[RADIATOR] AuthBy Safeword problem
Johan Frid
johan at frid.info
Mon Jul 21 08:34:22 CDT 2008
ok no problem, I tested Radiator 4.3 and the problem is still there.
//Johan Frid
TeliaSonera
Hugh Irvine wrote:
>
> Hello Johan -
>
> The person who needs to look at this is away this week, but I should
> be able to get an answer for you next week.
>
> Apologies for the delay.
>
> regards
>
> Hugh
>
>
> On 6 Jul 2008, at 19:45, Johan Frid wrote:
>
>> I'm ruining version v5.8.8 built for i486-linux.
>> //Johan Frid
>> TeliaSonera
>>
>>
>> Hugh Irvine wrote:
>>>
>>> Hello Johan -
>>>
>>> My tests here show the Timeout parameter does indeed change the
>>> behaviour as expected.
>>>
>>> Can you tell me what version of Perl you are running?
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 3 Jul 2008, at 20:49, Johan Frid wrote:
>>>
>>>> Yes I'm running Radiator 4.2 and the Timeout parameter is accepted
>>>> in the
>>>> configfile, but doesn't seems to do nothing. I have even attempted
>>>> to set a
>>>> higher value, but the timeout seams to be about 10s any way.
>>>> /Johan Frid
>>>> TeliaSonear
>>>>
>>>> ---------------------------------------
>>>> /radiusd -config_file /etc/radiusradiator/safeword.cfg
>>>> Thu Jul 3 14:35:28 2008: DEBUG: Finished reading configuration file
>>>> '/etc/radiusradiator/safeword.cfg'
>>>> This Radiator license will expire on 2008-08-30
>>>> This Radiator license will stop operating after 1000 requests
>>>> To purchase an unlimited full source version of Radiator, see
>>>> http://www.open.com.au/ordering.html
>>>> To extend your license period, contact admin at open.com.au
>>>>
>>>> Thu Jul 3 14:35:28 2008: DEBUG: Reading dictionary file
>>>> '/etc/radiusradiator/dictionary/dictionary'
>>>> Thu Jul 3 14:35:28 2008: DEBUG: Creating authentication port
>>>> 0.0.0.0:1645
>>>> Thu Jul 3 14:35:28 2008: DEBUG: Creating accounting port 0.0.0.0:1646
>>>> Thu Jul 3 14:35:28 2008: NOTICE: Server started: Radiator 4.2 on
>>>> gentoo
>>>> (LOCKED)
>>>>
>>>> ----------------------------------
>>>>
>>>>
>>>>
>>>> On 3:57 am 07/03/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>>>
>>>>> Hello Johan -
>>>>>
>>>>> This is odd - are you running Radiator 4.2? And do you mean the
>>>>> Timeout parameter is not accepted in your configuration, or just that
>>>>> it seems to do nothing?
>>>>>
>>>>> Have you restarted Radiator to re-read the configuration file?
>>>>>
>>>>> regards
>>>>>
>>>>> Hugh
>>>>>
>>>>>
>>>>> On 2 Jul 2008, at 18:19, Johan Frid wrote:
>>>>>
>>>>>> Theirs no firewall between and Timeout doesn't work in AuthBy
>>>>>> SAFEWORD.
>>>>>> Have attempted to add Timeout 3 in AuthBy SAFEWORD clause but
>>>>>> nothing changes.
>>>>>>
>>>>>> Does there exist any keep live function against the Safeword
>>>>>> server?
>>>>>> //Johan Frid
>>>>>> TeliaSonera
>>>>>>
>>>>>>
>>>>>> On 8:05 am 07/01/08 Hugh Irvine <hugh at open.com.au> wrote:
>>>>>>>
>>>>>>> Hello Johan -
>>>>>>>
>>>>>>> Is there perhaps a firewall between the Radiator host and the
>>>>>>> Safeword host?
>>>>>>>
>>>>>>> It looks to me like the connection to the Safeword host is lost
>>>>>>> and Radiator waits 10 seconds before retrying.
>>>>>>>
>>>>>>> You can try altering the Timeout parameter in the AuthBy SAFEWORD
>>>>>>> clause to something more aggressive than 10 seconds.
