(RADIATOR) Problem with multiple realms

Hugh Irvine hugh at open.com.au
Wed Mar 24 17:28:43 CST 2004 

Hello Jorge -

Could you please send me a trace 4 debug from Radiator showing the 
problems you are having?

thanks and regards

Hugh


On 24 Mar 2004, at 22:47, Jorge Meireles wrote:

> Hello,
>
> I have set up a system with a Cisco 1200 and Radiator 3.8 and my 
> objective is authenticating EAP and TTLS clients.
>
>  When I use only <Handler TunnelledByPEAP=1> or <Handler 
> TunnelledByTTLS=1> it works fine but when I change it to handle PEAP 
> and TTLS requests by realm like <Handler TunnelledByPEAP=1, Realm = 
> domain1.pt> it won't work. By the logs seems it won’t get into this 
> handler.
>
> I need also to add to reply some items but I can't make it work 
> either. Everything runs fine when this items are in users file but 
> don't work when I use, for example,  AddToReply User-Name=%u, 
> User-Name=%u , Tunnel-Type="1:VLAN", Tunnel-Medium-Type="1:Ether_802", 
> Tunnel-Private-Group-ID="1:80" .
>
>
>
> Thanks in advance,
>  Jorge
>
>
>
>
> Radius.cfg
>  ---------------------
>
> Foreground
>  LogStdout
>
> AuthPort 1645
> AcctPort 1646
>
>
>
> LogDir /var/log/radius
>  DbDir /usr/local/radiator
> DictionaryFile %D/dictionary/dictionary
> PidFile /var/run/radiusd.pid
> Trace 4
>
> <AuthLog FILE>
>          Identifier localusers
>          Filename %D/logs/localusers.log
>         SuccessFormat %1:%T from %U at %N:OK
>          FailureFormat %1:%T from %U at %N:FAIL
>          LogSuccess 1
>          LogFailure 1
>  </AuthLog>
>
> <AuthLog FILE>
>          Identifier roamingusers
>          Filename %D/logs/roamingusers.log
>         SuccessFormat %1:%T from %U at %N:OK
>          FailureFormat %1:%T from %U at %N:FAIL
>          LogSuccess 1
>          LogFailure 1
>  </AuthLog>
>
> <Client 192.168.20.80>
>         Secret  *************
>  </Client>
>
> <Client RadiusProxy>
>          Secret **********
>          Identifier Proxy
>  </Client>
>
> <Handler TunnelledByPEAP=1, Realm = domain1.pt>
>          RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy FILE>
>                  RewriteUsername s/^([^@]+).*/$1/
>                 Filename %D/users/users-peap_domain1
>                 EAPType MSCHAP-V2
>                  EAPTLS_PEAPVersion 0
>                  AddToReply User-Name=%u, User-Name=%u , 
> Tunnel-Type="1:VLAN", Tunnel-Medium-Type="1:Ether_802", 
> Tunnel-Private-Group-ID="1:80"
>
>         </AuthBy>
>          AuthLog localusers
>  </Handler>
>
> <Handler TunnelledByTTLS=1, Realm = domain1.pt>
>          RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy FILE>
>                  RewriteUsername s/^([^@]+).*/$1/
>                 Filename %D/users/users-ttls_domain1
>                  AddToReply User-Name=%u , Tunnel-Type="1:VLAN", 
> Tunnel-Medium-Type="1:Ether_802", Tunnel-Private-Group-ID="1:80"
>
>         </AuthBy>
>          AuthLog localusers
>  </Handler>
>
> <Handler TunnelledByPEAP=1, Realm=domain2.pt>
>          RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy FILE>
>                  RewriteUsername s/^([^@]+).*/$1/
>                 Filename %D/users/users-peap_domain2
>                 EAPType MSCHAP-V2
>                  EAPTLS_PEAPVersion 0
>                  AddToReply User-Name=%u
>          </AuthBy>
>          AuthLog localusers
>  </Handler>
>
> <Handler TunnelledByTTLS=1, Realm=domain2.pt>
>         RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy FILE>
>                  RewriteUsername s/^([^@]+).*/$1/
>                 Filename %D/users/users-ttls_domain2
>                  AddToReply User-Name=%u
>          </AuthBy>
>          AuthLog localusers
>  </Handler>
>
>
>
> <Handler Realm = /^domain1.pt|domain2.pt$/>
>         RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy FILE>
>                  EAPType TTLS, PEAP
>                  EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>                 EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>                  EAPTLS_CertificateType PEM
>                  EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>                  EAPTLS_PrivateKeyPassword *********
>                  EAPTLS_MaxFragmentSize 1000
>                  AutoMPPEKeys
>         </AuthBy>
>  </Handler>
>
> <Handler Realm = /^.+$/,Client-Identifier=/^(?!Proxy$)/>
>          <AuthBy RADIUS>
>                  Host ProxyRadius
>                  Secret ************
>                  AuthPort  1812
>                  AcctPort  1813
>                 Retries  0
>                  StripFromReply  Tunnel-Type, Tunnel-Medium-Type, 
> Tunnel-Private-Group-ID
>          </AuthBy>
>          AuthLog roamingusers
>  </Handler>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list