(RADIATOR) AuthLog syntax

Stuart Kendrick skendric at fhcrc.org
Sun Sep 10 22:23:48 CDT 2006 

ahhh, yes, i missed that

thank you,

--sk

Hugh Irvine wrote:
> 
> Hello Stuart -
> 
> The problem is here:
> 
>> [...]
>> ##### VDOPS Cisco Gear (plus IPSCON) #####
>> <Handler Client-Identifier=vdops-gear>
>>     RejectHasReason
>>
>>     # Check the RSA tokencode
>>     <AuthBy GROUP>
>>           AuthByPolicy ContinueWhileAccept
>>         <AuthBy ACE>
>>         </AuthBy>
>>     <AuthBy GROUP>
> 
> should be
> 
> [...]
> ##### VDOPS Cisco Gear (plus IPSCON) #####
> <Handler Client-Identifier=vdops-gear>
>     RejectHasReason
> 
>     # Check the RSA tokencode
>     <AuthBy GROUP>
>           AuthByPolicy ContinueWhileAccept
>         <AuthBy ACE>
>         </AuthBy>
>     </AuthBy GROUP>
> 
> 
> If you don't correctly close the <AuthBy GROUP> with a </AuthBy>, 
> Radiator gets confused.
> 
> regards
> 
> Hugh
> 
> 
> On 11 Sep 2006, at 11:41, Stuart Kendrick wrote:
> 
>> hi,
>>
>> i use AuthLog in each Handler ... and i have one Handler where 
>> Radiator complains about my AuthLog syntax ... line 144 and 145 are 
>> the 'AuthLog' and 'AuthLogFileName' lines in the 'vdops-gear' Handler
>>
>> Sun Sep 10 18:37:33 2006: ERR: Unknown keyword 'AuthLog' in c:\Program 
>> Files\Radiator\radius-mgmt.cfg line 144
>> Sun Sep 10 18:37:33 2006: ERR: Unknown keyword 'AcctLogFileName' in 
>> c:\Program Files\Radiator\radius-mgmt.cfg line 145
>> Sun Sep 10 18:37:33 2006: DEBUG: Finished reading configuration file 
>> 'c:\Program Files\Radiator\radius-mgmt.cfg'
>> Sun Sep 10 18:37:33 2006: DEBUG: Reading dictionary file 'C:/Program 
>> Files/Radiator/dictionary'
>> Sun Sep 10 18:37:33 2006: DEBUG: Creating authentication port 
>> 0.0.0.0:1812
>> Sun Sep 10 18:37:33 2006: DEBUG: Creating accounting port 0.0.0.0:1813
>> Sun Sep 10 18:37:33 2006: NOTICE: Server started: Radiator 3.15 on vidal
>>
>>
>>
>> i don't see what's wrong with my syntax ... and i don't see what is 
>> different about these two lines, as compared to the AuthLog and 
>> AccLogFileName lines in my other Handlers ... but when i comment out 
>> lines 144 and 145, Radiator loads without complaint:
>>
>> Sun Sep 10 18:39:32 2006: DEBUG: Finished reading configuration file 
>> 'c:\Program Files\Radiator\radius-mgmt.cfg'
>> Sun Sep 10 18:39:32 2006: DEBUG: Reading dictionary file 'C:/Program 
>> Files/Radiator/dictionary'
>> Sun Sep 10 18:39:32 2006: DEBUG: Creating authentication port 
>> 0.0.0.0:1812
>> Sun Sep 10 18:39:32 2006: DEBUG: Creating accounting port 0.0.0.0:1813
>> Sun Sep 10 18:39:32 2006: NOTICE: Server started: Radiator 3.15 on vidal
>>
>>
>>
>> here is a snippet from my radius config file:
>>
>>
>> [...]
>> ##### VDOPS Cisco Gear (plus IPSCON) #####
>> <Handler Client-Identifier=vdops-gear>
>>     RejectHasReason
>>
>>     # Check the RSA tokencode
>>     <AuthBy GROUP>
>>           AuthByPolicy ContinueWhileAccept
>>         <AuthBy ACE>
>>         </AuthBy>
>>     <AuthBy GROUP>
>>
>>      # Check group membership and return the appropriate Service-Type
>>     <AuthBy GROUP>
>>          AuthByPolicy ContinueWhileReject
>>          AuthBy CheckCiscoEnable
>>          AuthBy CheckCiscoReadOnly
>>     </AuthBy>
>>     
>>     # Log it
>>     AuthLog         mgmt-authlog
>>     AcctLogFileName        %L/Acct/%Y-%m-%d-acct
>> </Handler>
>>
>>
>>
>>
>> ##### VDOPS APC Gear (SmartUPS, EMU) ########
>> # Describe how to handle authentication against any VDOPS-managed APC
>> # gear
>> <Handler Client-Identifier=vdops-apc>
>>     RejectHasReason
>>     AuthByPolicy    ContinueWhileIgnore
>>
>>     # Handle administrative users
>>     <AuthBy LSA>
>>         Domain FHCRC
>>         Group EnableGroup
>>         AddToReply Service-Type = "Administrative-User"
>>     </AuthBy>
>>
>>     # Log it
>>     AuthLog         mgmt-authlog
>>     AcctLogFileName        %L/Acct/%Y-%m-%d-acct
>> </Handler>
>> [..]
>>
>>
>> suggestions appreciated,
>>
>> --sk
>>
>> stuart kendrick
>> fhcrc
>>
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
> 
> 
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive 
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 
> --Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list