(RADIATOR) Kerb Pam for Solaris
Forbes Mike
Mike.Forbes at Colorado.EDU
Mon Mar 4 15:39:35 CST 2002
I am now trying to test Radiator on Solaris
The Admin is set up radiator using F Cusak's original, pam_krb5.so.
I get the following error:
Mon Mar 4 14:08:00 2002: DEBUG: Handling with Radius::AuthGROUP
Mon Mar 4 14:08:00 2002: DEBUG: Handling with PAM service radiusd
Mon Mar 4 14:08:00 2002: INFO: Access rejected for forbeskm: Dlopen
failure:
Should I have him try a different kerb pam?
I saw two emails in the archive that mentioned dlopen error but not quite
sure if there was any resolution.
My config is below:
/etc/pam.conf
radiusd auth required /usr/local/lib/security/pam_krb5.so.1
radiusd account required /usr/lib/security/pam_sample.so.1
#LogStdout
LogDir /usr/local/radiator/log
DbDir /usr/local/radiator/etc
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4
AuthPort 1647
AcctPort 1648
#<SNMPAgent>
# ROCommunit xxxx
#</SNMPAgent>
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
Secret XXX
DupInterval 0
DefaultRealm Datacomm_devices
</Client>
<AuthLog FILE>
Identifier Modem_Login_Failures
Filename %L/Modem_Login_Failures
LogFailure 1
FailureFormat %l:NAS %N
User:%U:%T:%{NAS-Port-Type}:%{Calling-Station-Id}:%1:Fail
</Authlog>
<AuthLog FILE>
Identifier Backbone_Login_Failures
Filename %L/Backbone_Login_Failures
LogFailure 1
FailureFormat %l:NAS %N User:%U:%T:%{NAS-Port-Type}:From
%{Calling-Station-Id}:%1:Fail
</Authlog>
<AuthLog FILE>
Identifier Datacomm_Login_Failures
Filename %L/Datacomm_Login_Failures
LogFailure 1
FailureFormat %l:NAS %N
User:%U:%T:%{NAS-Port-Type}:%{Calling-Station-Id}:%1:Fail
</Authlog>
<AuthLog FILE>
Identifier VPN_Login_Failures
Filename %L/VPN_Login_Failures
LogFailure 1
FailureFormat %l:NAS %N User:%U:%T:%{NAS-Port-Type}:From
%{Calling-Station-Id}:%1:Fail
</Authlog>
<Handler Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=x.x.x.x>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy PAM>
Service radiusd
</AuthBy>
<AuthBy FILE>
Filename %D/backbone_users
</AuthBy>
</AuthBy>
AuthLog Modem_Login_Failures
# Log accounting to a detail file
AcctLogFileName %L/modem_pool_backbone_users
</Handler>
<Handler Realm=MODEMS,NAS-Port-Type=Virtual>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy PAM>
Service radiusd
</AuthBy>
<AuthBy FILE>
Filename %D/backbone_users
</AuthBy>
</AuthBy>
AuthLog Backbone_Login_Failures
# Log accounting to a detail file
AcctLogFileName %L/modems_backbone_users
</Handler>
<Handler Realm=MODEMS>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy PAM>
Service radiusd
</AuthBy>
<AuthBy LDAP2>
Host ggggg
Port 389
AuthDN
uid=xx,ou=xx,ou=xx,dc=xx,dc=xx
AuthPassword xxxxxx
BaseDN dc=xx,dc=xx
NoDefault
UsernameAttr uid
SearchFilter
(&(edupersonprimaryaffiliation=xxx)(uid=%1))
Debug 255
</AuthBy>
</AuthBy>
AuthLog Modem_Login_Failures
AcctLogFileName %L/Modems
</Handler>
<Handler Realm=Off_Campus_VPN>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy PAM>
Service radiusd
</AuthBy>
<AuthBy LDAP2>
Host ggggg
Port 389
AuthDN
uid=xx,ou=xx,ou=xx,dc=xx,dc=xx
AuthPassword xxxxxx
BaseDN dc=xx,dc=xx
NoDefault
UsernameAttr uid
SearchFilter
(&(edupersonprimaryaffiliation=xx)(uid=%1))
Debug 255
</AuthBy>
</AuthBy>
AuthLog VPN_Login_Failures
AcctLogFileName %L/Off_Campus_VPN
</Handler>
<Handler Realm=Backbone_Devices>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy PAM>
Service radiusd
</AuthBy>
<AuthBy FILE>
Filename %D/backbone_users
</AuthBy>
</AuthBy>
AuthLog Backbone_Login_Failures
# Log accounting to a detail file
AcctLogFileName %L/backbone_devices
</Handler>
<Handler Realm=Datacomm_Devices>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy PAM>
Service radiusd
</AuthBy>
<AuthBy FILE>
Filename %D/backbone_users
</AuthBy>
</AuthBy>
AuthLog Datacomm_Login_Failures
# Log accounting to a detail file
AcctLogFileName %L/datacomm_devices
</Handler>
<Client x.x.x.x>
Secret YYY
DefaultRealm MODEMS
</Client>
<Client x.x.x.x>
Secret ZZZ
DupInterval 0
DefaultRealm BACKBONE
</Client>
<Client x.x.x.x>
Secret ZZZ
DupInterval 0
DefaultRealm Off_Campus_VPN
</Client>
<Client x.x.x.x>
Secret ZZZ
DupInterval 0
DefaultRealm BACKBONE
</Client>
<Client x.x.x.x>
Secret YYYY
DefaultRealm MODEMS
</Client>
<Client x.x.x.x>
Secret ZZZZZ
DupInterval 0
DefaultRealm Backbone_Devices
</Client>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list