(RADIATOR) Got sometimes timeout when starting Radiator as WinNT service.
Hugh Irvine
hugh at open.com.au
Fri Sep 2 02:49:25 CDT 2005
Hello Eddy -
How have you installed Radiator and how have you installed your
Windows service?
BTW - there are many example configuration files in the "goodies"
directory of the Radiator distribution - I suggest you start with a
simple example configuration file rather than using what you show below.
regards
Hugh
On 2 Sep 2005, at 16:30, eddy_mut wrote:
> Hi,
>
> Windows gets to me Error 1053 when i trying to start this service/
>
> This is my config file:
>
> #
> # Configuration file for Radiator radius server
> # This config file is used for testing the server (see test.pl)
> # but it also demonstrates and documents most of the available
> # objects and keywords that are supported.
> #
> # DONT PANIC: Your own radius.cfg will be _much_ simpler than this.
> #
> # Hint: If you are building a new config file for your
> # installation, you
> # should probably consult some of the simple config files in the
> # goodies directory (such as goodies/simple.cfg)
> # and only use this file as a guide to all the extra
> # things you can add later. Start simple and add features as you go.
> #
> # Author: Mike McCauley (mikem at open.com.au)
> # Copyright (C) 1997 Open System Consultants
> # $Id: radius.cfg,v 1.79 2002/12/17 05:07:05 mikem Exp $
> #
> # Filenames configured here can use special formatting characters,
> # some common examples below. There are many more.
> # The full set is listed in the
> # reference manual.
> # %% The percent character
> # %D DbDir
> # %L LogDir
> # %y Last 2 digits of the current year (2 digits)
> # %Y Current year (4 digits)
> # %m Current month number (2 digits)
> # %d Current day of the month (2 digits)
> # %c IP address of the client who sent the current packet
> (if any)
> # %C Client name of the client who sent the current packet
> (if any)
> # %R The realm of the username named in the current packet
> (if any)
> # %N The Nas-IP-Address in the current packet (if any)
> # %n The full User-Name in the current packet (if any)
> # %P The decrypted password
> # %U The username being authenticated (with the realm
> stripped off)
> # %h The hostname this server is running on
> # %t The current time in seconds since Jan 1 1970
> # %T The request type of the current packet (if any)
> # %a The Framed-IP-Address of the current packet
> # %H The current hour (0-23)
> # %M The current minute (0-59)
> # %S The current second (0-59)
> # %{attr} The value of the named attribute in the current request
> packet
> # %{GlobalVar:name} The value of the global varible "name", which
> # can be set on the command line with name=value, or
> # in this file with:
> # DefineFormattedGlobalVar name value
> # %{Reply:attr} The value of the named attribute in the current
> reply packet
> # You can use this to get the value of reply attributes
>
> # Foreground makes this run in the foreground instead of as a daemon
> # When running as a daemon, detaches from STDIN and STDOUT, becomes
> # a process group leader and detaches from the controlling TTY.
> # You must use Foreground if you want to run from inetd, init or
> # restartWrapper, or as a service on NT
> Foreground
>
> # LogStdout makes all log file output appear on stdout as well
> # You must be running in Foreground mode for this to work
> LogStdout
>
> # Trace makes the server log increasing levels of detail aboutn
> # its internal operations.
> # At level 0 (the default), only serious errors are logged.
> # At level 1, warnings are also logged
> # At level 2, normal but significant event are also logged,
> # At level 3, informational messages are also logged,
> # At level 4, debugging messages are also logged.
> # At level 5, hex packet dumps of all incoming packets are also
> printed.
> # At level 4 and 5, packet dumps go to stdout. You probably dont
> # want that in a live system. Choose the lowest Trace level you
> # really need
> Trace 4
>
> # AuthPort specifies the port to list on for authentication requests
> # Can be a numeric port number or a service name from /etc/services
> # Defaults to 1645. You can specify multiple comma-separated ports
> AuthPort 1812
>
> # AcctPort specifies the port to list on for accounting requests
> # Can be a numeric port number or a service name from /etc/services
> # Defaults to 1646. You can specify multiple comma-separated ports
> AcctPort 1813
>
> # If you are multi-homed, and only want to listen on a single address
> # you can restrict it by setting BindAddress. Set it to the address
> # you want to listen on. Defaults to 0.0.0.0 (ie anything received by
> # any address on this host
> # BindAddress 203.63.154.1
> # You can specifiy multiple BindAddress addresses, comma separated:
> #BindAddress 200.10.1.4, 200.11.2.3
>
> # LogDir is the directory where logfiles are put
> # Defaults to /var/log/radius
> LogDir D:\temp\Radiator\log
>
> # DbDir is the directory where database and config are put
> # Defaults to /usr/local/etc/raddb
> DbDir D:\temp\Radiator\conf
>
> # LogFile is the name of the log file.
