(RADIATOR) AuthBy SQL question
Hello. I am curious with AuthBy SQL and decided to try it out. After a few tries, however, I can't get logged in, using the most basic AuthSelect and the tables/data contained in goodies/postgresCreate.sql. I get this error complaining about incorrect password: Fri Jun 9 20:42:02 2000: DEBUG: Handling request with Handler 'Realm=testroy' Fri Jun 9 20:42:02 2000: DEBUG: Rewrote user name to mikem Fri Jun 9 20:42:02 2000: DEBUG: Deleting session for mikem@testroy, 208.155.152.42, 1025 Fri Jun 9 20:42:02 2000: DEBUG: Handling with Radius::AuthSQL Fri Jun 9 20:42:02 2000: DEBUG: Handling with Radius::AuthSQL Fri Jun 9 20:42:02 2000: DEBUG: Query is: select PASSWORD from SUBSCRIBERS where USERNAME='mikem' Fri Jun 9 20:42:02 2000: DEBUG: Radius::AuthSQL looks for match with mikem Fri Jun 9 20:42:02 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password Fri Jun 9 20:42:02 2000: DEBUG: Query is: select PASSWORD from SUBSCRIBERS where USERNAME='DEFAULT' Here's my AuthBy SQL config: Realm testroy RewriteUsername s/^([^@]+).*/$1/ AuthBy SQL DBSourcedbi:Pg:dbname=radiator DBUsername postgres DBAuth MYPOSTGRESPASSWORD AccountingTable accounting AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n' AuthColumnDef 0, User-Password, check AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address /AuthyBy /Realm My subscribers table (from the goodies directory): radiator= select * from subscribers; username|password|encryptedpassword|checkattr |replyattr ++-+--+ mikem |fred|1xMKc0GIVUNbE|Service-Type = Framed-User|Framed-Protocol = PPP,Framed-IP-Netmask = 255.255.255.0,cisco-avpair = "testing testing" (1 row) What am I missing? TIA. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL question
Hello Hugh, Thanks for responding ... On Sat, 10 Jun 2000, Hugh Irvine wrote: I notice that your Postgress table definitions are in lower case, and your AuthSelect is in upper case. Is this correct? Postgres is not case-sensitive. radiator= select PASSWORD from SUBSCRIBERS where USERNAME = 'mikem'; password fred (1 row) Also, if you want to use the "checkattr" and "replyattr" fields, you will need to modify your AuthSelect statement together with the corresponding AuthColumnDef's. Of course. Only I would like to do the most simple auth method first before complicating things for me :) And does the inbound test packet in fact contain a password of "fred"? Of course. I even tried NULLING the password in the postgres database (as it said in the docs that if the password is NULL, it would accept ANY password), to no avail. You might try something like this: Realm testroy RewriteUsername s/^([^@]+).*/$1/ AuthBy SQL DBSourcedbi:Pg:dbname=radiator DBUsername postgres DBAuth MYPOSTGRESPASSWORD AuthSelect select password from subscribers where \ username='%n' AuthColumnDef 0, User-Password, check AccountingTable accounting AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address /AuthyBy /Realm If the field names are indeed case-sensitive, you will have to change the AcctColumnDef's as well. I did, however, still tried your config above, changing the case of the letters. I still get this: Sat Jun 10 10:44:37 2000: DEBUG: Handling request with Handler 'Realm=testroy' Sat Jun 10 10:44:37 2000: DEBUG: Rewrote user name to mikem Sat Jun 10 10:44:37 2000: DEBUG: Deleting session for mikem@testroy, 208.155.152.42, 1025 Sat Jun 10 10:44:37 2000: DEBUG: Handling with Radius::AuthSQL Sat Jun 10 10:44:37 2000: DEBUG: Handling with Radius::AuthSQL Sat Jun 10 10:44:37 2000: DEBUG: Query is: select password from subscribers where username='mikem' Sat Jun 10 10:44:37 2000: DEBUG: Radius::AuthSQL looks for match with mikem Sat Jun 10 10:44:37 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password Sat Jun 10 10:44:37 2000: DEBUG: Query is: select password from subscribers where username='DEFAULT' Sat Jun 10 10:44:37 2000: INFO: Access rejected for mikem: Bad Password Sat Jun 10 10:44:37 2000: DEBUG: Packet dump: *** Sending to 208.155.152.42 port 1645 Additional question -- Why do I get Query is: select password from subscribers where username='DEFAULT'. This might be the cause ... Hoping for your continued support ... Thanks. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) More Roaming Problems
