authentic:  <150>b<201><208>Oi<30><231><162>7<159><5><204>hr<0>
> Attributes:
> 
> 
> timeout at /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 226.
> zsh: segmentation fault (core dumped)  radiusd -config_file ./radius.cfg
> MTURNER@elias:radius >
> 

Could you please try using a simple PasswordAttr statement and a cleartext
password? Also, AuthBy LDAP2 is preferable for new installations (with the
corresponding Perl module).

I am also concerned by the above - a timeout and a segmentation fault. Does
this happen all the time?

And BTW, your existing configuration file is only using SQL for the session
database, it is not being used for accounting.

thanks

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) New Radiator Installation

Reply via email to
