(RADIATOR) Got sometimes timeout when starting Radiator as WinNT service.
eddy_mut
eddy at ncv.ru
Fri Sep 2 01:30:27 CDT 2005
Hi,
Windows gets to me Error 1053 when i trying to start this service/
This is my config file:
#
# Configuration file for Radiator radius server
# This config file is used for testing the server (see test.pl)
# but it also demonstrates and documents most of the available
# objects and keywords that are supported.
#
# DONT PANIC: Your own radius.cfg will be _much_ simpler than this.
#
# Hint: If you are building a new config file for your
# installation, you
# should probably consult some of the simple config files in the
# goodies directory (such as goodies/simple.cfg)
# and only use this file as a guide to all the extra
# things you can add later. Start simple and add features as you go.
#
# Author: Mike McCauley (mikem at open.com.au)
# Copyright (C) 1997 Open System Consultants
# $Id: radius.cfg,v 1.79 2002/12/17 05:07:05 mikem Exp $
#
# Filenames configured here can use special formatting characters,
# some common examples below. There are many more.
# The full set is listed in the
# reference manual.
# %% The percent character
# %D DbDir
# %L LogDir
# %y Last 2 digits of the current year (2 digits)
# %Y Current year (4 digits)
# %m Current month number (2 digits)
# %d Current day of the month (2 digits)
# %c IP address of the client who sent the current packet (if any)
# %C Client name of the client who sent the current packet (if any)
# %R The realm of the username named in the current packet (if any)
# %N The Nas-IP-Address in the current packet (if any)
# %n The full User-Name in the current packet (if any)
# %P The decrypted password
# %U The username being authenticated (with the realm stripped off)
# %h The hostname this server is running on
# %t The current time in seconds since Jan 1 1970
# %T The request type of the current packet (if any)
# %a The Framed-IP-Address of the current packet
# %H The current hour (0-23)
# %M The current minute (0-59)
# %S The current second (0-59)
# %{attr} The value of the named attribute in the current request packet
# %{GlobalVar:name} The value of the global varible "name", which
# can be set on the command line with name=value, or
# in this file with:
# DefineFormattedGlobalVar name value
# %{Reply:attr} The value of the named attribute in the current reply packet
# You can use this to get the value of reply attributes
# Foreground makes this run in the foreground instead of as a daemon
# When running as a daemon, detaches from STDIN and STDOUT, becomes
# a process group leader and detaches from the controlling TTY.
# You must use Foreground if you want to run from inetd, init or
# restartWrapper, or as a service on NT
Foreground
# LogStdout makes all log file output appear on stdout as well
# You must be running in Foreground mode for this to work
LogStdout
# Trace makes the server log increasing levels of detail aboutn
# its internal operations.
# At level 0 (the default), only serious errors are logged.
# At level 1, warnings are also logged
# At level 2, normal but significant event are also logged,
# At level 3, informational messages are also logged,
# At level 4, debugging messages are also logged.
# At level 5, hex packet dumps of all incoming packets are also printed.
# At level 4 and 5, packet dumps go to stdout. You probably dont
# want that in a live system. Choose the lowest Trace level you
# really need
Trace 4
# AuthPort specifies the port to list on for authentication requests
# Can be a numeric port number or a service name from /etc/services
# Defaults to 1645. You can specify multiple comma-separated ports
AuthPort 1812
# AcctPort specifies the port to list on for accounting requests
# Can be a numeric port number or a service name from /etc/services
# Defaults to 1646. You can specify multiple comma-separated ports
AcctPort 1813