Hello. I tried Hugh's solution on my query last March 23 (yes, I only had the chance to do this a month after) re: 0 symbol in the realm field. Well, there still seems to be problem. Here is the current setup: I-Manila is local ISP (i-manila.com.ph) I-Cebu is provincial ISP (i-cebu.com.ph) The idea is I-Manila users in Cebu should be able to connect using [EMAIL PROTECTED] in Cebu's trunks. The I-Manila setup is: Client cebuserver.here.com Secret RewriteUsername s/\0/@/ -- remove that 0 from Merit Radius DupInterval 15 IgnoreAcctSignature /Client Realm i-manila.com.ph RewriteUsername s/^([^@]+).*/$1/ -- get just the username RewriteUsername tr/0-9|a-z|\-|_//cd -- remove any characters #other than [a-z], [0-9], dash and underscore AuthBy EXTERNAL Command /radius/radauth DecryptPassword /AuthBy PasswordLogFileName %L/password.imanila.log /Realm The logs however show: For local I-Manila user who uses [EMAIL PROTECTED], this example was able to authenticate properly: Wed Apr 26 11:04:54 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED] Wed Apr 26 11:04:54 2000: DEBUG: Handling request with Handler 'Realm=i-manila.com.ph' Wed Apr 26 11:04:54 2000: DEBUG: Rewrote user name to daleones Wed Apr 26 11:04:54 2000: DEBUG: Rewrote user name to daleones Wed Apr 26 11:04:54 2000: DEBUG: Deleting session for [EMAIL PROTECTED], 203.167.0.34, 30 Wed Apr 26 11:04:54 2000: DEBUG: Running command: /radius/radauth Wed Apr 26 11:04:55 2000: DEBUG: Access accepted for daleones Wed Apr 26 11:04:55 2000: DEBUG: Packet dump: For I-Manila users roaming in Cebu: Wed Apr 26 15:02:14 2000: DEBUG: Rewrote user name to roytest^@i-manila.com.ph Wed Apr 26 15:02:14 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED] Wed Apr 26 15:02:14 2000: DEBUG: Handling request with Handler 'Realm=i-manila.com.ph' Wed Apr 26 15:02:14 2000: DEBUG: Rewrote user name to roytest Wed Apr 26 15:02:14 2000: DEBUG: Rewrote user name to roytest Wed Apr 26 15:02:14 2000: DEBUG: Deleting session for roytest^@i-manila.com.ph, 208.164.193.180, 12 Wed Apr 26 15:02:14 2000: DEBUG: Running command: /radius/radauth Wed Apr 26 15:02:14 2000: DEBUG: Access accepted for roytest Wed Apr 26 15:02:14 2000: DEBUG: Packet dump: Note the differenct between [EMAIL PROTECTED] after deleting session when successful, and username^@i-manila.com.ph if not successful Any workaround? TIA. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) More Roaming Problem -- hmmm, interesting
Hello again. Here's something interesting - whenever they dial into a Cisco, they authenticate (and account) fine. But whenever they connect to a USRNetserver16, they can't. Here are the comparative logs: Cisco: *** Received from 208.155.152.36 port 1026 Code: Access-Request Identifier: 143 Authentic: Cm18292172219m2342502]18922196 Attributes: NAS-IP-Address = 208.155.154.129 NAS-Port = 9 NAS-Port-Type = Async User-Name = "roytest0i-manila.com.ph" User-Password = "F1822012414`9240176a13318719ou" Service-Type = Framed-User Framed-Protocol = PPP User-Id = "roytest" NAS-Identifier = "salvi.i-iloilo.com.ph" User-Realm = "i-manila.com.ph" Service-Type = Framed-User Framed-Protocol = PPP Login-Service = Rlogin Session-Timeout = 21600 Framed-MTU = 576 Proxy-State = 0 Wed Apr 26 19:20:46 2000: DEBUG: Rewrote user name to roytest^@i-manila.com.ph Wed Apr 26 19:20:46 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED] Wed Apr 26 19:20:46 2000: DEBUG: Handling request with Handler 'Realm=i-manila.com.ph' Wed Apr 26 19:20:46 2000: DEBUG: Rewrote user name to roytest Wed Apr 26 19:20:46 2000: DEBUG: Rewrote user name to roytest Wed Apr 26 19:20:46 2000: DEBUG: Deleting session for roytest^@i-manila.com.ph, 208.155.154.129, 9 Wed Apr 26 19:20:46 2000: DEBUG: Running command: /radius/radauth Wed Apr 26 19:20:47 2000: DEBUG: Access accepted for roytest Wed Apr 26 19:20:47 2000: DEBUG: Packet dump: *** Sending to 208.155.152.36 port 1026 Code: Access-Accept Identifier: 143 Authentic: Cm18292172219m2342502]18922196 Attributes: Proxy-State = 0 Session-Timeout = 21600 -- USR Netserver16 *** Received from 208.155.152.36 port 1026 Code: Access-Request Identifier: 117 