[RADIATOR] Problem with pam_radius

Tue, 29 Mar 2011 23:57:57 -0700 

Hello,

I have been trying to authenticate users from a linux box (Red Hat ES 4 i386) 
using pam_radius (1.3.17), and it always fails, with the message "Bad 
password". I have read some other threads on this list telling that the problem 
is the secret between the server and the radius (3.17.1-1), and I have 
discarded this doing some other tests (changing the secret on the radius shows 
up a message on the server telling that the secret is not valid).

So, doing some other tests I have found a problem with the password decryption 
on the radius; it seems that the password is not been decrypted correctly. I 
have modified the "decode_password" subroutine on Radius.pm, uncommenting the 
following lines:

    # Uncomment this if you really want to see whats really
    # in the password. Useful for finding obscure bugs
    my $pwdump = Radius::AttrVal::pclean($pwdout);
    &main::log($main::LOG_DEBUG, "Decoded password is $pwdump", $self);

and this is what is it showing up on the trace 4 log:

*** Received from 10.0.124.53 port 27601 ....
Code:       Access-Request
Identifier: 108
Authentic:  7<22><216>m<171>zD<191><238>@<181>[zl=<253>
Attributes:
        User-Name = "frcm"
        User-Password = P<191><5><142>2<222>2_<156><230><224>/.p<171><242>
        NAS-IP-Address = 127.0.0.1
        NAS-Identifier = "sshd"
        NAS-Port = 26576
        NAS-Port-Type = Virtual
        Service-Type = Authenticate-Only
        Calling-Station-Id = "172.16.178.76"

Tue Mar 22 09:19:00 2011: DEBUG: Handling request with Handler 
'NAS-Identifier="sshd"'
Tue Mar 22 09:19:00 2011: DEBUG:  Deleting session for frcm, 127.0.0.1, 26576
Tue Mar 22 09:19:00 2011: DEBUG: Decoded password is <198>* 
uVf<204><1>w<227>-<190>V..<15>
Tue Mar 22 09:19:00 2011: DEBUG: Handling with Radius::AuthSQL
Tue Mar 22 09:19:00 2011: DEBUG: Handling with Radius::AuthSQL: SERVERS
Tue Mar 22 09:19:00 2011: DEBUG: Query is: 'SELECT password FROM usuarios WHERE 
username='frcm'':
Tue Mar 22 09:19:00 2011: ERR: Execute failed for 'SELECT password FROM 
usuarios WHERE username='frcm'': Lost connection to MySQL server during query
Tue Mar 22 09:19:00 2011: DEBUG: Radius::AuthSQL looks for match with frcm 
[frcm]
Tue Mar 22 09:19:00 2011: DEBUG: Decoded password is <198>* 
uVf<204><1>w<227>-<190>V..<15>
Tue Mar 22 09:19:00 2011: DEBUG: Radius::AuthSQL REJECT: Bad Password: frcm 
[frcm]
Tue Mar 22 09:19:00 2011: DEBUG: AuthBy SQL result: REJECT, Bad Password
Tue Mar 22 09:19:00 2011: INFO: Access rejected for frcm: Bad Password
Tue Mar 22 09:19:00 2011: DEBUG: Packet dump:
*** Sending to 10.0.124.53 port 27601 ....
Code:       Access-Reject
Identifier: 108
Authentic:  7<22><216>m<171>zD<191><238>@<181>[zl=<253>
Attributes:
        Called-Station-Id = "<198>* uVf<204><1>w<227>-<190>V..<15>"
        Reply-Message = "Bad Password"



If I use the radpwtst utility on the server where I am trying to authenticate 
from using pam_radius, the password is correctly decoded and is showed up 
correctly on the trace4.

So, my question is: does some else have encountered this problem?

Regards.


________________________________

--------------------------------------------------------------------------------

Este mensaje es privado y CONFIDENCIAL y se dirige exclusivamente a su 
destinatario. Si usted ha recibido este mensaje por error, no debe revelar, 
copiar, distribuir o usarlo en ning?n sentido. Le rogamos lo comunique al 
remitente y borre dicho mensaje y cualquier documento adjunto que pudiera 
contener. El correo electr?nico via Internet no permite asegurar la 
confidencialidad de los mensajes que se transmiten ni su integridad o correcta 
recepci?n. JAZZTEL no asume responsabilidad por estas circunstancias. Si el 
destinatario de este mensaje no consintiera la utilizaci?n del correo 
electr?nico via Internet y la grabaci?n de los mensajes, rogamos lo ponga en 
nuestro conocimiento de forma inmediata.Cualquier opini?n expresada en este 
mensaje pertenece ?nicamente al autor remitente, y no representa necesariamente 
la opini?n de JAZZTEL, a no ser que expresamente se diga y el remitente est? 
autorizado para hacerlo.


--------------------------------------------------------------------------------


This message is private and CONFIDENTIAL and it is intended exclusively for its 
addressee. If you receive this message in error, you should not disclose, copy, 
distribute this e-mail or use it in any other way. Please inform the sender and 
delete the message and attachments from your system.Internet e-mail neither 
guarantees the confidentiality nor the integrity or proper receipt of the 
messages sent. JAZZTEL does not assume any liability for those circumstances. 
If the addressee of this message does not consent to the use of Internet e-mail 
and message recording, please notify us immediately.Any views or opinions 
contained in this message are solely those of the author, and do not 
necessarily represent those of JAZZTEL, unless otherwise specifically stated 
and the sender is authorised to do so.


--------------------------------------------------------------------------------

_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to