(RADIATOR) AuthLog syntax

Hugh Irvine hugh at open.com.au
Sun Sep 10 21:23:53 CDT 2006 

Hello Stuart -

The problem is here:

> [...]
> ##### VDOPS Cisco Gear (plus IPSCON) #####
> <Handler Client-Identifier=vdops-gear>
> 	RejectHasReason
>
> 	# Check the RSA tokencode
> 	<AuthBy GROUP>
>   		AuthByPolicy ContinueWhileAccept
> 		<AuthBy ACE>
> 		</AuthBy>
> 	<AuthBy GROUP>

should be

[...]
##### VDOPS Cisco Gear (plus IPSCON) #####
<Handler Client-Identifier=vdops-gear>
	RejectHasReason

	# Check the RSA tokencode
	<AuthBy GROUP>
   		AuthByPolicy ContinueWhileAccept
		<AuthBy ACE>
		</AuthBy>
	</AuthBy GROUP>


If you don't correctly close the <AuthBy GROUP> with a </AuthBy>,  
Radiator gets confused.

regards

Hugh


On 11 Sep 2006, at 11:41, Stuart Kendrick wrote:

> hi,
>
> i use AuthLog in each Handler ... and i have one Handler where  
> Radiator complains about my AuthLog syntax ... line 144 and 145 are  
> the 'AuthLog' and 'AuthLogFileName' lines in the 'vdops-gear' Handler
>
> Sun Sep 10 18:37:33 2006: ERR: Unknown keyword 'AuthLog' in c: 
> \Program Files\Radiator\radius-mgmt.cfg line 144
> Sun Sep 10 18:37:33 2006: ERR: Unknown keyword 'AcctLogFileName' in  
> c:\Program Files\Radiator\radius-mgmt.cfg line 145
> Sun Sep 10 18:37:33 2006: DEBUG: Finished reading configuration  
> file 'c:\Program Files\Radiator\radius-mgmt.cfg'
> Sun Sep 10 18:37:33 2006: DEBUG: Reading dictionary file 'C:/ 
> Program Files/Radiator/dictionary'
> Sun Sep 10 18:37:33 2006: DEBUG: Creating authentication port  
> 0.0.0.0:1812
> Sun Sep 10 18:37:33 2006: DEBUG: Creating accounting port 0.0.0.0:1813
> Sun Sep 10 18:37:33 2006: NOTICE: Server started: Radiator 3.15 on  
> vidal
>
>
>
> i don't see what's wrong with my syntax ... and i don't see what is  
> different about these two lines, as compared to the AuthLog and  
> AccLogFileName lines in my other Handlers ... but when i comment  
> out lines 144 and 145, Radiator loads without complaint:
>
> Sun Sep 10 18:39:32 2006: DEBUG: Finished reading configuration  
> file 'c:\Program Files\Radiator\radius-mgmt.cfg'
> Sun Sep 10 18:39:32 2006: DEBUG: Reading dictionary file 'C:/ 
> Program Files/Radiator/dictionary'
> Sun Sep 10 18:39:32 2006: DEBUG: Creating authentication port  
> 0.0.0.0:1812
> Sun Sep 10 18:39:32 2006: DEBUG: Creating accounting port 0.0.0.0:1813
> Sun Sep 10 18:39:32 2006: NOTICE: Server started: Radiator 3.15 on  
> vidal
>
>
>
> here is a snippet from my radius config file:
>
>
> [...]
> ##### VDOPS Cisco Gear (plus IPSCON) #####
> <Handler Client-Identifier=vdops-gear>
> 	RejectHasReason
>
> 	# Check the RSA tokencode
> 	<AuthBy GROUP>
>   		AuthByPolicy ContinueWhileAccept
> 		<AuthBy ACE>
> 		</AuthBy>
> 	<AuthBy GROUP>
>
>  	# Check group membership and return the appropriate Service-Type
> 	<AuthBy GROUP>
> 	 	AuthByPolicy ContinueWhileReject
> 	 	AuthBy CheckCiscoEnable
> 	 	AuthBy CheckCiscoReadOnly
> 	</AuthBy>
> 	
> 	# Log it
> 	AuthLog 		mgmt-authlog
> 	AcctLogFileName		%L/Acct/%Y-%m-%d-acct
> </Handler>
>
>
>
>
> ##### VDOPS APC Gear (SmartUPS, EMU) ########
> # Describe how to handle authentication against any VDOPS-managed APC
> # gear
> <Handler Client-Identifier=vdops-apc>
> 	RejectHasReason
> 	AuthByPolicy	ContinueWhileIgnore
>
> 	# Handle administrative users
> 	<AuthBy LSA>
> 		Domain FHCRC
> 		Group EnableGroup
> 		AddToReply Service-Type = "Administrative-User"
> 	</AuthBy>
>
> 	# Log it
> 	AuthLog 		mgmt-authlog
> 	AcctLogFileName		%L/Acct/%Y-%m-%d-acct
> </Handler>
> [..]
>
>
> suggestions appreciated,
>
> --sk
>
> stuart kendrick
> fhcrc
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list