Freeradius is unable to read NAS table in mysql db

superataru - superataru at gmail.com
Thu Jun 10 17:53:04 CEST 2010 

Hi.
Sorry 'cause i'm late. Some troubles.
Well i worked as following explained to perform a test (problem we talk
about) but also to check if password would have been passed encrypted in the
internet.

|--------------------|
*|NAS-USG100|*( *USGWAN* -79.xxx.xxx.xxx )---(INTERNET)----(78.yyy.yyy.yyy)
*RADIUS*
|--------------------|
 ( *USGLAN*:172.16.68.253)
        |
(WEB-HTTPS)
       |
       |
172.16.68.16

I mirrored both of WAN ports of USG, say WAN1 and WAN2 and had something to
give to wireshark :-)

I open Web LogIN page of USG and provide fake user and password (not present
on ActiveDirectory or local USBdb), say gigino / 12345678

*I obtaint this (USG)*

79.xxx.xxx.xxx    78.yyy.yyy.yyy    RADIUS    Access-Request(1) ....
AVP: l=8  t=User-Name(1): gigino
AVP: l=18  t=User-Password(2): *Encrypted*            <-  Yippieeeee
AVP: l=6  t=NAS-IP-Address(4): 172.16.68.10         <- (PDC of my internal
domain)
AVP: l=10  t=NAS-Identifier(32): weblogin
AVP: l=6  t=NAS-Port(5): 20915
AVP: l=6  t=NAS-Port-Type(61): Virtual(5)
AVP: l=6  t=Service-Type(6): Authenticate-Only(8)
AVP: l=14  t=Calling-Station-Id(31): 172.16.68.16
*
. . . on remote radius server i obtain*

Ready to process requests.
rad_recv: Access-Request packet from host 79.xxx.xxx.xxx ...
        User-Name = "gigino"
        User-Password = "gigino"
        NAS-IP-Address = 172.16.68.10
        NAS-Identifier = "weblogin"
        NAS-Port = 20915
        NAS-Port-Type = Virtual
        Service-Type = Authenticate-Only
        Calling-Station-Id = "172.16.68.16"

+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "gigino", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound

--------------------------------------------------------------

I presumed NAS-IP-Address: 172.16.68.253 !!!!!!!!

What do you think?

Thank in advance.


_______________________________________________

Sono solo un passeggero del volo e mi credevo pilota . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100610/d86f2003/attachment.html>

More information about the Freeradius-Users mailing list