(RADIATOR) problems with global vars
Hugh Irvine
hugh at open.com.au
Thu Sep 11 18:40:54 CDT 2003
Hello Stefan -
The port numbers and secret are only evaluated at run time as you have
discovered.
A better method for dealing with multiple, changing radius proxies is
to use the AuthBy SQLRADIUS clause which stores the target details in
an SQL database. See section 6.45 in the Radiator 3.6 reference manual
("doc/ref.html").
regards
Hugh
On Friday, Sep 12, 2003, at 00:33 Australia/Melbourne,
Stefan.Gruendel at mlp-ag.com wrote:
>
>
>
>
>
> Hello all,
>
> I want to define global variables for remote radius servers,
> their Auth-Port and Radius secret for use in a radius proxy
> statement. (I have to change these settings from time to time)
> (See the attached radius config below)
>
> Strange things are happening:
> Some of the defined global vars get evaluated correctly:
> %{GlobalVar:radius1} and %{GlobalVar:radius2}
> Some are ignored:
> %{GlobalVar:secret} and %{GlobalVar:port}
> (see the trace below)
>
> I'm bugging around with this issue for some days now ...
>
> Any ideas out there ?
> Thanks for your input :-)
>
>
> Best regards
> Stefan Gründel
>
>
> my config:
> ----------
> Trace 4
> LogDir /var/log/radius_test
> PidFile /var/run/radiusd_test.pid
> DbDir /etc/radiator
>
> AuthPort 1822
> AcctPort 1823
>
> <Client localhost>
> Secret mysecret
> Identifier TEST
> </Client>
>
> # Global Variables
> DefineFormattedGlobalVar radius1 ldap2.mlp-ag.com
> DefineFormattedGlobalVar radius2 ldap.mlp-ag.com
> DefineFormattedGlobalVar port 1812
> DefineFormattedGlobalVar secret xxxxxxxxxx
>
> <AuthBy GROUP>
> Identifier RADIUS_PROXY_PUR
> <AuthBy RADIUS>
> Host %{GlobalVar:radius1},%{GlobalVar:radius2}
> Secret %{GlobalVar:secret}
> AuthPort %{GlobalVar:port}
> Retries 1
> RetryTimeout 2
> FailureBackoffTime 300
> </AuthBy>
> </AuthBy>
>
> <Handler Request-Type = Accounting-Request >
> AcctLogFileName /var/log/radius_test/detail
> </Handler>
>
> <Handler Client-Identifier = TEST>
> Identifier TEST
> AuthBy RADIUS_PROXY_PUR
> </Handler>
> ===========================================================
>
> my radpwtst call:
> -----------------
> radpwtst -s localhost -secret mysecret -user test -password 57805074
> -auth_port 1822 -noacct -trace 4 -time
> Reading dictionary file './dictionary'
> sending Access-Request...
> Packet dump:
> *** Sending to 127.0.0.1 port 1822 ....
> Code: Access-Request
> Identifier: 32
> Authentic: 1234567890123456
> Attributes:
> User-Name = "test"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "<204><188>g<157><154>l3<194><188>8<9><160><216>}x<153>"
>
> No reply
> time for 1 iterations: 5 s
> ===========================================================
>
> my log:
> -------
> Thu Sep 11 15:51:47 2003: DEBUG: Finished reading configuration file
> '/etc/radiator/radius_test.cfg'
> Thu Sep 11 15:51:47 2003: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Thu Sep 11 15:51:47 2003: DEBUG: Creating authentication port
> 0.0.0.0:1822
> Thu Sep 11 15:51:47 2003: DEBUG: Creating accounting port 0.0.0.0:1823
> Thu Sep 11 15:51:47 2003: NOTICE: Server started: Radiator 3.6 on ldap1
>
> Thu Sep 11 15:52:02 2003: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32834 ....
> Code: Access-Request
> Identifier: 32
> Authentic: 1234567890123456
> Attributes:
> User-Name = "test"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "<204><188>g<157><154>l3<194><188>8<9><160><216>}x<153>"
>
> Thu Sep 11 15:52:02 2003: DEBUG: Handling request with Handler
> 'Client-Identifier = TEST'
> Thu Sep 11 15:52:02 2003: DEBUG: Deleting session for test,
> 203.63.154.1,
> 1234
> Thu Sep 11 15:52:02 2003: DEBUG: Handling with Radius::AuthGROUP
> Thu Sep 11 15:52:02 2003: DEBUG: Handling with Radius::AuthRADIUS
> Thu Sep 11 15:52:02 2003: DEBUG: Packet dump:
> *** Sending to 10.96.22.61 port 0 ....
> Code: Access-Request
> Identifier: 1
> Authentic: 1234567890123456
> Attributes:
> User-Name = "test"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
>
> Thu Sep 11 15:52:04 2003: DEBUG: Timed out, retransmitting
> Thu Sep 11 15:52:04 2003: DEBUG: Packet dump:
> *** Sending to 10.96.22.61 port 0 ....
> Code: Access-Request
> Identifier: 1
> Authentic: 1234567890123456
> Attributes:
> User-Name = "test"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
>
> Thu Sep 11 15:52:06 2003: INFO: AuthRADIUS: No reply after 1
> retransmissions to 10.96.22.61:0 for test (32)
> Thu Sep 11 15:52:06 2003: DEBUG: Packet dump:
> *** Sending to 10.96.22.58 port 0 ....
> Code: Access-Request
> Identifier: 1
> Authentic: 1234567890123456
> Attributes:
> User-Name = "test"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
>
> Thu Sep 11 15:52:08 2003: DEBUG: Timed out, retransmitting
> Thu Sep 11 15:52:08 2003: DEBUG: Packet dump:
> *** Sending to 10.96.22.58 port 0 ....
> Code: Access-Request
> Identifier: 1
> Authentic: 1234567890123456
> Attributes:
> User-Name = "test"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
>
> Thu Sep 11 15:52:10 2003: INFO: AuthRADIUS: No reply after 1
> retransmissions to 10.96.22.58:0 for test (32)
> Thu Sep 11 15:52:10 2003: INFO: AuthRADIUS could not find a working
> host
> to forward to. Ignoring
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list