[RADIATOR] AuthBy Safeword problem
Johan Frid
johan at frid.info
Sun Jul 6 04:45:55 CDT 2008
I'm ruining version v5.8.8 built for i486-linux.
//Johan Frid
TeliaSonera
Hugh Irvine wrote:
>
> Hello Johan -
>
> My tests here show the Timeout parameter does indeed change the
> behaviour as expected.
>
> Can you tell me what version of Perl you are running?
>
> regards
>
> Hugh
>
>
> On 3 Jul 2008, at 20:49, Johan Frid wrote:
>
>> Yes I'm running Radiator 4.2 and the Timeout parameter is accepted in
>> the
>> configfile, but doesn't seems to do nothing. I have even attempted to
>> set a
>> higher value, but the timeout seams to be about 10s any way.
>> /Johan Frid
>> TeliaSonear
>>
>> ---------------------------------------
>> /radiusd -config_file /etc/radiusradiator/safeword.cfg
>> Thu Jul 3 14:35:28 2008: DEBUG: Finished reading configuration file
>> '/etc/radiusradiator/safeword.cfg'
>> This Radiator license will expire on 2008-08-30
>> This Radiator license will stop operating after 1000 requests
>> To purchase an unlimited full source version of Radiator, see
>> http://www.open.com.au/ordering.html
>> To extend your license period, contact admin at open.com.au
>>
>> Thu Jul 3 14:35:28 2008: DEBUG: Reading dictionary file
>> '/etc/radiusradiator/dictionary/dictionary'
>> Thu Jul 3 14:35:28 2008: DEBUG: Creating authentication port
>> 0.0.0.0:1645
>> Thu Jul 3 14:35:28 2008: DEBUG: Creating accounting port 0.0.0.0:1646
>> Thu Jul 3 14:35:28 2008: NOTICE: Server started: Radiator 4.2 on gentoo
>> (LOCKED)
>>
>> ----------------------------------
>>
>>
>>
>> On 3:57 am 07/03/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>
>>> Hello Johan -
>>>
>>> This is odd - are you running Radiator 4.2? And do you mean the
>>> Timeout parameter is not accepted in your configuration, or just that
>>> it seems to do nothing?
>>>
>>> Have you restarted Radiator to re-read the configuration file?
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 2 Jul 2008, at 18:19, Johan Frid wrote:
>>>
>>>> Theirs no firewall between and Timeout doesn't work in AuthBy
>>>> SAFEWORD.
>>>> Have attempted to add Timeout 3 in AuthBy SAFEWORD clause but
>>>> nothing changes.
>>>>
>>>> Does there exist any keep live function against the Safeword
>>>> server?
>>>> //Johan Frid
>>>> TeliaSonera
>>>>
>>>>
>>>> On 8:05 am 07/01/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>>>
>>>>> Hello Johan -
>>>>>
>>>>> Is there perhaps a firewall between the Radiator host and the
>>>>> Safeword host?
>>>>>
>>>>> It looks to me like the connection to the Safeword host is lost
>>>>> and Radiator waits 10 seconds before retrying.
>>>>>
>>>>> You can try altering the Timeout parameter in the AuthBy SAFEWORD
>>>>> clause to something more aggressive than 10 seconds.
>>>>>
>>>>> regards
>>>>>
>>>>> Hugh
>>>>>
>>>>>
>>>>> On 30 Jun 2008, at 22:59, Johan Frid wrote:
>>>>>
>>>>>> I'm having problem with AuthBy Safeword. I'm getting ERR: AuthBy
>>>>>> SAFEWORD
>>>>>> read error, disconnecting. That causing clients to time out. Any
>>>>>> idea what
>>>>>> the problem could be? cant find anything in Safewods log file
>>>>>> that indicates that the problem is in Safeword.
>>>>>>
>>>>>> //Johan Frid
>>>>>> TeliaSonera
>>>>>>
>>>>>> ------------------Debug level 4 ------------------
>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Packet dump:
>>>>>> *** Received from 192.168.0.199 port 1104 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 25
>>>>>> Authentic: 1214477169
>>>>>> Attributes:
>>>>>> User-Name = "STUDENT2"
>>>>>> User-Password = <241>8<246><222>w<213>CB
>>>>>> <172><177>SDn<243><168>
>>>>>>
>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Handling request with Handler
>>>>>> 'Realm=DEFAULT'
>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Rewrote user name to student2
>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Deleting session for STUDENT2,
>>>>>> 192.168.0.199,
>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Handling with
>>>>> Radius::AuthSAFEWORD :
>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Radius::AuthSAFEWORD looks for
>>>>>> match with
>>>>>> student2 [STUDENT2]
>>>>>> Thu Jun 26 14:46:07 2008: ERR: AuthBy SAFEWORD read error,
>>>>>> disconnecting:
>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: AuthBy SAFEWORD connecting to
>>>>>> 192.168.0.205:5031
>>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Radius::AuthSAFEWORD ACCEPT: :
>>>>>> student2
>>>>>> [STUDENT2]
>>>>>> Thu Jun 26 14:46:17 2008: DEBUG: AuthBy SAFEWORD result: ACCEPT,
>>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Access accepted for student2
>>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Packet dump:
>>>>>> *** Sending to 192.168.0.199 port 1104 ....