# If you are multi-homed, and only want to listen on a single address
# you can restrict it by setting BindAddress. Set it to the address
# you want to listen on. Defaults to 0.0.0.0 (ie anything received by
# any address on this host
# BindAddress 203.63.154.1
# You can specifiy multiple BindAddress addresses, comma separated:
#BindAddress 200.10.1.4, 200.11.2.3
# LogDir is the directory where logfiles are put
# Defaults to /var/log/radius
LogDir D:\temp\Radiator\log
# DbDir is the directory where database and config are put
# Defaults to /usr/local/etc/raddb
DbDir D:\temp\Radiator\conf
# LogFile is the name of the log file.
# This file is always opened written and closed for each message,
# so you can safely rotate it at any time.
# Can use special formatting characters
# Defaults to "%L/logfile"
LogFile %L\radiusd.log
# You can disable all logging to the log file by
# setting LogFile to nothing like this:
#LogFile
# You can define your own variables that can be accessed anywhere
# special formatting charcters are permitted. In the following
# example, %{GlobalVar:myvariable} will be replaced with "value"
# You can get the same effect with myvariable=value on the
# command line for radiusd
#DefineFormattedGlobalVar myvariable value
# DictionaryFile is the name of the Radius dictionary file(s)
# Can use special formatting characters
# defaults to "%D/dictionary", which is good for
# most everything except Ascends using the old Ascend non-vendor-specific
attributes. If you
# need the old ascend attributes, name both dictionaries in the
DictionaryFile
# Caution: changing the dictionary can stop the test suite test.pl
# from working
DictionaryFile %D\dictionary,%D\dictionary.ascend
# The name of the file where the radiusd PID will be
# written after startup. Can contain special filename chars.
# Defaults to %L/radiusd.pid
PidFile %D\radiusd.pid
# You can adjust the length of the Radius socket queues with
# SocketQueueLength. You should only need to do this if you are handling
# large numbers of requests. You may also have to adjust your operating
# system configuration to permit large queue lengths. Not supported
# on Win95 or NT
#SocketQueueLength 1000000
# There are a number of other optional configuration items
# for optional NAS communications. See the reference manual.
# you only need these if you specify Simultaneous-Use and
# a specific NasType in a <Client> statement
# FingerProg defaults to an internal client. If you specify
# a program name for FingerProg, it wil luse that program instead
# of the internal client.
#FingerProg /bin/finger
#SnmpgetProg /usr/bin/snmpget
#PmwhoProg /usr/local/sbin/pmwho
#LivingstonMIB .iso.org.dod.internet.private.enterprises.307
#LivingstonOffs 29
#LivingstonHole 2
#SnmpgetProg /usr/local/bin/snmpget
# You can rewrite every username that is received with RewriteUsername
# (you can also rewrite on a per-client or per-realm basis in those clauses
# This is often good for translating MS domain names into @realm format
# RewriteUsername is
# a PERL substitution pattern. It is probably most useful for
# stripping the realm from a User-Name before authenticating it
# this can be done with RewriteUsername s/^([^@]+).*/$1/
# You could also do much more sophisticated
# things like change the realm depending on the user name etc,
# append things to the realm before forwarding etc.
# You can have any number of RewriteUsername lines. The rewrite
# are applied in the same order that they appear in this file.
#RewriteUsername s/^mikem$/xyzzy/
#RewriteUsername tr/[a-z]/[A-Z]/
# The next one converts realm\user format like for MSN
# to user at realm, the way Radiator likes them
#RewriteUsername s/^(.*)\\(.*)/$2\@$1/
# PreClientHook is a perl function that will be called for each request
# before it is passed to a Client clause. A reference to the
# the current packet is passed as the only argument
#PreClientHook sub { print "Here I am in PreClientHook\n"; }
#PreClientHook file:"/main/script/av_preprocess.pl"