> # This file is always opened written and closed for each message,
> # so you can safely rotate it at any time.
> # Can use special formatting characters
> # Defaults to "%L/logfile"
> LogFile %L\radiusd.log
> # You can disable all logging to the log file by
> # setting LogFile to nothing like this:
> #LogFile
>
> # You can define your own variables that can be accessed anywhere
> # special formatting charcters are permitted. In the following
> # example, %{GlobalVar:myvariable} will be replaced with "value"
> # You can get the same effect with myvariable=value on the
> # command line for radiusd
> #DefineFormattedGlobalVar myvariable value
>
> # DictionaryFile is the name of the Radius dictionary file(s)
> # Can use special formatting characters
> # defaults to "%D/dictionary", which is good for
> # most everything except Ascends using the old Ascend non-vendor-
> specific attributes. If you
> # need the old ascend attributes, name both dictionaries in the
> DictionaryFile
> # Caution: changing the dictionary can stop the test suite test.pl
> # from working
> DictionaryFile %D\dictionary,%D\dictionary.ascend
>
> # The name of the file where the radiusd PID will be
> # written after startup. Can contain special filename chars.
> # Defaults to %L/radiusd.pid
> PidFile %D\radiusd.pid
>
> # You can adjust the length of the Radius socket queues with
> # SocketQueueLength. You should only need to do this if you are
> handling
> # large numbers of requests. You may also have to adjust your
> operating
> # system configuration to permit large queue lengths. Not supported
> # on Win95 or NT
> #SocketQueueLength 1000000
>
> # There are a number of other optional configuration items
> # for optional NAS communications. See the reference manual.
> # you only need these if you specify Simultaneous-Use and
> # a specific NasType in a <Client> statement
> # FingerProg defaults to an internal client. If you specify
> # a program name for FingerProg, it wil luse that program instead
> # of the internal client.
> #FingerProg /bin/finger
> #SnmpgetProg /usr/bin/snmpget
> #PmwhoProg /usr/local/sbin/pmwho
>
> #LivingstonMIB .iso.org.dod.internet.private.enterprises.307
> #LivingstonOffs 29
> #LivingstonHole 2
> #SnmpgetProg /usr/local/bin/snmpget
>
> # You can rewrite every username that is received with RewriteUsername
> # (you can also rewrite on a per-client or per-realm basis in those
> clauses
> # This is often good for translating MS domain names into @realm
> format
> # RewriteUsername is
> # a PERL substitution pattern. It is probably most useful for
> # stripping the realm from a User-Name before authenticating it
> # this can be done with RewriteUsername s/^([^@]+).*/$1/
> # You could also do much more sophisticated
> # things like change the realm depending on the user name etc,
> # append things to the realm before forwarding etc.
> # You can have any number of RewriteUsername lines. The rewrite
> # are applied in the same order that they appear in this file.
> #RewriteUsername s/^mikem$/xyzzy/
> #RewriteUsername tr/[a-z]/[A-Z]/
> # The next one converts realm\user format like for MSN
> # to user at realm, the way Radiator likes them
> #RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>
> # PreClientHook is a perl function that will be called for each
> request
> # before it is passed to a Client clause. A reference to the
> # the current packet is passed as the only argument
> #PreClientHook sub { print "Here I am in PreClientHook\n"; }
>
> #PreClientHook file:"/main/script/av_preprocess.pl"
>
> # MainLoopHook is called once per second during the main dispatch loop
> #MainLoopHook sub { print "Here I am in MainLoopHook\n"; }
>
> # StartupHook is a perl function that is called during initial
> # startup and during restarts from SIGHUP. It is passed a single
> # arguemnt that is true during a restart and undef during initial
> # start
> #StartupHook sub {print "here I am in StartupHook $_[0]\n";}
>
> # ShutdownHook is a perl function that is called before exiting after
> # a SIGTERM.
