[RADIATOR] Issue replicating config
Hugh Irvine
hugh at open.com.au
Sun Aug 10 22:45:58 CDT 2008
Hello Chris -
You can easily see what is happening by running radiusd from the
command line like this (with your own pathnames of course):
cd /your/Radiator/source/distribution
perl radiusd -foreground -log_stdout -tracee 4 -config_file /your/
Radiator/configuration/file
......
You will then see all of the startup messages as well as any Perl
error messages.
hope that helps
Hugh
On 11 Aug 2008, at 06:17, Chris Rosan wrote:
> Hugh,
>
> It works on the existing server. It was doing a username re-write (I
> think this is what's not working).
>
> I think I may be missing some of the installation. Possibly a Perl
> module, but I can't see what's causing it.
>
> Chris Rosan
> Systems Administrator
> Europcar Australasia
> 157 Mickleham Rd
> Tullamarine
> VIC 3043
> Australia
> Ph: +61 3 9330 6114
> Fax: +61 3 9335 7614
> Mob: +61 410 612 031
> Email: chris.rosan at europcar.com.au
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, 30 July 2008 5:51 PM
> To: Chris Rosan
> Cc: radiator at open.com.au
> Subject: Re: Issue replicating config
>
>
> Hello Chris -
>
> There is no realm suffix on the username that you are testing.
>
> regards
>
> Hugh
>
>
> On 30 Jul 2008, at 12:44, Chris Rosan wrote:
>
>> Dear list/Open folks,
>> I'm trying to replicate the config of my Radiator server (3.17.1-1
>> on Redhat 4) for a cold DR server and I'm not having much luck.
>> A previous staff member of mine set it up to do username re-writes
>> for new realms and to perform LDAP queries off our active directory
>> for these realms. This is the bit that I can't get working.
>> The bits of the config file that apply are:
>>
>>
>> # VPN realm check
>>
>> <Realm>
>> <AuthBy INTERNAL>
>> DefaultResult REJECT
>> AcctResult ACCEPT
>> </AuthBy>
>> </Realm>
>>
>> #################
>> #AD-LDAP section#
>> #################
>> # When authenticated with AuthByLDAP, the description
>> # field in a handler correspsonds to the group CN in LDAP
>>
>> # The LDAP authentication
>> <AuthBy LDAP2>
>> Identifier AuthByLDAP
>>
>> #Debug 255
>>
>> # LDAP bind
>> Host AD-DOMAIN-Controller
>> HoldServerConnection
>> Timeout 4
>> Port 3268
>> AuthDN cn=bind-user,cn=Users,dc=ad-
>> domain,dc=domain,dc=com,dc=au
>> AuthPassword bind-password
>>
>> # The client authentication
>> ServerChecksPassword
>> UsernameAttr sAMAccountName
>> BaseDN ou=All Users, ad-domain,dc=domain,dc=com,dc=au
>> AuthAttrDef sAMAccountName,GENERIC,request
>> AuthAttrDef memberOf,GENERIC,request
>> PostSearchHook file:"%D/hooks/ldap_groups.pl"
>> </AuthBy>
>>
>> VPN users
>>
>> <Handler NAS-IP-Address=192.168.0.1,Realm=ad.domain.com.au>
>> Description AU Remote Access - VPN
>> RewriteUsername s/\@ad\.domain\.com\.au//
>> AuthBy AuthByLDAP
>> </Handler>
>> Trace 4 output (doesn't talk at ALL about the AD Domain):
>> Sun Jul 13 22:50:31 2008: DEBUG: Packet dump:
>> *** Received from 192.168.0.1 port 1025 ....
>> Code: Access-Request
>> Identifier: 7
>> Authentic: 8<17>vw<228>M<2><19>PINo|<5>Z<139>
>> Attributes:
>> User-Name = "chris rosan"
>> User-Password = 1[<20>~<240>D!
>> <248><229>*<133>V<172><21>K<161>
>> NAS-IP-Address = 192.168.0.1
>> NAS-Port = 15
>> NAS-Port-Type = Virtual
>>
>> Sun Jul 13 22:50:31 2008: DEBUG: Handling request with Handler
>> 'Realm='
>> Sun Jul 13 22:50:31 2008: DEBUG: Deleting session for chris rosan,
>> 192.168.0.1, 15
>> Sun Jul 13 22:50:31 2008: DEBUG: Handling with AuthINTERNAL:
>> Sun Jul 13 22:50:31 2008: DEBUG: AuthBy INTERNAL result: REJECT,
>> Fixed by DefaultResult
>> Sun Jul 13 22:50:31 2008: INFO: Access rejected for chris rosan:
>> Fixed by DefaultResult
>> Sun Jul 13 22:50:31 2008: DEBUG: Packet dump:
>> *** Sending to 192.168.0.1 port 1025 ....
>> Code: Access-Reject
>> Identifier: 7
>> Authentic: 8<17>vw<228>M<2><19>PINo|<5>Z<139>
>> Attributes:
>> Reply-Message = "Request Denied"
>>
>> I LITERALLY copied the config files over from the "live" server and
>> started Radius (with other bits such as Perl modules for Mysql DB
>> etc). Everything else works except this.
>> Can anyone make a suggestion on the cause?
>> Cheers.
>>
>> Chris
>>
>>
>>
>> This e-mail and any files attached to it are confidential and
>> intended solely for the use of the individual or entity to
>> whom they are addressed. If you have received this e-mail
>> inadvertently or you are not the intended recipient, you may
>> not distribute, copy or in any way rely on it. Further, you
>> should notify the sender immediately and delete the e-mail
>> from your computer. The contents and opinions contained in
>> this e-mail are those of the individual sender unless they
>> are expressly stated to be those of Europcar. Whilst we have
>> taken precautions to alert us to the presence of computer
>> viruses, we cannot and do not guarantee that this email and
>> any files transmitted with it are free from such viruses.
>>
>>
>> This email was scanned for your safety and protection from
>> virus's and offensive content.
>> mailmarshal at europcar.com.au
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> ######################################################################
> ##
> #############
> This email was scanned for your safety and protection from
> viruses and offensive content. mailmarshal at europcar.com.au
> ######################################################################
> ##
> #############
> This e-mail and any files attached to it are confidential and
> intended solely for the use of the individual or entity to
> whom they are addressed. If you have received this e-mail
> inadvertently or you are not the intended recipient, you may
> not distribute, copy or in any way rely on it. Further, you
> should notify the sender immediately and delete the e-mail
> from your computer. The contents and opinions contained in
> this e-mail are those of the individual sender unless they
> are expressly stated to be those of Europcar. Whilst we have
> taken precautions to alert us to the presence of computer
> viruses, we cannot and do not guarantee that this email and
> any files transmitted with it are free from such viruses.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list