# MainLoopHook is called once per second during the main dispatch loop
#MainLoopHook sub { print "Here I am in MainLoopHook\n"; }
# StartupHook is a perl function that is called during initial
# startup and during restarts from SIGHUP. It is passed a single
# arguemnt that is true during a restart and undef during initial
# start
#StartupHook sub {print "here I am in StartupHook $_[0]\n";}
# ShutdownHook is a perl function that is called before exiting after
# a SIGTERM.
#ShutdownHook sub {print "here I am in ShutdownHook\n";}
# You can also define hooks for USR1Hook, USR2Hook and WINCHHook
# which run (on UNix systems) when those signals are received.
# You can also force all user names to
# consist of a particular character set. This can be
# also useful to reject bogus access requests due to modem
# line noise. The value is a perl character set
# specification. This example permits only alphanumeric,
# period, dash and the at sign.
# Note: you can apply UsernameCharset to a single realm or Handler
# with the Handler UsernameCharset parameter
#UsernameCharset a-zA-Z0-9\.-_@
# On Unix you can control the actual user that the server runs as
# provided it starts as a suitable priveleged user. You can specifiy
# unix user name or UID here
#User radius
# or group name/GID
#Group radius
# <Client hostname> is used to define each radius client to which
# we will respond. Requests received from clients that arent named by
# Client clauses in this file here will be ignored
# The DEFAULT client (if defined) will handle requsts from Clients that
# are not defined elsewhere
<Client DEFAULT>
# Secret is the shared secret between client and this server
# Any number of characters, any character except newline
# You must set a secret in every Client clause.
Secret ******
# If IgnoreAcctSignature is defined, incoming
# Accounting-Requests
# from this client
# will not have their signature checked.
# This is useful for some
# Radius clients and forwarding servers
# that dont correctly compute the signature
# in accounting requests.
# The Accounting-Response packets will always have a correctly
# computed signature, regardless of IgnoreAcctSignature
# IgnoreAcctSignature
# If more that 1 Radius request from this Client with
# the same Identifer are received within
# DupInterval seconds, the
# 2nd and subsequent are ignored.
# A value of 0 means duplicates are
# always accepted, which might not be very wise,
# except during testing.
# Default is 2 seconds
# DupInterval 2
DupInterval 0
# You can use this to fine-tune which types of duplicate
# requests
# you will handle (regardless of the setting of DupInterval)
# The value is a space separated list of request types,
# such as "Access-Request Accounting-Request" etc. Case
# sensitive. This can sometimes help if you are losing packets
# NoIgnoreDuplicates Access-Request
# Use this to set a default realm for requests that dont
# already have one. This can trigger a specific Realm
# statement for users who log in to this NAS without a
# realm
# DefaultRealm open.com.au
# Optional NasType specifies the type of NAS. May
# be used to determine how to communicate directly to the NAS
# As part of simultaneous login checking. Dont define this
# if you are not prepared for Radiator to spend some time
# talking to your NAS occasionally.
# Allowable values are
# Livingston uses snmpget
# Portslave uses finger
# PortslaveLinux uses finger
# PortslaveMoxa uses finger, requires ctlportslave
# in the target Linux host
# Cisco uses snmpget
# Ascend uses finger
# Shiva uses finger
# TotalControl uses pmwho
# Computone uses finger
# Bay uses snmpget
# Xyplex uses finger
# AscendSNMP uses snmpget
# TotalControlSNMP uses snmpget
# Bay5399SNMP uses snmpget
# Bay8000SNMP uses snmpget
# Bay4000SNMP uses snmpget
# BayFinger use finger
# Hiper uses snmpget
# Tigris uses snmpget
# TigrisNew uses snmpget
# TigrisOld uses snmpget
# NortelCVX1800 uses snmpget
# Portmaster3 uses snmpget
# Portmaster4 uses pmwho
# Ping uses ICMP ping to check the
# Framed-IP-Address of the dialup user
# requires Radiator to be run as root
#
#
# ignore Does not contact NAS, Always assumes
# that there are no multiple logins
# other not implemented yet
# <undefined> the default, does not contact NAS
# NasType Livingston
#NasType Ping