> #ShutdownHook sub {print "here I am in ShutdownHook\n";}
>
> # You can also define hooks for USR1Hook, USR2Hook and WINCHHook
> # which run (on UNix systems) when those signals are received.
>
> # You can also force all user names to
> # consist of a particular character set. This can be
> # also useful to reject bogus access requests due to modem
> # line noise. The value is a perl character set
> # specification. This example permits only alphanumeric,
> # period, dash and the at sign.
> # Note: you can apply UsernameCharset to a single realm or Handler
> # with the Handler UsernameCharset parameter
> #UsernameCharset a-zA-Z0-9\.-_@
>
> # On Unix you can control the actual user that the server runs as
> # provided it starts as a suitable priveleged user. You can specifiy
> # unix user name or UID here
> #User radius
> # or group name/GID
> #Group radius
>
> # <Client hostname> is used to define each radius client to which
> # we will respond. Requests received from clients that arent named by
> # Client clauses in this file here will be ignored
> # The DEFAULT client (if defined) will handle requsts from Clients
> that
> # are not defined elsewhere
> <Client DEFAULT>
> # Secret is the shared secret between client and this server
> # Any number of characters, any character except newline
> # You must set a secret in every Client clause.
> Secret ******
>
> # If IgnoreAcctSignature is defined, incoming
> # Accounting-Requests
> # from this client
> # will not have their signature checked.
> # This is useful for some
> # Radius clients and forwarding servers
> # that dont correctly compute the signature
> # in accounting requests.
> # The Accounting-Response packets will always have a correctly
> # computed signature, regardless of IgnoreAcctSignature
> # IgnoreAcctSignature
>
> # If more that 1 Radius request from this Client with
> # the same Identifer are received within
> # DupInterval seconds, the
> # 2nd and subsequent are ignored.
> # A value of 0 means duplicates are
> # always accepted, which might not be very wise,
> # except during testing.
> # Default is 2 seconds
> # DupInterval 2
> DupInterval 0
>
> # You can use this to fine-tune which types of duplicate
> # requests
> # you will handle (regardless of the setting of DupInterval)
> # The value is a space separated list of request types,
> # such as "Access-Request Accounting-Request" etc. Case
> # sensitive. This can sometimes help if you are losing packets
> # NoIgnoreDuplicates Access-Request
>
> # Use this to set a default realm for requests that dont
> # already have one. This can trigger a specific Realm
> # statement for users who log in to this NAS without a
> # realm
> # DefaultRealm open.com.au
>
> # Optional NasType specifies the type of NAS. May
> # be used to determine how to communicate directly to the NAS
> # As part of simultaneous login checking. Dont define this
> # if you are not prepared for Radiator to spend some time
> # talking to your NAS occasionally.
> # Allowable values are
> # Livingston uses snmpget
> # Portslave uses finger
> # PortslaveLinux uses finger
> # PortslaveMoxa uses finger, requires ctlportslave
> # in the target Linux host
> # Cisco uses snmpget
> # Ascend uses finger
> # Shiva uses finger
> # TotalControl uses pmwho
> # Computone uses finger
> # Bay uses snmpget
> # Xyplex uses finger
> # AscendSNMP uses snmpget
> # TotalControlSNMP uses snmpget
> # Bay5399SNMP uses snmpget
> # Bay8000SNMP uses snmpget
> # Bay4000SNMP uses snmpget
> # BayFinger use finger
> # Hiper uses snmpget
> # Tigris uses snmpget
> # TigrisNew uses snmpget
> # TigrisOld uses snmpget
> # NortelCVX1800 uses snmpget
> # Portmaster3 uses snmpget
> # Portmaster4 uses pmwho
> # Ping uses ICMP ping to check the
> # Framed-IP-Address of the dialup user
> # requires Radiator to be run as root
> #
> #
> # ignore Does not contact NAS, Always assumes
> # that there are no multiple logins
> # other not implemented yet
> # <undefined> the default, does not contact NAS
> # NasType Livingston
> #NasType Ping
>
> # These base addresses are used to generate Framed-IP-Address
> # from Framed-Group reply items and NAS-Port
> # Framed-Group in a user record selects the nth
> # FramedGroupBaseAddress (0 based), and NAS-Port is added to the last
> # byte (modulo 255) to generate a Framed-IP-Address.
> # Therefore if a user logs in on this Client to port 5, and their
> # Framed-Group is 1, they will get a Framed-IP-Address of
> # 10.0.1.6.
