[RADIATOR] AuthBy Safeword problem

Johan Frid johan at frid.info
Sun Jul 6 04:45:55 CDT 2008


I'm ruining version v5.8.8 built for i486-linux.
//Johan Frid
TeliaSonera


Hugh Irvine wrote:
>
> Hello Johan -
>
> My tests here show the Timeout parameter does indeed change the 
> behaviour as expected.
>
> Can you tell me what version of Perl you are running?
>
> regards
>
> Hugh
>
>
> On 3 Jul 2008, at 20:49, Johan Frid wrote:
>
>> Yes I'm running Radiator 4.2 and the Timeout parameter is accepted in 
>> the
>> configfile, but doesn't seems to do nothing. I have even attempted to 
>> set a
>> higher value, but the timeout seams to be about  10s any way.
>> /Johan Frid
>> TeliaSonear
>>
>> ---------------------------------------
>> /radiusd -config_file /etc/radiusradiator/safeword.cfg
>> Thu Jul  3 14:35:28 2008: DEBUG: Finished reading configuration file
>> '/etc/radiusradiator/safeword.cfg'
>> This Radiator license will expire on 2008-08-30
>> This Radiator license will stop operating after 1000 requests
>> To purchase an unlimited full source version of Radiator, see
>> http://www.open.com.au/ordering.html
>> To extend your license period, contact admin at open.com.au
>>
>> Thu Jul  3 14:35:28 2008: DEBUG: Reading dictionary file
>> '/etc/radiusradiator/dictionary/dictionary'
>> Thu Jul  3 14:35:28 2008: DEBUG: Creating authentication port 
>> 0.0.0.0:1645
>> Thu Jul  3 14:35:28 2008: DEBUG: Creating accounting port 0.0.0.0:1646
>> Thu Jul  3 14:35:28 2008: NOTICE: Server started: Radiator 4.2 on gentoo
>> (LOCKED)
>>
>> ----------------------------------
>>
>>
>>
>> On 3:57 am 07/03/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>
>>> Hello Johan -
>>>
>>> This is odd - are you running Radiator 4.2? And do you mean the
>>> Timeout parameter is not accepted in your configuration, or just that
>>> it seems to do nothing?
>>>
>>> Have you restarted Radiator to re-read the configuration file?
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 2 Jul 2008, at 18:19, Johan Frid wrote:
>>>
>>>>  Theirs no firewall between and Timeout doesn't work in AuthBy
>>>>  SAFEWORD.
>>>>  Have attempted to add Timeout 3 in AuthBy SAFEWORD clause but
>>>>  nothing changes.
>>>>
>>>>  Does there exist any keep live function against the Safeword
>>>> server?
>>>>  //Johan Frid
>>>>  TeliaSonera
>>>>
>>>>
>>>>  On 8:05 am 07/01/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>>>
>>>>>  Hello Johan -
>>>>>
>>>>>  Is there perhaps a firewall between the Radiator host and the
>>>>>  Safeword host?
>>>>>
>>>>>  It looks to me like the connection to the Safeword host is lost
>>>>>  and Radiator waits 10 seconds before retrying.
>>>>>
>>>>>  You can try altering the Timeout parameter in the AuthBy SAFEWORD
>>>>>  clause to something more aggressive than 10 seconds.
>>>>>
>>>>>  regards
>>>>>
>>>>>  Hugh
>>>>>
>>>>>
>>>>>  On 30 Jun 2008, at 22:59, Johan Frid wrote:
>>>>>
>>>>>>   I'm having problem with AuthBy Safeword. I'm getting ERR: AuthBy
>>>>>>   SAFEWORD
>>>>>>   read error, disconnecting. That causing clients to time out. Any
>>>>>>   idea what
>>>>>>   the problem could be? cant find anything in Safewods log file
>>>>>>   that indicates that the problem is in Safeword.
>>>>>>
>>>>>>   //Johan Frid
>>>>>>   TeliaSonera
>>>>>>
>>>>>>   ------------------Debug level 4 ------------------
>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Packet dump:
>>>>>>   *** Received from 192.168.0.199 port 1104 ....
>>>>>>   Code:       Access-Request
>>>>>>   Identifier: 25
>>>>>>   Authentic:        1214477169
>>>>>>   Attributes:
>>>>>>           User-Name = "STUDENT2"
>>>>>>           User-Password = <241>8<246><222>w<213>CB
>>>>>>   <172><177>SDn<243><168>
>>>>>>
>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Handling request with Handler
>>>>>>   'Realm=DEFAULT'
>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Rewrote user name to student2
>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG:  Deleting session for STUDENT2,
>>>>>>   192.168.0.199,
>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Handling with
>>>>>  Radius::AuthSAFEWORD :
>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Radius::AuthSAFEWORD looks for
>>>>>>   match with
>>>>>>   student2 [STUDENT2]
>>>>>>   Thu Jun 26 14:46:07 2008: ERR: AuthBy SAFEWORD read error,
>>>>>>   disconnecting:
>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: AuthBy SAFEWORD connecting to
>>>>>>   192.168.0.205:5031
>>>>>>   Thu Jun 26 14:46:17 2008: DEBUG: Radius::AuthSAFEWORD ACCEPT: :
>>>>>>   student2
>>>>>>   [STUDENT2]
>>>>>>   Thu Jun 26 14:46:17 2008: DEBUG: AuthBy SAFEWORD result: ACCEPT,
>>>>>>   Thu Jun 26 14:46:17 2008: DEBUG: Access accepted for student2
