Radiator on Windows 2000 AuthbyNT hangs (was: Re: (RADIATOR) Difference between NT4.0 or Windows 2000 for Radia tor CORRECTION)
Nico de Groot
ndegroot at ktu.nl
Sat Feb 22 10:22:45 CST 2003
After reinstalling Perl 5.6.1 all seemed well, my local testscript runs
fine. But handling a 'real' request (with same id) hangs Radiator.
Radiator 3.3
Perl 5.6.1
I included trace 4 log and configuration-file below
Nico de Groot
KT University
Netherlands
Logfile--------------------------
Sat Feb 22 16:56:42 2003: DEBUG: Packet dump:
*** Received from 131.211.16.40 port 1840 ....
Code: Access-Request
Identifier: 129
Authentic: <8>sk<169><18><170><197>-@<139>bc<21>=<188><148>
Attributes:
Framed-Protocol = PPP
User-Name = "ndegroot at ktu.nl"
User-Password = "<150>P)<18><29><172><207>"=<25>E?<133><253><140><238>"
NAS-Port-Type = Async
Calling-Station-Id = "207798110"
Called-Station-Id = "877880070"
Service-Type = Framed-User
NAS-IP-Address = 195.169.131.8
Sat Feb 22 16:56:42 2003: DEBUG: Handling request with Handler
'Realm=ktu.nl'
Sat Feb 22 16:56:42 2003: DEBUG: Rewrote user name to ndegroot
Sat Feb 22 16:56:42 2003: DEBUG: Deleting session for ndegroot at ktu.nl,
195.169.131.8,
Sat Feb 22 16:56:42 2003: DEBUG: Handling with Radius::AuthFILE:
Sat Feb 22 16:56:42 2003: DEBUG: Radius::AuthFILE looks for match with
ndegroot
Sat Feb 22 16:56:42 2003: DEBUG: Handling with NT
Radiators hangs.
Radius.cfg --------
# radius.cfg
#
# Configuration file for radius server
# Author: Nico de Groot (NdeGroot at ktu.nl)
#
# Filenames configured here can use special formatting characters:
# %D DbDir
# %L LogDir
# Trace makes the server log increasing levels of detail about
# its internal operations.
Trace 4
# The name of the file where the radiusd PID will be
# written after startup
PidFile ./radiusd.pid
# AuthPort specifies the port to list on for authentication requests
AuthPort 1645
# AcctPort specifies the port to list on for accounting requests
AcctPort 1646
# LogDir is the directory where logfiles are put
LogDir ./log
# DbDir is the directory where database and config are put
DbDir ./db
# LogFile is the name of the log file.
LogFile %L/logfile
# DictionaryFile is the name of the Radius dictionary file
DictionaryFile %D/dictionary
# <Client hostname> is used to define each radius client to which
# we will respond. Requests received from clients that arent named by
# Client clauses in this file here will be ignored
# radius1.surf.nl=radius1.studentennet.nl
# radius2.surf.nl=radius2.studentennet.nl
<Client DEFAULT>
Secret een.geheimpje!!
DupInterval 0
IgnoreAcctSignature
</Client>
<Client radius1.uu.nl>
Secret alles.is.ijdelheid!
IgnoreAcctSignature
</Client>
<Client radius2.uu.nl>
Secret alles.is.ijdelheid!
IgnoreAcctSignature
</Client>
<Client radius1.surf.nl>
Secret een.geheimpje!!
IgnoreAcctSignature
</Client>
<Client radius2.surf.nl>
Secret een.geheimpje!!
IgnoreAcctSignature
</Client>
<Client radius-uci.studentennet.nl>
Secret een.geheimpje!!
IgnoreAcctSignature
</Client>
<Client radius-sara.studentennet.nl>
Secret een.geheimpje!!
IgnoreAcctSignature
</Client>
# voor lokaal testen met radpwst
<Client localhost>
Secret alles.is.ijdelheid!
