(RADIATOR) probleem <Handler> and <Realm>
R.H.Hoek
r.h.hoek at utwente.nl
Thu Apr 29 06:31:43 CDT 2004
Hugh Irvine wrote:
>
> Hello Roel -
>
> Thanks for the additional information.
>
> Realms and Handlers should not be mixed in the same configuration file
> because Realms are always evaluated first.
>
> It is always much easier to understand if only Realms or only Handlers
> are used.
>
> There is one exception which is when you have a list of explicit
> Realms, followed by a series of Handlers.
>
> You could do something like this:
OK! this works!
Thanks....
>
>
> #---------------------------------------------------------------------
> # REALMS
> #---------------------------------------------------------------------
>
> <Realm digisecr>
> # Stripoff de realm
> RewriteUsername s/^([^@]+).*/$1/
> .
> .
> </Realm>
>
> <Realm ewiopdr>
> .
> </Realm>
>
> <Realm 3tu.utwente.nl>
> .
> </Realm>
>
> <Realm webapps>
> .
> </Realm>
> .
> .
> .
> <Realm adsl2.utwente.nl>
> .
> </Realm>
> .
> .
>
> # saxion.nl wat geen WLAN is
> <Handler realm=saxion.nl>
>
> AuthByPolicy ContinueAlways
>
> <SessionDatabase NULL>
> </SessionDatabase>
>
> # Stripoff de realm
> RewriteUsername s/^([^@]+).*/$1/
> # Stripoff leading whitespaces en zo
> RewriteUsername s/^\s*//
> # Stripoff trailing whitespaces en zo
> RewriteUsername s/\s*$//
>
> # voeg een real toe
> RewriteUsername s/(.*)/$1\@sexion/
>
> <AuthBy FILE>
> Filename %D/users-saxiondefault
> </AuthBy>
>
> # als er ooit accounting wordt gestuurd, dan moet het naar
> deze file
> AcctLogFileName %Ldetail-saxiondefault.%Y-%m
>
> # Stuur authorisatie-logging:
> AuthLog authlogging-saxiondefault
>
> </Handler>
>
> # This clause means we will handle any real that arrives
> <Handler>
>
> # Stripoff de realm
> RewriteUsername s/^([^@]+).*/$1/
> # Stripoff leading whitespaces en zo
> RewriteUsername s/^\s*//
> # Stripoff trailing whitespaces en zo
> RewriteUsername s/\s*$//
> # neem eerste 8 char (eerste letter + 7 cijfers)
> RewriteUsername s/(.{8,8}).*/$1/
>
> <AuthBy FILE>
> Filename %D/users-default
> </AuthBy>
>
> # Log accounting to the detail file in LogDir
> AcctLogFileName %Ldetail-default.%Y-%m
>
> # Stuur de authorisatie-logging naar:
> AuthLog authlogging-default
>
> </Handler>
>
> #---------------------------------------------------------------------
> # This clause defines an authorisation method that will be used
> # by any users in the database with Auth-Type="System". It will
> # match the "Identifier System"
> <AuthBy UNIX>
> Identifier System
> Filename /xxxxx/passwd
> </AuthBy>
>
>
> <AuthBy LDAP2>
> .
> </AuthBy>
>
>
> However as I say, I myself find it _much_ easier to use either all
> Realms or all Handlers.
>
>
> Hope that helps.
>
> regards
>
> Hugh
>
>
> On 28 Apr 2004, at 07:51, r.h.hoek wrote:
>
>>
>>
>> Hugh Irvine wrote:
>>
>>> Hello Roel -
>>> I suspect the problem is in the part of the configuration file that
>>> is not shown.
>>
>>
>> That part looks like this (its a mix of Realms and Handlers (or is
>> this the problem like suggested before by Alexander Mateos Candela))
>>
>> +++++++ begin part radius.cfg +++++++++++++++++++++++++++++++++++++++
>>
>> #---------------------------------------------------------------------
>> # REALMS
>> #---------------------------------------------------------------------
>>
>> <Realm digisecr>
>> # Stripoff de realm
>> RewriteUsername s/^([^@]+).*/$1/
>> .
>> .
>> </Realm>
>>
>> # saxion.nl wat geen WLAN is
>> # <Handler Realm=saxion.nl, Client-Identifier=/^(?!WLANATUT-ID$)/>
>> #<Handler Realm = saxion.nl , Client-Identifier = /^LOCALHOST-ID$/ >
>> <Handler realm=saxion.nl>
>> # <Realm saxion.nl>
>>
>> AuthByPolicy ContinueAlways
>>
>> <SessionDatabase NULL>
>> </SessionDatabase>
>>
>> # Stripoff de realm
>> RewriteUsername s/^([^@]+).*/$1/
>> # Stripoff leading whitespaces en zo
>> RewriteUsername s/^\s*//
>> # Stripoff trailing whitespaces en zo
>> RewriteUsername s/\s*$//
>>
>> # voeg een real toe
>> RewriteUsername s/(.*)/$1\@sexion/
>>
>> <AuthBy FILE>
>> Filename %D/users-saxiondefault
>> </AuthBy>
>>
>> # als er ooit accounting wordt gestuurd, dan moet het naar
>> deze file
>> AcctLogFileName %Ldetail-saxiondefault.%Y-%m
>>
>> # Stuur authorisatie-logging:
>> AuthLog authlogging-saxiondefault
>>
>> </Handler>
>> # </Realm>
>>
>> <Realm ewiopdr>
>> .
>> </Realm>
>>
>> <Realm 3tu.utwente.nl>
>> .
>> </Realm>
>>
>> <Realm webapps>
>> .
>> </Realm>
>> .
>> .
>> .
>> <Realm adsl2.utwente.nl>
>> .
