That was it :D Thankyou soooo much!
On 01/19/2011 07:27 AM, Heikki Vatiainen wrote: > On 01/19/2011 12:10 AM, Michael Shoemaker wrote: > >> tonytestgordonlab User-Password = "testing123" >> Service-Type = 2, >> Ascend-Assign-IP-Pool = 0, >> Ascend-Data-Filter = "ip in forward tcp est", >> Ascend-Data-Filter = "ip in forward dstip xxxxxxxxxx", >> Ascend-Data-Filter = "ip in drop tcp dstport = 25", >> Ascend-Data-Filter = "ip in forward" > The file contents look good. Since MSCHAPv2 uses the username for > hashing, the server must calculate the hash from the exactly same > username than client has. In other words, any sort of RewriteUsername > Radiator does can cause incorrect results from MSCHAPv2. > > Please check your configuration for rewrites. To eliminate possible > problem with DBFile, try<AuthBy FILE> also. > > If the problem does not go away, reply with: > - Your configuration file (no securets) > - Full log from failed attempt > - Radiator version > - What username the client uses > - What the client software is (Alvarion, something else?) > > Thanks! > > >> On 01/18/2011 05:03 PM, Heikki Vatiainen wrote: >>> On 01/18/2011 11:51 PM, Michael Shoemaker wrote: >>>> Yes, I used the -t as I am working with a db compiled as such and can't >>>> change that at this time. >>> Ok. From the log it looks like Radiator can read the DBM file correctly. >>> Please reply with the entry for user tonytestgordonlab from the original >>> plain text user file. >>> >>> Since you are using MSCHAPv2, the User-Password needs to be in plain >>> text or NTHash format. See the file called "users" in the top level of >>> Radiator distribution directory. Check examples pwtest14 and pwtest15. >>> >>>> This is what is in the access request to the dbfile. >>>> >>>> >>>> User-Name = "tonytestgordonlab" >>>> MS-CHAP-Challenge = f<223>)<22><158>R\<27><3><5>ia<226><213>*n >>>> MS-CHAP2-Response = >>>> <193><0><0><0><0><27><0><0><0>P<24><7><0><1><0><0><0><0><0><0><0><0><0><0><0><0><229>[<149><185><148><25>I,D<250>KS<153><183><28>\ >>>> >>>> -<209><18> <186><1><183> >>>> >>>> Fri Jan 14 12:44:56 2011: DEBUG: EAP TTLS inner authentication request >>>> for tonytestgordonlab >>>> Fri Jan 14 12:44:56 2011: DEBUG: Handling request with Handler >>>> 'TunnelledByTTLS=1' >>>> Fri Jan 14 12:44:56 2011: DEBUG: Rewrote user name to tonytestgordonlab >>>> Fri Jan 14 12:44:56 2011: DEBUG: Deleting session for >>>> tonytestgordonlab, 192.168.0.1, >>>> Fri Jan 14 12:44:56 2011: DEBUG: Handling with Radius::AuthDBFILE: >>>> Fri Jan 14 12:44:56 2011: DEBUG: Radius::AuthDBFILE looks for match with >>>> tonytestgordonlab [tonytestgordonlab] >>>> Fri Jan 14 12:44:57 2011: DEBUG: Radius::AuthDBFILE REJECT: Bad >>>> Password: tonytestgordonlab [tonytestgordonlab] >>>> Fri Jan 14 12:44:57 2011: DEBUG: AuthBy DBFILE result: REJECT, Bad >>>> Password >>>> Fri Jan 14 12:44:57 2011: INFO: Access rejected for tonytestgordonlab: >>>> Bad Password >>>> Fri Jan 14 12:44:57 2011: DEBUG: Returned TTLS tunnelled Diameter Packet >>>> dump: >>>> >>>> >>>> That is what I have. I am quite sure I must be over looking something >>>> fairly trivial. >>>> >>>> Thoughts? >>>> >>>> >>>> On 01/18/2011 04:19 PM, Heikki Vatiainen wrote: >>>>> On 01/18/2011 05:19 PM, Michael Shoemaker wrote: >>>>> >>>>>> We are trying to get authentication with an alvarion wireless unit >>>>>> that >>>>>> is sending mschapv2 encrypted passwords through a eap-ttls tunnel. >>>>>> >>>>>> I can get the eap-ttls tunnel built and can see the attempts to >>>>>> request >>>>>> the mschapv2 but am not sure where our hangup is. >>>>> I have a couple of suggestions below. If they do not work, reply with >>>>> your configuration file (no secrets) and log file that shows the >>>>> failing >>>>> requests. >>>>> >>>>>> What needs to be done to be able to get local authentication on the >>>>>> radiator server using AuthBy DBFILE (DB_File) >>>>>> >>>>>> The db was built using a plaintext file then converted using the >>>>>> builddbm script. >>>>> Did you use -t option with builddbm? If you did not, then you should >>>>> remove "DBType DB_FILE" from the config. By default builddbm creates a >>>>> AnyDBM_File which is also the default value for DBType. >>>>> >>>>>> <Handler TunnelledByTTLS=1> >>>>>> >>>>>> <AuthBy DBFILE> >>>>>> Filename /etc/raddb.proxy/dbm/users.db >>>>>> DBType DB_File >>>>> Check if this is really the correct value. >>>>> >>>>>> </AuthBy> >>>>>> this gets me to the point of doing the ttls tunnel, then it passes the >>>>>> mschap stuff to the authby dbfile... but I am not sure how to >>>>>> unencrypt >>>>>> the pw to check vs the db file. >>>>> If the DBType check will not help, then the problems with password >>>>> check >>>>> should be visible in the log. >>>>> >>>>> Thanks! >>>>> Heikki Vatiainen >>>>> > _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
