(RADIATOR) radpwtst question
Hugh Irvine
hugh at open.com.au
Wed Mar 20 17:35:59 CST 2002
Hello Mike -
You are correct. The NAS-IP-Address is an attribute in the request, not the
IP address from which the request was sent.
Can you send me a copy of the current configuration file and the
corresponding trace 4 debug?
thanks
Hugh
On Thu, 21 Mar 2002 06:28, Forbes Mike wrote:
> So setting the nas_ip_address does not affect which client it goes to? I
> changed the default client to have the realm of Modems and I get the same
> error. I did have this working when I had Realms instead of handlers.
>
> Mike
>
> On Wed, 20 Mar 2002, Hugh Irvine wrote:
> > Hello Mike -
> >
> > The problem is that you are receiving the request from localhost, which
> > should be the <Client DEFAULT> clause as far as I can see, so the realm
> > will not be set to MODEMS.
> >
> > regards
> >
> > Hugh
> >
> > On Wed, 20 Mar 2002 11:50, Forbes Mike wrote:
> > > I am having problems with the following radpwtst line and the following
> > > config:
> > > radpwtst -nas_ip_address 128.138.x.x -user unix-tmp -password xxxxxx
> > > -noacct -secret ccccc -auth_port 1647
> > >
> > >
> > > It should use
> > > Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=128.138.x.x, but as you
> > > can see below it does not work. Is this because I am mixing realms and
> > > handlers? I am not really mixing them in the config, just by client.
> > >
> > > Thanks,
> > >
> > > Mike
> > >
> > >
> > > Tue Mar 19 17:45:52
> > > 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 53857 ....
> > > Code: Access-Request
> > > Identifier: 112
> > > Authentic: 1234567890123456
> > > Attributes:
> > > User-Name = "unix-tmp"
> > > Service-Type = Framed-User
> > > NAS-IP-Address = 128.138.x.x
> > > NAS-Port = 1234
> > > Called-Station-Id = "123456789"
> > > Calling-Station-Id = "987654321"
> > > NAS-Port-Type = Async
> > > User-Password = "xxxx"
> > >
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > > Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=128.138.x.x should be
> > > used to handle this request
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > > Realm=MODEMS,NAS-Port-Type=Virtual should be used to handle this
> > > request Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler Realm=MODEMS
> > > should be used to handle this request
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler Realm=Off_Campus_VPN
> > > should be used to handle this request
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > > Realm=Backbone_Devices should be used to handle this request
> > > Tue Mar 19 17:45:52 2002: DEBUG: Check if Handler
> > > Realm=Datacomm_Devices should be used to handle this request
> > > Tue Mar 19 17:45:52 2002: WARNING: Could not find a handler for
> > > unix-tmp: request is ignored
> > >
> > > > #LogStdout
> > > > LogDir /usr/local/radiator/log
> > > > DbDir /usr/local/radiator/etc
> > > > # Use a low trace level in production systems. Increase
> > > > # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> > > > Trace 4
> > > >
> > > > AuthPort 1647
> > > > AcctPort 1648
> > > >
> > > > #<SNMPAgent>
> > > > # ROCommunit xxxx
> > > > #</SNMPAgent>
> > > >
> > > > # You will probably want to add other Clients to suit your site,
> > > > # one for each NAS you want to work with
> > > > <Client DEFAULT>
> > > > Secret XXX
> > > > DupInterval 0
> > > > DefaultRealm Datacomm_devices
> > > > </Client>
> > > >
> > > > <AuthLog FILE>
> > > > Identifier Modem_Login_Failures
> > > > Filename %L/Modem_Login_Failures
> > > > LogFailure 1
> > > > FailureFormat %l:NAS %N
> > > > User:%U:%T:%{NAS-Port-Type}:%{Calling-Station-Id}:%1:Fail
> > > > </Authlog>
> > > >
> > > > <AuthLog FILE>
> > > > Identifier Backbone_Login_Failures
> > > > Filename %L/Backbone_Login_Failures
> > > > LogFailure 1
> > > > FailureFormat %l:NAS %N User:%U:%T:%{NAS-Port-Type}:From
> > > > %{Calling-Station-Id}:%1:Fail
> > > > </Authlog>
> > > >
> > > > <AuthLog FILE>
> > > > Identifier Datacomm_Login_Failures
> > > > Filename %L/Datacomm_Login_Failures
> > > > LogFailure 1
> > > > FailureFormat %l:NAS %N
> > > > User:%U:%T:%{NAS-Port-Type}:%{Calling-Station-Id}:%1:Fail
> > > > </Authlog>
> > > >
> > > > <AuthLog FILE>
