(RADIATOR) Reverse Proxy POD
Hugh Irvine
hugh at open.com.au
Mon Dec 15 17:51:31 CST 2003
Hello Rabbie -
I suspect the shared secrets are not correct between "radpwtst" and the
corresponding Client clause in the Radiator configuration.
There was also a recent fix for this in Radiator 3.7.1 (from the
history file):
◦ AuthBy RADIUS now correctly handles replies of type
Disconnect-Request-ACKed. Contributed by Robert Thomson.
regards
Hugh
On 16/12/2003, at 10:33 AM, Rabbie Zalaf wrote:
> Hi All.
>
>
>
> I am trying to set up a reverse RADIUS proxy to do POD to our LNS.
>
>
>
> If I send the Disconnect-Request directly to the LNS it works fine..
>
> Eg:
>
> radpwtst -trace 4 -acct_port 1234 -secret xxxxxxx -s xxx.xxx.xxx.xxx
> -noauth -noacct -code Disconnect-Request -dictionary
> /etc/radiator/dictionary "User-Name=DISCONNECTME"
>
>
>
> However, if send the request to the localhost so it gets proxies, it
> comes back as INVALID AUTHENTICATOR...
>
>
>
> Tue Dec 1610:15:472003: DEBUG: Packet dump:
>
> *** Sending to xxx.xxx.xxx.xxx port 1234 ....
>
> Code: Disconnect-Request
>
> Identifier: 1
>
> Authentic: <127><191>b<215><215><135><143><217>Y<220><227><30><130>E>Z
>
> Attributes:
>
> User-Name = "DISCONNECTME"
>
>
>
> Tue Dec 1610:15:472003: DEBUG: Packet dump:
>
> *** Received from xxx.xxx.xxx.xxx port 1234 ....
>
> Code: Disconnect-Request-NAKed
>
> Identifier: 1
>
> Authentic: Y<216><128>+',<141><174>6$<132><201>P<230>L9
>
> Attributes:
>
> Reply-Message = "Invalid Authenticator"
>
>
>
>
>
> Here is the config for my proxy.
>
>
>
> #Foreground
>
> #LogStdout
>
> LogDir /var/log/radius
>
> DbDir /etc/radiator
>
>
>
> # ServerId is defined on command line
>
> PidFile %L/%{GlobalVar:ServerId}.pid
>
> LogFile %L/%{GlobalVar:ServerId}/logfile-%Y-%m-%d
>
>
>
> Trace 4
>
>
>
> BindAddress xxx.xxx.xxx.xxx
>
>
>
> AuthPort 1815
>
> AcctPort
>
>
>
> # Use a low trace level in production systems. Increase
>
> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>
>
>
> <ClientListSQL>
>
> DBSource dbi:mysql:radius
>
> DBUsername username
>
> DBAuth password
>
> </Client>
>
>
>
> <Handler>
>
> <AuthBy RADIUS>
>
> Host 1.2.3.4
>
> AuthPort 1234
>
> Secret somesecret
>
> </AuthBy>
>
> </Handler>
>
>
>
> Any help would be greately appreciated.
>
>
>
> Rabbie Zalaf
> Network Consultant
> Leading Edge Internet
> 02 9497 4024
> http://www.leadingedgeinternet.net.au
>
> -----BEGIN GEEK CODE BLOCK-----
> VERSION: 3.1
> GIT d++ s:>s-:- a22 C++++ L U+++
> P+ L+++>$L+++++ E--- W+++ w-- M--
> t+++ G++
> -----END GEEK CODE BLOCK-----
>
> This document together with any attachments is confidential and is
> intended for the named recipient only. It can not be copied,
> disclosed, passed on or duplicated in any way shape or form, without
> the prior permission of the author. If you are not the intended
> recipient please contact the author immediately and destroy the
> message. All parties acknowledge that any breach of confidence or
> disclosures made by any party, (including their employees, agents and
> contracted service providers such as solicitors, accountants, auditors
> and others), which may result in a commercial loss to Leading Edge
> Group, may result in Leading Edge Group exercising such rights as are
> available to them in connection with that loss.
>
>
>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list