Authentic: 237148v247M175^16821516*a1732111 Attributes: User-Name = "roytest0i-manila.com.ph" User-Password = "]242228217026Dd15922116717623320m)" NAS-IP-Address = 208.155.154.130 NAS-Port = 2 Service-Type = Framed-User Framed-Protocol = PPP User-Id = "roytest" NAS-Identifier = "pop2.i-iloilo.com.ph" User-Realm = "i-manila.com.ph" Service-Type = Framed-User Framed-Protocol = PPP Login-Service = Rlogin Session-Timeout = 21600 Framed-MTU = 576 Proxy-State = 0 Wed Apr 26 18:49:49 2000: DEBUG: Rewrote user name to roytest^@i-manila.com.ph Wed Apr 26 18:49:49 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED] Wed Apr 26 18:49:49 2000: DEBUG: Handling request with Handler 'Realm=i-manila.com.ph' Wed Apr 26 18:49:49 2000: DEBUG: Rewrote user name to roytest Wed Apr 26 18:49:49 2000: DEBUG: Rewrote user name to roytest Wed Apr 26 18:49:49 2000: DEBUG: Deleting session for roytest^@i-manila.com.ph, 208.155.154.130, 2 Wed Apr 26 18:49:49 2000: DEBUG: Running command: /radius/radauth Wed Apr 26 18:49:50 2000: DEBUG: Access accepted for roytest Wed Apr 26 18:49:50 2000: DEBUG: Packet dump: *** Sending to 208.155.152.36 port 1026 Code: Access-Accept Identifier: 117 Authentic: 237148v247M175^16821516*a1732111 Attributes: Proxy-State = 0 Session-Timeout = 21600 What's the difference between the two setup? Thanks again. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: More Roaming Problems
On Thu, 27 Apr 2000, Hugh Irvine wrote: Both traces above show Access accepted. The line below refers to the session database that is always updated with the original username as it arrives from the NAS (or proxy). The logs show its accepted, however, the connection was never started. On the side of the person dialling, it keeps on asking for the password. According to the logs on Merit: Wed Apr 26 18:49:48 2000: Received-Authentication: 234/629 '[EMAIL PROTECTED]' from pop2.i-iloilo.com.ph port 2 PPP Wed Apr 26 18:49:48 2000: child_end: DNS update finished Wed Apr 26 18:49:48 2000: Authentication: 234/629 'roytest\0i-manila.com.ph' via pop2.i-iloilo.com.ph from 208. 155.154.130 port 2 PPP - OK -- total 0, holding 0 Wed Apr 26 18:50:14 2000: Received-Authentication: 235/630 '[EMAIL PROTECTED]' from pop2.i-iloilo.com.ph port 2 PPP Wed Apr 26 18:50:14 2000: Authentication: 235/630 'roytest\0i-manila.com.ph' via pop2.i-iloilo.com.ph from 208. 155.154.130 port 2 PPP - OK -- total 0, holding 0 Wed Apr 26 18:50:21 2000: Received-Authentication: 236/631 '[EMAIL PROTECTED]' from pop2.i-iloilo.com.ph port 2 PPP Wed Apr 26 18:50:21 2000: Authentication: 236/631 'roytest\0i-manila.com.ph' via pop2.i-iloilo.com.ph from 208. 155.154.130 port 2 PPP - OK -- total 0, holding 0 A successful connection would yield: Wed Apr 26 19:20:45 2000: Received-Authentication: 223/655 '[EMAIL PROTECTED]' via 208.155.152.226 from s alvi.i-iloilo.com.ph port 9 PPP Wed Apr 26 19:20:45 2000: Authentication: 223/655 'roytest\0i-manila.com.ph' via 208.155.152.226 from 208.155.1 54.129 port 9 PPP - OK -- total 0, holding 0 Wed Apr 26 19:20:45 2000: Received-Accounting: 224/1167 '[EMAIL PROTECTED]' via 208.155.152.226 from salv i.i-iloilo.com.ph port 9 $"0073" PPP Start Wed Apr 26 19:20:45 2000: Accounting: 224/1167 'roytest\0i-manila.com.ph' via 208.155.152.226 from salvi.i-iloi lo.com.ph port 9 $"0073" PPP Start - OK -- total 0, holding 0 Notice the difference between the two: i) unsuccessful - Authentication - Received Authentication only ii) successful - Authentication-Received Authentication AND Accounting-Received Accounting. As I notice, this (unsuccessful) only happens on USRNetserver16s, while the CISCO connection was successful. Thanks again for your help. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Translating names
How do you strip off usernames so that only valid characters([a-z], [0-9], -, _) are left? I did this: RewriteUsernametr/[A-Z]/[a-z]/ RewriteUsername tr/0-9|.|[a-z]|-|_//cd; HOwever, it strips off the dash and underscore from the username: Thu Apr 13 14:01:46 2000: DEBUG: Rewrote user name to jojo-a Thu Apr 13 14:01:46 2000: DEBUG: Rewrote user name to jojoa Please help. Thanks. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) assigning fixed ip
