[RADIATOR] AuthBy Safeword problem
Hugh Irvine
hugh at open.com.au
Sat Jul 5 18:21:44 CDT 2008
Hello Johan -
My tests here show the Timeout parameter does indeed change the
behaviour as expected.
Can you tell me what version of Perl you are running?
regards
Hugh
On 3 Jul 2008, at 20:49, Johan Frid wrote:
> Yes I'm running Radiator 4.2 and the Timeout parameter is accepted
> in the
> configfile, but doesn't seems to do nothing. I have even attempted
> to set a
> higher value, but the timeout seams to be about 10s any way.
> /Johan Frid
> TeliaSonear
>
> ---------------------------------------
> /radiusd -config_file /etc/radiusradiator/safeword.cfg
> Thu Jul 3 14:35:28 2008: DEBUG: Finished reading configuration file
> '/etc/radiusradiator/safeword.cfg'
> This Radiator license will expire on 2008-08-30
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your license period, contact admin at open.com.au
>
> Thu Jul 3 14:35:28 2008: DEBUG: Reading dictionary file
> '/etc/radiusradiator/dictionary/dictionary'
> Thu Jul 3 14:35:28 2008: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Thu Jul 3 14:35:28 2008: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu Jul 3 14:35:28 2008: NOTICE: Server started: Radiator 4.2 on
> gentoo
> (LOCKED)
>
> ----------------------------------
>
>
>
> On 3:57 am 07/03/08 Hugh Irvine <hugh at open.com.au> wrote:
>>
>> Hello Johan -
>>
>> This is odd - are you running Radiator 4.2? And do you mean the
>> Timeout parameter is not accepted in your configuration, or just that
>> it seems to do nothing?
>>
>> Have you restarted Radiator to re-read the configuration file?
>>
>> regards
>>
>> Hugh
>>
>>
>> On 2 Jul 2008, at 18:19, Johan Frid wrote:
>>
>>> Theirs no firewall between and Timeout doesn't work in AuthBy
>>> SAFEWORD.
>>> Have attempted to add Timeout 3 in AuthBy SAFEWORD clause but
>>> nothing changes.
>>>
>>> Does there exist any keep live function against the Safeword
>>> server?
>>> //Johan Frid
>>> TeliaSonera
>>>
>>>
>>> On 8:05 am 07/01/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>>
>>>> Hello Johan -
>>>>
>>>> Is there perhaps a firewall between the Radiator host and the
>>>> Safeword host?
>>>>
>>>> It looks to me like the connection to the Safeword host is lost
>>>> and Radiator waits 10 seconds before retrying.
>>>>
>>>> You can try altering the Timeout parameter in the AuthBy SAFEWORD
>>>> clause to something more aggressive than 10 seconds.
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 30 Jun 2008, at 22:59, Johan Frid wrote:
>>>>
>>>>> I'm having problem with AuthBy Safeword. I'm getting ERR: AuthBy
>>>>> SAFEWORD
>>>>> read error, disconnecting. That causing clients to time out. Any
>>>>> idea what
>>>>> the problem could be? cant find anything in Safewods log file
>>>>> that indicates that the problem is in Safeword.
>>>>>
>>>>> //Johan Frid
>>>>> TeliaSonera
>>>>>
>>>>> ------------------Debug level 4 ------------------
>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Packet dump:
>>>>> *** Received from 192.168.0.199 port 1104 ....
>>>>> Code: Access-Request
>>>>> Identifier: 25
>>>>> Authentic: 1214477169
>>>>> Attributes:
>>>>> User-Name = "STUDENT2"
>>>>> User-Password = <241>8<246><222>w<213>CB
>>>>> <172><177>SDn<243><168>
>>>>>
>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Rewrote user name to student2
>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Deleting session for STUDENT2,
>>>>> 192.168.0.199,
>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Handling with
>>>> Radius::AuthSAFEWORD :
>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Radius::AuthSAFEWORD looks for
>>>>> match with
>>>>> student2 [STUDENT2]
>>>>> Thu Jun 26 14:46:07 2008: ERR: AuthBy SAFEWORD read error,
>>>>> disconnecting:
>>>>> Thu Jun 26 14:46:07 2008: DEBUG: AuthBy SAFEWORD connecting to
>>>>> 192.168.0.205:5031
>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Radius::AuthSAFEWORD ACCEPT: :
>>>>> student2
>>>>> [STUDENT2]
>>>>> Thu Jun 26 14:46:17 2008: DEBUG: AuthBy SAFEWORD result: ACCEPT,
>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Access accepted for student2
>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Packet dump:
>>>>> *** Sending to 192.168.0.199 port 1104 ....
