(RADIATOR) Radius and SER groups

Hugh Irvine hugh at open.com.au
Fri Jul 16 02:58:47 CDT 2004 

Hello Martin -

Yes the "Filename" parameter is case sensitive. Because it was 
mis-spelled the AuthBy FILE clause was using the "users" file (which is 
the default behaviour - see section 6.20 in the reference manual 
"doc/ref.html").

regards

Hugh


On 16 Jul 2004, at 16:16, Martin Koenig wrote:

> Hi Hugh,
>
> i don't know what you did, but now it's working :). Is "Filename" case 
> sensitive? Below you can see my configuration before the c&p of yours, 
> and I can't figure out the difference except the capital F.
>
> Thanks,
>
> regards
> Martin
>
>
> Hugh Irvine wrote:
>
>> Hello Martin -
>> Does the first AuthBy FILE really have "filename" in it?
>> It should look like this:
>> <Handler Service-Type=Group-Check>
>>     <AuthBy FILE>
>>         Filename ./groups
>>     </AuthBy>
>> </Handler>
>> Otherwise you will look for "users" by default.
>> regards
>> Hugh
>> On 15 Jul 2004, at 23:18, Martin Koenig wrote:
>>> Hi all,
>>>
>>> i'm trying to set up SER to make use of radius groups.
>>>
>>> radius.cfg (a test-bed):
>>> -- 
>>> <Client DEFAULT>
>>>         Secret radius
>>>         DupInterval 0
>>> </Client>
>>>
>>>
>>> <Handler Service-Type=Group-Check>
>>>     <AuthBy FILE>
>>>         filename ./groups
>>>     </AuthBy>
>>> </Handler>
>>>
>>> <Handler Service-Type=Sip-Session>
>>>     <AuthBy FILE>
>>>         Filename ./users
>>>     </AuthBy>
>>> </Handler>
>>> -- 
>>>
>>> groups:
>>> -- 
>>> 445 at domain Sip-Group = "a", Auth-Type=Accept
>>>         Reply-Message = "Authorized"
>>>
>>> 410 at domain Sip-Group = "b", Auth-Type = Accept
>>>         Reply-Message = "Authorized"
>>> -- 
>>>
>>> I get the following error msg:
>>>
>>> *** Received from 127.0.0.1 port 32907 ....
>>> Code:       Access-Request
>>> Identifier: 249
>>> Authentic:  <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
>>> Attributes:
>>>         User-Name = "445 at serafima.int.toplink-plannet.de"
>>>         Sip-Group = "+49721"
>>>         Service-Type = Group-Check
>>>         NAS-IP-Address = 192.168.42.20
>>>         NAS-Port = 0
>>>
>>> Thu Jul 15 15:16:24 2004: DEBUG: Handling request with Handler 
>>> 'Service-Type=Group-Check'
>>> Thu Jul 15 15:16:24 2004: DEBUG:  Deleting session for 
>>> 445 at serafima.int.toplink-plannet.de, 192.168.42.20, 0
>>> Thu Jul 15 15:16:24 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE looks for match 
>>> with 445 at serafima.int.toplink-plannet.de
>>> Thu Jul 15 15:16:24 2004: WARNING: No CHAP-Password or User-Password 
>>> in request: does your dictionary have User-Password in it?
>>> Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE REJECT: Bad 
>>> Password
>>> Thu Jul 15 15:16:24 2004: INFO: Access rejected for 
>>> 445 at serafima.int.toplink-plannet.de: Bad Password
>>> Thu Jul 15 15:16:24 2004: DEBUG: Packet dump:
>>> *** Sending to 127.0.0.1 port 32907 ....
>>> Code:       Access-Reject
>>> Identifier: 249
>>> Authentic:  <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
>>> Attributes:
>>>         Reply-Message = "Request Denied"
>>>         Sip-Group = "+49721"
>>>
>>>
>>> But the whole idea of this group authorization is that there is no 
>>> password and radius just reponds "Authorized" as soon as group and 
>>> username at domain match? That's why there is Auth-Type="accept"? How 
>>> can i make Radiator accept these requests?
>>>
>>> Thanks,
>>> Martin
>>>
>>> -- 
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list