[RADIATOR] AuthBy Safeword problem

Johan Frid johan at frid.info
Mon Jun 30 07:59:53 CDT 2008 

I'm having problem with AuthBy Safeword. I'm getting ERR: AuthBy SAFEWORD
read error, disconnecting. That causing clients to time out. Any idea what
the problem could be? cant find anything in Safewods log file that
indicates that the problem is in Safeword.
 
//Johan Frid 
TeliaSonera 

------------------Debug level 4 ------------------
Thu Jun 26 14:46:07 2008: DEBUG: Packet dump:
*** Received from 192.168.0.199 port 1104 ....
Code:       Access-Request
Identifier: 25
Authentic:        1214477169
Attributes:
        User-Name = "STUDENT2"
        User-Password = <241>8<246><222>w<213>CB <172><177>SDn<243><168>

Thu Jun 26 14:46:07 2008: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Jun 26 14:46:07 2008: DEBUG: Rewrote user name to student2
Thu Jun 26 14:46:07 2008: DEBUG:  Deleting session for STUDENT2,
192.168.0.199,
Thu Jun 26 14:46:07 2008: DEBUG: Handling with Radius::AuthSAFEWORD: 
Thu Jun 26 14:46:07 2008: DEBUG: Radius::AuthSAFEWORD looks for match with
student2 [STUDENT2]
Thu Jun 26 14:46:07 2008: ERR: AuthBy SAFEWORD read error, disconnecting: 
Thu Jun 26 14:46:07 2008: DEBUG: AuthBy SAFEWORD connecting to
192.168.0.205:5031
Thu Jun 26 14:46:17 2008: DEBUG: Radius::AuthSAFEWORD ACCEPT: : student2
[STUDENT2]
Thu Jun 26 14:46:17 2008: DEBUG: AuthBy SAFEWORD result: ACCEPT, 
Thu Jun 26 14:46:17 2008: DEBUG: Access accepted for student2
Thu Jun 26 14:46:17 2008: DEBUG: Packet dump:
*** Sending to 192.168.0.199 port 1104 ....
Code:       Access-Accept
Identifier: 25
Authentic:        1214477169
Attributes:
        Service-Type = Administrative-User
        cisco-avpair = "shell:priv-lvl=15"
        Juniper-Local-User-Name = "remote1"
        RB-TTY-Level-Start = 15
        RB-TTY-Level-Max = 15
        Unisphere-Init-CLI-Access-Level = "1"
        Unisphere-Alt-CLI-Access-Level = "10"
        Login-Service = 0
        Huawei-Exec-Privilege = 3
------------------End Debug level 4 -------------------

config file I'm using 
------------------safeword.cfg------------------

Foreground
LogStdout
LogDir	/var/log/radius
DbDir		
Trace 		4
AuthPort	1645
AcctPort	1646
DictionaryFile /etc/radiusradiator/dictionary/dictionary
<Client DEFAULT>

Secret	mysecret

DupInterval 0
</Client>

<Realm DEFAULT>
	# This one translates all uppercase chars to lowercase
	RewriteUsername	tr/A-Z/a-z/

	<AuthBy SAFEWORD>
		# The name or address of the host where the SafeWord
		# PremierAccess server runs
		# Defaults to localhost.
		# Set this to the address of the SafeWord PremierAccess server
		#Host localhost
		Host 192.168.0.205

		# Port to connet to on Host.
		# Defaults to 5031, the default SafeWord EASSP2 port
		Port 5031

		# You can specify which EAP types can be used
		# One-Time-Password and Generic-Token are supported
		EAPType One-Time-Password,Generic-Token
		
		#AgentName 		
		AgentName secore
		
		# You can make different types of reply depending on the group
		# of the authenticated user, if there are ActionData groups 
		# sent back by SafeWord server
		
		GroupReply RO,\
		Service-Type = Administrative-User,\
		cisco-avpair = "shell:priv-lvl=1",\
		Juniper-Local-User-Name = "remote2",\
		RB-TTY-Level-Start = 5,\
		RB-TTY-Level-Max = 5
		
		GroupReply RW,\
		Service-Type = Administrative-User,\
		cisco-avpair = "shell:priv-lvl=15",\
		Juniper-Local-User-Name = "remote1",\
      		RB-TTY-Level-Start = 15,\
       		RB-TTY-Level-Max = 15
	</AuthBy>

</Realm>

------------------End safeword.cfg------------------

More information about the radiator mailing list