<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Yes<br>
<br>
Sami Keski-Kasari wrote:
<blockquote cite="mid:4B8BFBCB.5090005@archred.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
Hi Chris, <br>
<br>
Are you sure that the secret is same in radiator config and in
pam_radius-module config?<br>
<br>
-- <br>
Sami<br>
<br>
<br>
1.3.2010 19.30, Christopher Bland kirjoitti:
<blockquote cite="mid:4B8BF9C9.7030003@fdu.edu" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Forgot to mention that I am using pam_radius-1.3.17 on a Fedora 11 box
for development.<br>
<br>
-Chris<br>
<br>
Chris Bland wrote:
<blockquote cite="mid:4B8BF926.3090007@fdu.edu" type="cite">
<pre wrap="">Hi guys,
I am trying to setup a linux box to authenticate using radius. I pulled
down the pam_radius_auth module from freeradius.org. It will not work,
I keep getting bad encrypted password errors. When I use radpwtst
locallly I authenticate fine. It's only comming from my server I have
issues. II verified all suggestions under 54 on
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.open.com.au/faq.html">http://www.open.com.au/faq.html</a> My config looks like this:
#Foreground
LogStdout
LogDir /var/log/radius-test
DbDir .
Trace 5
PidFile /var/log/radius-test/radiusd.pid
AuthPort 5794
AcctPort 5795
DefineGlobalVar Max 7200
DictionaryFile /etc/radiator/dictionary
# Clients to suit your site.
<Client 132.238.3.162>
Secret xxxxx
DupInterval 0
</Client>
################################################################
<Client localhost>
Secret xxxxxx
DupInterval 0
</Client>
################################################################
<AuthBy SQL>
Identifier LOCALDBAUTH
DBSource dbi:mysql:radius_test:localhost
DBUsername dbuser
DBAuth xxxxxx
DefaultSimultaneousUse 1
AccountingTable subscribers
AuthSelect select password from subscribers where username='%n'
</AuthBy>
################################################################
<Realm DEFAULT>
AuthByPolicy ContinueAlways
AuthBy LOCALDBAUTH
MaxSessions 1
</Realm>
This what I see in the logs
Mon Mar 1 11:56:10 2010: DEBUG: Packet dump:
*** Received from 132.238.3.162 port 29364 ....
Packet length = 93
01 8e 00 5d 76 0d 15 43 90 f7 6b 52 bd 43 1a d8
67 9f 98 14 01 06 73 61 75 6c 02 12 50 f7 58 3d
76 84 db 2b 43 1d 81 ce d2 17 b1 2d 04 06 84 ee
03 ac 20 06 73 73 68 64 05 06 00 00 6e b3 3d 06
00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c 73
77 6f 72 74 68 2e 66 64 75 2e 65 64 75
Code: Access-Request
Identifier: 142
Authentic: v<13><21>C<144><247>kR<189>C<26><216>g<159><152><20>
Attributes:
User-Name = "test"
User-Password = P<247>X=v<132><219>+C<29><129><206><210><23><177>-
NAS-IP-Address = 132.238.3.162
NAS-Identifier = "sshd"
NAS-Port = 28339
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "bancroft1fl-usas-246t.fdu.edu"
Mon Mar 1 11:56:10 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Mar 1 11:56:10 2010: DEBUG: Deleting session for test,
132.238.3.162, 28339
Mon Mar 1 11:56:10 2010: DEBUG: Handling with Radius::AuthSQL
Mon Mar 1 11:56:10 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
Mon Mar 1 11:56:10 2010: DEBUG: Query is: 'select password from
subscribers where username='test'':
Mon Mar 1 11:56:10 2010: DEBUG: Radius::AuthSQL looks for match with
test [test]
Mon Mar 1 11:56:10 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password:
test [test]
Mon Mar 1 11:56:10 2010: DEBUG: Query is: 'select password from
subscribers where username='DEFAULT'':
Mon Mar 1 11:56:10 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
Mon Mar 1 11:56:10 2010: INFO: Access rejected for test: Bad Password
Mon Mar 1 11:56:10 2010: DEBUG: Packet dump:
*** Sending to 132.238.3.162 port 29364 ....
Packet length = 36
03 8e 00 24 4c 1e f9 0e a3 df 1a 71 dc 03 4c ed
a7 f2 d8 43 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code: Access-Reject
Identifier: 142
Authentic: v<13><21>C<144><247>kR<189>C<26><216>g<159><152><20>
Attributes:
Reply-Message = "Request Denied"
Mon Mar 1 11:56:48 2010: DEBUG: Packet dump:
*** Received from 132.238.3.162 port 29364 ....
Packet length = 93
01 7a 00 5d f0 3a b4 ed ff b7 af bd 6f 4c 73 2a
18 85 e1 ad 01 06 73 61 75 6c 02 12 71 ca ae a4
af 9e 6e 09 42 29 f4 b0 76 77 86 41 04 06 84 ee
03 ac 20 06 73 73 68 64 05 06 00 00 6e b3 3d 06
00 00 00 05 06 06 00 00 00 08 1f 13 65 6c 6c 73
77 6f 72 74 68 2e 66 64 75 2e 65 64 75
Code: Access-Request
Identifier: 122
Authentic: <240>:<180><237><255><183><175><189>oLs*<24><133><225><173>
Attributes:
User-Name = "test"
User-Password = q<202><174><164><175><158>n<9>B)<244><176>vw<134>A
NAS-IP-Address = 132.238.3.162
NAS-Identifier = "sshd"
NAS-Port = 28339
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "bancroft1fl-usas-246t.fdu.edu"
Mon Mar 1 11:56:48 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Mar 1 11:56:48 2010: DEBUG: Deleting session for test,
132.238.3.162, 28339
Mon Mar 1 11:56:48 2010: DEBUG: Handling with Radius::AuthSQL
Mon Mar 1 11:56:48 2010: DEBUG: Handling with Radius::AuthSQL: LOCALDBAUTH
Mon Mar 1 11:56:48 2010: DEBUG: Query is: 'select password from
subscribers where username='test'':
Mon Mar 1 11:56:48 2010: DEBUG: Radius::AuthSQL looks for match with
test [test]
Mon Mar 1 11:56:48 2010: DEBUG: Radius::AuthSQL REJECT: Bad Password:
test [test]
Mon Mar 1 11:56:48 2010: DEBUG: Query is: 'select password from
subscribers where username='DEFAULT'':
Mon Mar 1 11:56:48 2010: DEBUG: AuthBy SQL result: REJECT, Bad Password
Mon Mar 1 11:56:48 2010: INFO: Access rejected for test: Bad Password
Mon Mar 1 11:56:48 2010: DEBUG: Packet dump:
*** Sending to 132.238.3.162 port 29364 ....
Packet length = 36
03 7a 00 24 eb 47 fb f9 35 8e 29 2d 79 4a e0 73
1e 85 f5 8a 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code: Access-Reject
Identifier: 122
Authentic: <240>:<180><237><255><183><175><189>oLs*<24><133><225><173>
Attributes:
Reply-Message = "Request Denied"
-Chris
_______________________________________________
radiator mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:radiator@open.com.au">radiator@open.com.au</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.open.com.au/mailman/listinfo/radiator">http://www.open.com.au/mailman/listinfo/radiator</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1">
<title>OIRT Signature</title>
<style media="all" type="text/css">
#sig{
margin:6px 0 0 15px;
padding:6px;
width: 530px;
}
#sig .person{
font-family:Georgia, "Times New Roman", Times, serif;
font-size:12px;
font-style:italic;
color:#333333;
font-weight: bolder;
padding: 0 0 0 15px;
}
#sig .title{
font-family:Georgia, "Times New Roman", Times, serif;
font-size:10px;
font-style:italic;
color:#333333;
padding: 0 0 0 15px;
letter-spacing: .1em;
line-height: 10px;
}
#sig .row {
line-height:12px;
color:#333333;
padding-top: 13px;
padding: 10px 0 0 15px;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
}
#sig .top {
font-family:Georgia, "Times New Roman", Times, serif;
font-size:11px;
font-style:italic;
color:#CC0000;
padding:7px 0 0 0;
font-weight: bolder;
}
#sig .toptwo {
font-family:Georgia, "Times New Roman", Times, serif;
font-size:11px;
font-style:italic;
color:#CC0000;
padding-left: 120px;
font-weight: bolder;
}
#sig .row a:link, .row avisited {
color:#5CBDBF;
text-decoration:none;
}
#sig .row a:over{
color:#333333;
border: 1px black dotted;
}
</style>
<div id="sig">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td valign="top" width="150"><img moz-do-not-send="false"