>>>>> Code: Access-Accept
>>>>> Identifier: 25
>>>>> Authentic: 1214477169
>>>>> Attributes:
>>>>> Service-Type = Administrative-User
>>>>> cisco-avpair = "shell:priv-lvl=15"
>>>>> Juniper-Local-User-Name = "remote1"
>>>>> RB-TTY-Level-Start = 15
>>>>> RB-TTY-Level-Max = 15
>>>>> Unisphere-Init-CLI-Access-Level = "1"
>>>>> Unisphere-Alt-CLI-Access-Level = "10"
>>>>> Login-Service = 0
>>>>> Huawei-Exec-Privilege = 3
>>>>> ------------------End Debug level 4 -------------------
>>>>>
>>>>> config file I'm using
>>>>> ------------------safeword.cfg------------------
>>>>>
>>>>> Foreground
>>>>> LogStdout
>>>>> LogDir /var/log/radius
>>>>> DbDir
>>>>> Trace 4
>>>>> AuthPort 1645
>>>>> AcctPort 1646
>>>>> DictionaryFile /etc/radiusradiator/dictionary/dictionary
>>>>> <Client DEFAULT>
>>>>>
>>>>> Secret mysecret
>>>>>
>>>>> DupInterval 0
>>>>> </Client>
>>>>>
>>>>> <Realm DEFAULT>
>>>>> # This one translates all uppercase chars to lowercase
>>>>> RewriteUsername tr/A-Z/a-z/
>>>>>
>>>>> <AuthBy SAFEWORD>
>>>>> # The name or address of the host where the SafeWord
>>>>> # PremierAccess server runs
>>>>> # Defaults to localhost.
>>>>> # Set this to the address of the SafeWord PremierAccess
>>>>> server #Host localhost
>>>>> Host 192.168.0.205
>>>>>
>>>>> # Port to connet to on Host.
>>>>> # Defaults to 5031, the default SafeWord EASSP2 port
>>>>> Port 5031
>>>>>
>>>>> # You can specify which EAP types can be used
>>>>> # One-Time-Password and Generic-Token are supported
>>>>> EAPType One-Time-Password,Generic-Token
>>>>>
>>>>> #AgentName
>>>>> AgentName secore
>>>>>
>>>>> # You can make different types of reply depending on the
>>>>> group # of the authenticated user, if there are
>>>>> ActionData groups # sent back by SafeWord server
>>>>>
>>>>> GroupReply RO,\
>>>>> Service-Type = Administrative-User,\
>>>>> cisco-avpair = "shell:priv-lvl=1",\
>>>>> Juniper-Local-User-Name = "remote2",\
>>>>> RB-TTY-Level-Start = 5,\
>>>>> RB-TTY-Level-Max = 5
>>>>>
>>>>> GroupReply RW,\
>>>>> Service-Type = Administrative-User,\
>>>>> cisco-avpair = "shell:priv-lvl=15",\
>>>>> Juniper-Local-User-Name = "remote1",\
>>>>> RB-TTY-Level-Start = 15,\
>>>>> RB-TTY-Level-Max = 15
>>>>> </AuthBy>
>>>>>
>>>>> </Realm>
>>>>>
>>>>> ------------------End safeword.cfg------------------
>>>>>
>>>>> _______________________________________________
>>>>> radiator mailing list
>>>>> radiator at open.com.au
>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>
>>>>
>>>>
>>>> NB:
>>>>
>>>> Have you read the reference manual ("doc/ref.html")?
>>>> Have you searched the mailing list archive (www.open.com.au/archiv
>> es/
>>>> radiator)?
>>>> Have you had a quick look on Google (www.google.com)?
>>>> Have you included a copy of your configuration file (no secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>> Have you checked the RadiusExpert wiki:
>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>> server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>> Includes support for reliable RADIUS transport (RadSec),
>>>> and DIAMETER translation agent.
>>>> -
>>>> Nets: internetwork inventory and management - graphical,
>>>> extensible, flexible with hardware, software, platform and
>>>> database independence. -
>>>> CATool: Private Certificate Authority for Unix and Unix-like
>> systems.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list