DupInterval 0
IgnoreAcctSignature
</Client>
<Client kt183.ktu.nl>
Secret mysecret
DupInterval 0
IgnoreAcctSignature
</Client>
# <Realm realm.name> defines how we will handle requests from users
# in that realm. You can have one or more <Realm ...> clauses, one
# for each realm that you are prepared to authenticate.
# For each realm, we can specify a different method of handling
# authentication and accounting with an <AuthBy ...> clause.
<Realm ktu.nl>
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 9999
AcctLogFileName %L/ktu.detail
WtmpFileName %L/ktu.wtmp
# PasswordLogFileName %L/ktu.passwd
<AuthBy FILE>
Filename %D/ktu.users
</AuthBy>
</Realm>
<Realm DEFAULT>
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 9999
AcctLogFileName %L/detail
WtmpFileName %L/wtmp
<AuthBy FILE>
Filename %D/ktu.users
</AuthBy>
</Realm>
<AuthBy NT>
Identifier NT-Theologie
Domain THEOLOGIE
DomainController \\DIENAAR01
IgnorePasswordChange
</AuthBy>
#<AuthBy NT>
# Identifier NT-Studenten
# Domain STUDENTEN
# DomainController \\BONIFATIUS
# IgnorePasswordChange
#</AuthBy>
----- Original Message -----
From: "Mike McCauley" <mikem at open.com.au>
To: "Hugh Irvine" <hugh at open.com.au>; "Groot N. de" <NdeGroot at ktu.nl>
Cc: <radiator at open.com.au>
Sent: Saturday, February 22, 2003 12:47 AM
Subject: Re: (RADIATOR) Difference between NT4.0 or Windows 2000 for Radia
tor CORRECTION
> Hello Hugh and Nico,
>
> I have confirmed other problems with AuthenticateUser on ActivePerl 5.8 on
> 2000 server.
>
> I recommend you downgrade to ActivePerl 5.6.1 (which is still available on
the
> ActivePerl doenloads page).
>
> I have also added something to the Radiator FAQ for future reference.
>
> We are sorry you are having problems with this.
>
> Cheers.
>
> On Sat, 22 Feb 2003 08:45 am, Hugh Irvine wrote:
> > Hello Nico -
> >
> > There is a problem with ActivePerl 5.8, which as you have discovered
> > lacks a previously included module.
> >
> > The best way forward is to download the previous version of Perl (5.6)
> > from ActiveState.
> >
> > BTW - the latest version of Radiator is 3.5.
> >
> > I have copied this mail to Mike as well, as he has been looking into
> > this problem.
> >
> > regards
> >
> > Hugh
> >
> >
> > On Saturday, Feb 22, 2003, at 03:48 Australia/Melbourne, Groot N. de
> >
> > wrote:
> > > I think I located the problem. It does *not* seem to be NT/W2K
> > > related. A
> > > Win32:AuthenticatedUser.pm is/was missing in \perl\site\lib\win32. I
> > > searched for a Win32 module that contains this function, no luck. I
> > > did find
> > > references and an the pm file on some server. Just copying the file to
> > > the
> > > win32 dir not help: complaints in the log about 'loadable module'.
> > >
> > > My original working Perl distribution isn't available (hdisk crash)
> > > I'm using the recent ActivePerl distribution 5.8.0 and Radiator 3.3.1
> > >
> > > Nico de Groot
> > > KTU
> > >
> > >
> > >
> > >
> > >
> > > -----Oorspronkelijk bericht-----
> > > Van: Groot N. de [mailto:NdeGroot at ktu.nl]
> > > Verzonden: vrijdag 21 februari 2003 14:17
> > > Aan: 'radiator at open.com.au'
> > > Onderwerp: (RADIATOR) Difference between NT4.0 or Windows 2000 for
> > > Radiator
> > >
> > >
> > > I have been running Radiator succesfully with NT Authenticating on a
> > > NT4.0
> > > workstation. But after updating to W2000 the NT authentication results
> > > in
> > > 'Bad Authenticator'.
> > >
> > > The radiator installation is exactly the same ( is on networkshare)
> > > I reinstalled Activestate Perl. test.pl runs ok (except the
> > > Chap-tests, but
> > > chap isn't used in Authby NT)
> > >
> > > Are there any differences between running this configuration on NT 4.0
> > > and
> > > W2K?
> > >
> > >
> > > Thanks for reading this,
> > >
> > > Nico de Groot
> > > KT University
> > > Netherlands
> > >
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list