src="cid:part1.03070005.02040009@fdu.edu" alt="fdu logo" height="62"
width="140"></td>
<td>
<div class="person">Christopher Bland</div>
<div class="title">Systems Manager<br>
Information Systems and Technology</div>
<div class="row"> <strong>1000 River Road, Teaneck NJ 07666</strong><br>
Mail Stop: T-BH1-01<br>
<img moz-do-not-send="false"
src="cid:part2.00040709.04080801@fdu.edu" alt="phone" height="10"
width="13">: 201-692-2414 | <img moz-do-not-send="false"
src="cid:part3.05070105.06000705@fdu.edu" alt="fax" height="13"
width="15">: 201-692-2494 | <img moz-do-not-send="false"
src="cid:part4.06090700.09080305@fdu.edu" alt="email" height="11"
width="12">: <a moz-do-not-send="true" href="mailto:chris@fdu.edu">chris@fdu.edu</a>
</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="top">"Fairleigh Dickinson University will never<br>
ask for your password. Please do not
share it with others!"</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
radiator mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:radiator@open.com.au">radiator@open.com.au</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.open.com.au/mailman/listinfo/radiator">http://www.open.com.au/mailman/listinfo/radiator</a></pre>
</blockquote>
<br>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
radiator mailing list
<a class="moz-txt-link-abbreviated" href="mailto:radiator@open.com.au">radiator@open.com.au</a>
<a class="moz-txt-link-freetext" href="http://www.open.com.au/mailman/listinfo/radiator">http://www.open.com.au/mailman/listinfo/radiator</a></pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html; ">
<title>OIRT Signature</title>
<style media="all" type="text/css">
#sig{
margin:6px 0 0 15px;
padding:6px;
width: 530px;
}
#sig .person{
font-family:Georgia, "Times New Roman", Times, serif;
font-size:12px;
font-style:italic;
color:#333333;
font-weight: bolder;
padding: 0 0 0 15px;
}
#sig .title{
font-family:Georgia, "Times New Roman", Times, serif;
font-size:10px;
font-style:italic;
color:#333333;
padding: 0 0 0 15px;
letter-spacing: .1em;
line-height: 10px;
}
#sig .row {
line-height:12px;
color:#333333;
padding-top: 13px;
padding: 10px 0 0 15px;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
}
#sig .top {
font-family:Georgia, "Times New Roman", Times, serif;
font-size:11px;
font-style:italic;
color:#CC0000;
padding:7px 0 0 0;
font-weight: bolder;
}
#sig .toptwo {
font-family:Georgia, "Times New Roman", Times, serif;
font-size:11px;
font-style:italic;
color:#CC0000;
padding-left: 120px;
font-weight: bolder;
}
#sig .row a:link, .row avisited {
color:#5CBDBF;
text-decoration:none;
}
#sig .row a:over{
color:#333333;
border: 1px black dotted;
}
</style>
<div id="sig">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td valign="top" width="150"><img moz-do-not-send="false"
src="cid:part5.09060005.06050208@fdu.edu" alt="fdu logo" height="62"
width="140"></td>
<td>
<div class="person">Christopher Bland</div>
<div class="title">Systems Manager<br>
Information Systems and Technology</div>
<div class="row"> <strong>1000 River Road, Teaneck NJ 07666</strong><br>
Mail Stop: T-BH1-01<br>
<img moz-do-not-send="false"
src="cid:part6.08050101.05070701@fdu.edu" alt="phone" height="10"
width="13">: 201-692-2414 | <img moz-do-not-send="false"
src="cid:part7.01020106.09050704@fdu.edu" alt="fax" height="13"
width="15">: 201-692-2494 | <img moz-do-not-send="false"
src="cid:part8.08070107.09050905@fdu.edu" alt="email" height="11"
width="12">: <a href="mailto:chris@fdu.edu">chris@fdu.edu</a> </div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="top">"Fairleigh Dickinson University will never<br>
ask for your password. Please do not
share it with others!"</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>