(RADIATOR) radpwtst question
Forbes Mike
Mike.Forbes at Colorado.EDU
Wed Mar 20 13:28:55 CST 2002
So setting the nas_ip_address does not affect which client it goes to? I
changed the default client to have the realm of Modems and I get the same
error. I did have this working when I had Realms instead of handlers.
Mike
On Wed, 20 Mar 2002, Hugh Irvine wrote:
>
> Hello Mike -
>
> The problem is that you are receiving the request from localhost, which
> should be the <Client DEFAULT> clause as far as I can see, so the realm will
> not be set to MODEMS.
>
> regards
>
> Hugh
>
>
> On Wed, 20 Mar 2002 11:50, Forbes Mike wrote:
> > I am having problems with the following radpwtst line and the following
> > config:
> > radpwtst -nas_ip_address 128.138.x.x -user unix-tmp -password xxxxxx
> > -noacct -secret ccccc -auth_port 1647
> >
> >
> > It should use Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=128.138.x.x,
> > but as you can see below it does not work. Is this because I am mixing
> > realms and handlers? I am not really mixing them in the config, just by
> > client.
> >
> > Thanks,
> >
> > Mike
> >
> >
> > Tue Mar 19 17:45:52
> > 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 53857 ....
> > Code: Access-Request
> > Identifier: 112
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "unix-tmp"
> > Service-Type = Framed-User
> > NAS-IP-Address = 128.138.x.x
> > NAS-Port = 1234
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> > NAS-Port-Type = Async
> > User-Password = "xxxx"
> >
> > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=128.138.x.x should be
> > used to handle this request
> > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > Realm=MODEMS,NAS-Port-Type=Virtual should be used to handle this request
> > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler Realm=MODEMS should be
> > used to handle this request
> > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler Realm=Off_Campus_VPN
> > should be used to handle this request
> > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler Realm=Backbone_Devices
> > should be used to handle this request
> > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler Realm=Datacomm_Devices
> > should be used to handle this request
> > Tue Mar 19 17:45:52 2002: WARNING: Could not find a handler for unix-tmp:
> > request is ignored
> >
> > > #LogStdout
> > > LogDir /usr/local/radiator/log
> > > DbDir /usr/local/radiator/etc
> > > # Use a low trace level in production systems. Increase
> > > # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> > > Trace 4
> > >
> > > AuthPort 1647
> > > AcctPort 1648
> > >
> > > #<SNMPAgent>
> > > # ROCommunit xxxx
> > > #</SNMPAgent>
> > >
> > > # You will probably want to add other Clients to suit your site,
> > > # one for each NAS you want to work with
> > > <Client DEFAULT>
> > > Secret XXX
> > > DupInterval 0
> > > DefaultRealm Datacomm_devices
> > > </Client>
> > >
> > > <AuthLog FILE>
> > > Identifier Modem_Login_Failures
> > > Filename %L/Modem_Login_Failures
> > > LogFailure 1
> > > FailureFormat %l:NAS %N
> > > User:%U:%T:%{NAS-Port-Type}:%{Calling-Station-Id}:%1:Fail
> > > </Authlog>
> > >
> > > <AuthLog FILE>
> > > Identifier Backbone_Login_Failures
> > > Filename %L/Backbone_Login_Failures
> > > LogFailure 1
> > > FailureFormat %l:NAS %N User:%U:%T:%{NAS-Port-Type}:From
> > > %{Calling-Station-Id}:%1:Fail
> > > </Authlog>
> > >
> > > <AuthLog FILE>
> > > Identifier Datacomm_Login_Failures
> > > Filename %L/Datacomm_Login_Failures
> > > LogFailure 1
> > > FailureFormat %l:NAS %N
> > > User:%U:%T:%{NAS-Port-Type}:%{Calling-Station-Id}:%1:Fail
> > > </Authlog>
> > >
> > > <AuthLog FILE>
> > > Identifier VPN_Login_Failures
> > > Filename %L/VPN_Login_Failures
> > > LogFailure 1
