(RADIATOR) probleem <Handler> and <Realm>

r.h.hoek r.h.hoek at utwente.nl
Tue Apr 27 16:51:24 CDT 2004 


Hugh Irvine wrote:

> 
> Hello Roel -
> 
> I suspect the problem is in the part of the configuration file that is 
> not shown.

That part looks like this (its a mix of Realms and Handlers (or is this 
the problem like suggested before by Alexander Mateos Candela))

+++++++ begin part radius.cfg +++++++++++++++++++++++++++++++++++++++

#---------------------------------------------------------------------
# REALMS
#---------------------------------------------------------------------

<Realm digisecr>
         # Stripoff de realm
         RewriteUsername s/^([^@]+).*/$1/
.
.
</Realm>

# saxion.nl wat geen WLAN is
# <Handler Realm=saxion.nl, Client-Identifier=/^(?!WLANATUT-ID$)/>
#<Handler Realm = saxion.nl , Client-Identifier = /^LOCALHOST-ID$/ >
<Handler realm=saxion.nl>
# <Realm saxion.nl>

         AuthByPolicy ContinueAlways

         <SessionDatabase NULL>
         </SessionDatabase>

         # Stripoff de realm
         RewriteUsername s/^([^@]+).*/$1/
         # Stripoff leading whitespaces en zo
         RewriteUsername s/^\s*//
         # Stripoff trailing whitespaces en zo
         RewriteUsername s/\s*$//

         # voeg een real toe
         RewriteUsername s/(.*)/$1\@sexion/

         <AuthBy FILE>
                 Filename %D/users-saxiondefault
         </AuthBy>

         # als er ooit accounting wordt gestuurd, dan moet het naar deze 
file
         AcctLogFileName %Ldetail-saxiondefault.%Y-%m

         # Stuur authorisatie-logging:
         AuthLog authlogging-saxiondefault

</Handler>
# </Realm>

<Realm ewiopdr>
.
</Realm>

<Realm 3tu.utwente.nl>
.
</Realm>

<Realm webapps>
.
</Realm>
.
.
.
<Realm adsl2.utwente.nl>
.
</Realm>
.
.
# This clause means we will handle any real that arrives
<Realm DEFAULT>

         # Stripoff de realm
         RewriteUsername s/^([^@]+).*/$1/
         # Stripoff leading whitespaces en zo
         RewriteUsername s/^\s*//
         # Stripoff trailing whitespaces en zo
         RewriteUsername s/\s*$//
         # neem eerste 8 char (eerste letter + 7 cijfers)
         RewriteUsername s/(.{8,8}).*/$1/

         <AuthBy FILE>
                  Filename %D/users-default
         </AuthBy>

         # Log accounting to the detail file in LogDir
         AcctLogFileName %Ldetail-default.%Y-%m

         # Stuur de authorisatie-logging naar:
         AuthLog authlogging-default

</Realm>

#---------------------------------------------------------------------
# This clause defines an authorisation method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
<AuthBy UNIX>
         Identifier System
         Filename /xxxxx/passwd
</AuthBy>


<AuthBy LDAP2>
.
</AuthBy>

+++++++ end part radius.cfg +++++++++++++++++++++++++++++++++++++++

> 
> Handlers are evaluated in the order they appear in the configuration 
> file and the trace shows that
> 
> <Handler Realm = DEFAULT>
> 
> is processing the request, which I am guessing is before what you show 
> below.
> 
> regards
> 
> Hugh
> 
> 
> On 27 Apr 2004, at 19:05, R.H.Hoek wrote:
> 
>> Hello,
>>
>> I have a problem with the use of <Handlers>. <Realm> work, but 
>> Handlers doesn't. The request is handled by DEFAULT.
>> What I am doing wrong?
>>
>>
>> ----------------------------------part of radius.cfg
>> # <Handler Realm=saxion.nl, Client-Identifier=/^(?!WLANATUT-ID$)/>
>> #<Handler Realm = saxion.nl , Client-Identifier = /^LOCALHOST-ID$/ >
>> <Handler Realm=saxion.nl>
>> # <Realm saxion.nl>
>>
>>        AuthByPolicy ContinueAlways
>>
>>        <SessionDatabase NULL>
>>        </SessionDatabase>
>>
>>        # Stripoff de realm
>>        RewriteUsername s/^([^@]+).*/$1/
>>        # Stripoff leading whitespaces en zo
>>        RewriteUsername s/^\s*//
>>        # Stripoff trailing whitespaces en zo
>>        RewriteUsername s/\s*$//
>>
>>        # voeg een real toe
>>        RewriteUsername s/(.*)/$1\@sexion/
>>
>>        <AuthBy FILE>
>>                Filename %D/users-saxiondefault
>>        </AuthBy>
>>
>>        # als er ooit accounting wordt gestuurd, dan moet het naar deze 
>> file
>>        AcctLogFileName %Ldetail-saxiondefault.%Y-%m
>>
>>        # Stuur authorisatie-logging:
>>        AuthLog authlogging-saxiondefault
>>
>> </Handler>
>> # </Realm>
>> ----------------------------------part of radius.cfg
>> ----------------------------------part of radiator-log
>> Tue Apr 27 10:29:09 2004: DEBUG: Packet dump:
>> *** Received from 127.0.0.1 port 61520 ....
>> Code:       Access-Request
>> Identifier: 189
>> Authentic:  1234567890123456
>> Attributes:
>>        User-Name = "studdiv at saxion.nl"
>>        Service-Type = Framed-User
>>        NAS-IP-Address = 203.63.154.1
>>        NAS-Port = 1234
>>        Called-Station-Id = "123456789"
>>        Calling-Station-Id = "987654321"
>>        NAS-Port-Type = Async
>>        User-Password = 
>> "<157><226>)<222><219>)`<246><188>8<9><160><216>}x<153>"
>>
>> Tue Apr 27 10:29:09 2004: DEBUG: Handling request with Handler 
>> 'Realm=DEFAULT'
>> Tue Apr 27 10:29:09 2004: DEBUG: Rewrote user name to studdiv
>> Tue Apr 27 10:29:09 2004: DEBUG: Rewrote user name to studdiv
>> Tue Apr 27 10:29:09 2004: DEBUG: Rewrote user name to studdiv
>> Tue Apr 27 10:29:09 2004: DEBUG: Rewrote user name to studdiv
>> Tue Apr 27 10:29:09 2004: DEBUG: Handling with Radius::AuthFILE:
>> Tue Apr 27 10:29:09 2004: DEBUG: Radius::AuthFILE looks for match with 
>> studdiv
>> Tue Apr 27 10:29:09 2004: INFO: Access rejected for studdiv: No such user
>> Tue Apr 27 10:29:09 2004: DEBUG: Packet dump:
>> *** Sending to 127.0.0.1 port 61520 ....
>> Code:       Access-Reject
>> Identifier: 189
>> Authentic:  1234567890123456
>> Attributes:
>>        Reply-Message = "Request Denied"
>> ----------------------------------part of radiator-log
>>
>> -- 
>>
>> Greetings,
>>
>> Roel H.Hoek, SeniorNetworkmanager
>> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
>> Universiteit Twente,  Postbus 217,  7500 AE  Enschede  kmr SP 422, 
>> telefoon: 053 - 489 4598,  fax: 053 - 489 2383
>> e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
>>
>>
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
> 
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 

-- 

Groeten,

Roel H.Hoek, SeniorNetworkmanager
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede  telefoon: 053 - 
489 4598,  fax: 053 - 489 2383
e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list