> > > > Identifier VPN_Login_Failures
> > > > Filename %L/VPN_Login_Failures
> > > > LogFailure 1
> > > > FailureFormat %l:NAS %N User:%U:%T:%{NAS-Port-Type}:From
> > > > %{Calling-Station-Id}:%1:Fail
> > > > </Authlog>
> > > >
> > > >
> > > > <Handler Realm=MODEMS,NAS-Port-Type=Async,NAS-IP-Address=x.x.x.x>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > > <AuthBy GROUP>
> > > > AuthByPolicy ContinueUntilReject
> > > > <AuthBy PAM>
> > > > Service radiusd
> > > > </AuthBy>
> > > > <AuthBy FILE>
> > > > Filename %D/backbone_users
> > > > </AuthBy>
> > > > </AuthBy>
> > > > AuthLog Modem_Login_Failures
> > > > # Log accounting to a detail file
> > > > AcctLogFileName %L/modem_pool_backbone_users
> > > > </Handler>
> > > >
> > > > <Handler Realm=MODEMS,NAS-Port-Type=Virtual>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > > <AuthBy GROUP>
> > > > AuthByPolicy ContinueUntilReject
> > > > <AuthBy PAM>
> > > > Service radiusd
> > > > </AuthBy>
> > > >
> > > > <AuthBy FILE>
> > > > Filename %D/backbone_users
> > > > </AuthBy>
> > > > </AuthBy>
> > > > AuthLog Backbone_Login_Failures
> > > > # Log accounting to a detail file
> > > > AcctLogFileName %L/modems_backbone_users
> > > > </Handler>
> > > >
> > > > <Handler Realm=MODEMS>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > > <AuthBy GROUP>
> > > > AuthByPolicy ContinueUntilReject
> > > > <AuthBy PAM>
> > > > Service radiusd
> > > > </AuthBy>
> > > > <AuthBy LDAP2>
> > > > Host ggggg
> > > > Port 389
> > > > AuthDN
> > > > uid=xx,ou=xx,ou=xx,dc=xx,dc=xx
> > > > AuthPassword xxxxxx
> > > > BaseDN dc=xx,dc=xx
> > > > NoDefault
> > > > UsernameAttr uid
> > > > SearchFilter
> > > > (&(edupersonprimaryaffiliation=xxx)(uid=%1))
> > > > Debug 255
> > > > </AuthBy>
> > > > </AuthBy>
> > > > AuthLog Modem_Login_Failures
> > > > AcctLogFileName %L/Modems
> > > > </Handler>
> > > >
> > > >
> > > > <Handler Realm=Off_Campus_VPN>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > > <AuthBy GROUP>
> > > > AuthByPolicy ContinueUntilReject
> > > > <AuthBy PAM>
> > > > Service radiusd
> > > > </AuthBy>
> > > > <AuthBy LDAP2>
> > > > Host ggggg
> > > > Port 389
> > > > AuthDN
> > > > uid=xx,ou=xx,ou=xx,dc=xx,dc=xx
> > > > AuthPassword xxxxxx
> > > > BaseDN dc=xx,dc=xx
> > > > NoDefault
> > > > UsernameAttr uid
> > > > SearchFilter
> > > > (&(edupersonprimaryaffiliation=xx)(uid=%1))
> > > > Debug 255
> > > > </AuthBy>
> > > > </AuthBy>
> > > > AuthLog VPN_Login_Failures
> > > > AcctLogFileName %L/Off_Campus_VPN
> > > > </Handler>
> > > >
> > > > <Handler Realm=Backbone_Devices>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > > <AuthBy GROUP>
> > > > AuthByPolicy ContinueUntilReject
> > > > <AuthBy PAM>
> > > > Service radiusd
> > > > </AuthBy>
> > > >
> > > > <AuthBy FILE>
> > > > Filename %D/backbone_users
> > > > </AuthBy>
> > > > </AuthBy>
> > > > AuthLog Backbone_Login_Failures
> > > > # Log accounting to a detail file
> > > > AcctLogFileName %L/backbone_devices
> > > > </Handler>
> > > >
> > > > <Handler Realm=Datacomm_Devices>
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > > <AuthBy GROUP>
> > > > AuthByPolicy ContinueUntilReject
> > > > <AuthBy PAM>
> > > > Service radiusd
> > > > </AuthBy>
> > > >
> > > > <AuthBy FILE>
> > > > Filename %D/backbone_users
> > > > </AuthBy>
> > > > </AuthBy>
> > > > AuthLog Datacomm_Login_Failures
> > > > # Log accounting to a detail file
> > > > AcctLogFileName %L/datacomm_devices
> > > > </Handler>
> > > >
> > > >
> > > > <Client x.x.x.x>
> > > > Secret YYY
> > > > DefaultRealm MODEMS
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > > Secret ZZZ
> > > > DupInterval 0
> > > > DefaultRealm BACKBONE
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > > Secret ZZZ
> > > > DupInterval 0
> > > > DefaultRealm Off_Campus_VPN
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > > Secret ZZZ
> > > > DupInterval 0
> > > > DefaultRealm BACKBONE
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > > Secret YYYY
> > > > DefaultRealm MODEMS
> > > > </Client>
> > > >
> > > > <Client x.x.x.x>
> > > > Secret ZZZZZ
> > > > DupInterval 0
> > > > DefaultRealm Backbone_Devices
> > > > </Client>
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list