> > > FailureFormat %l:NAS %N User:%U:%T:%{NAS-Port-Type}:From
> > > %{Calling-Station-Id}:%1:Fail
> > > </Authlog>
> > >
> > >
> > > <Handler Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=x.x.x.x>
> > > RewriteUsername s/^([^@]+).*/$1/
> > > <AuthBy GROUP>
> > > AuthByPolicy ContinueUntilReject
> > > <AuthBy PAM>
> > > Service radiusd
> > > </AuthBy>
> > > <AuthBy FILE>
> > > Filename %D/backbone_users
> > > </AuthBy>
> > > </AuthBy>
> > > AuthLog Modem_Login_Failures
> > > # Log accounting to a detail file
> > > AcctLogFileName %L/modem_pool_backbone_users
> > > </Handler>
> > >
> > > <Handler Realm=MODEMS,NAS-Port-Type=Virtual>
> > > RewriteUsername s/^([^@]+).*/$1/
> > > <AuthBy GROUP>
> > > AuthByPolicy ContinueUntilReject
> > > <AuthBy PAM>
> > > Service radiusd
> > > </AuthBy>
> > >
> > > <AuthBy FILE>
> > > Filename %D/backbone_users
> > > </AuthBy>
> > > </AuthBy>
> > > AuthLog Backbone_Login_Failures
> > > # Log accounting to a detail file
> > > AcctLogFileName %L/modems_backbone_users
> > > </Handler>
> > >
> > > <Handler Realm=MODEMS>
> > > RewriteUsername s/^([^@]+).*/$1/
> > > <AuthBy GROUP>
> > > AuthByPolicy ContinueUntilReject
> > > <AuthBy PAM>
> > > Service radiusd
> > > </AuthBy>
> > > <AuthBy LDAP2>
> > > Host ggggg
> > > Port 389
> > > AuthDN
> > > uid=xx,ou=xx,ou=xx,dc=xx,dc=xx
> > > AuthPassword xxxxxx
> > > BaseDN dc=xx,dc=xx
> > > NoDefault
> > > UsernameAttr uid
> > > SearchFilter
> > > (&(edupersonprimaryaffiliation=xxx)(uid=%1))
> > > Debug 255
> > > </AuthBy>
> > > </AuthBy>
> > > AuthLog Modem_Login_Failures
> > > AcctLogFileName %L/Modems
> > > </Handler>
> > >
> > >
> > > <Handler Realm=Off_Campus_VPN>
> > > RewriteUsername s/^([^@]+).*/$1/
> > > <AuthBy GROUP>
> > > AuthByPolicy ContinueUntilReject
> > > <AuthBy PAM>
> > > Service radiusd
> > > </AuthBy>
> > > <AuthBy LDAP2>
> > > Host ggggg
> > > Port 389
> > > AuthDN
> > > uid=xx,ou=xx,ou=xx,dc=xx,dc=xx
> > > AuthPassword xxxxxx
> > > BaseDN dc=xx,dc=xx
> > > NoDefault
> > > UsernameAttr uid
> > > SearchFilter
> > > (&(edupersonprimaryaffiliation=xx)(uid=%1))
> > > Debug 255
> > > </AuthBy>
> > > </AuthBy>
> > > AuthLog VPN_Login_Failures
> > > AcctLogFileName %L/Off_Campus_VPN
> > > </Handler>
> > >
> > > <Handler Realm=Backbone_Devices>
> > > RewriteUsername s/^([^@]+).*/$1/
> > > <AuthBy GROUP>
> > > AuthByPolicy ContinueUntilReject
> > > <AuthBy PAM>
> > > Service radiusd
> > > </AuthBy>
> > >
> > > <AuthBy FILE>
> > > Filename %D/backbone_users
> > > </AuthBy>
> > > </AuthBy>
> > > AuthLog Backbone_Login_Failures
> > > # Log accounting to a detail file
> > > AcctLogFileName %L/backbone_devices
> > > </Handler>
> > >
> > > <Handler Realm=Datacomm_Devices>
> > > RewriteUsername s/^([^@]+).*/$1/
> > > <AuthBy GROUP>
> > > AuthByPolicy ContinueUntilReject
> > > <AuthBy PAM>
> > > Service radiusd
> > > </AuthBy>
> > >
> > > <AuthBy FILE>
> > > Filename %D/backbone_users
> > > </AuthBy>
> > > </AuthBy>
> > > AuthLog Datacomm_Login_Failures
> > > # Log accounting to a detail file
> > > AcctLogFileName %L/datacomm_devices
> > > </Handler>
> > >
> > >
> > > <Client x.x.x.x>
> > > Secret YYY
> > > DefaultRealm MODEMS
> > > </Client>
> > >
> > > <Client x.x.x.x>
> > > Secret ZZZ
> > > DupInterval 0
> > > DefaultRealm BACKBONE
> > > </Client>
> > >
> > > <Client x.x.x.x>
> > > Secret ZZZ
> > > DupInterval 0
> > > DefaultRealm Off_Campus_VPN
> > > </Client>
> > >
> > > <Client x.x.x.x>
> > > Secret ZZZ
> > > DupInterval 0
> > > DefaultRealm BACKBONE
> > > </Client>
> > >
> > > <Client x.x.x.x>
> > > Secret YYYY
> > > DefaultRealm MODEMS
> > > </Client>
> > >
> > > <Client x.x.x.x>
> > > Secret ZZZZZ
> > > DupInterval 0
> > > DefaultRealm Backbone_Devices
> > > </Client>
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list