[RADIATOR] Upgrade to 4.6 caused me problems

Hugh Irvine hugh at open.com.au
Tue Apr 27 05:11:11 CDT 2010 

Hello Jethro -

On your last item, we have not been able to reproduce the problem, so could you please send me a copy of the configuration file and a trace 5 debug showing what you are receiving in the requests?

thanks and regards

Hugh


On 27 Apr 2010, at 18:21, Jethro R Binks wrote:

> On Tue, 27 Apr 2010, Hugh Irvine wrote:
> 
>>>> Yes - this is because many people need to mix both EAP and non-EAP in an 
>>>> AuthBy GROUP - hence the change.
>>> 
>>> OK .. did I miss part of history.html that details this, or is it 
>>> something that could be made clearer?
>> 
>> Not sure how it could be made clearer - sadly EAP by its nature is not 
>> clear.
> 
> True enough.  I meant the addition of a note to say something like "if you 
> previously defined EAP parameters within an AuthBy GROUP, you will need to 
> transfer them to the particular AuthBy(s) that participate in the EAP 
> transaction", or whatever terminology best suits.  That would have caught 
> my eye when reading history.html and I would have known changes needed to 
> be made beforehand.  You could (rightly) consider it an error to have put 
> the EAP stuff in the AuthBy GROUP in the first place rather than the 
> subordinate AuthBy, but it did work so I probably won't be the only one 
> who did that :).
> 
>> Yes - we've had quite a bit of trouble with EAPAnonymous.
>> 
>> I suggest you use the following if the User-Name is correct in the outer 
>> request:
>> 
>> 	EAPAnonymous %{User-Name}
> 
> If I'm not using the Windows client, it might not be; it might by 
> recommendation be @strath.ac.uk or anonymous at strath.ac.uk.  So I may have 
> to use a hook here to guarantee the right thing happens.  I will re-read 
> it all and try and understand it again ...
> 
> Any eduroam people listening who have had to deal with this?
> 
>> Well - Radiator is doing exactly what you are telling it to.
>> 
>> If you want the %D expanded you should use this:
>> 
>> DefineFormattedGlobalVar CertDir %D/certificates-4.6
> 
> Aha ... I'd completely forgotten that one (never needed to use it).  Ace 
> man, thanks.
> 
>> I'll have to get back to you on this one - it looks suspicious.
> 
> Ta.
> 
> Jethro.
> 
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks
> Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list