(RADIATOR) problems with addressallocator
nir cohen
nirc at macam.ac.il
Thu Nov 8 05:12:56 CST 2001
Hi to all
I installed the radiator and I need 2 realms one get the addresses from the router and the second realm get it from dhcp .
I installed dhcp in a different box and its not working here is my radius.cfg:
# radius.cfg
LogDir /var/log/radius
DbDir /etc/radiator
LogFile /var/log/radius/logfile
SnmpgetProg /usr/bin/snmpget
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 5
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client localhost>
StatusServerShowClientDetails
Secret mysecret
DupInterval 2
NasType CiscoVPDN
SNMPCommunity public
</Client>
<SessionDatabase DBM>
Filename %D/online
</SessionDatabase>
<Log FILE>
Filename /var/log/radius/%Y-radius.log
LogFormat %1: %1: %2
Trace 5
</Log>
<SNMPAgent>
ROCommunity public
</SNMPAgent>
<AddressAllocator DHCP>
Identifier 123456
Host 192.114.206.33
# ServerPort 67
# ClientPort 68
</AddressAllocator>
<Realm DEFAULT>
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
MaxSessions 1
AcctLogFileName %L/detail
PasswordLogFileName %L/passwords
RewriteUsername s/^([^@]+).*/$1/
<AuthBy UNIX>
Filename /etc/shadow
</AuthBy>
<AuthBy DYNADDRESS>
Allocator 123456
</AuthBy>
</AuthBy>
</Realm>
<Realm macam.ac.il>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy UNIX>
Filename /etc/shadow
</AuthBy>
# Log accounting to a detail file
MaxSessions 1
AcctLogFileName %L/detail
PasswordLogFileName %L/passwords
</Realm>
---------------------------------------------------------------------------------------------------------
Here is my dhcp conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "liz.com";
option domain-name-servers dns1.macam.ac.il, dns2.macam.ac.il;
option routers 192.114.206.206;
option subnet-mask 255.255.255.0;
option broadcast-address 192.114.206.255;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
ddns-update-style ad-hoc;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
subnet 192.114.206.0 netmask 255.255.255.0 {
range 192.114.206.239 192.114.206.245 ;
}
------------------------------------------------------------------------------------------------------------------------
when I run passwtst -user nirc -password 150000 i get in logfile this:
Packet length = 90
01 c0 00 5a 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 06 6e 69 72 63 06 06 00 00 00 02
04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b 31 32
33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33
32 31 3d 06 00 00 00 00 02 12 c8 be 6f 9d 9f 6c
04 f6 bc 38 09 a0 d8 7d 78 99
Code: Access-Request
Identifier: 192
Authentic: 1234567890123456
Attributes:
User-Name = "nirc"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<200><190>o<157><159>l<4><246><188>8<9><160><216>}x<153
>"
Fri Nov 9 02:04:13 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Nov 9 02:04:13 2001: DEBUG: Deleting session for nirc, 203.63.154.1, 1234
Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthGROUP
Fri Nov 9 02:04:13 2001: DEBUG: Rewrote user name to nirc
Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthUNIX: UNIX
Fri Nov 9 02:04:13 2001: DEBUG: Radius::AuthUNIX looks for match with nirc
Fri Nov 9 02:04:13 2001: DEBUG: Radius::AuthUNIX ACCEPT:
Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
Fri Nov 9 02:04:13 2001: INFO: Access rejected for nirc: Incorrect PoolHint val
ue
Fri Nov 9 02:04:13 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1210 ....
Packet length = 36
03 c0 00 24 ea 7d b5 17 2a bd 5f 73 7a 3c 68 81
8d c7 34 68 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code: Access-Reject
Identifier: 192
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Fri Nov 9 02:04:13 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1210 ....
Packet length = 88
04 c1 00 58 72 8a 38 08 7e f9 b0 86 04 bb a1 42
f6 48 b5 c6 01 06 6e 69 72 63 06 06 00 00 00 02
04 06 cb 3f 9a 01 05 06 00 00 04 d2 3d 06 00 00
00 00 2c 0a 30 30 30 30 31 32 33 34 28 06 00 00
00 01 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39
38 37 36 35 34 33 32 31
Code: Accounting-Request
Identifier: 193
Authentic: r<138>8<8>~<249><176><134><4><187><161>B<246>H<181><198>
Attributes:
User-Name = "nirc"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Fri Nov 9 02:04:13 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Nov 9 02:04:13 2001: DEBUG: Adding session for nirc, 203.63.154.1, 1234
Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthGROUP
Fri Nov 9 02:04:13 2001: DEBUG: Rewrote user name to nirc
Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthUNIX: UNIX
Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
Fri Nov 9 02:04:13 2001: DEBUG: Accounting accepted
Fri Nov 9 02:04:13 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1210 ....
Packet length = 20
05 c1 00 14 89 73 ec 8b 9e 34 25 68 86 7f 28 d6
03 76 fb e9
Code: Accounting-Response
Identifier: 193
Authentic: r<138>8<8>~<249><176><134><4><187><161>B<246>H<181><198>
Attributes:
Fri Nov 9 02:04:13 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1210 ....
--------------------------------------------------------------------------------------------------------------------------------------------------
Is it a problem with request or reply?
what is missing in this configuration?and how should I fix it?
thanks very much
Nir Cohen
Unix System- Mofet Inst
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20011108/5ea499a0/attachment.html>
More information about the radiator
mailing list