>>>>>> Code: Access-Accept
>>>>>> Identifier: 25
>>>>>> Authentic: 1214477169
>>>>>> Attributes:
>>>>>> Service-Type = Administrative-User
>>>>>> cisco-avpair = "shell:priv-lvl=15"
>>>>>> Juniper-Local-User-Name = "remote1"
>>>>>> RB-TTY-Level-Start = 15
>>>>>> RB-TTY-Level-Max = 15
>>>>>> Unisphere-Init-CLI-Access-Level = "1"
>>>>>> Unisphere-Alt-CLI-Access-Level = "10"
>>>>>> Login-Service = 0
>>>>>> Huawei-Exec-Privilege = 3
>>>>>> ------------------End Debug level 4 -------------------
>>>>>>
>>>>>> config file I'm using
>>>>>> ------------------safeword.cfg------------------
>>>>>>
>>>>>> Foreground
>>>>>> LogStdout
>>>>>> LogDir /var/log/radius
>>>>>> DbDir
>>>>>> Trace 4
>>>>>> AuthPort 1645
>>>>>> AcctPort 1646
>>>>>> DictionaryFile /etc/radiusradiator/dictionary/dictionary
>>>>>> <Client DEFAULT>
>>>>>>
>>>>>> Secret mysecret
>>>>>>
>>>>>> DupInterval 0
>>>>>> </Client>
>>>>>>
>>>>>> <Realm DEFAULT>
>>>>>> # This one translates all uppercase chars to lowercase
>>>>>> RewriteUsername tr/A-Z/a-z/
>>>>>>
>>>>>> <AuthBy SAFEWORD>
>>>>>> # The name or address of the host where the SafeWord
>>>>>> # PremierAccess server runs
>>>>>> # Defaults to localhost.
>>>>>> # Set this to the address of the SafeWord PremierAccess
>>>>>> server #Host localhost
>>>>>> Host 192.168.0.205
>>>>>>
>>>>>> # Port to connet to on Host.
>>>>>> # Defaults to 5031, the default SafeWord EASSP2 port
>>>>>> Port 5031
>>>>>>
>>>>>> # You can specify which EAP types can be used
>>>>>> # One-Time-Password and Generic-Token are supported
>>>>>> EAPType One-Time-Password,Generic-Token
>>>>>>
>>>>>> #AgentName
>>>>>> AgentName secore
>>>>>>
>>>>>> # You can make different types of reply depending on the
>>>>>> group # of the authenticated user, if there are
>>>>>> ActionData groups # sent back by SafeWord server
>>>>>>
>>>>>> GroupReply RO,\
>>>>>> Service-Type = Administrative-User,\
>>>>>> cisco-avpair = "shell:priv-lvl=1",\
>>>>>> Juniper-Local-User-Name = "remote2",\
>>>>>> RB-TTY-Level-Start = 5,\
>>>>>> RB-TTY-Level-Max = 5
>>>>>>
>>>>>> GroupReply RW,\
>>>>>> Service-Type = Administrative-User,\
>>>>>> cisco-avpair = "shell:priv-lvl=15",\
>>>>>> Juniper-Local-User-Name = "remote1",\
>>>>>> RB-TTY-Level-Start = 15,\
>>>>>> RB-TTY-Level-Max = 15
>>>>>> </AuthBy>
>>>>>>
>>>>>> </Realm>
>>>>>>
>>>>>> ------------------End safeword.cfg------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> radiator mailing list
>>>>>> radiator at open.com.au
>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>
>>>>>
>>>>>
>>>>> NB:
>>>>>
>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>> Have you searched the mailing list archive (www.open.com.au/archiv
>>> es/
>>>>> radiator)?
>>>>> Have you had a quick look on Google (www.google.com)?
>>>>> Have you included a copy of your configuration file (no secrets),
>>>>> together with a trace 4 debug showing what is happening?
>>>>> Have you checked the RadiusExpert wiki:
>>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>>
>>>>> --
>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>> server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>> Includes support for reliable RADIUS transport (RadSec),
>>>>> and DIAMETER translation agent.
>>>>> -
>>>>> Nets: internetwork inventory and management - graphical,
>>>>> extensible, flexible with hardware, software, platform and
>>>>> database independence. -
>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>> systems.
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/archives/
>>> radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> Includes support for reliable RADIUS transport (RadSec),
>>> and DIAMETER translation agent.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
--
Mounting is used for three things: climbing on a horse, linking in a hard disk unit in data systems, and, well, mounting during sex.
-- Christa Keil
More information about the radiator
mailing list