(RADIATOR) Question in <AuthBy EXTERNAL>

Man Meng Fei mf_man at unifiedcomms.com
Wed Oct 1 12:56:21 CDT 2003 

Hi
Currently i am using a sample configuration (external.cfg) and perl
script (testcommand.pl) which can be retrieved from goodies directory to
understand the implementation of <AuthBy EXTERNAL>.
But after i executed it, i can't get the expected test result. I got No
Reply at Radius client. I hope someone can help me to make this <AuthBy
EXTERNAL> sample working.

Lastly i attached Radius Configration file which i used for the testing
and Radius Server and Radius Client's output result

Man Meng Fei



----------radius.cfg-----------
# external.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with 
# EXTERNAL authentication.
#
# There is an example external program called testcommand.pl
# in the goodies directory, whichthe example below uses. It
# will accept the request if the username is "fred" otherwise reject
# it.
#
# So if you run Radiator with this config file, then do
# radpwtst -noacct -trace -user fred
# you will see something like:
# sending Access-Request...
# OK
# Code:       Access-Accept
# Identifier: 109
# Authentic:  <12>_B<215><2>=<149><140>kBM<130><221><10>.S
# Attributes:
#         Reply-Message = "you are fred"
#
# 
# And if you do:
# radpwtst -noacct -trace -user someoneelse
# you will see something like:
# sending Access-Request...
# Rejected
# Code:       Access-Reject
# Identifier: 70
# Authentic:  <165><206>RiJ<208><139><245><129>@<170><136><23>s<24><23>
# Attributes:
#         Reply-Message = "you are NOT fred, you are 'someoneelse'"
#         Reply-Message = "Request Denied"


#
# You should consider this file to be a starting point only
# $Id: external.cfg,v 1.3 2003/09/22 23:30:56 mikem Exp $

Foreground
LogStdout
LogDir		c:/Program Files/Radiator
DbDir		c:/Program Files/Radiator

Trace 		4

# You will probably want to change this to suit your site.
<Client DEFAULT>
	Secret	mysecret
	DupInterval 0
</Client>

<Realm DEFAULT>
	<AuthBy EXTERNAL>
		# For NT, you might want something like this
		Command C:\Perl\bin\testcommand.pl
		
		# For Unix, maybe something like this
#		#Command ./goodies/testcommand.pl

		# This will cause the User-Password
		# to be decrypted before being passed to the
		# external program
		DecryptPassword

		# You might prefer use this to tell AuthBy EXTERNAL
		# to get the result from the first line of the
		# output. The permitted values are ACCEPT, REJECT
		# IGNORE CHALLENGE or REJECT_IMMEDIATE. ON Win98
		# its the only way to get it to work.
		# We recommend you use this method
		ResultInOutput
	</AuthBy>
</Realm>





-------Radius Server Output--------------------------

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\man\Desktop>PERL c:\perl\bin\radiusd
Thu Oct  2 01:16:58 2003: DEBUG: Finished reading configuration file
'C:\Program
 Files\Radiator\radius.cfg'
This Radiator license will expire on 2004-02-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your evaluation period, contact admin at open.com.au

Thu Oct  2 01:16:58 2003: DEBUG: Reading dictionary file 'c:/Program
Files/Radia
tor/dictionary'
Thu Oct  2 01:16:58 2003: DEBUG: Creating authentication port
0.0.0.0:1645
Thu Oct  2 01:16:58 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Thu Oct  2 01:16:58 2003: NOTICE: Server started: Radiator 3.7 on man
(EVALUATIO
N)
Thu Oct  2 01:18:52 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3006 ....
Code:       Access-Request
Identifier: 67
Authentic:  1234567890123456
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password =
"<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"

Thu Oct  2 01:18:52 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Oct  2 01:18:52 2003: DEBUG:  Deleting session for mikem,
203.63.154.1, 1234
Thu Oct  2 01:18:52 2003: DEBUG: Running command:
C:\Perl\bin\testcommand.pl
Thu Oct  2 01:25:09 2003: ERR: ResultInOutput is enabled, but the first
line of from the E
XTRNAL command is an unknown result code
Thu Oct  2 01:25:09 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3006 ....
Code:       Accounting-Request
Identifier: 68
Authentic:  <30>Z<190><154>(<20><153><30><10>c<24><237><243><176>V<236>
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0

Thu Oct  2 01:25:09 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Oct  2 01:25:09 2003: DEBUG:  Adding session for mikem,
203.63.154.1, 1234
Thu Oct  2 01:25:09 2003: DEBUG: Running command:
C:\Perl\bin\testcommand.pl


-------Radius Client Output--------------------------
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\man\Desktop>perl c:\perl\bin\radpwtst -user
mikem -password fred

sending Access-Request...
No reply
sending Accounting-Request Start...
No reply
sending Accounting-Request Stop...
No reply

C:\Documents and Settings\man\Desktop>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list