[RADIATOR] Radiator does not wait for RADIUS requests
Qiu, Dennis
dennis.qiu at davispolk.com
Tue Nov 6 11:06:21 CST 2012
Alan,
I use a generic radiaus.cfg from installation without any changes. Following is my radius.cfg file:
-----------------------------------------------------------------
# windows.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# a simple system on Windows. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# This example is expected to be installed in
# c:\Program Files\Radiator\radius.cfg
# It will authenticate from a standard users file in
# c:\Program Files\Radiator\users
# it will log debug and other messages to
# c:\Program Files\Radiator\logfile
# and log accounting to a file in
# c:\Program Files\Radiator\detail
# (of course you can change all these by editing this config file if you wish)
#
# It will accept requests from any client and try to handle requests
# for any realm.
# And it will print out what its doing in great detail to the log file.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# of all the features and syntax.
#
# You should consider this file to be a starting point only
# $Id: windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
AcctPort 1813
AuthPort 1812
BindAddress 144.211.2.97
#BindAddress 0.0.0.0
DbDir c:/Program Files/Radiator
DictionaryFile %D/dictionary
Foreground 1
LogDir c:/Program Files/Radiator/Logs
#LogFile logfile
LogStdout 1
MaxChildren 0
PidFile %L/radiusd.pid
PmwhoProg /usr/local/sbin/pmwho
SnmpNASErrorTimeout 60
SnmpgetProg /usr/bin/snmpget
SnmpsetProg /usr/bin/snmpset
SnmpwalkProg /usr/bin/snmpwalk
Trace 4
<Client DEFAULT>
DupInterval 0
FramedGroupMaxPortsPerClassC 255
LivingstonHole 2
LivingstonOffs 29
NasType unknown
SNMPCommunity 450dpw$
Secret mysecret
</Client>
<Handler NAS-Identifier=TACACS>
AuthByPolicy ContinueWhileIgnore
<AuthBy GROUP>
AuthByPolicy ContinueUntilAccept
CachePasswordExpiry 86400
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
Identifier GetUser
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
<AuthBy LSA>
AddToReply tacacsgroup = netadmin
CachePasswordExpiry 86400
Domain ad.dpw.com
DomainController dcny001
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
EAPType MSCHAP-V2
Group networking_staff
NoDefault 1
Origin Radiator
PasswordPrompt password
ProcessName IAS
SIPDigestRealm DefaultSipRealm
Source Radiator
UsernameMatchesWithoutRealm 1
Workstation
</AuthBy>
<AuthBy LSA>
AddToReply tacacsgroup = users
CachePasswordExpiry 86400
Domain ad.dpw.com
DomainController dcny001
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
EAPType MSCHAP-V2
Group networking_guest
NoDefault 1
Origin Radiator
PasswordPrompt password
ProcessName IAS
SIPDigestRealm DefaultSipRealm
Source Radiator
UsernameMatchesWithoutRealm 1
Workstation
</AuthBy>
</AuthBy>
</Handler>
<ServerHTTP >
AuditTrail %D/audit.txt
AuthByPolicy ContinueWhileIgnore
BindAddress 0.0.0.0
DefaultPrivilegeLevel 15
LogMaxLines 500
MaxBufferSize 10000000
Password dpw450
Port 9048
Protocol tcp
SessionTimeout 3600
TLS_ExpectedPeerName .+
Trace 3
Username adm
<AuthLog FILE>
FailureFormat %l:%U:%P:FAIL
Filename %L/weblog
LogFailure 1
LogSuccess 0
SuccessFormat %l:%U:%P:OK
</AuthLog>
</ServerHTTP>
<Realm DEFAULT>
PreProcessingHook file:"c:\program files\radiator\createavpairs.pl"
#<AuthBy INTERNAL>
# DefaultResult REJECT
# AcctResult ACCEPT
#</AuthBy>
# AcctLogFileName accounting-log
AcctLogFileName %L/%d%m%Ylogfile
AcctLogFileFormat %l:%{User-Name}:%{cisco-cmd}
#AddToRequest Request-Type=Accounting-Request
#AcctLogFileName %D/acct.log
AuthByPolicy ContinueWhileIgnore
AuthBy GetUser
<AuthBy FILE>
CachePasswordExpiry 86400
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
Filename %D/users
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
</AuthBy>
</Realm>
<ServerTACACSPLUS >
AddToRequest NAS-Identifier=TACACS
AuthorizationTimeout 600
AuthorizeGroup netadmin permit service=shell cmd\* {priv-lvl=15}
AuthorizeGroup netadmin permit .*
AuthorizeGroup users permit service=shell cmd\* {priv-lvl=1}
AuthorizeGroup users permit .*
AuthorizeGroup guest permit service=shell cmd\* {priv-lvl=0}
AuthorizeGroup DEFAULT deny .*
BindAddress 0.0.0.0
GroupCacheFile %L/radiator-tacacs-usergroup.cache
GroupMemberAttr tacacsgroup
IdleTimeout 180
MaxBufferSize 100000
PasswordPrompt Password:
Port 49
SingleSession 1
UsernamePrompt Username:
<Log FILE>
Filename %L/tacacs.log
Trace 4
</Log>
</ServerTACACSPLUS>
I ran radpwrst using following options:
perl radpwtst -user mikem -password fred -auth_port 1812 -trace 4 > c:\temp\log.txt
Following is the output file:
---------------------------------------
Tue Nov 6 12:05:01 2012: DEBUG: Reading dictionary file 'c:/Program Files/Radiator/dictionary'
sending Access-Request...
Tue Nov 6 12:05:01 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1812 ....
Code: Access-Request
Identifier: 106
Authentic: <234><12>6<215><151><233>]<243>=<5><238>^Auf<247>
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = `[<244><181>A<137>C<134><188>:<220>/><165><6>c
No reply
sending Accounting-Request Start...
Tue Nov 6 12:05:06 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1646 ....
Code: Accounting-Request
Identifier: 107
Authentic: <149><182><160><9><14>H<142> "<167><245>:d<10><164><241>
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
No reply
sending Accounting-Request Stop...
Tue Nov 6 12:05:11 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1646 ....
Code: Accounting-Request
Identifier: 108
Authentic: <174><253>D<158><15>MnG<172>GxuO<23>5a
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
No reply
From: Alan Buxey [mailto:A.L.M.Buxey at lboro.ac.uk]
Sent: Tuesday, November 06, 2012 11:58 AM
To: Qiu, Dennis; radiator at open.com.au
Subject: Re: [RADIATOR] Radiator does not wait for RADIUS requests
Check your radius.cfg file for config presence and what debug value are you running at. For initial work you might to be running at level 4 or 5
alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20121106/b438a8c9/attachment-0001.html
More information about the radiator
mailing list