[RADIATOR] 3 Quick Assorted Queries

Heikki Vatiainen hvn at open.com.au
Wed Feb 9 10:42:24 CST 2011 

On 02/09/2011 05:37 PM, Adam Bishop wrote:

> * Can I disable PAP?

You can not stop client sending User-Password attribute, but you can
create a handler that rejects the request if the attribute is present.

That could direct the users to move e.g. from TTLS/PAP to TTLS/MSCHAPv2
or something else that does not cause passwords to be logged with Trace 4.

> * Using fork with AuthByNTLM causes the request to fail:
> 
> Wed Feb 9 15:22:24 2011: DEBUG: Handling with Radius::AuthNTLM: Wed Feb 9 15:22:24 2011: DEBUG: AuthBy NTLM result: IGNORE, forked
> 
> Anyone used fork with NTLM?

This does not look like failure to me. This is logged by the parent
meanwhile the newly forked child is handling the request. The real
result should come from the child process once it finishes.

You should see messages from the child in the logs while it does NTLM
authentication.

Why would you need to use fork with NTLM?

> * What do I need to do to get these types of accounting requests handled?  The standard user accounting packets are handled fine, but the NAS status updates aren't:

Just guessing here, but if you use Handlers that try to match realms
there is no User-Name where the realm comes from.

You could try a Handler that has Request-Type = Accounting-Request,
Acct-Status-Type = Accounting-On

> *** Received from 193.63.63.103 port 1814 ....
> Code:       Accounting-Request
> Identifier: 217
> Authentic:  <6><7><204><18><175><169>.<176><146>$<30><168><221><255>l<143>
> Attributes:
> Acct-Status-Type = Accounting-On
> Acct-Authentic = RADIUS
> NAS-IP-Address = 193.63.63.103
> NAS-Identifier = "HiveAP3"
> Called-Station-Id = "00-19-77-1B-CD-60:eduroam-dev"
> Acct-Terminate-Cause = NAS-Reboot
> Proxy-State = 0
> 
> Wed Feb  9 15:21:40 2011: WARNING: Could not find a handler for : request is ignored
> 
> Thanks for your help,

No problem. Please send your config file (no secrets) if you need
further comments.

Thanks!

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list