(RADIATOR) problems with global vars
Stefan.Gruendel at mlp-ag.com
Stefan.Gruendel at mlp-ag.com
Thu Sep 11 09:33:02 CDT 2003
Hello all,
I want to define global variables for remote radius servers,
their Auth-Port and Radius secret for use in a radius proxy
statement. (I have to change these settings from time to time)
(See the attached radius config below)
Strange things are happening:
Some of the defined global vars get evaluated correctly:
%{GlobalVar:radius1} and %{GlobalVar:radius2}
Some are ignored:
%{GlobalVar:secret} and %{GlobalVar:port}
(see the trace below)
I'm bugging around with this issue for some days now ...
Any ideas out there ?
Thanks for your input :-)
Best regards
Stefan Gründel
my config:
----------
Trace 4
LogDir /var/log/radius_test
PidFile /var/run/radiusd_test.pid
DbDir /etc/radiator
AuthPort 1822
AcctPort 1823
<Client localhost>
Secret mysecret
Identifier TEST
</Client>
# Global Variables
DefineFormattedGlobalVar radius1 ldap2.mlp-ag.com
DefineFormattedGlobalVar radius2 ldap.mlp-ag.com
DefineFormattedGlobalVar port 1812
DefineFormattedGlobalVar secret xxxxxxxxxx
<AuthBy GROUP>
Identifier RADIUS_PROXY_PUR
<AuthBy RADIUS>
Host %{GlobalVar:radius1},%{GlobalVar:radius2}
Secret %{GlobalVar:secret}
AuthPort %{GlobalVar:port}
Retries 1
RetryTimeout 2
FailureBackoffTime 300
</AuthBy>
</AuthBy>
<Handler Request-Type = Accounting-Request >
AcctLogFileName /var/log/radius_test/detail
</Handler>
<Handler Client-Identifier = TEST>
Identifier TEST
AuthBy RADIUS_PROXY_PUR
</Handler>
===========================================================
my radpwtst call:
-----------------
radpwtst -s localhost -secret mysecret -user test -password 57805074
-auth_port 1822 -noacct -trace 4 -time
Reading dictionary file './dictionary'
sending Access-Request...
Packet dump:
*** Sending to 127.0.0.1 port 1822 ....
Code: Access-Request
Identifier: 32
Authentic: 1234567890123456
Attributes:
User-Name = "test"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"<204><188>g<157><154>l3<194><188>8<9><160><216>}x<153>"
No reply
time for 1 iterations: 5 s
===========================================================
my log:
-------
Thu Sep 11 15:51:47 2003: DEBUG: Finished reading configuration file
'/etc/radiator/radius_test.cfg'
Thu Sep 11 15:51:47 2003: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
Thu Sep 11 15:51:47 2003: DEBUG: Creating authentication port 0.0.0.0:1822
Thu Sep 11 15:51:47 2003: DEBUG: Creating accounting port 0.0.0.0:1823
Thu Sep 11 15:51:47 2003: NOTICE: Server started: Radiator 3.6 on ldap1
Thu Sep 11 15:52:02 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32834 ....
Code: Access-Request
Identifier: 32
Authentic: 1234567890123456
Attributes:
User-Name = "test"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"<204><188>g<157><154>l3<194><188>8<9><160><216>}x<153>"
Thu Sep 11 15:52:02 2003: DEBUG: Handling request with Handler
'Client-Identifier = TEST'
Thu Sep 11 15:52:02 2003: DEBUG: Deleting session for test, 203.63.154.1,
1234
Thu Sep 11 15:52:02 2003: DEBUG: Handling with Radius::AuthGROUP
Thu Sep 11 15:52:02 2003: DEBUG: Handling with Radius::AuthRADIUS
Thu Sep 11 15:52:02 2003: DEBUG: Packet dump:
*** Sending to 10.96.22.61 port 0 ....
Code: Access-Request
Identifier: 1
Authentic: 1234567890123456
Attributes:
User-Name = "test"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
Thu Sep 11 15:52:04 2003: DEBUG: Timed out, retransmitting
Thu Sep 11 15:52:04 2003: DEBUG: Packet dump:
*** Sending to 10.96.22.61 port 0 ....
Code: Access-Request
Identifier: 1
Authentic: 1234567890123456
Attributes:
User-Name = "test"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
Thu Sep 11 15:52:06 2003: INFO: AuthRADIUS: No reply after 1
retransmissions to 10.96.22.61:0 for test (32)
Thu Sep 11 15:52:06 2003: DEBUG: Packet dump:
*** Sending to 10.96.22.58 port 0 ....
Code: Access-Request
Identifier: 1
Authentic: 1234567890123456
Attributes:
User-Name = "test"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
Thu Sep 11 15:52:08 2003: DEBUG: Timed out, retransmitting
Thu Sep 11 15:52:08 2003: DEBUG: Packet dump:
*** Sending to 10.96.22.58 port 0 ....
Code: Access-Request
Identifier: 1
Authentic: 1234567890123456
Attributes:
User-Name = "test"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
Thu Sep 11 15:52:10 2003: INFO: AuthRADIUS: No reply after 1
retransmissions to 10.96.22.58:0 for test (32)
Thu Sep 11 15:52:10 2003: INFO: AuthRADIUS could not find a working host
to forward to. Ignoring
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list