(RADIATOR) My ongoing radiusd issues

Hugh Irvine hugh at open.com.au
Thu Oct 7 10:33:18 CDT 2004 

Hello Jason -

As far as Radiator is concerned the web tool is just another Client, 
NAS or otherwise.

The dictionary is always need for the User-Name and User-Password at 
least.

regards

Hugh


On 7 Oct 2004, at 16:50, Hartshorn, Jason wrote:

>
> Ok, thank you for that bit of information. But the other part of my 
> question still has not been answered. We are not using a NAS, just 
> using Radiator to authenticate for a web piece via active directory. 
> So any information generated by the use of the dictionary is extra and 
> not needed. How can we nullify that functionality and just use 
> radiator to authenticate users via AD?
>
>
> ============================
> Jason Hartshorn
> Unix Administration
> Talisen Technologies
> Tel:  (314) 317-7757
> jhartshorn at talisentech.com
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, October 07, 2004 9:23 AM
> To: Hartshorn, Jason
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) My ongoing radiusd issues
>
>
> Hello Jason -
>
> You should define DbDir in your configuration file to point the the
> directory where you want to put your dictionary, then you should copy
> the dictionary file (the file called "dictionary" in the main
> distribution directory) to that directory.
>
> Note that the "dictionary" file in the main distribution directory is
> what you should use (it is the standard dictionary that contains
> everything). The files contained in the "goodies" directory are no
> longer used except in certain special circumstances.
>
> See sections 6.4.8 and 6.4.10 in the Radiator 3.9 reference manual
> ("doc/ref.html").
>
> regards
>
> Hugh
>
>
> On 7 Oct 2004, at 15:10, Hartshorn, Jason wrote:
>
>> Ok, now maybe I am a bit naïve when it comes to this dictionary
>> configuration and the install documents do not cover it. I have found
>> by making /usr/local/etc/radddb/dictionary a directory with all the
>> dictionary files from goodies/ in it everything seems to work. But I
>> want to understand this and see how to do this the right way. We are
>> trying to use radiator as a handshake between a web tool and active
>> irectory. So there is no NAS or anything to be done other than the
>> authentication. Here is my radius.cfg:
>>
>>  
>>
>> # radius.cfg
>>
>> #
>>
>> # This is a very simple radius.cfg that you can use to get started.
>>
>> # only the most important parameters are set here. The full set
>>
>> # of parameters can be seen in radius.cfg in the top of the
>> distribution tree.
>>
>> #
>>
>> # As it stands, it will authenticate a single client and a
>>
>>  # single realm from a flat file
>>
>> # database, and save the accounting info to a single details file.
>>
>> #
>>
>> # Author: Mike McCauley (mikem at open.com.au)
>>
>> # Copyright (C) 1997 Open System Consultants
>>
>> # $Id: radius.cfg,v 1.3 1999/01/28 05:13:52 mikem Exp $
>>
>>  
>>
>> # Config added for debugging JWH
>>
>> LogStdout
>>
>> Trace 4
>>
>>  
>>
>> AuthPort        1812
>>
>> AcctPort        1813
>>
>> #BindAddress    192.168.5.26
>>
>> LogDir          /var/log/radius
>>
>> LogFile         %L/%Y%m-radius.log
>>
>> PidFile         /var/run/radiusd2.pid
>>
>> User            radius
>>
>> Group           radius
>>
>>  
>>
>> # Set this to the database directory. It should contain these files:
>>
>> # users           The user database
>>
>> # dictionary      The dictionary for your NAS
>>
>> # DbDir /usr/local/etc/raddb
>>
>>  
>>
>> # This clause defines a single client to listen to
>>
>>  
>>
>> # For testing: this allows us to honour requests from radpwtst
>>
>>  # on the same host.
>>
>> <Client DEFAULT>
>>
>>         Secret mysecret
>>
>>         DupInterval 0
>>
>> </Client>
>>
>>  
>>
>> # This clause handles all users from all realms by looking them up
>>
>> # in the users file at /usr/local/etc/raddb/users
>>
>> <AuthLog FILE>
>>
>>         Filename %L/%Y%m-authlog.log
>>
>>         LogSuccess 1
>>
>>         LogFailure 1
>>
>> </AuthLog>
>>
>> <Realm DEFAULT>
>>
>>         <AuthBy LDAP2>
>>
>>                 Host ldap.talisentech.com
>>
>>                 Port 389
>>
>>                 AuthDN cn=ehs_admin, dc=ehs, dc=local
>>
>>                 AuthPassword ehs$$1
>>
>>                 BaseDN dc=ehs, dc=local
>>
>>                 # EncryptedPasswordAttr
>>
>>                  Version 3
>>
>>                 ServerChecksPassword
>>
>>                 UsernameAttr    cn
>>
>>                 #Debug 255
>>
>>  
>>
>>         </AuthBy>
>>
>>         # Log accounting to the detail file in LogDir
>>
>>         AcctLogFileName %L/%Y%m-acct.log
>>
>>         AcctLogFileFormat       %{Timestamp %{Acct-Session-ID}
>> %{User-Name}
>>
>>         PasswordLogFileName     %L/%Y%m-passwd.log
>>
>> </Realm>
>>
>>  
>>
>>  
>>
>> Now I appreciate any assistance anyone can give me on this. I have
>> found the documentation very general and lacking as to the specifics I
>> have asked here. Keep in mind, that I am not well versed in Radius .
>> Thank you.
>>
>>  
>>
>>  
>>
>> ============================
>>  Jason Hartshorn
>> Unix Administration
>> Talisen Technologies
>> Tel:  (314) 317-7757
>> jhartshorn at talisentech.com
>>
>>  
>>
>
> NB: I am travelling this week, so there may be delays in our
> correspondence.
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list