Hello -
It looks to me like the shared secrets are incorrect. regards Hugh On Wed, 17 Apr 2002 06:19, [EMAIL PROTECTED] wrote: > Hello, > > I have been doing some called-station-id handler-based authentication which > has been working fine (below is an extract of my .cfg file. > > --cut-- > <Handler Called-Station-Id="*********"> > <AuthBy RADIUS> > Host x.x.x.x > Secret *** > AuthPort 18120 > AcctPort 18130 > </AuthBy> > # Log accounting to the detail file in LogDir > AcctLogFileName %L/handlers-detail.%Y%m%d > </Handler> > > --cut--- > > > I now want to change this to AuthBy SQLRADIUS, and my cfg file is as > follows.... > > <Client localhost> > Secret mysecret > DupInterval 0 > </Client> > > <Realm DEFAULT> > <AuthBy SQLRADIUS> > DBSource dbi:Pg:dbname=proxy > DBUsername radius > DBAuth **** > > HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT from > RADIUSSERVERS where TARGETNAME='%{Called-Station-Id} > . </AuthBy> > </Realm> > > The SQL lookup seems to work fine, and the request is proxied, but the > level 2 radius instance always rejects the password. This is exactly the > same instance that works OK with the handler based level 1 instance. > Attached please find the Trace Output for the 2 radius instances, > > level 1 > -------------------- > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump: > *** Received from 127.0.0.1 port 2101 .... > > Packet length = 92 > 01 e9 00 5c 31 32 33 34 35 36 37 38 39 30 31 32 > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00 > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35 > 34 33 32 31 3d 06 00 00 00 00 02 12 8d ee 2c d9 > 96 65 04 f6 bc 38 09 a0 d8 7d 78 99 > Code: Access-Request > Identifier: 233 > Authentic: 1234567890123456 > Attributes: > User-Name = "utest1" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "269069000" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = > "<141><238>,<217><150>e<4><246><188>8<9><160><216>}x<153>" > > Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Tue Apr 16 13:07:53 2002: DEBUG: Deleting session for utest1, > 203.63.154.1, 1234 > Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthRADIUS > Tue Apr 16 13:07:53 2002: DEBUG: Query is: select HOST1, SECRET, AUTHPORT, > ACCTPORT from RADIUSSERVERS where TARGETNAME='269069000' > > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump: > *** Sending to 195.202.64.45 port 18120 .... > Packet length = 92 > 01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32 > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00 > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35 > 34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9 > f2 6b 0f 02 69 72 fb 07 fd ed 83 2d > Code: Access-Request > Identifier: 2 > Authentic: 1234567890123456 > Attributes: > User-Name = "utest1" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "269069000" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = > "<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-" > > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump: > *** Received from 195.202.64.45 port 18120 .... > > Packet length = 36 > 03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a > 65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65 > 6e 69 65 64 > Code: Access-Reject > Identifier: 2 > Authentic: <140><157><180>B"{<211><220><184><203>}<26>e<133><155>7 > Attributes: > Reply-Message = "Request Denied" > > Tue Apr 16 13:07:53 2002: DEBUG: Received reply in AuthRADIUS for req 2 > from 195.202.64.45:18120 > Tue Apr 16 13:07:53 2002: WARNING: Bad authenticator received in reply to > ID 2 > Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Proxied > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump: > > > > > Level 2 > ------------------------------------- > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump: > *** Received from 195.202.64.45 port 1889 .... > > Packet length = 92 > 01 02 00 5c 31 32 33 34 35 36 37 38 39 30 31 32 > 33 34 35 36 01 08 64 74 68 61 62 61 06 06 00 00 > 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b > 32 36 39 30 36 39 30 30 30 1f 0b 39 38 37 36 35 > 34 33 32 31 3d 06 00 00 00 00 02 12 cd 53 f5 c9 > f2 6b 0f 02 69 72 fb 07 fd ed 83 2d > Code: Access-Request > Identifier: 2 > Authentic: 1234567890123456 > Attributes: > User-Name = "utest1" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "269069000" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = > "<205>S<245><201><242>k<15><2>ir<251><7><253><237><131>-" > > Tue Apr 16 13:07:53 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Tue Apr 16 13:07:53 2002: DEBUG: Rewrote user name to utest1 > Tue Apr 16 13:07:53 2002: DEBUG: Deleting session for utest1, > 203.63.154.1, 1234 > Tue Apr 16 13:07:53 2002: DEBUG: Handling with Radius::AuthFILE: > Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE looks for match with > utest1 > Tue Apr 16 13:07:53 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password > Tue Apr 16 13:07:53 2002: INFO: Access rejected for utest1: Bad Password > Tue Apr 16 13:07:53 2002: DEBUG: Packet dump: > *** Sending to 195.202.64.45 port 1889 .... > > Packet length = 36 > 03 02 00 24 8c 9d b4 42 22 7b d3 dc b8 cb 7d 1a > 65 85 9b 37 12 10 52 65 71 75 65 73 74 20 44 65 > 6e 69 65 64 > Code: Access-Reject > Identifier: 2 > Authentic: 1234567890123456 > Attributes: > Reply-Message = "Request Denied" > > > Any ideas, please help > > Rgds > TDN > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.