> # You can use FramedGroupMaxPortsPerClassC to control the
> # number of ports alocated to each class C address
> # These parameters are ignored unless the user has a Framed-Group
> # reply item.
> FramedGroupBaseAddress 10.0.0.1
> FramedGroupBaseAddress 10.0.1.1
> FramedGroupBaseAddress 10.0.2.1
> FramedGroupMaxPortsPerClassC 20
>
> # You can rewrite all usernames that come from this client
> # RewriteUsername s/yourdomain.com$/yourotherdomain.com/
>
> # You can specify a bunch of other clients that have
> # an identical setup
> # IdenticalClients 10.1.1.1 10.1.1.2 10.1.1.3 nas.mydomain.com
> # IdenticalClients 10.1.1.7,10.1.1.8,10.1.1.9,203.63.154.1 localhost
>
> # PreHandlerHook is a perl function that will be called
> # for each request after per-client username rewriting and
> # and duplicate rejection and
> # before it is passed to any Realm or Handler clause.
> # A reference to the
> # the current packet is passed as the only argument
> # PreHandlerHook sub { print "Here I am in PreHandlerHook\n" }
>
> # If you set this, a Status-Server message from this client
> # include details of all Clients, as well as basic
> # server information.
> # StatusServerShowClientDetails
> </Client>
>
> #<Monitor>
> # Username Mikem
> # Password Fred
> #</Monitor>
>
>
> <Handler Realm = ncv.ru>
> <AuthBy FILE>
> Filename %D\ncv_users
> AutoMPPEKeys
> </AuthBy>
> </Handler>
>
>
> # If you have an SNMPAgent clause, it establishes an Agent that
> # will service SNMP requests for the standard Radius Server MIB as
> # described in draft-ietf-radius-servmib-04.txt
> # Requires SNMP_Session-0.92.tar.gz or later from
> # ftp://ftp.switch.ch/software/sources/network/snmp/perl/
> # Radiator must run as root to listen on the default SNMP port 161
> # You can then use something like
> # snmpget localhost public .iso.org.dod.internet.3.79.1.1.1.1
> # or
> # snmpwalk localhost public .iso.org.dod.internet.3.79.1.1.1
> #
> #<SNMPAgent>
> # Specifies the UDP port to listen on. Defaults to 161
> # You will need to run as root to open this port
> # on Unix
> # Port 161
>
> # Specifies a specific host address to listen on. Useful
> # if you are multi-homed. Defaults to the value of the global
> # BindAddress
> #BindAddress 203.63.154.1
>
> # Specifies the community name that we will honour
> # for different types of access.
> # Defaults to nothing, meaning no access. Community
> # is deprecated in favour of ROCommunity and RWCommunity
> # For more specific control, see
> # ROCommunity, RWCommunity and Managers in the reference manual
> #ROCommunity mycommunity
> #ROCommunity public
> #RWCommunity public
> #</SNMPAgent>
>
> # You can set up additional logging with these. The logging wil be in
> # addition to any logging defined by LogFile and Trace above.
>
> # Log to a file
> #<Log FILE>
> # You can use special formatting characters
> # Filename %L/mylog
> # Trace level to use (allows same values as the global Trace level)
> # Trace 4
> #</Log>
>
> # Log to syslog (Unix only)
> #<Log SYSLOG>
> # # Default facility is 'user'
> # Facility user
>
> # Trace level to use (allows same values as the global Trace level)
> # Trace 4
> #</Log>
>
> ===============================================================
>
> Windows gets to me Error 1053
>
>
>
> ----- Original Message ----- From: "Hugh Irvine" <hugh at open.com.au>
> To: <eddy at ncv.ru>
> Cc: <radiator at open.com.au>
> Sent: Friday, September 02, 2005 10:11 AM
> Subject: Re: (RADIATOR) Got sometimes timeout when starting
> Radiator as WinNT service.
>
>
>
>>
>> Hello Eddy -
>>
>> What sort of timeouts are you seeing?
>>
>> Please send me a copy of your configuration file and a trace 4
>> debug from Radiator showing what is happening.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 1 Sep 2005, at 20:37, eddy_mut wrote:
>>
>>
>>> Got sometimes timeout when starting Radiator as WinNT service.
>>>
>>>
>>>
>>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/
>> archives/ radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list