Hello Froilan -
On Wed, 22 Mar 2000, Froilan Mendoza wrote:
> Hello.
>
> Im having problems with incorporating Radiator with Merit Radius. This is
> our setup:
>
> LOCAL SETUP (manila):
>
>
> RewriteUsernametr/[A-Z]/[a-z]/
> RewriteUsername s/^([^@]+).*/$1/
>
> Command /radius/radauth
> DecryptPassword
>
>
>
> where /radius/radauth is our external auth program.
>
> Using this setup, I tried logging in using [EMAIL PROTECTED] and the
> logs show:
>
> Authentic: <177><238>;`<144><9>cRa<191>+<184>s<215><227><161>
> Attributes:
> User-Name = "[EMAIL PROTECTED]"
> NAS-IP-Address = 208.155.152.42
> Acct-Status-Type = Start
> --
> Framed-IP-Address = 208.160.75.109
>
> Tue Mar 21 15:58:31 2000: DEBUG: Rewrote user name to
> [EMAIL PROTECTED]
> Tue Mar 21 15:58:31 2000: DEBUG: Handling request with Handler
> 'Realm=i-manila.com.ph'
> Tue Mar 21 15:58:31 2000: DEBUG: Rewrote user name to
> [EMAIL PROTECTED]
> Tue Mar 21 15:58:31 2000: DEBUG: Rewrote user name to gerald
> Tue Mar 21 15:58:31 2000: DEBUG: Adding session for
> [EMAIL PROTECTED], 208.155.152.42, 3331
> Tue Mar 21 15:58:31 2000: DEBUG: Running command: /radius/radauth
> Tue Mar 21 15:58:32 2000: DEBUG: Accounting accepted
>
>
> However, when I tried incorporating this with Merit Radius in another NODE
> (cebu, provincial node):
>
> REMOTE (Merit Radius) setup:
>
> authfile
> i-manila.com.ph RADIUS 208.155.152.19
>
> Here is the log using username [EMAIL PROTECTED]:
>
> Authentic: ~oguQ1Kxc<204><179>B<147>X:>
> Attributes:
> User-Name = "gerald<0>i-manila.com.ph" <-- WHAT's the <0> SYMBOL?
> User-Password = "%<4>#-<209><174>)6`<8><250><25>8<135>T<146>"
> NAS-IP-Address = 208.164.193.180
> --
> Service-Type = Framed-User
> Framed-Protocol = PPP
> User-Id = "gerald"
> NAS-Identifier = "prunes.cookie-tech.net"
> User-Realm = "i-manila.com.ph"
> --
> Proxy-State = 0
>
> Tue Mar 21 16:02:55 2000: DEBUG: Rewrote user name to
> geraldi-manila.com.ph <--- DIDN't FIND the @ sign
> Tue Mar 21 16:02:55 2000: DEBUG: Handling request with Handler 'Realm='
> Tue Mar 21 16:02:55 2000: DEBUG: Deleting session for
> geraldi-manila.com.ph, 208.164.193.180, 7
> Tue Mar 21 16:02:55 2000: DEBUG: Running command: /radius/radauth
> Tue Mar 21 16:02:55 2000: INFO: Access rejected for geraldi-manila.com.ph:
> Tue Mar 21 16:02:55 2000: DEBUG: Packet dump:
> *** Sending to 208.155.152.48 port 1096
>
> If you notice, the @ symbol was not detected, hence, the problem with the
> username. FYI, our auth only accepts username and password.
>
The username string that you are receiving has a NULL (<0>) in it instead of
the @ sign. I presume this is because the Merit radius is trying to strip the
realm. There are two solutions, the first is to fix the Merit radius so it
sends the realm (and the @ sign), or you could add a RewriteUsername to the
Client clause in the Radiator configuration file to change the NULL to @:
# Merit radius client
Secret ..
RewriteUsername s/\0/@/
.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
