(RADIATOR) Problem with <authby radius> after a <authby file>

Hugh Irvine hugh at open.com.au
Wed Apr 23 17:04:05 CDT 2008 

Hello Fernando -

I will need to see a copy of both configuration files and both trace  
4 debugs.

regards

Hugh



On 23 Apr 2008, at 08:53, Fernando Romao wrote:

> Hi,
> I made the following  configuration for proxy the access requests  
> if the users don’t exist on the file database but the remote radius  
> server show me the following error:
> …..
> Tue Apr 22 17:41:31 2008: ERR: Could not load EAP module  
> Radius::EAP_234: Can't locate Radius/EAP_234.pm in @INC (@INC  
> contains: . /usr/lib/perl5/5.8.3/i486-linux /usr/lib/perl5/5.8.3 / 
> usr/lib/perl5/site_perl/5.8.3/i486-linux /usr/lib/perl5/site_perl/ 
> 5.8.3 /usr/lib/perl5/site_perl .)
>  at (eval 1035709) line 3.
> …..
>
> What could be the problem?
> Thanks
>
> >>>>>>>>>>>>>< conf file >>>>>>>>>><
>
> <Handler Realm=/fe.up.pt/i>
>         RejectHasReason
>         AuthByPolicy ContinueWhileReject
> #       <AuthBy GROUP>
>         <AuthBy FILE>
>                 #AcceptIfMissing
>                 Filename /etc/raddb/users
>                 EAPType PEAP, MSCHAP-V2, TTLS
>                 EAPTLS_CAFile /root/Radiator-Current/certificates/ 
> demoCA/cacert.pem
>                 EAPTLS_CertificateFile /root/Radiator-Current/ 
> certificates/cert-srv.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile /root/Radiator-Current/ 
> certificates/cert-srv.pem
>                 EAPTLS_PrivateKeyPassword xxxxxxxxxxx
>                 EAPTLS_MaxFragmentSize 1024
>                 AutoMPPEKeys
>                 SSLeayTrace 4
>                 EAPAnonymous anonymous at fe.up.pt
>                 EAPTLS_PEAPBrokenV1Label
>         </AuthBy>
>         <AuthBy RADIUS>
>                Identifier RadiusFEUP
>                 Host            193.136.28.20
>                 Secret        xxxxxxxxxxx
>                 AuthPort        1812
>                 AcctPort        1813
>                    StripFromRequest NAS-IP-Address,cisco-avpair,NAS- 
> Identifier, Request-From
>                 AddToReply User-Name
>                 Retries         3
>                 RetryTimeout    12
>         </AuthBy>
> </Handler>
>
>
>
> >>>>>>>>>>>>>>>>>LOG of remote radius server>>>>>>>>>>>>>>>>>>>>>>>
> *** Received from 192.168.180.9 port 32801 ....
> Code:       Access-Request
> Identifier: 2
> Authentic:  <9>o<232>YG<10>A<149>`<252>r<31>h<248><149><221>
> Attributes:
>         User-Name = "romao at fe.up.pt"
>         Framed-MTU = 1400
>         Called-Station-Id = "001e.4ae4.3320"
>         Calling-Station-Id = "000e.3562.b9f7"
>         Service-Type = Login-User
>         Message-Authenticator =  
> <229><0>``<154><228>C<12><211><135>S<250><178>L<231><11>
>         EAP-Message = <2><9><0>+<25><0><23><3><1><0>  
> <23><176>;fJ<31><195>o<134><143><171><223><11><193>up<29>- 
> <130><229><185><16>/<254><24><1
> 70><12><243><163><160><16><8>
>         NAS-Port-Type = Wireless-IEEE-802-11
>         NAS-Port = 1499
>         NAS-Port-Id = "1499"
>
> Tue Apr 22 17:41:31 2008: DEBUG: Handling request with Handler  
> 'Realm=/fe.up.pt/i'
> Tue Apr 22 17:41:31 2008: DEBUG: Rewrote user name to romao
> Tue Apr 22 17:41:31 2008: DEBUG: accountSQLDB Deleting session for  
> romao at fe.up.pt, 192.168.180.9, 1499
> Tue Apr 22 17:41:31 2008: DEBUG: do query is: 'delete from  
> RADONLINE where NASIDENTIFIER='192.168.180.9' and NASPORT=01499':
> Tue Apr 22 17:41:31 2008: DEBUG: Handling with Radius::AuthSQL:  
> SQLAccounting
> Tue Apr 22 17:41:31 2008: DEBUG: AuthBy SQL result: REJECT,  
> Authentication disabled
> Tue Apr 22 17:41:31 2008: DEBUG: Handling with Radius::AuthFILE:
> Tue Apr 22 17:41:31 2008: DEBUG: Handling with EAP: code 2, 9, 43, 25
> Tue Apr 22 17:41:31 2008: DEBUG: Response type 25
> Tue Apr 22 17:41:31 2008: DEBUG: EAP PEAP inner authentication  
> request for anonymous at fe.up.pt
> Tue Apr 22 17:41:31 2008: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <187>"<210> 
> $<202><181><222><160><134><247><143><250><208>&1<251>
> Attributes:
>         EAP-Message =  
> <2><9><0><12><234>e6R<192><180>x`z<201><138><135>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>         User-Name = "anonymous at fe.up.pt"
>         NAS-Port = 1499
>         Calling-Station-Id = "000e.3562.b9f7"
>
>
>
> Tue Apr 22 17:41:31 2008: DEBUG: Handling request with Handler  
> 'Realm=fe.up.pt, TunnelledByPEAP=1'
> Tue Apr 22 17:41:31 2008: DEBUG: Rewrote user name to anonymous
> Tue Apr 22 17:41:31 2008: DEBUG: sessionDHCP Deleting session for  
> anonymous at fe.up.pt, 192.168.180.9, 1499
> Tue Apr 22 17:41:31 2008: DEBUG: do query is: 'delete from  
> DHCPONLINE where FRAMEDIPADDRESS='' and CALLINGSTATIONID='000e. 
> 3562.b9f7'':
> Tue Apr 22 17:41:31 2008: DEBUG: Handling with Radius::AuthFILE:  
> feupusers
> Tue Apr 22 17:41:31 2008: DEBUG: Handling with EAP: code 2, 9, 12, 234
> Tue Apr 22 17:41:31 2008: DEBUG: Response type 234
> Tue Apr 22 17:41:31 2008: ERR: Could not load EAP module  
> Radius::EAP_234: Can't locate Radius/EAP_234.pm in @INC (@INC  
> contains: . /usr/lib/pe
> rl5/5.8.3/i486-linux /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/ 
> 5.8.3/i486-linux /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/ 
> site_perl .)
>  at (eval 1035709) line 3.
>
> Tue Apr 22 17:41:31 2008: DEBUG: EAP result: 1, Unsupported EAP  
> Response 234
> Tue Apr 22 17:41:31 2008: DEBUG: AuthBy FILE result: REJECT,  
> Unsupported EAP Response 234
> Tue Apr 22 17:41:31 2008: INFO: Access rejected for anonymous:  
> Unsupported EAP Response 234
> Tue Apr 22 17:41:31 2008: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Reject
> Identifier: UNDEF
> Authentic:  <187>"<210> 
> $<202><181><222><160><134><247><143><250><208>&1<251>
> Attributes:
>         Reply-Message = "Request Denied"
>
>
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list