(RADIATOR) radpwtst question

Hugh Irvine hugh at open.com.au
Wed Mar 20 17:35:59 CST 2002


Hello Mike -

You are correct. The NAS-IP-Address is an attribute in the request, not the 
IP address from which the request was sent.

Can you send me a copy of the current configuration file and the 
corresponding trace 4 debug?

thanks

Hugh


On Thu, 21 Mar 2002 06:28, Forbes Mike wrote:
> So setting the nas_ip_address does not affect which client it goes to?  I
> changed the default client to have the realm of Modems and I get the same
> error.  I did have this working when I had Realms instead of handlers.
>
> Mike
>
> On Wed, 20 Mar 2002, Hugh Irvine wrote:
> > Hello Mike -
> >
> > The problem is that you are receiving the request from localhost, which
> > should be the <Client DEFAULT> clause as far as I can see, so the realm
> > will not be set to MODEMS.
> >
> > regards
> >
> > Hugh
> >
> > On Wed, 20 Mar 2002 11:50, Forbes Mike wrote:
> > > I am having problems with the following radpwtst line and the following
> > > config:
> > > radpwtst -nas_ip_address 128.138.x.x -user unix-tmp -password xxxxxx
> > > -noacct -secret ccccc  -auth_port 1647
> > >
> > >
> > > It should use
> > > Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=128.138.x.x, but as you
> > > can see below it does not work.  Is this because I am mixing realms and
> > > handlers?  I am not really mixing them in the config, just by client.
> > >
> > > Thanks,
> > >
> > > Mike
> > >
> > >
> > >  Tue Mar 19 17:45:52
> > > 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 53857 ....
> > > Code:       Access-Request
> > > Identifier: 112
> > > Authentic:  1234567890123456
> > > Attributes:
> > >         User-Name = "unix-tmp"
> > >         Service-Type = Framed-User
> > >         NAS-IP-Address = 128.138.x.x
> > >         NAS-Port = 1234
> > >         Called-Station-Id = "123456789"
> > >         Calling-Station-Id = "987654321"
> > >         NAS-Port-Type = Async
> > >         User-Password = "xxxx"
> > >
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > > Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=128.138.x.x should be
> > > used to handle this request
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > > Realm=MODEMS,NAS-Port-Type=Virtual should be used to handle this
> > > request Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler Realm=MODEMS
> > > should be used to handle this request
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler Realm=Off_Campus_VPN
> > > should be used to handle this request
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > > Realm=Backbone_Devices should be used to handle this request
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > > Realm=Datacomm_Devices should be used to handle this request
> > > Tue Mar 19 17:45:52 2002: WARNING: Could not find a handler for
> > > unix-tmp: request is ignored
> > >
> > > > #LogStdout
> > > > LogDir          /usr/local/radiator/log
> > > > DbDir           /usr/local/radiator/etc
> > > > # Use a low trace level in production systems. Increase
> > > > # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> > > > Trace   4
> > > >
> > > > AuthPort 1647
> > > > AcctPort 1648
> > > >
> > > > #<SNMPAgent>
> > > > #       ROCommunit  xxxx
> > > > #</SNMPAgent>
> > > >
> > > > # You will probably want to add other Clients to suit your site,
> > > > # one for each NAS you want to work with
> > > > <Client DEFAULT>
> > > >         Secret  XXX
> > > >         DupInterval 0
> > > >         DefaultRealm Datacomm_devices
> > > > </Client>
> > > >
> > > > <AuthLog FILE>
> > > >         Identifier Modem_Login_Failures
> > > >         Filename %L/Modem_Login_Failures
> > > >         LogFailure 1
> > > >         FailureFormat %l:NAS %N
> > > > User:%U:%T:%{NAS-Port-Type}:%{Calling-Station-Id}:%1:Fail
> > > > </Authlog>
> > > >
> > > > <AuthLog FILE>
> > > >         Identifier Backbone_Login_Failures
> > > >         Filename %L/Backbone_Login_Failures
> > > >         LogFailure 1
> > > >         FailureFormat %l:NAS %N User:%U:%T:%{NAS-Port-Type}:From
> > > > %{Calling-Station-Id}:%1:Fail
> > > > </Authlog>
> > > >
> > > > <AuthLog FILE>
> > > >         Identifier Datacomm_Login_Failures
> > > >         Filename %L/Datacomm_Login_Failures
> > > >         LogFailure 1
> > > >         FailureFormat %l:NAS %N
> > > > User:%U:%T:%{NAS-Port-Type}:%{Calling-Station-Id}:%1:Fail
> > > > </Authlog>
> > > >
> > > > <AuthLog FILE>
> > > >         Identifier VPN_Login_Failures
> > > >         Filename %L/VPN_Login_Failures
> > > >         LogFailure 1
> > > >         FailureFormat %l:NAS %N User:%U:%T:%{NAS-Port-Type}:From
> > > > %{Calling-Station-Id}:%1:Fail
> > > > </Authlog>
> > > >
> > > >
> > > > <Handler Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=x.x.x.x>
> > > >         RewriteUsername s/^([^@]+).*/$1/
> > > >         <AuthBy GROUP>
> > > >                 AuthByPolicy ContinueUntilReject
> > > >                 <AuthBy PAM>
> > > >                         Service radiusd
> > > >                 </AuthBy>
> > > >                 <AuthBy FILE>
