(RADIATOR) Weird error
Hugh Irvine
hugh at open.com.au
Wed Mar 3 01:16:05 CST 2004
Hello Erich -
This sometimes happens if you are getting your Client definitions from
a database and the REWRITEUSERNAME field is not being used.
Any fields that are not used should be replaced by NULL's.
See section 6.6.2 in the Radiator 3.8 reference manual ("doc/ref.html").
regards
Hugh
On 3 Mar 2004, at 15:15, Erich Zigler wrote:
> Logfile
> ----
>
> Tue Mar 2 22:03:30 2004: NOTICE: Server started: Radiator 3.7.1 on
> radius-server
> Tue Mar 2 22:04:04 2004: ERR: Error while rewriting username
> username at realm.com: syntax error at (eval 280) line 2, at EOF
>
> Attached is the radius.cfg.
>
> realms.cfg
> ---
>
> <Realm realm.net>
> RewriteUsername s/^([^@]+).*/$1/
> AuthByPolicy ContinueWhileReject
> AuthBy ProxyAccounting
> <AuthBy RADIUS>
> Identifier Radius
> Host xx.xx.xx.xx
> Secret xxxxx
> AuthPort 1645
> AcctPort 1646
> Retries 3
> </AuthBy>
> </Realm>
> <Realm realm2.com>
> AuthByPolicy ContinueWhileReject
> AuthBy ProxyAccounting
> <AuthBy RADIUS>
> Identifier Radius
> Host xxx.xxx.xxx.xxx
> Secret xxxxx
> AuthPort 1645
> AcctPort 1646
> Retries 3
> </AuthBy>
> </Realm>
>
> I'm running Radiator 3.7.1 on a FreeBSD 4.6.2 Server running Perl
> 5.6.1. I've been all over trying to solve this problem.
>
> I'd really appreciate any help you could provide.
>
> Thank you.
> #
> # Configuration file for Radiator radius server
> # This config file is used for testing the server (see test.pl)
> # but it also demonstrates and documents most of the available
> # objects and keywords that are supported.
> #
> # DONT PANIC: Your own radius.cfg will be _much_ simpler than this.
> #
> # Hint: If you are building a new config file for your
> # installation, you
> # should probably consult some of the simple config files in the
> # goodies directory (such as goodies/simple.cfg)
> # and only use this file as a guide to all the extra
> # things you can add later. Start simple and add features as you go.
> #
> # Author: Mike McCauley (mikem at open.com.au)
> # Copyright (C) 1997 Open System Consultants
> # $Id: radius.cfg,v 1.80 2003/09/22 23:30:56 mikem Exp $
> #
> # Filenames configured here can use special formatting characters,
> # some common examples below. There are many more.
> # The full set is listed in the
> # reference manual.
> # %% The percent character
> # %D DbDir
> # %L LogDir
> # %y Last 2 digits of the current year (2 digits)
> # %Y Current year (4 digits)
> # %m Current month number (2 digits)
> # %d Current day of the month (2 digits)
> # %c IP address of the client who sent the current packet (if
> any)
> # %C Client name of the client who sent the current packet (if
> any)
> # %R The realm of the username named in the current packet (if
> any)
> # %N The Nas-IP-Address in the current packet (if any)
> # %n The full User-Name in the current packet (if any)
> # %P The decrypted password
> # %U The username being authenticated (with the realm stripped
> off)
> # %h The hostname this server is running on
> # %t The current time in seconds since Jan 1 1970
> # %T The request type of the current packet (if any)
> # %a The Framed-IP-Address of the current packet
> # %H The current hour (0-23)
> # %M The current minute (0-59)
> # %S The current second (0-59)
> # %A The Timestamp in standard SQL date format eg: Sep 12, 2003
> 15:48
> # %B The current time in standard SQL date format eg: Sep 12,
> 2003 15:48
> # %{attr} The value of the named attribute in the current request
> packet
> # %{GlobalVar:name} The value of the global varible "name", which
> # can be set on the command line with name=value, or
> # in this file with:
> # DefineFormattedGlobalVar name value
> # %{Reply:attr} The value of the named attribute in the current reply
> packet
> # You can use this to get the value of reply attributes
>
> # You can include files with "include filename" (no quotes, no leading
> hash)
> # You can use special formatting characters in filename
> # You can also include the output from an external program with
> # something like
> # include /usr/local/bin/script.sh|
>
> # Foreground makes this run in the foreground instead of as a daemon
> # When running as a daemon, detaches from STDIN and STDOUT, becomes
> # a process group leader and detaches from the controlling TTY.
> # You must use Foreground if you want to run from inetd, init or
> # restartWrapper, or as a service on NT
> Foreground
>
> # LogStdout makes all log file output appear on stdout as well
> # You must be running in Foreground mode for this to work
> LogStdout
>
> # Trace makes the server log increasing levels of detail aboutn
> # its internal operations.
> # At level 0 (the default), only serious errors are logged.