>>>>>>>
>>>>>>> regards
>>>>>>>
>>>>>>> Hugh
>>>>>>>
>>>>>>>
>>>>>>> On 30 Jun 2008, at 22:59, Johan Frid wrote:
>>>>>>>
>>>>>>>> I'm having problem with AuthBy Safeword. I'm getting ERR: AuthBy
>>>>>>>> SAFEWORD
>>>>>>>> read error, disconnecting. That causing clients to time out. Any
>>>>>>>> idea what
>>>>>>>> the problem could be? cant find anything in Safewods log file
>>>>>>>> that indicates that the problem is in Safeword.
>>>>>>>>
>>>>>>>> //Johan Frid
>>>>>>>> TeliaSonera
>>>>>>>>
>>>>>>>> ------------------Debug level 4 ------------------
>>>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Packet dump:
>>>>>>>> *** Received from 192.168.0.199 port 1104 ....
>>>>>>>> Code: Access-Request
>>>>>>>> Identifier: 25
>>>>>>>> Authentic: 1214477169
>>>>>>>> Attributes:
>>>>>>>> User-Name = "STUDENT2"
>>>>>>>> User-Password = <241>8<246><222>w<213>CB
>>>>>>>> <172><177>SDn<243><168>
>>>>>>>>
>>>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Handling request with Handler
>>>>>>>> 'Realm=DEFAULT'
>>>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Rewrote user name to student2
>>>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Deleting session for STUDENT2,
>>>>>>>> 192.168.0.199,
>>>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Handling with
>>>>>>> Radius::AuthSAFEWORD :
>>>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: Radius::AuthSAFEWORD looks for
>>>>>>>> match with
>>>>>>>> student2 [STUDENT2]
>>>>>>>> Thu Jun 26 14:46:07 2008: ERR: AuthBy SAFEWORD read error,
>>>>>>>> disconnecting:
>>>>>>>> Thu Jun 26 14:46:07 2008: DEBUG: AuthBy SAFEWORD connecting to
>>>>>>>> 192.168.0.205:5031
>>>>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Radius::AuthSAFEWORD ACCEPT: :
>>>>>>>> student2
>>>>>>>> [STUDENT2]
>>>>>>>> Thu Jun 26 14:46:17 2008: DEBUG: AuthBy SAFEWORD result: ACCEPT,
>>>>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Access accepted for student2
>>>>>>>> Thu Jun 26 14:46:17 2008: DEBUG: Packet dump:
>>>>>>>> *** Sending to 192.168.0.199 port 1104 ....
>>>>>>>> Code: Access-Accept
>>>>>>>> Identifier: 25
>>>>>>>> Authentic: 1214477169
>>>>>>>> Attributes:
>>>>>>>> Service-Type = Administrative-User
>>>>>>>> cisco-avpair = "shell:priv-lvl=15"
>>>>>>>> Juniper-Local-User-Name = "remote1"
>>>>>>>> RB-TTY-Level-Start = 15
>>>>>>>> RB-TTY-Level-Max = 15
>>>>>>>> Unisphere-Init-CLI-Access-Level = "1"
>>>>>>>> Unisphere-Alt-CLI-Access-Level = "10"
>>>>>>>> Login-Service = 0
>>>>>>>> Huawei-Exec-Privilege = 3
>>>>>>>> ------------------End Debug level 4 -------------------
>>>>>>>>
>>>>>>>> config file I'm using
>>>>>>>> ------------------safeword.cfg------------------
>>>>>>>>
>>>>>>>> Foreground
>>>>>>>> LogStdout
>>>>>>>> LogDir /var/log/radius
>>>>>>>> DbDir
>>>>>>>> Trace 4
>>>>>>>> AuthPort 1645
>>>>>>>> AcctPort 1646
>>>>>>>> DictionaryFile /etc/radiusradiator/dictionary/dictionary
>>>>>>>> <Client DEFAULT>
>>>>>>>>
>>>>>>>> Secret mysecret
>>>>>>>>
>>>>>>>> DupInterval 0
>>>>>>>> </Client>
>>>>>>>>
>>>>>>>> <Realm DEFAULT>
>>>>>>>> # This one translates all uppercase chars to lowercase
>>>>>>>> RewriteUsername tr/A-Z/a-z/
>>>>>>>>
>>>>>>>> <AuthBy SAFEWORD>
>>>>>>>> # The name or address of the host where the SafeWord
>>>>>>>> # PremierAccess server runs
>>>>>>>> # Defaults to localhost.
