(RADIATOR) My ongoing radiusd issues

Hartshorn, Jason Jhartshorn at Talisentech.com
Thu Oct 7 09:50:40 CDT 2004 

Ok, thank you for that bit of information. But the other part of my question still has not been answered. We are not using a NAS, just using Radiator to authenticate for a web piece via active directory. So any information generated by the use of the dictionary is extra and not needed. How can we nullify that functionality and just use radiator to authenticate users via AD?


============================
Jason Hartshorn
Unix Administration
Talisen Technologies
Tel:  (314) 317-7757
jhartshorn at talisentech.com

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Thursday, October 07, 2004 9:23 AM
To: Hartshorn, Jason
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) My ongoing radiusd issues


Hello Jason -

You should define DbDir in your configuration file to point the the 
directory where you want to put your dictionary, then you should copy 
the dictionary file (the file called "dictionary" in the main 
distribution directory) to that directory.

Note that the "dictionary" file in the main distribution directory is 
what you should use (it is the standard dictionary that contains 
everything). The files contained in the "goodies" directory are no 
longer used except in certain special circumstances.

See sections 6.4.8 and 6.4.10 in the Radiator 3.9 reference manual 
("doc/ref.html").

regards

Hugh


On 7 Oct 2004, at 15:10, Hartshorn, Jason wrote:

> Ok, now maybe I am a bit naïve when it comes to this dictionary 
> configuration and the install documents do not cover it. I have found 
> by making /usr/local/etc/radddb/dictionary a directory with all the 
> dictionary files from goodies/ in it everything seems to work. But I 
> want to understand this and see how to do this the right way. We are 
> trying to use radiator as a handshake between a web tool and active 
> irectory. So there is no NAS or anything to be done other than the 
> authentication. Here is my radius.cfg:
>
>  
>
> # radius.cfg
>
> #
>
> # This is a very simple radius.cfg that you can use to get started.
>
> # only the most important parameters are set here. The full set
>
> # of parameters can be seen in radius.cfg in the top of the 
> distribution tree.
>
> #
>
> # As it stands, it will authenticate a single client and a
>
>  # single realm from a flat file
>
> # database, and save the accounting info to a single details file.
>
> #
>
> # Author: Mike McCauley (mikem at open.com.au)
>
> # Copyright (C) 1997 Open System Consultants
>
> # $Id: radius.cfg,v 1.3 1999/01/28 05:13:52 mikem Exp $
>
>  
>
> # Config added for debugging JWH
>
> LogStdout
>
> Trace 4
>
>  
>
> AuthPort        1812
>
> AcctPort        1813
>
> #BindAddress    192.168.5.26
>
> LogDir          /var/log/radius
>
> LogFile         %L/%Y%m-radius.log
>
> PidFile         /var/run/radiusd2.pid
>
> User            radius
>
> Group           radius
>
>  
>
> # Set this to the database directory. It should contain these files:
>
> # users           The user database
>
> # dictionary      The dictionary for your NAS
>
> # DbDir /usr/local/etc/raddb
>
>  
>
> # This clause defines a single client to listen to
>
>  
>
> # For testing: this allows us to honour requests from radpwtst
>
>  # on the same host.
>
> <Client DEFAULT>
>
>         Secret mysecret
>
>         DupInterval 0
>
> </Client>
>
>  
>
> # This clause handles all users from all realms by looking them up
>
> # in the users file at /usr/local/etc/raddb/users
>
> <AuthLog FILE>
>
>         Filename %L/%Y%m-authlog.log
>
>         LogSuccess 1
>
>         LogFailure 1
>
> </AuthLog>
>
> <Realm DEFAULT>
>
>         <AuthBy LDAP2>
>
>                 Host ldap.talisentech.com
>
>                 Port 389
>
>                 AuthDN cn=ehs_admin, dc=ehs, dc=local
>
>                 AuthPassword ehs$$1
>
>                 BaseDN dc=ehs, dc=local
>
>                 # EncryptedPasswordAttr
>
>                  Version 3
>
>                 ServerChecksPassword
>
>                 UsernameAttr    cn
>
>                 #Debug 255
>
>  
>
>         </AuthBy>
>
>         # Log accounting to the detail file in LogDir
>
>         AcctLogFileName %L/%Y%m-acct.log
>
>         AcctLogFileFormat       %{Timestamp %{Acct-Session-ID} 
> %{User-Name}
>
>         PasswordLogFileName     %L/%Y%m-passwd.log
>
> </Realm>
>
>  
>
>  
>
> Now I appreciate any assistance anyone can give me on this. I have 
> found the documentation very general and lacking as to the specifics I 
> have asked here. Keep in mind, that I am not well versed in Radius . 
> Thank you.
>
>  
>
>  
>
> ============================
>  Jason Hartshorn
> Unix Administration
> Talisen Technologies
> Tel:  (314) 317-7757
> jhartshorn at talisentech.com
>
>  
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list