> > > >                         Filename %D/backbone_users
> > > >                 </AuthBy>
> > > >         </AuthBy>
> > > >         AuthLog Modem_Login_Failures
> > > >         # Log accounting to a detail file
> > > >         AcctLogFileName %L/modem_pool_backbone_users
> > > > </Handler>
> > > >
> > > > <Handler Realm=MODEMS,NAS-Port-Type=Virtual>
> > > >         RewriteUsername s/^([^@]+).*/$1/
> > > >         <AuthBy GROUP>
> > > >                 AuthByPolicy ContinueUntilReject
> > > >                 <AuthBy PAM>
> > > >                         Service radiusd
> > > >                 </AuthBy>
> > > >
> > > >                 <AuthBy FILE>
> > > >                         Filename %D/backbone_users
> > > >                 </AuthBy>
> > > >         </AuthBy>
> > > >         AuthLog Backbone_Login_Failures
> > > >         # Log accounting to a detail file
> > > >         AcctLogFileName %L/modems_backbone_users
> > > > </Handler>
> > > >
> > > > <Handler Realm=MODEMS>
> > > >         RewriteUsername s/^([^@]+).*/$1/
> > > >         <AuthBy GROUP>
> > > >                 AuthByPolicy ContinueUntilReject
> > > >                 <AuthBy PAM>
> > > >                         Service radiusd
> > > >                 </AuthBy>
> > > >                 <AuthBy LDAP2>
> > > >                         Host ggggg
> > > >                         Port 389
> > > >                         AuthDN
> > > > uid=xx,ou=xx,ou=xx,dc=xx,dc=xx
> > > >                         AuthPassword xxxxxx
> > > >                         BaseDN  dc=xx,dc=xx
> > > >                         NoDefault
> > > >                         UsernameAttr uid
> > > >                         SearchFilter
> > > > (&(edupersonprimaryaffiliation=xxx)(uid=%1))
> > > >                         Debug 255
> > > >                 </AuthBy>
> > > >         </AuthBy>
> > > >         AuthLog Modem_Login_Failures
> > > >          AcctLogFileName %L/Modems
> > > > </Handler>
> > > >
> > > >
> > > > <Handler Realm=Off_Campus_VPN>
> > > >         RewriteUsername s/^([^@]+).*/$1/
> > > >         <AuthBy GROUP>
> > > >                 AuthByPolicy ContinueUntilReject
> > > >                 <AuthBy PAM>
> > > >                         Service radiusd
> > > >                 </AuthBy>
> > > >                 <AuthBy LDAP2>
> > > >                         Host ggggg
> > > >                         Port 389
> > > >                         AuthDN
> > > > uid=xx,ou=xx,ou=xx,dc=xx,dc=xx
> > > >                         AuthPassword xxxxxx
> > > >                         BaseDN  dc=xx,dc=xx
> > > >                         NoDefault
> > > >                         UsernameAttr uid
> > > >                         SearchFilter
> > > > (&(edupersonprimaryaffiliation=xx)(uid=%1))
> > > >                         Debug 255
> > > >                 </AuthBy>
> > > >         </AuthBy>
> > > >         AuthLog VPN_Login_Failures
> > > >          AcctLogFileName %L/Off_Campus_VPN
> > > > </Handler>
> > > >
> > > > <Handler Realm=Backbone_Devices>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > >         <AuthBy GROUP>
> > > >                 AuthByPolicy ContinueUntilReject
> > > >                 <AuthBy PAM>
> > > >                         Service radiusd
> > > >                 </AuthBy>
> > > >
> > > >                 <AuthBy FILE>
> > > >                         Filename %D/backbone_users
> > > >                 </AuthBy>
> > > >         </AuthBy>
> > > >         AuthLog Backbone_Login_Failures
> > > >         # Log accounting to a detail file
> > > >         AcctLogFileName %L/backbone_devices
> > > > </Handler>
> > > >
> > > > <Handler Realm=Datacomm_Devices>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > >         <AuthBy GROUP>
> > > >                 AuthByPolicy ContinueUntilReject
> > > >                 <AuthBy PAM>
> > > >                         Service radiusd
> > > >                 </AuthBy>
> > > >
> > > >                 <AuthBy FILE>
> > > >                         Filename %D/backbone_users
> > > >                 </AuthBy>
> > > >         </AuthBy>
> > > >         AuthLog Datacomm_Login_Failures
> > > >         # Log accounting to a detail file
> > > >         AcctLogFileName %L/datacomm_devices
> > > > </Handler>
> > > >
> > > >
> > > > <Client x.x.x.x>
> > > >         Secret YYY
> > > >         DefaultRealm MODEMS
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > >         Secret  ZZZ
> > > >         DupInterval 0
> > > >         DefaultRealm BACKBONE
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > >         Secret  ZZZ
> > > >         DupInterval 0
> > > >         DefaultRealm Off_Campus_VPN
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > >         Secret  ZZZ
> > > >         DupInterval 0
> > > >         DefaultRealm BACKBONE
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > >         Secret YYYY
> > > >         DefaultRealm MODEMS
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > >         Secret ZZZZZ
> > > >         DupInterval 0
> > > >         DefaultRealm Backbone_Devices
> > > > </Client>
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list