(RADIATOR) associating clients with handlers

Hugh Irvine hugh at open.com.au
Wed Sep 6 18:13:22 CDT 2006


Hello Stuart -

What you show below should work correctly, however a couple of things  
to check:

- have you restarted radiusd to re-read the configuration file?

- is there a second definition for this Client later in the  
configuration file?

- is there some other problem in the configuration file that is  
confusing radiusd when it starts up?

In answer to your question below, the "Client" in Radiator is the  
device that is sending the radius request(s).

In this case the Client is 140.107.6.12.

However the user who is attempting to connect is "skendrick" which is  
what is contained in the User-Name attribute.

hope that helps

regards

Hugh


On 7 Sep 2006, at 02:18, Stuart Kendrick wrote:

> hi,
>
> i'm stumbling over how to associate clients with handlers
>
> i'm using Radiator 3.15 with patches under Windows 2003
>
> here's a snippet from my radius.cfg
>
> [... global parameters ...]
> [... log file stuff ... ]
>
> #### Client Definitions ####
> [...]
> <Client 140.107.6.12>
> 	Secret foozle
> 	Identifier apc-gear
> </Client>
>
>
> #### Handle APC gear ####
> <Handler Client-Identifier=apc-gear>
> 	RejectHasReason
> 	AuthByPolicy	ContinueWhileIgnore
>
> 	# Handle administrative users
> 	<AuthBy LSA>
> 		Domain COMPANY
> 		Group UPSManagement
> 		AddToReply Service-Type = "Administrative-User"
> 	</AuthBy>
>
> 	# Log it
> 	AuthLog mgmt-authlog
> 	AcctLogFileName		%L/Acct/%Y-%m-%d-acct
> </Handler>
> [...]
>
> i can see from a packet sniffer the Access-Request packets arriving  
> at my Radiator server from the 140.107.6.12 ... but no response  
> from Radiator
>
>
> setting Trace to 4, i can see in logfile:
>
> *** Received from 140.107.6.12 port 32813 ....
> Code:       Access-Request
> Identifier: 34
> Authentic:  [...]
> Attributes:
>         User-Name = "skendric"
>         User-Password = "[...]"
>         NAS-Identifier = "foo.fhcrc.org"
>
> Wed Sep  6 09:07:17 2006: WARNING: Could not find a handler for  
> skendric: request is ignored
>
>
> -so, why does Radiator think the *client* name is 'skendric'?  to  
> my way of thinking, the client's name is 'foo.fhcrc.org' ... or, at  
> the very least, 140.107.6.12
>
> -what am i misunderstanding about how to use Client-Identifiers?
>
>
> insights appreciated,
>
> --sk
>
> stuart kendrick
> fhcrc
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list