(RADIATOR) problems with addressallocator

nir cohen nirc at macam.ac.il
Thu Nov 8 05:12:56 CST 2001 

Hi to all    
I installed the radiator and I need 2 realms one get the addresses from the router and the second realm get it from dhcp .
I installed dhcp in a different box and its not working here is my radius.cfg:
# radius.cfg
LogDir          /var/log/radius
DbDir           /etc/radiator
LogFile         /var/log/radius/logfile
SnmpgetProg    /usr/bin/snmpget
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace           5

# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client localhost>
        StatusServerShowClientDetails
        Secret mysecret 
        DupInterval 2
        NasType  CiscoVPDN
        SNMPCommunity  public
</Client>

<SessionDatabase DBM>
       Filename %D/online
</SessionDatabase>

<Log FILE>
        Filename /var/log/radius/%Y-radius.log
        LogFormat %1: %1: %2
        Trace  5
</Log>
 
<SNMPAgent>
        ROCommunity public
</SNMPAgent>

<AddressAllocator DHCP>
    Identifier 123456
     Host 192.114.206.33
#     ServerPort 67
#     ClientPort 68
</AddressAllocator>     
               
<Realm DEFAULT>
<AuthBy GROUP>
        AuthByPolicy ContinueWhileAccept
        MaxSessions  1
        AcctLogFileName %L/detail
        PasswordLogFileName %L/passwords
        RewriteUsername s/^([^@]+).*/$1/
  <AuthBy UNIX>
                Filename /etc/shadow
</AuthBy>
<AuthBy DYNADDRESS>
          Allocator 123456
 </AuthBy>
 </AuthBy>
</Realm>

<Realm macam.ac.il>
        RewriteUsername s/^([^@]+).*/$1/
  <AuthBy UNIX>
               Filename /etc/shadow
  </AuthBy>
       # Log accounting to a detail file
        MaxSessions  1
       AcctLogFileName %L/detail
       PasswordLogFileName %L/passwords
</Realm>
---------------------------------------------------------------------------------------------------------
Here is my dhcp conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "liz.com";
option domain-name-servers dns1.macam.ac.il, dns2.macam.ac.il;
option routers 192.114.206.206;
option subnet-mask 255.255.255.0;
option broadcast-address 192.114.206.255;

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
ddns-update-style ad-hoc;

# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

subnet 192.114.206.0 netmask 255.255.255.0 {
 range 192.114.206.239 192.114.206.245 ;
}

------------------------------------------------------------------------------------------------------------------------
when I run passwtst -user nirc -password 150000 i get in logfile this:
Packet length = 90
01 c0 00 5a 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 06 6e 69 72 63 06 06 00 00 00 02
04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b 31 32
33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33
32 31 3d 06 00 00 00 00 02 12 c8 be 6f 9d 9f 6c
04 f6 bc 38 09 a0 d8 7d 78 99
Code:       Access-Request
Identifier: 192
Authentic:  1234567890123456
Attributes:
        User-Name = "nirc"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "<200><190>o<157><159>l<4><246><188>8<9><160><216>}x<153
>"

Fri Nov  9 02:04:13 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Nov  9 02:04:13 2001: DEBUG:  Deleting session for nirc, 203.63.154.1, 1234
Fri Nov  9 02:04:13 2001: DEBUG: Handling with Radius::AuthGROUP
Fri Nov  9 02:04:13 2001: DEBUG: Rewrote user name to nirc
Fri Nov  9 02:04:13 2001: DEBUG: Handling with Radius::AuthUNIX: UNIX
Fri Nov  9 02:04:13 2001: DEBUG: Radius::AuthUNIX looks for match with nirc
Fri Nov  9 02:04:13 2001: DEBUG: Radius::AuthUNIX ACCEPT: 
Fri Nov  9 02:04:13 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
Fri Nov  9 02:04:13 2001: INFO: Access rejected for nirc: Incorrect PoolHint val
ue 
Fri Nov  9 02:04:13 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1210 ....

Packet length = 36
03 c0 00 24 ea 7d b5 17 2a bd 5f 73 7a 3c 68 81
8d c7 34 68 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 192
Authentic:  1234567890123456
Attributes:
        Reply-Message = "Request Denied"

Fri Nov  9 02:04:13 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1210 ....

Packet length = 88
04 c1 00 58 72 8a 38 08 7e f9 b0 86 04 bb a1 42
f6 48 b5 c6 01 06 6e 69 72 63 06 06 00 00 00 02
04 06 cb 3f 9a 01 05 06 00 00 04 d2 3d 06 00 00
00 00 2c 0a 30 30 30 30 31 32 33 34 28 06 00 00
00 01 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39
38 37 36 35 34 33 32 31
Code:       Accounting-Request
Identifier: 193
Authentic:  r<138>8<8>~<249><176><134><4><187><161>B<246>H<181><198>
Attributes:
        User-Name = "nirc"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"

Fri Nov  9 02:04:13 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Nov  9 02:04:13 2001: DEBUG:  Adding session for nirc, 203.63.154.1, 1234
Fri Nov  9 02:04:13 2001: DEBUG: Handling with Radius::AuthGROUP
Fri Nov  9 02:04:13 2001: DEBUG: Rewrote user name to nirc
Fri Nov  9 02:04:13 2001: DEBUG: Handling with Radius::AuthUNIX: UNIX
Fri Nov  9 02:04:13 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
Fri Nov  9 02:04:13 2001: DEBUG: Accounting accepted
Fri Nov  9 02:04:13 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1210 ....

Packet length = 20
05 c1 00 14 89 73 ec 8b 9e 34 25 68 86 7f 28 d6
03 76 fb e9
Code:       Accounting-Response
Identifier: 193
Authentic:  r<138>8<8>~<249><176><134><4><187><161>B<246>H<181><198>
Attributes:

Fri Nov  9 02:04:13 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1210 ....

--------------------------------------------------------------------------------------------------------------------------------------------------
Is it a problem with request or reply?
what is missing in this configuration?and how should I fix it?




 thanks very much

                                                                                                                                    Nir Cohen
                                                                                                                       Unix System- Mofet Inst


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20011108/5ea499a0/attachment.html>

More information about the radiator mailing list