[RADIATOR] AuthBy Safeword problem

Johan Frid johan at frid.info
Thu Jul 3 05:49:22 CDT 2008 

Yes I'm running Radiator 4.2 and the Timeout parameter is accepted in the
configfile, but doesn't seems to do nothing. I have even attempted to set a
higher value, but the timeout seams to be about  10s any way.
/Johan Frid 
TeliaSonear 

---------------------------------------
/radiusd -config_file /etc/radiusradiator/safeword.cfg 
Thu Jul  3 14:35:28 2008: DEBUG: Finished reading configuration file
'/etc/radiusradiator/safeword.cfg'
This Radiator license will expire on 2008-08-30
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au

Thu Jul  3 14:35:28 2008: DEBUG: Reading dictionary file
'/etc/radiusradiator/dictionary/dictionary'
Thu Jul  3 14:35:28 2008: DEBUG: Creating authentication port 0.0.0.0:1645
Thu Jul  3 14:35:28 2008: DEBUG: Creating accounting port 0.0.0.0:1646
Thu Jul  3 14:35:28 2008: NOTICE: Server started: Radiator 4.2 on gentoo
(LOCKED)

----------------------------------



On 3:57 am 07/03/08 Hugh Irvine <hugh at open.com.au> wrote:
>
> Hello Johan -
>
> This is odd - are you running Radiator 4.2? And do you mean the
> Timeout parameter is not accepted in your configuration, or just that
> it seems to do nothing?
>
> Have you restarted Radiator to re-read the configuration file?
>
> regards
>
> Hugh
>
>
> On 2 Jul 2008, at 18:19, Johan Frid wrote:
>
> >  Theirs no firewall between and Timeout doesn't work in AuthBy
> >  SAFEWORD.
> >  Have attempted to add Timeout 3 in AuthBy SAFEWORD clause but
> >  nothing changes.
> >
> >  Does there exist any keep live function against the Safeword
> > server?
> >  //Johan Frid
> >  TeliaSonera
> >
> >
> >  On 8:05 am 07/01/08 Hugh Irvine <hugh at open.com.au> wrote:
> >>
> >>  Hello Johan -
> >>
> >>  Is there perhaps a firewall between the Radiator host and the
> >>  Safeword host?
> >>
> >>  It looks to me like the connection to the Safeword host is lost
> >>  and Radiator waits 10 seconds before retrying.
> >>
> >>  You can try altering the Timeout parameter in the AuthBy SAFEWORD
> >>  clause to something more aggressive than 10 seconds.
> >>
> >>  regards
> >>
> >>  Hugh
> >>
> >>
> >>  On 30 Jun 2008, at 22:59, Johan Frid wrote:
> >>
> >>>   I'm having problem with AuthBy Safeword. I'm getting ERR: AuthBy
> >>>   SAFEWORD
> >>>   read error, disconnecting. That causing clients to time out. Any
> >>>   idea what
> >>>   the problem could be? cant find anything in Safewods log file
> >>>   that indicates that the problem is in Safeword.
> >>>
> >>>   //Johan Frid
> >>>   TeliaSonera
> >>>
> >>>   ------------------Debug level 4 ------------------
> >>>   Thu Jun 26 14:46:07 2008: DEBUG: Packet dump:
> >>>   *** Received from 192.168.0.199 port 1104 ....
> >>>   Code:       Access-Request
> >>>   Identifier: 25
> >>>   Authentic:        1214477169
> >>>   Attributes:
> >>>           User-Name = "STUDENT2"
> >>>           User-Password = <241>8<246><222>w<213>CB
> >>>   <172><177>SDn<243><168>
> >>>
> >>>   Thu Jun 26 14:46:07 2008: DEBUG: Handling request with Handler
> >>>   'Realm=DEFAULT'
> >>>   Thu Jun 26 14:46:07 2008: DEBUG: Rewrote user name to student2
> >>>   Thu Jun 26 14:46:07 2008: DEBUG:  Deleting session for STUDENT2,
> >>>   192.168.0.199,
> >>>   Thu Jun 26 14:46:07 2008: DEBUG: Handling with
> >>  Radius::AuthSAFEWORD :
> >>>   Thu Jun 26 14:46:07 2008: DEBUG: Radius::AuthSAFEWORD looks for
> >>>   match with
> >>>   student2 [STUDENT2]
> >>>   Thu Jun 26 14:46:07 2008: ERR: AuthBy SAFEWORD read error,
> >>>   disconnecting:
> >>>   Thu Jun 26 14:46:07 2008: DEBUG: AuthBy SAFEWORD connecting to
> >>>   192.168.0.205:5031
> >>>   Thu Jun 26 14:46:17 2008: DEBUG: Radius::AuthSAFEWORD ACCEPT: :
> >>>   student2
> >>>   [STUDENT2]
> >>>   Thu Jun 26 14:46:17 2008: DEBUG: AuthBy SAFEWORD result: ACCEPT,
> >>>   Thu Jun 26 14:46:17 2008: DEBUG: Access accepted for student2
> >>>   Thu Jun 26 14:46:17 2008: DEBUG: Packet dump:
> >>>   *** Sending to 192.168.0.199 port 1104 ....