# These base addresses are used to generate Framed-IP-Address
# from Framed-Group reply items and NAS-Port
# Framed-Group in a user record selects the nth
# FramedGroupBaseAddress (0 based), and NAS-Port is added to the last
# byte (modulo 255) to generate a Framed-IP-Address.
# Therefore if a user logs in on this Client to port 5, and their
# Framed-Group is 1, they will get a Framed-IP-Address of
# 10.0.1.6.
# You can use FramedGroupMaxPortsPerClassC to control the
# number of ports alocated to each class C address
# These parameters are ignored unless the user has a Framed-Group
# reply item.
FramedGroupBaseAddress 10.0.0.1
FramedGroupBaseAddress 10.0.1.1
FramedGroupBaseAddress 10.0.2.1
FramedGroupMaxPortsPerClassC 20
# You can rewrite all usernames that come from this client
# RewriteUsername s/yourdomain.com$/yourotherdomain.com/
# You can specify a bunch of other clients that have
# an identical setup
# IdenticalClients 10.1.1.1 10.1.1.2 10.1.1.3 nas.mydomain.com
# IdenticalClients 10.1.1.7,10.1.1.8,10.1.1.9,203.63.154.1 localhost
# PreHandlerHook is a perl function that will be called
# for each request after per-client username rewriting and
# and duplicate rejection and
# before it is passed to any Realm or Handler clause.
# A reference to the
# the current packet is passed as the only argument
# PreHandlerHook sub { print "Here I am in PreHandlerHook\n" }
# If you set this, a Status-Server message from this client
# include details of all Clients, as well as basic
# server information.
# StatusServerShowClientDetails
</Client>
#<Monitor>
# Username Mikem
# Password Fred
#</Monitor>
<Handler Realm = ncv.ru>
<AuthBy FILE>
Filename %D\ncv_users
AutoMPPEKeys
</AuthBy>
</Handler>
# If you have an SNMPAgent clause, it establishes an Agent that
# will service SNMP requests for the standard Radius Server MIB as
# described in draft-ietf-radius-servmib-04.txt
# Requires SNMP_Session-0.92.tar.gz or later from
# ftp://ftp.switch.ch/software/sources/network/snmp/perl/
# Radiator must run as root to listen on the default SNMP port 161
# You can then use something like
# snmpget localhost public .iso.org.dod.internet.3.79.1.1.1.1
# or
# snmpwalk localhost public .iso.org.dod.internet.3.79.1.1.1
#
#<SNMPAgent>
# Specifies the UDP port to listen on. Defaults to 161
# You will need to run as root to open this port
# on Unix
# Port 161
# Specifies a specific host address to listen on. Useful
# if you are multi-homed. Defaults to the value of the global
# BindAddress
#BindAddress 203.63.154.1
# Specifies the community name that we will honour
# for different types of access.
# Defaults to nothing, meaning no access. Community
# is deprecated in favour of ROCommunity and RWCommunity
# For more specific control, see
# ROCommunity, RWCommunity and Managers in the reference manual
#ROCommunity mycommunity
#ROCommunity public
#RWCommunity public
#</SNMPAgent>
# You can set up additional logging with these. The logging wil be in
# addition to any logging defined by LogFile and Trace above.
# Log to a file
#<Log FILE>
# You can use special formatting characters
# Filename %L/mylog
# Trace level to use (allows same values as the global Trace level)
# Trace 4
#</Log>
# Log to syslog (Unix only)
#<Log SYSLOG>
# # Default facility is 'user'
# Facility user
# Trace level to use (allows same values as the global Trace level)
# Trace 4
#</Log>
===============================================================
Windows gets to me Error 1053
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: <eddy at ncv.ru>
Cc: <radiator at open.com.au>
Sent: Friday, September 02, 2005 10:11 AM
Subject: Re: (RADIATOR) Got sometimes timeout when starting Radiator as
WinNT service.
>
> Hello Eddy -
>
> What sort of timeouts are you seeing?
>
> Please send me a copy of your configuration file and a trace 4 debug from
> Radiator showing what is happening.
>
> regards
>
> Hugh
>
>
> On 1 Sep 2005, at 20:37, eddy_mut wrote:
>
>> Got sometimes timeout when starting Radiator as WinNT service.
>>
>>
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list