[RADIATOR] AuthBy Safeword problem

Hugh Irvine hugh at open.com.au
Wed Jul 9 01:48:16 CDT 2008 

Hello Johan -

The person who needs to look at this is away this week, but I should  
be able to get an answer for you next week.

Apologies for the delay.

regards

Hugh


On 6 Jul 2008, at 19:45, Johan Frid wrote:

> I'm ruining version v5.8.8 built for i486-linux.
> //Johan Frid
> TeliaSonera
>
>
> Hugh Irvine wrote:
>>
>> Hello Johan -
>>
>> My tests here show the Timeout parameter does indeed change the  
>> behaviour as expected.
>>
>> Can you tell me what version of Perl you are running?
>>
>> regards
>>
>> Hugh
>>
>>
>> On 3 Jul 2008, at 20:49, Johan Frid wrote:
>>
>>> Yes I'm running Radiator 4.2 and the Timeout parameter is  
>>> accepted in the
>>> configfile, but doesn't seems to do nothing. I have even  
>>> attempted to set a
>>> higher value, but the timeout seams to be about  10s any way.
>>> /Johan Frid
>>> TeliaSonear
>>>
>>> ---------------------------------------
>>> /radiusd -config_file /etc/radiusradiator/safeword.cfg
>>> Thu Jul  3 14:35:28 2008: DEBUG: Finished reading configuration file
>>> '/etc/radiusradiator/safeword.cfg'
>>> This Radiator license will expire on 2008-08-30
>>> This Radiator license will stop operating after 1000 requests
>>> To purchase an unlimited full source version of Radiator, see
>>> http://www.open.com.au/ordering.html
>>> To extend your license period, contact admin at open.com.au
>>>
>>> Thu Jul  3 14:35:28 2008: DEBUG: Reading dictionary file
>>> '/etc/radiusradiator/dictionary/dictionary'
>>> Thu Jul  3 14:35:28 2008: DEBUG: Creating authentication port  
>>> 0.0.0.0:1645
>>> Thu Jul  3 14:35:28 2008: DEBUG: Creating accounting port  
>>> 0.0.0.0:1646
>>> Thu Jul  3 14:35:28 2008: NOTICE: Server started: Radiator 4.2 on  
>>> gentoo
>>> (LOCKED)
>>>
>>> ----------------------------------
>>>
>>>
>>>
>>> On 3:57 am 07/03/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>>
>>>> Hello Johan -
>>>>
>>>> This is odd - are you running Radiator 4.2? And do you mean the
>>>> Timeout parameter is not accepted in your configuration, or just  
>>>> that
>>>> it seems to do nothing?
>>>>
>>>> Have you restarted Radiator to re-read the configuration file?
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 2 Jul 2008, at 18:19, Johan Frid wrote:
>>>>
>>>>>  Theirs no firewall between and Timeout doesn't work in AuthBy
>>>>>  SAFEWORD.
>>>>>  Have attempted to add Timeout 3 in AuthBy SAFEWORD clause but
>>>>>  nothing changes.
>>>>>
>>>>>  Does there exist any keep live function against the Safeword
>>>>> server?
>>>>>  //Johan Frid
>>>>>  TeliaSonera
>>>>>
>>>>>
>>>>>  On 8:05 am 07/01/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>>>>
>>>>>>  Hello Johan -
>>>>>>
>>>>>>  Is there perhaps a firewall between the Radiator host and the
>>>>>>  Safeword host?
>>>>>>
>>>>>>  It looks to me like the connection to the Safeword host is lost
>>>>>>  and Radiator waits 10 seconds before retrying.
>>>>>>
>>>>>>  You can try altering the Timeout parameter in the AuthBy  
>>>>>> SAFEWORD
>>>>>>  clause to something more aggressive than 10 seconds.
>>>>>>
>>>>>>  regards
>>>>>>
>>>>>>  Hugh
>>>>>>
>>>>>>
>>>>>>  On 30 Jun 2008, at 22:59, Johan Frid wrote:
>>>>>>
>>>>>>>   I'm having problem with AuthBy Safeword. I'm getting ERR:  
>>>>>>> AuthBy
>>>>>>>   SAFEWORD
>>>>>>>   read error, disconnecting. That causing clients to time  
>>>>>>> out. Any
>>>>>>>   idea what
>>>>>>>   the problem could be? cant find anything in Safewods log file