> >>>   Code:       Access-Accept
> >>>   Identifier: 25
> >>>   Authentic:        1214477169
> >>>   Attributes:
> >>>           Service-Type = Administrative-User
> >>>           cisco-avpair = "shell:priv-lvl=15"
> >>>           Juniper-Local-User-Name = "remote1"
> >>>           RB-TTY-Level-Start = 15
> >>>           RB-TTY-Level-Max = 15
> >>>           Unisphere-Init-CLI-Access-Level = "1"
> >>>           Unisphere-Alt-CLI-Access-Level = "10"
> >>>           Login-Service = 0
> >>>           Huawei-Exec-Privilege = 3
> >>>   ------------------End Debug level 4 -------------------
> >>>
> >>>   config file I'm using
> >>>   ------------------safeword.cfg------------------
> >>>
> >>>   Foreground
> >>>   LogStdout
> >>>   LogDir    /var/log/radius
> >>>   DbDir
> >>>   Trace         4
> >>>   AuthPort    1645
> >>>   AcctPort    1646
> >>>   DictionaryFile /etc/radiusradiator/dictionary/dictionary
> >>>   <Client DEFAULT>
> >>>
> >>>   Secret    mysecret
> >>>
> >>>   DupInterval 0
> >>>   </Client>
> >>>
> >>>   <Realm DEFAULT>
> >>>       # This one translates all uppercase chars to lowercase
> >>>       RewriteUsername    tr/A-Z/a-z/
> >>>
> >>>       <AuthBy SAFEWORD>
> >>>           # The name or address of the host where the SafeWord
> >>>           # PremierAccess server runs
> >>>           # Defaults to localhost.
> >>>           # Set this to the address of the SafeWord PremierAccess
> >>>           server #Host localhost
> >>>           Host 192.168.0.205
> >>>
> >>>           # Port to connet to on Host.
> >>>           # Defaults to 5031, the default SafeWord EASSP2 port
> >>>           Port 5031
> >>>
> >>>           # You can specify which EAP types can be used
> >>>           # One-Time-Password and Generic-Token are supported
> >>>           EAPType One-Time-Password,Generic-Token
> >>>
> >>>           #AgentName
> >>>           AgentName secore
> >>>
> >>>           # You can make different types of reply depending on the
> >>>           group # of the authenticated user, if there are
> >>>           ActionData groups # sent back by SafeWord server
> >>>
> >>>           GroupReply RO,\
> >>>           Service-Type = Administrative-User,\
> >>>           cisco-avpair = "shell:priv-lvl=1",\
> >>>           Juniper-Local-User-Name = "remote2",\
> >>>           RB-TTY-Level-Start = 5,\
> >>>           RB-TTY-Level-Max = 5
> >>>
> >>>           GroupReply RW,\
> >>>           Service-Type = Administrative-User,\
> >>>           cisco-avpair = "shell:priv-lvl=15",\
> >>>           Juniper-Local-User-Name = "remote1",\
> >>>                 RB-TTY-Level-Start = 15,\
> >>>                  RB-TTY-Level-Max = 15
> >>>       </AuthBy>
> >>>
> >>>   </Realm>
> >>>
> >>>   ------------------End safeword.cfg------------------
> >>>
> >>>   _______________________________________________
> >>>   radiator mailing list
> >>>   radiator at open.com.au
> >>>   http://www.open.com.au/mailman/listinfo/radiator
> >>
> >>
> >>
> >>  NB:
> >>
> >>  Have you read the reference manual ("doc/ref.html")?
> >>  Have you searched the mailing list archive (www.open.com.au/archiv
> es/
> >>  radiator)?
> >>  Have you had a quick look on Google (www.google.com)?
> >>  Have you included a copy of your configuration file (no secrets),
> >>  together with a trace 4 debug showing what is happening?
> >>  Have you checked the RadiusExpert wiki:
> >>  http://www.open.com.au/wiki/index.php/Main_Page
> >>
> >>  --
> >>  Radiator: the most portable, flexible and configurable RADIUS
> >>  server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>  Includes support for reliable RADIUS transport (RadSec),
> >>  and DIAMETER translation agent.
> >>  -
> >>  Nets: internetwork inventory and management - graphical,
> >>  extensible, flexible with hardware, software, platform and
> >>  database independence. -
> >>  CATool: Private Certificate Authority for Unix and Unix-like
> systems.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list