>>>>>>   Thu Jun 26 14:46:17 2008: DEBUG: Packet dump:
>>>>>>   *** Sending to 192.168.0.199 port 1104 ....
>>>>>>   Code:       Access-Accept
>>>>>>   Identifier: 25
>>>>>>   Authentic:        1214477169
>>>>>>   Attributes:
>>>>>>           Service-Type = Administrative-User
>>>>>>           cisco-avpair = "shell:priv-lvl=15"
>>>>>>           Juniper-Local-User-Name = "remote1"
>>>>>>           RB-TTY-Level-Start = 15
>>>>>>           RB-TTY-Level-Max = 15
>>>>>>           Unisphere-Init-CLI-Access-Level = "1"
>>>>>>           Unisphere-Alt-CLI-Access-Level = "10"
>>>>>>           Login-Service = 0
>>>>>>           Huawei-Exec-Privilege = 3
>>>>>>   ------------------End Debug level 4 -------------------
>>>>>>
>>>>>>   config file I'm using
>>>>>>   ------------------safeword.cfg------------------
>>>>>>
>>>>>>   Foreground
>>>>>>   LogStdout
>>>>>>   LogDir    /var/log/radius
>>>>>>   DbDir
>>>>>>   Trace         4
>>>>>>   AuthPort    1645
>>>>>>   AcctPort    1646
>>>>>>   DictionaryFile /etc/radiusradiator/dictionary/dictionary
>>>>>>   <Client DEFAULT>
>>>>>>
>>>>>>   Secret    mysecret
>>>>>>
>>>>>>   DupInterval 0
>>>>>>   </Client>
>>>>>>
>>>>>>   <Realm DEFAULT>
>>>>>>       # This one translates all uppercase chars to lowercase
>>>>>>       RewriteUsername    tr/A-Z/a-z/
>>>>>>
>>>>>>       <AuthBy SAFEWORD>
>>>>>>           # The name or address of the host where the SafeWord
>>>>>>           # PremierAccess server runs
>>>>>>           # Defaults to localhost.
>>>>>>           # Set this to the address of the SafeWord PremierAccess
>>>>>>           server #Host localhost
>>>>>>           Host 192.168.0.205
>>>>>>
>>>>>>           # Port to connet to on Host.
>>>>>>           # Defaults to 5031, the default SafeWord EASSP2 port
>>>>>>           Port 5031
>>>>>>
>>>>>>           # You can specify which EAP types can be used
>>>>>>           # One-Time-Password and Generic-Token are supported
>>>>>>           EAPType One-Time-Password,Generic-Token
>>>>>>
>>>>>>           #AgentName
>>>>>>           AgentName secore
>>>>>>
>>>>>>           # You can make different types of reply depending on the
>>>>>>           group # of the authenticated user, if there are
>>>>>>           ActionData groups # sent back by SafeWord server
>>>>>>
>>>>>>           GroupReply RO,\
>>>>>>           Service-Type = Administrative-User,\
>>>>>>           cisco-avpair = "shell:priv-lvl=1",\
>>>>>>           Juniper-Local-User-Name = "remote2",\
>>>>>>           RB-TTY-Level-Start = 5,\
>>>>>>           RB-TTY-Level-Max = 5
>>>>>>
>>>>>>           GroupReply RW,\
>>>>>>           Service-Type = Administrative-User,\
>>>>>>           cisco-avpair = "shell:priv-lvl=15",\
>>>>>>           Juniper-Local-User-Name = "remote1",\
>>>>>>                 RB-TTY-Level-Start = 15,\
>>>>>>                  RB-TTY-Level-Max = 15
>>>>>>       </AuthBy>
>>>>>>
>>>>>>   </Realm>
>>>>>>
>>>>>>   ------------------End safeword.cfg------------------
>>>>>>
>>>>>>   _______________________________________________
>>>>>>   radiator mailing list
>>>>>>   radiator at open.com.au
>>>>>>   http://www.open.com.au/mailman/listinfo/radiator
>>>>>
>>>>>
>>>>>
>>>>>  NB:
>>>>>
>>>>>  Have you read the reference manual ("doc/ref.html")?
>>>>>  Have you searched the mailing list archive (www.open.com.au/archiv
>>> es/
>>>>>  radiator)?
>>>>>  Have you had a quick look on Google (www.google.com)?
>>>>>  Have you included a copy of your configuration file (no secrets),
>>>>>  together with a trace 4 debug showing what is happening?
>>>>>  Have you checked the RadiusExpert wiki:
>>>>>  http://www.open.com.au/wiki/index.php/Main_Page
>>>>>
>>>>>  --
>>>>>  Radiator: the most portable, flexible and configurable RADIUS
>>>>>  server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>  Includes support for reliable RADIUS transport (RadSec),
>>>>>  and DIAMETER translation agent.
>>>>>  -
>>>>>  Nets: internetwork inventory and management - graphical,
>>>>>  extensible, flexible with hardware, software, platform and
>>>>>  database independence. -
>>>>>  CATool: Private Certificate Authority for Unix and Unix-like
>>> systems.
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/archives/
>>> radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>
>>> -- 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> Includes support for reliable RADIUS transport (RadSec),
>>> and DIAMETER translation agent.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive 
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>


-- 
Mounting is used for three things: climbing on a horse, linking in a hard disk unit in data systems, and, well, mounting during sex.
-- Christa Keil



More information about the radiator mailing list