>>>>>>>   that indicates that the problem is in Safeword.
>>>>>>>
>>>>>>>   //Johan Frid
>>>>>>>   TeliaSonera
>>>>>>>
>>>>>>>   ------------------Debug level 4 ------------------
>>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Packet dump:
>>>>>>>   *** Received from 192.168.0.199 port 1104 ....
>>>>>>>   Code:       Access-Request
>>>>>>>   Identifier: 25
>>>>>>>   Authentic:        1214477169
>>>>>>>   Attributes:
>>>>>>>           User-Name = "STUDENT2"
>>>>>>>           User-Password = <241>8<246><222>w<213>CB
>>>>>>>   <172><177>SDn<243><168>
>>>>>>>
>>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Handling request with Handler
>>>>>>>   'Realm=DEFAULT'
>>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Rewrote user name to student2
>>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG:  Deleting session for  
>>>>>>> STUDENT2,
>>>>>>>   192.168.0.199,
>>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Handling with
>>>>>>  Radius::AuthSAFEWORD :
>>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: Radius::AuthSAFEWORD looks  
>>>>>>> for
>>>>>>>   match with
>>>>>>>   student2 [STUDENT2]
>>>>>>>   Thu Jun 26 14:46:07 2008: ERR: AuthBy SAFEWORD read error,
>>>>>>>   disconnecting:
>>>>>>>   Thu Jun 26 14:46:07 2008: DEBUG: AuthBy SAFEWORD connecting to
>>>>>>>   192.168.0.205:5031
>>>>>>>   Thu Jun 26 14:46:17 2008: DEBUG: Radius::AuthSAFEWORD  
>>>>>>> ACCEPT: :
>>>>>>>   student2
>>>>>>>   [STUDENT2]
>>>>>>>   Thu Jun 26 14:46:17 2008: DEBUG: AuthBy SAFEWORD result:  
>>>>>>> ACCEPT,
>>>>>>>   Thu Jun 26 14:46:17 2008: DEBUG: Access accepted for student2
>>>>>>>   Thu Jun 26 14:46:17 2008: DEBUG: Packet dump:
>>>>>>>   *** Sending to 192.168.0.199 port 1104 ....
>>>>>>>   Code:       Access-Accept
>>>>>>>   Identifier: 25
>>>>>>>   Authentic:        1214477169
>>>>>>>   Attributes:
>>>>>>>           Service-Type = Administrative-User
>>>>>>>           cisco-avpair = "shell:priv-lvl=15"
>>>>>>>           Juniper-Local-User-Name = "remote1"
>>>>>>>           RB-TTY-Level-Start = 15
>>>>>>>           RB-TTY-Level-Max = 15
>>>>>>>           Unisphere-Init-CLI-Access-Level = "1"
>>>>>>>           Unisphere-Alt-CLI-Access-Level = "10"
>>>>>>>           Login-Service = 0
>>>>>>>           Huawei-Exec-Privilege = 3
>>>>>>>   ------------------End Debug level 4 -------------------
>>>>>>>
>>>>>>>   config file I'm using
>>>>>>>   ------------------safeword.cfg------------------
>>>>>>>
>>>>>>>   Foreground
>>>>>>>   LogStdout
>>>>>>>   LogDir    /var/log/radius
>>>>>>>   DbDir
>>>>>>>   Trace         4
>>>>>>>   AuthPort    1645
>>>>>>>   AcctPort    1646
>>>>>>>   DictionaryFile /etc/radiusradiator/dictionary/dictionary
>>>>>>>   <Client DEFAULT>
>>>>>>>
>>>>>>>   Secret    mysecret
>>>>>>>
>>>>>>>   DupInterval 0
>>>>>>>   </Client>
>>>>>>>
>>>>>>>   <Realm DEFAULT>
>>>>>>>       # This one translates all uppercase chars to lowercase
>>>>>>>       RewriteUsername    tr/A-Z/a-z/
>>>>>>>
>>>>>>>       <AuthBy SAFEWORD>
>>>>>>>           # The name or address of the host where the SafeWord
>>>>>>>           # PremierAccess server runs
>>>>>>>           # Defaults to localhost.
>>>>>>>           # Set this to the address of the SafeWord  
>>>>>>> PremierAccess
>>>>>>>           server #Host localhost
>>>>>>>           Host 192.168.0.205
>>>>>>>
>>>>>>>           # Port to connet to on Host.
>>>>>>>           # Defaults to 5031, the default SafeWord EASSP2 port
>>>>>>>           Port 5031
>>>>>>>
>>>>>>>           # You can specify which EAP types can be used
>>>>>>>           # One-Time-Password and Generic-Token are supported