Hi all again Here's my setup: Client xxx.7.10.1 Secret x FramedGroupBaseAddress 203.167.8.80 DupInterval 15 IgnoreAcctSignature /Client Realm vpntest RewriteUsername s/^([^@]+).*/$1/ AuthBy FILE Filename users /AuthBy /Realm users file: xxxUser-Password = "x", Service-Type = Framed-User Framed-Group = 0, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP HOwever, when I try to login: Wed Apr 5 18:41:21 2000: DEBUG: Rewrote user name to xx@vpntest Wed Apr 5 18:41:21 2000: DEBUG: Handling request with Handler 'Realm=vpntest' Wed Apr 5 18:41:21 2000: DEBUG: Rewrote user name to xx Wed Apr 5 18:41:21 2000: DEBUG: Deleting session for x@vpntest, 172.7.10.3, 20210 Wed Apr 5 18:41:21 2000: DEBUG: Handling with Radius::AuthFILE Wed Apr 5 18:41:21 2000: DEBUG: Radius::AuthFILE looks for match with x Wed Apr 5 18:41:21 2000: DEBUG: Radius::AuthFILE ACCEPT: Wed Apr 5 18:41:21 2000: DEBUG: FramedGroup 0 address is being assigned Wed Apr 5 18:41:21 2000: DEBUG: Access accepted for x Wed Apr 5 18:41:21 2000: DEBUG: Packet dump: *** Sending to 172.7.10.1 port 1040 Code: Access-Accept Identifier: 60 Authentic: w7001882600d+00s400 Attributes: Proxy-State = 0 Framed-IP-Address = 203.167.87.145 --- where did THIS come from??? Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Routing = None Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP Thanks again for your usual speedy response. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) assigning fixed ip
Hello. How can one assign a specific IP address to a specific username. I already did this to ther users file: username Password="mypass" Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.1 ... ... I still however can't get this IP when trying to dialup TIA Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) roaming problem
Hello. Im having problems with incorporating Radiator with Merit Radius. This is our setup: LOCAL SETUP (manila): Realm i-manila.com.ph RewriteUsernametr/[A-Z]/[a-z]/ RewriteUsername s/^([^@]+).*/$1/ AuthBy EXTERNAL Command /radius/radauth DecryptPassword /AuthBy /Realm where /radius/radauth is our external auth program. Using this setup, I tried logging in using [EMAIL PROTECTED] and the logs show: Authentic: 177238;`1449cRa191+184s215227161 Attributes: User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 208.155.152.42 Acct-Status-Type = Start -- Framed-IP-Address = 208.160.75.109 Tue Mar 21 15:58:31 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED] Tue Mar 21 15:58:31 2000: DEBUG: Handling request with Handler 'Realm=i-manila.com.ph' Tue Mar 21 15:58:31 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED] Tue Mar 21 15:58:31 2000: DEBUG: Rewrote user name to gerald Tue Mar 21 15:58:31 2000: DEBUG: Adding session for [EMAIL PROTECTED], 208.155.152.42, 3331 Tue Mar 21 15:58:31 2000: DEBUG: Running command: /radius/radauth Tue Mar 21 15:58:32 2000: DEBUG: Accounting accepted However, when I tried incorporating this with Merit Radius in another NODE (cebu, provincial node): REMOTE (Merit Radius) setup: authfile i-manila.com.ph RADIUS 208.155.152.19 Here is the log using username [EMAIL PROTECTED]: Authentic: ~oguQ1Kxc204179B147X: Attributes: User-Name = "gerald0i-manila.com.ph" -- WHAT's the 0 SYMBOL? User-Password = "%4#-209174)6`8250258135T146" NAS-IP-Address = 208.164.193.180 -- Service-Type = Framed-User Framed-Protocol = PPP User-Id = "gerald" NAS-Identifier = "prunes.cookie-tech.net" User-Realm = "i-manila.com.ph" -- Proxy-State = 0 Tue Mar 21 16:02:55 2000: DEBUG: Rewrote user name to geraldi-manila.com.ph --- DIDN't FIND the @ sign Tue Mar 21 16:02:55 2000: DEBUG: Handling request with Handler 'Realm=' Tue Mar 21 16:02:55 2000: DEBUG: Deleting session for geraldi-manila.com.ph, 208.164.193.180, 7 Tue Mar 21 16:02:55 2000: DEBUG: Running command: /radius/radauth Tue Mar 21 16:02:55 2000: INFO: Access rejected for geraldi-manila.com.ph: Tue Mar 21 16:02:55 2000: DEBUG: Packet dump: *** Sending to 208.155.152.48 port 1096 If you notice, the @ symbol was not detected, hence, the problem with the username. FYI, our auth only accepts username and password. Thanks in advance and I hope to hear from you very soon. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
