Re: (RADIATOR) Problems with AuthSQL and DEFAULT username

Hugh Irvine Tue, 03 Oct 2000 03:49:40 -0700

Hello Gildas -

On Tue, 03 Oct 2000, Gildas PERROT wrote:
> Hi,
> 
> I defined a DEFAULT username in order to defined default Reply items for all
> users.
> Here are configuration lines for that :
> 
> <Handler>
>         SessionDatabase  SDBSQL
>         AuthByPolicy ContinueWhileAccept
>         <AuthBy SQL>
>                 DBSource dbi:mysql:radius
>                 DBUsername radiator
>                 DBAuth ra1diator
>                 AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
>                         from SUBSCRIBERS where USERNAME = '%n'
>         </AuthBy>
>         <AuthBy SQL>
>                 DBSource dbi:mysql:radius
>                 DBUsername radiator
>                 DBAuth ra1diator
>                 AuthSelect select NULL, CHECKATTR, REPLYATTR from
> SUBSCRIBERS where USERNAME = 'DEFAULT'
> ....
> 
> In the SUBSCRIBERS, I have :
> 
> | fluxus    | *******  | NULL              |           | PoolHint=Fluxus
> | Fluxus    |
> | DEFAULT   | NULL     | NULL              | NULL      | Service-Type =
> Framed-User,PoolHint=Public | NULL      |
> 
> However, I have a bad behaviour with that configuration : even if I have a
> bad password with 'fluxus' user, the Access request is accepted as you can
> see below :
> 
> Tue Oct  3 10:55:13 2000: DEBUG: Packet dump:
> *** Received from 10.69.1.1 port 1645 ....
> Code:       Access-Request
> Identifier: 7
> Authentic:  <133><24>y<1> !r,<192>F<129><134>*<16><250><216>
> Attributes:
>         NAS-IP-Address = 10.69.1.1
>         NAS-Port = 2
>         NAS-Port-Type = Async
>         User-Name = "Fluxus"
>         Called-Station-Id = "6640"
>         Calling-Station-Id = "672085196"
>         CHAP-Password =
> "<2>0<127><184><200>W<175><255><204><25>@^<210><181><245><1>"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
> 
> Tue Oct  3 10:55:13 2000: DEBUG: Rewrote user name to fluxus
> Tue Oct  3 10:55:13 2000: DEBUG: Check if Handler  should be used to handle
> this request
> Tue Oct  3 10:55:13 2000: DEBUG: Handling request with Handler ''
> Tue Oct  3 10:55:13 2000: DEBUG: SDBSQL Deleting session for Fluxus,
> 10.69.1.1, 2
> Tue Oct  3 10:55:13 2000: DEBUG: do query is: delete from ONLINE where
> USERNAME='fluxus' and NASPORT=2
> 
> Tue Oct  3 10:55:13 2000: DEBUG: Handling with Radius::AuthSQL
> Tue Oct  3 10:55:13 2000: DEBUG: Handling with Radius::AuthSQL
> Tue Oct  3 10:55:13 2000: DEBUG: Query is: select PASSWORD, CHECKATTR,
> REPLYATTR from SUBSCRIBERS where
> USERNAME = 'fluxus'
> 
> Tue Oct  3 10:55:13 2000: DEBUG: Radius::AuthSQL looks for match with fluxus
> Tue Oct  3 10:55:13 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Tue Oct  3 10:55:13 2000: DEBUG: Query is: select PASSWORD, CHECKATTR,
> REPLYATTR from SUBSCRIBERS where
> USERNAME = 'DEFAULT'
> 
> Tue Oct  3 10:55:13 2000: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT
> Tue Oct  3 10:55:13 2000: DEBUG: Radius::AuthSQL ACCEPT:
> Tue Oct  3 10:55:13 2000: DEBUG: Handling with Radius::AuthSQL
> Tue Oct  3 10:55:13 2000: DEBUG: Handling with Radius::AuthSQL
> Tue Oct  3 10:55:13 2000: DEBUG: Query is: select NULL, CHECKATTR, REPLYATTR
> from SUBSCRIBERS where USER
> NAME = 'DEFAULT'
> 
> Tue Oct  3 10:55:13 2000: DEBUG: Radius::AuthSQL looks for match with fluxus
> Tue Oct  3 10:55:13 2000: DEBUG: Radius::AuthSQL ACCEPT:
> Tue Oct  3 10:55:13 2000: DEBUG: Handling with Radius::AuthDYNADDRESS
> Tue Oct  3 10:55:13 2000: DEBUG: Query is: select YIADDR, SUBNETMASK,
> DNSSERVER from RADPOOL where
> POOL='Public' and STATE=0 order by TIME_STAMP
> 

This is not working because any AuthBy will look for "DEFAULT" if it fails.

You should really do something like this instead:

<Handler>        
        SessionDatabase  SDBSQL
        <AuthBy SQL>
                DBSource dbi:mysql:radius
                DBUsername radiator
                DBAuth ra1diator
                AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
                from SUBSCRIBERS where USERNAME = '%n'
                AuthColumnDef 0, User-Password, check
                AuthColumnDef 1, GENERIC, check
                AuthColumnDef 2, GENERIC, reply
                # Add common reply attributes for all users
                AddToReply .....
        </AuthBy>
</Handler>

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems with AuthSQL and DEFAULT username

Reply via email to