>>>>>>>           EAPType One-Time-Password,Generic-Token
>>>>>>>
>>>>>>>           #AgentName
>>>>>>>           AgentName secore
>>>>>>>
>>>>>>>           # You can make different types of reply depending  
>>>>>>> on the
>>>>>>>           group # of the authenticated user, if there are
>>>>>>>           ActionData groups # sent back by SafeWord server
>>>>>>>
>>>>>>>           GroupReply RO,\
>>>>>>>           Service-Type = Administrative-User,\
>>>>>>>           cisco-avpair = "shell:priv-lvl=1",\
>>>>>>>           Juniper-Local-User-Name = "remote2",\
>>>>>>>           RB-TTY-Level-Start = 5,\
>>>>>>>           RB-TTY-Level-Max = 5
>>>>>>>
>>>>>>>           GroupReply RW,\
>>>>>>>           Service-Type = Administrative-User,\
>>>>>>>           cisco-avpair = "shell:priv-lvl=15",\
>>>>>>>           Juniper-Local-User-Name = "remote1",\
>>>>>>>                 RB-TTY-Level-Start = 15,\
>>>>>>>                  RB-TTY-Level-Max = 15
>>>>>>>       </AuthBy>
>>>>>>>
>>>>>>>   </Realm>
>>>>>>>
>>>>>>>   ------------------End safeword.cfg------------------
>>>>>>>
>>>>>>>   _______________________________________________
>>>>>>>   radiator mailing list
>>>>>>>   radiator at open.com.au
>>>>>>>   http://www.open.com.au/mailman/listinfo/radiator
>>>>>>
>>>>>>
>>>>>>
>>>>>>  NB:
>>>>>>
>>>>>>  Have you read the reference manual ("doc/ref.html")?
>>>>>>  Have you searched the mailing list archive (www.open.com.au/ 
>>>>>> archiv
>>>> es/
>>>>>>  radiator)?
>>>>>>  Have you had a quick look on Google (www.google.com)?
>>>>>>  Have you included a copy of your configuration file (no  
>>>>>> secrets),
>>>>>>  together with a trace 4 debug showing what is happening?
>>>>>>  Have you checked the RadiusExpert wiki:
>>>>>>  http://www.open.com.au/wiki/index.php/Main_Page
>>>>>>
>>>>>>  --
>>>>>>  Radiator: the most portable, flexible and configurable RADIUS
>>>>>>  server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>>  Includes support for reliable RADIUS transport (RadSec),
>>>>>>  and DIAMETER translation agent.
>>>>>>  -
>>>>>>  Nets: internetwork inventory and management - graphical,
>>>>>>  extensible, flexible with hardware, software, platform and
>>>>>>  database independence. -
>>>>>>  CATool: Private Certificate Authority for Unix and Unix-like
>>>> systems.
>>>>
>>>>
>>>>
>>>> NB:
>>>>
>>>> Have you read the reference manual ("doc/ref.html")?
>>>> Have you searched the mailing list archive (www.open.com.au/ 
>>>> archives/
>>>> radiator)?
>>>> Have you had a quick look on Google (www.google.com)?
>>>> Have you included a copy of your configuration file (no secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>> Have you checked the RadiusExpert wiki:
>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>
>>>> -- 
>>>> Radiator: the most portable, flexible and configurable RADIUS  
>>>> server
>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>> Includes support for reliable RADIUS transport (RadSec),
>>>> and DIAMETER translation agent.
>>>> -
>>>> Nets: internetwork inventory and management - graphical,  
>>>> extensible,
>>>> flexible with hardware, software, platform and database  
>>>> independence.
>>>> -
>>>> CATool: Private Certificate Authority for Unix and Unix-like  
>>>> systems.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>
>
> -- 
> Mounting is used for three things: climbing on a horse, linking in  
> a hard disk unit in data systems, and, well, mounting during sex.
> -- Christa Keil



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list