>>>>>>>> # Set this to the address of the SafeWord PremierAccess
>>>>>>>> server #Host localhost
>>>>>>>> Host 192.168.0.205
>>>>>>>>
>>>>>>>> # Port to connet to on Host.
>>>>>>>> # Defaults to 5031, the default SafeWord EASSP2 port
>>>>>>>> Port 5031
>>>>>>>>
>>>>>>>> # You can specify which EAP types can be used
>>>>>>>> # One-Time-Password and Generic-Token are supported
>>>>>>>> EAPType One-Time-Password,Generic-Token
>>>>>>>>
>>>>>>>> #AgentName
>>>>>>>> AgentName secore
>>>>>>>>
>>>>>>>> # You can make different types of reply depending on the
>>>>>>>> group # of the authenticated user, if there are
>>>>>>>> ActionData groups # sent back by SafeWord server
>>>>>>>>
>>>>>>>> GroupReply RO,\
>>>>>>>> Service-Type = Administrative-User,\
>>>>>>>> cisco-avpair = "shell:priv-lvl=1",\
>>>>>>>> Juniper-Local-User-Name = "remote2",\
>>>>>>>> RB-TTY-Level-Start = 5,\
>>>>>>>> RB-TTY-Level-Max = 5
>>>>>>>>
>>>>>>>> GroupReply RW,\
>>>>>>>> Service-Type = Administrative-User,\
>>>>>>>> cisco-avpair = "shell:priv-lvl=15",\
>>>>>>>> Juniper-Local-User-Name = "remote1",\
>>>>>>>> RB-TTY-Level-Start = 15,\
>>>>>>>> RB-TTY-Level-Max = 15
>>>>>>>> </AuthBy>
>>>>>>>>
>>>>>>>> </Realm>
>>>>>>>>
>>>>>>>> ------------------End safeword.cfg------------------
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> radiator mailing list
>>>>>>>> radiator at open.com.au
>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> NB:
>>>>>>>
>>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>>> Have you searched the mailing list archive (www.open.com.au/archiv
>>>>> es/
>>>>>>> radiator)?
>>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>>> Have you included a copy of your configuration file (no secrets),
>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>> Have you checked the RadiusExpert wiki:
>>>>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>>>>
>>>>>>> --
>>>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>>>> server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>>> Includes support for reliable RADIUS transport (RadSec),
>>>>>>> and DIAMETER translation agent.
>>>>>>> -
>>>>>>> Nets: internetwork inventory and management - graphical,
>>>>>>> extensible, flexible with hardware, software, platform and
>>>>>>> database independence. -
>>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>>> systems.
>>>>>
>>>>>
>>>>>
>>>>> NB:
>>>>>
>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>> Have you searched the mailing list archive (www.open.com.au/archives/
>>>>> radiator)?
>>>>> Have you had a quick look on Google (www.google.com)?
>>>>> Have you included a copy of your configuration file (no secrets),
>>>>> together with a trace 4 debug showing what is happening?
>>>>> Have you checked the RadiusExpert wiki:
>>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>>
>>>>> --
>>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>> Includes support for reliable RADIUS transport (RadSec),
>>>>> and DIAMETER translation agent.
>>>>> -
>>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>>> flexible with hardware, software, platform and database independence.
>>>>> -
>>>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive
>>> (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>
>>
>>
>> --
>> Mounting is used for three things: climbing on a horse, linking in a
>> hard disk unit in data systems, and, well, mounting during sex.
>> -- Christa Keil
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
--
Mounting is used for three things: climbing on a horse, linking in a hard disk unit in data systems, and, well, mounting during sex.
-- Christa Keil
More information about the radiator
mailing list