(RADIATOR) question about Radiator and Orinoco AP-2500
Hugh Irvine
hugh at open.com.au
Wed Mar 19 16:07:59 CST 2003
Hello Primoz -
You should probably use a packet sniffer (snoop, tcpdump,
ethereal...)to check on exactly what radius reply attributes are being
sent back by Cisco ACS and then configure Radiator to send the same
ones.
In general you will need at least the following:
<Realm DEFAULT>
<AuthBy FILE>
Filename /radiator/conf/users
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP
</AuthBy>
</Realm>
regards
Hugh
On Wednesday, Mar 19, 2003, at 20:24 Australia/Melbourne, Primoz
Jeroncic wrote:
> Hi there
>
> I was trying to find something about this in mailing list archive but
> I didn't have to much luck so I hope you won't mind to much if this
> question was answered already.
>
> I have Orinoco (Proxim) AP-2500 which I configured for getting
> authorization about allowed users from external Radius. My problem
> is that when I use Cisco Secure ACS as Radius it works fine and
> clients can browse web, send mails, use telnet etc. without problems
> once when they sign with their username and password. As soon as I
> change Cisco Secure ACS with Radiator only thing which still works
> is browsing web. Sending mail, telneting etc. stop working. I'm
> almost 100% sure there's just one small thing which should be
> configured with Radiator to send back to Orinoco some attributes
> and everything would work, but I really don't have any idea what
> those attributes would be, since even on Cisco Secure ACS I didn't
> configure anythnig special except username and password for user
> and client IP address and authentication key (using Radius IETF
> authentication not some vendor specific one).
>
> Problem is that I would really like to use Radiator for this
> and not something else, since I can write some aplication which will
> be maintaining users file, much easier then playing with some SQL
> for same purpose. And not to mention that I would rather have it
> run on some Unix box and not Windows server. Cisco ACS runs on Solaris
> too but for this project I don't have budget for Sun machine and
> Cisco ACS doesn't run on Solaris for Intel.
>
> Btw.. current config is this:
> Radius.cfg
>
> <Client 10.0.0.10>
> Secret test
> DupInterval 0
> </Client>
> <Realm DEFAULT>
> <AuthBy FILE>
> Filename /radiator/conf/users
> </AuthBy>
> </Realm>
>
> /radiator/conf/users
> user1 Password = "test1", Expiration = 25/03/03
> Idle-Timeout = 5,
> Session-Timeout = 5,
> Fall-Through = yes
>
> Thanks in advance for any help.
>
> Best regards,
> Primoz Jeroncic
> Support - IP/VoIP Connectivity & Routing
> -------------------------------------------------------------------
> Softnet d.o.o. tel: +386 1 562 31 40 |
> Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3
> 1236 Trzin mailto:primoz at softnet.si | for larger values of 1
> Slovenija http://www.softnet.si/primoz
> -------------------------------------------------------------------
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list