(RADIATOR) Question in <AuthBy EXTERNAL>

Man Meng Fei mf_man at unifiedcomms.com
Wed Oct 1 22:20:21 CDT 2003


Hi
I have changed the radius configuration file by adding "perl" after the
command which look 

Command perl C:/Radiator/goodies/testcommand.pl

After change the configuration file, the radius server able receive the
client request and execute the PERL script, but there are no return from
the perl script, may i know where went wrong ? The purpose for this
testing is i want to find out how to pass the RADIUS attribute value
into the perl program, and get the reply value from the perl script.
Hope you can help me on this.

Below are the information i got from the Radius Server and Client
console screen.

Thank you 

MAN


------------------Radius Server Console Screen---------------------

C:\>PERL c:\perl\bin\radiusd
Thu Oct  2 10:47:49 2003: DEBUG: Finished reading configuration file
'C:\Program Files\Rad
iator\radius.cfg'
This Radiator license will expire on 2004-02-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your evaluation period, contact admin at open.com.au

Thu Oct  2 10:47:49 2003: DEBUG: Reading dictionary file 'c:/Program
Files/Radiator/dictio
nary'
Thu Oct  2 10:47:49 2003: DEBUG: Creating authentication port
0.0.0.0:1645
Thu Oct  2 10:47:49 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Thu Oct  2 10:47:49 2003: NOTICE: Server started: Radiator 3.7 on man
(EVALUATION)
Thu Oct  2 10:47:52 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3508 ....
Code:       Access-Request
Identifier: 37
Authentic:  1234567890123456
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password =
"<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"

Thu Oct  2 10:47:52 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Oct  2 10:47:52 2003: DEBUG:  Deleting session for mikem,
203.63.154.1, 1234
Thu Oct  2 10:47:52 2003: DEBUG: Running command: perl
C:/Radiator/goodies/testcommand.pl

--------------------------------------------------------

---------------Radius Client Console Screen---------------------
C:\>perl c:\perl\bin\radpwtst -user mikem -password fred
sending Access-Request...
No reply
sending Accounting-Request Start...
No reply
sending Accounting-Request Stop...
No reply

C:\>perl c:\perl\bin\radpwtst -user mikem -password fred
sending Access-Request...
No reply
sending Accounting-Request Start...
No reply
sending Accounting-Request Stop...
No reply

C:\>




-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Thursday, October 02, 2003 10:24 AM
To: mf_man at unifiedcomms.com
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Question in <AuthBy EXTERNAL>



Hello Man Meng Fei -

I suspect that Radiator is not able to run the external command.

What happens when you run the following in a MS-DOS window:

	C:\Perl\bin\testcommand.pl

There is probably something wrong with either the path or the contents 
of the file.

regards

Hugh


On Thursday, Oct 2, 2003, at 03:56 Australia/Melbourne, Man Meng Fei 
wrote:

> Hi
> Currently i am using a sample configuration (external.cfg) and perl 
> script (testcommand.pl) which can be retrieved from goodies directory 
> to understand the implementation of <AuthBy EXTERNAL>.
> But after i executed it, i can't get the expected test result. I got
No
> Reply at Radius client. I hope someone can help me to make this
<AuthBy
> EXTERNAL> sample working.
>
> Lastly i attached Radius Configration file which i used for the 
> testing and Radius Server and Radius Client's output result
>
> Man Meng Fei
>
>
>
> ----------radius.cfg-----------
> # external.cfg
> #
> # Example Radiator configuration file.
> # This very simple file will allow you to get started with
> # EXTERNAL authentication.
> #
> # There is an example external program called testcommand.pl # in the 
> goodies directory, whichthe example below uses. It # will accept the 
> request if the username is "fred" otherwise reject # it.
> #
> # So if you run Radiator with this config file, then do
> # radpwtst -noacct -trace -user fred
> # you will see something like:
> # sending Access-Request...
> # OK
> # Code:       Access-Accept
> # Identifier: 109
> # Authentic:  <12>_B<215><2>=<149><140>kBM<130><221><10>.S
> # Attributes:
> #         Reply-Message = "you are fred"
> #
> #
> # And if you do:
> # radpwtst -noacct -trace -user someoneelse
> # you will see something like:
> # sending Access-Request...
> # Rejected
> # Code:       Access-Reject
> # Identifier: 70
> # Authentic:
<165><206>RiJ<208><139><245><129>@<170><136><23>s<24><23>
> # Attributes:
> #         Reply-Message = "you are NOT fred, you are 'someoneelse'"
> #         Reply-Message = "Request Denied"
>
>
> #
> # You should consider this file to be a starting point only
> # $Id: external.cfg,v 1.3 2003/09/22 23:30:56 mikem Exp $
>
> Foreground
> LogStdout
> LogDir		c:/Program Files/Radiator
> DbDir		c:/Program Files/Radiator
>
> Trace 		4
>
> # You will probably want to change this to suit your site. <Client 
> DEFAULT>
> 	Secret	mysecret
> 	DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> 	<AuthBy EXTERNAL>
> 		# For NT, you might want something like this
> 		Command C:\Perl\bin\testcommand.pl
> 		
> 		# For Unix, maybe something like this
> #		#Command ./goodies/testcommand.pl
>
> 		# This will cause the User-Password
> 		# to be decrypted before being passed to the
> 		# external program
> 		DecryptPassword
>
> 		# You might prefer use this to tell AuthBy EXTERNAL
> 		# to get the result from the first line of the
> 		# output. The permitted values are ACCEPT, REJECT
> 		# IGNORE CHALLENGE or REJECT_IMMEDIATE. ON Win98
> 		# its the only way to get it to work.
> 		# We recommend you use this method
> 		ResultInOutput
> 	</AuthBy>
> </Realm>
>
>
>
>
>
> -------Radius Server Output--------------------------
>
> Microsoft Windows 2000 [Version 5.00.2195]
> (C) Copyright 1985-2000 Microsoft Corp.
>
> C:\Documents and Settings\man\Desktop>PERL c:\perl\bin\radiusd Thu Oct

> 2 01:16:58 2003: DEBUG: Finished reading configuration file 
> 'C:\Program  Files\Radiator\radius.cfg'
> This Radiator license will expire on 2004-02-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your evaluation period, contact admin at open.com.au
>
> Thu Oct  2 01:16:58 2003: DEBUG: Reading dictionary file 'c:/Program 
> Files/Radia tor/dictionary'
> Thu Oct  2 01:16:58 2003: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Thu Oct  2 01:16:58 2003: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu Oct  2 01:16:58 2003: NOTICE: Server started: Radiator 3.7 on man
> (EVALUATIO
> N)
> Thu Oct  2 01:18:52 2003: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 3006 ....
> Code:       Access-Request
> Identifier: 67
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "mikem"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
>
> Thu Oct  2 01:18:52 2003: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT' Thu Oct  2 01:18:52 2003: DEBUG:  Deleting session for

> mikem, 203.63.154.1, 1234
> Thu Oct  2 01:18:52 2003: DEBUG: Running command:
> C:\Perl\bin\testcommand.pl
> Thu Oct  2 01:25:09 2003: ERR: ResultInOutput is enabled, but the
first
> line of from the E
> XTRNAL command is an unknown result code
> Thu Oct  2 01:25:09 2003: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 3006 ....
> Code:       Accounting-Request
> Identifier: 68
> Authentic:
<30>Z<190><154>(<20><153><30><10>c<24><237><243><176>V<236>
> Attributes:
>         User-Name = "mikem"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         Acct-Session-Id = "00001234"
>         Acct-Status-Type = Start
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         Acct-Delay-Time = 0
>
> Thu Oct  2 01:25:09 2003: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT' Thu Oct  2 01:25:09 2003: DEBUG:  Adding session for 
> mikem, 203.63.154.1, 1234
> Thu Oct  2 01:25:09 2003: DEBUG: Running command:
> C:\Perl\bin\testcommand.pl
>
>
> -------Radius Client Output-------------------------- Microsoft 
> Windows 2000 [Version 5.00.2195]
> (C) Copyright 1985-2000 Microsoft Corp.
>
> C:\Documents and Settings\man\Desktop>perl c:\perl\bin\radpwtst -user 
> mikem -password fred
>
> sending Access-Request...
> No reply
> sending Accounting-Request Start...
> No reply
> sending Accounting-Request Stop...
> No reply
>
> C:\Documents and Settings\man\Desktop>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe 
> radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list