> # At level 1, warnings are also logged
> # At level 2, normal but significant event are also logged,
> # At level 3, informational messages are also logged,
> # At level 4, debugging messages are also logged.
> # At level 5, hex packet dumps of all incoming packets are also
> printed.
> # At level 4 and 5, packet dumps go to stdout. You probably dont
> # want that in a live system. Choose the lowest Trace level you
> # really need
> # Trace 4
>
> # The name of the file where the radiusd PID will be
> # written after startup. Can contain special filename chars.
> # Defaults to %L/radiusd.pid
> PidFile /usr/local/radiator/radiusd.pid
>
> # AuthPort specifies the port to list on for authentication requests
> # Can be a numeric port number or a service name from /etc/services
> # Defaults to 1645. You can specify multiple comma-separated ports
> AuthPort 1645
>
> # AcctPort specifies the port to list on for accounting requests
> # Can be a numeric port number or a service name from /etc/services
> # Defaults to 1646. You can specify multiple comma-separated ports
> AcctPort 1646
>
> # If you are multi-homed, and only want to listen on a single address
> # you can restrict it by setting BindAddress. Set it to the address
> # you want to listen on. Defaults to 0.0.0.0 (ie anything received by
> # any address on this host
> # BindAddress 203.63.154.1
> # You can specifiy multiple BindAddress addresses, comma separated:
> # BindAddress 200.10.1.4, 200.11.2.3
>
> # LogDir is the directory where logfiles are put
> # Defaults to /var/log/radius
> LogDir /var/log/radius
>
> # DbDir is the directory where database and config are put
> # Defaults to /usr/local/etc/raddb
> DbDir .
>
> # You can put client details in a database table
> # and get their details from there with something like this:
> <ClientListSQL>
> DBSource dbi:mysql:radiator
> DBUsername radiator
> DBAuth password
> </ClientListSQL>
>
> # Denied POP Numbers
> <AuthBy FILE>
> Identifier CheckCalledStationId
> Filename %D/etc/blockedpops
> </AuthBy>
>
> # Auth-All
>
> <AuthBy FILE>
> Identifier AuthAll
> Filename %D/etc/authall
> </AuthBy>
>
> # ProxiedAccounting
>
> <AuthBy SQL>
> Identifier ProxyAccounting
>
> DBSource dbi:mysql:radiator
> DBUsername radiator
> DBAuth password
>
> AuthSelect
>
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,%u,formatted
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef REALM,%W,formatted
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> </AuthBy>
>
> # Normal AuthBy
> <AuthBy SQL>
> Identifier Local
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
>
> DBSource dbi:mysql:radiator
> DBUsername radiator
> DBAuth password
>
> # Grab the pssword, check attributes, and reply attributes.
> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> from SUBSCRIBERS \
> where USERNAME=%0
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
>
> # You may want to tailor these for your ACCOUNTING table
> # You can add your own columns to store whatever you like
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef REALM,%W,formatted
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
>
> # You can arrange to log accounting to a file if the
> # SQL insert fails with AcctFailedLogFileName
> # That way you could recover from a broken SQL
> # server
> #AcctFailedLogFileName %D/missedaccounting
> </AuthBy>
>
>
> # Include realms
>
> include %D/realms.cfg
>
> <SessionDatabase SQL>
> # Specify the SQL database to connect to is similar to AuthSQL
> # You can specify multiple databases as fallbacks etc. See
> # the reference manual for more details
> DBSource dbi:mysql:radiator
> DBUsername radiator
> DBAuth password
>
> # You can alter the SQL statements used to add, delete and
> count
> # sessions with AddQuery, DeleteQuery, ClearNasQuery and
> # CountQuery. That means you can accomodate many different
> # SQL Session Database schemas. The defaults for these
> parameters
> # are suitable for the example RADONLINE table in the example
> SQL
> # scripts in the goodies directory.
> # See the reference manual for more details
> AddQuery insert into RADONLINE (USERNAME,\
> REALM, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, DNIS) \
> values ('%n', '%W', '%N',\
> %{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},\
> '%{Framed-IP-Address}', '%{NAS-Port-Type}', \
> '%{Service-Type}', '%{Called-Station-Id}')
> </SessionDatabase>
>
> # Log to a file
> <Log FILE>
> # You can use special formatting characters
> Filename %L/radius.log
> # Trace level to use (allows same values as the global Trace
> level)
> Trace 4
> </Log>
>
> <Log SQL>
> # Defines how to connect to the database. See examples above
> DBSource dbi:mysql:radiator
> DBUsername radiator
> DBAuth password
>
> # Trace level to use (allows same values as the global Trace
> level)
> Trace 4
> </Log>
>
> # Statistics Log
> <StatsLog SQL>
> # Defines how to connect to the database. See examples above
> DBSource dbi:mysql:radiator
> DBUsername radiator
> DBAuth password
> </StatsLog>
>
> # Radar login and pssword
> <Monitor>
> Username user
> Password password
> </Monitor>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list