[RADIATOR] AuthBy Safeword problem

Wed Jul 2 03:19:54 CDT 2008

Theirs no firewall between and Timeout doesn't work in AuthBy SAFEWORD.
Have attempted to add Timeout 3 in AuthBy SAFEWORD clause but nothing
changes.

Does there exist any keep live function against the Safeword server?

//Johan Frid
TeliaSonera     

On 8:05 am 07/01/08 Hugh Irvine <hugh at open.com.au> wrote:
>
> Hello Johan -
>
> Is there perhaps a firewall between the Radiator host and the
> Safeword host?
>
> It looks to me like the connection to the Safeword host is lost and
> Radiator waits 10 seconds before retrying.
>
> You can try altering the Timeout parameter in the AuthBy SAFEWORD
> clause to something more aggressive than 10 seconds.
>
> regards
>
> Hugh
>
>
> On 30 Jun 2008, at 22:59, Johan Frid wrote:
>
> >  I'm having problem with AuthBy Safeword. I'm getting ERR: AuthBy
> >  SAFEWORD
> >  read error, disconnecting. That causing clients to time out. Any
> >  idea what
> >  the problem could be? cant find anything in Safewods log file that
> >  indicates that the problem is in Safeword.
> >
> >  //Johan Frid
> >  TeliaSonera
> >
> >  ------------------Debug level 4 ------------------
> >  Thu Jun 26 14:46:07 2008: DEBUG: Packet dump:
> >  *** Received from 192.168.0.199 port 1104 ....
> >  Code:       Access-Request
> >  Identifier: 25
> >  Authentic:        1214477169
> >  Attributes:
> >          User-Name = "STUDENT2"
> >          User-Password = <241>8<246><222>w<213>CB
> >  <172><177>SDn<243><168>
> >
> >  Thu Jun 26 14:46:07 2008: DEBUG: Handling request with Handler
> >  'Realm=DEFAULT'
> >  Thu Jun 26 14:46:07 2008: DEBUG: Rewrote user name to student2
> >  Thu Jun 26 14:46:07 2008: DEBUG:  Deleting session for STUDENT2,
> >  192.168.0.199,
> >  Thu Jun 26 14:46:07 2008: DEBUG: Handling with Radius::AuthSAFEWORD
> :
> >  Thu Jun 26 14:46:07 2008: DEBUG: Radius::AuthSAFEWORD looks for
> >  match with
> >  student2 [STUDENT2]
> >  Thu Jun 26 14:46:07 2008: ERR: AuthBy SAFEWORD read error,
> >  disconnecting:
> >  Thu Jun 26 14:46:07 2008: DEBUG: AuthBy SAFEWORD connecting to
> >  192.168.0.205:5031
> >  Thu Jun 26 14:46:17 2008: DEBUG: Radius::AuthSAFEWORD ACCEPT: :
> >  student2
> >  [STUDENT2]
> >  Thu Jun 26 14:46:17 2008: DEBUG: AuthBy SAFEWORD result: ACCEPT,
> >  Thu Jun 26 14:46:17 2008: DEBUG: Access accepted for student2
> >  Thu Jun 26 14:46:17 2008: DEBUG: Packet dump:
> >  *** Sending to 192.168.0.199 port 1104 ....
> >  Code:       Access-Accept
> >  Identifier: 25
> >  Authentic:        1214477169
> >  Attributes:
> >          Service-Type = Administrative-User
> >          cisco-avpair = "shell:priv-lvl=15"
> >          Juniper-Local-User-Name = "remote1"
> >          RB-TTY-Level-Start = 15
> >          RB-TTY-Level-Max = 15
> >          Unisphere-Init-CLI-Access-Level = "1"
> >          Unisphere-Alt-CLI-Access-Level = "10"
> >          Login-Service = 0
> >          Huawei-Exec-Privilege = 3
> >  ------------------End Debug level 4 -------------------
> >
> >  config file I'm using
> >  ------------------safeword.cfg------------------
> >
> >  Foreground
> >  LogStdout
> >  LogDir    /var/log/radius
> >  DbDir
> >  Trace         4
> >  AuthPort    1645
> >  AcctPort    1646
> >  DictionaryFile /etc/radiusradiator/dictionary/dictionary
> >  <Client DEFAULT>
> >
> >  Secret    mysecret
> >
> >  DupInterval 0
> >  </Client>
> >
> >  <Realm DEFAULT>
> >      # This one translates all uppercase chars to lowercase
> >      RewriteUsername    tr/A-Z/a-z/
> >
> >      <AuthBy SAFEWORD>
> >          # The name or address of the host where the SafeWord
> >          # PremierAccess server runs
> >          # Defaults to localhost.
> >          # Set this to the address of the SafeWord PremierAccess
> >          server #Host localhost
> >          Host 192.168.0.205
> >
> >          # Port to connet to on Host.
> >          # Defaults to 5031, the default SafeWord EASSP2 port
> >          Port 5031
> >
> >          # You can specify which EAP types can be used
> >          # One-Time-Password and Generic-Token are supported
> >          EAPType One-Time-Password,Generic-Token
> >
> >          #AgentName
> >          AgentName secore
> >
> >          # You can make different types of reply depending on the
> >          group # of the authenticated user, if there are ActionData
> >          groups # sent back by SafeWord server
> >
> >          GroupReply RO,\
> >          Service-Type = Administrative-User,\
> >          cisco-avpair = "shell:priv-lvl=1",\
> >          Juniper-Local-User-Name = "remote2",\
> >          RB-TTY-Level-Start = 5,\
> >          RB-TTY-Level-Max = 5
> >
> >          GroupReply RW,\
> >          Service-Type = Administrative-User,\
> >          cisco-avpair = "shell:priv-lvl=15",\
> >          Juniper-Local-User-Name = "remote1",\
> >                RB-TTY-Level-Start = 15,\
> >                 RB-TTY-Level-Max = 15
> >      </AuthBy>
> >
> >  </Realm>
> >
> >  ------------------End safeword.cfg------------------
> >
> >  _______________________________________________
> >  radiator mailing list
> >  radiator at open.com.au
> >  http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.