>> </Realm>
>> .
>> .
>> # This clause means we will handle any real that arrives
>> <Realm DEFAULT>
>>
>> # Stripoff de realm
>> RewriteUsername s/^([^@]+).*/$1/
>> # Stripoff leading whitespaces en zo
>> RewriteUsername s/^\s*//
>> # Stripoff trailing whitespaces en zo
>> RewriteUsername s/\s*$//
>> # neem eerste 8 char (eerste letter + 7 cijfers)
>> RewriteUsername s/(.{8,8}).*/$1/
>>
>> <AuthBy FILE>
>> Filename %D/users-default
>> </AuthBy>
>>
>> # Log accounting to the detail file in LogDir
>> AcctLogFileName %Ldetail-default.%Y-%m
>>
>> # Stuur de authorisatie-logging naar:
>> AuthLog authlogging-default
>>
>> </Realm>
>>
>> #---------------------------------------------------------------------
>> # This clause defines an authorisation method that will be used
>> # by any users in the database with Auth-Type="System". It will
>> # match the "Identifier System"
>> <AuthBy UNIX>
>> Identifier System
>> Filename /xxxxx/passwd
>> </AuthBy>
>>
>>
>> <AuthBy LDAP2>
>> .
>> </AuthBy>
>>
>> +++++++ end part radius.cfg +++++++++++++++++++++++++++++++++++++++
>>
>>> Handlers are evaluated in the order they appear in the configuration
>>> file and the trace shows that
>>> <Handler Realm = DEFAULT>
>>> is processing the request, which I am guessing is before what you
>>> show below.
>>> regards
>>> Hugh
>>> On 27 Apr 2004, at 19:05, R.H.Hoek wrote:
>>>
>>>> Hello,
>>>>
>>>> I have a problem with the use of <Handlers>. <Realm> work, but
>>>> Handlers doesn't. The request is handled by DEFAULT.
>>>> What I am doing wrong?
>>>>
>>>>
>>>> ----------------------------------part of radius.cfg
>>>> # <Handler Realm=saxion.nl, Client-Identifier=/^(?!WLANATUT-ID$)/>
>>>> #<Handler Realm = saxion.nl , Client-Identifier = /^LOCALHOST-ID$/ >
>>>> <Handler Realm=saxion.nl>
>>>> # <Realm saxion.nl>
>>>>
>>>> AuthByPolicy ContinueAlways
>>>>
>>>> <SessionDatabase NULL>
>>>> </SessionDatabase>
>>>>
>>>> # Stripoff de realm
>>>> RewriteUsername s/^([^@]+).*/$1/
>>>> # Stripoff leading whitespaces en zo
>>>> RewriteUsername s/^\s*//
>>>> # Stripoff trailing whitespaces en zo
>>>> RewriteUsername s/\s*$//
>>>>
>>>> # voeg een real toe
>>>> RewriteUsername s/(.*)/$1\@sexion/
>>>>
>>>> <AuthBy FILE>
>>>> Filename %D/users-saxiondefault
>>>> </AuthBy>
>>>>
>>>> # als er ooit accounting wordt gestuurd, dan moet het naar
>>>> deze file
>>>> AcctLogFileName %Ldetail-saxiondefault.%Y-%m
>>>>
>>>> # Stuur authorisatie-logging:
>>>> AuthLog authlogging-saxiondefault
>>>>
>>>> </Handler>
>>>> # </Realm>
>>>> ----------------------------------part of radius.cfg
>>>> ----------------------------------part of radiator-log
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Packet dump:
>>>> *** Received from 127.0.0.1 port 61520 ....
>>>> Code: Access-Request
>>>> Identifier: 189
>>>> Authentic: 1234567890123456
>>>> Attributes:
>>>> User-Name = "studdiv at saxion.nl"
>>>> Service-Type = Framed-User
>>>> NAS-IP-Address = 203.63.154.1
>>>> NAS-Port = 1234
>>>> Called-Station-Id = "123456789"
>>>> Calling-Station-Id = "987654321"
>>>> NAS-Port-Type = Async
>>>> User-Password =
>>>> "<157><226>)<222><219>)`<246><188>8<9><160><216>}x<153>"
>>>>
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Rewrote user name to studdiv
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Rewrote user name to studdiv
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Rewrote user name to studdiv
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Rewrote user name to studdiv
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Handling with Radius::AuthFILE:
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Radius::AuthFILE looks for match
>>>> with studdiv
>>>> Tue Apr 27 10:29:09 2004: INFO: Access rejected for studdiv: No
>>>> such user
>>>> Tue Apr 27 10:29:09 2004: DEBUG: Packet dump:
>>>> *** Sending to 127.0.0.1 port 61520 ....
>>>> Code: Access-Reject
>>>> Identifier: 189
>>>> Authentic: 1234567890123456
>>>> Attributes:
>>>> Reply-Message = "Request Denied"
>>>> ----------------------------------part of radiator-log
>>>>
>>>> --
>>>>
>>>> Greetings,
>>>>
>>>> Roel H.Hoek, SeniorNetworkmanager
>>>> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
>>>> Universiteit Twente, Postbus 217, 7500 AE Enschede kmr SP 422,
>>>> telefoon: 053 - 489 4598, fax: 053 - 489 2383
>>>> e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
>>>>
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>> NB: have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>
>>
>> --
>>
>> Groeten,
>>
>> Roel H.Hoek, SeniorNetworkmanager
>> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
>> Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053
>> - 489 4598, fax: 053 - 489 2383
>> e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
--
Groeten,
Roel H.Hoek, SeniorNetworkmanager
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
kmr SP 422, telefoon: 053 - 489 4598, fax: 053 - 489 2383
e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list