I used this documentation and I solved my problem. Thanks for your help Alan.
Luciano........ Some caveats ============ This works fine for static passwords (i.e. "user", "password"), but needs a bit more attention for one-time passwords. All of the browsers I've tested don't use the cookie immediately if you're accessing a directory as: http://www.example.com/ What's hidden here is that the following files are checked for: http://www.example.com/ http://www.example.com/home.html http://www.example.com/home.cgi http://www.example.com/index.cgi http://www.example.com/index.html etc., all in sequence. This module does a 'stat', and returns "NOT FOUND" when anyone tries to access a file which doesn't exist. However, it WILL authenticate for a file which does exists, but the browser may not use the returned cookie when accessing a different page. The way to fix this is to point the browser at a specific page. i.e. http://www.example.com/ says "connect to our _secure_ site", where _secure_ is a link to http://www.example.com/secure/index.html People using static passwords don't need to do this, but if they don't, they'll notice that their RADIUS server is getting 1-4 hits for every web authentication request. Some browsers (I.E.) have a problem with sending cookies on initial requests. If you have a file index.html which includes img/foo.gif in the same directory. The user authenticates, reads index.html (with the cookie in the request header), BUT on reading the gifs, the cookie is NOT included. This problem can be avoided by EITHER putting the gifs in the same directory as the index.html file, or putting moving the entire tree down a node, and having a NEW index.html which points to ./moved/index.html This is ridiculously ugly, but it seems to work. -----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 18, 2004 12:15 PM To: [EMAIL PROTECTED] Subject: Re: mod_auth_radius and ACE/Server "Rangel, Luciano" <[EMAIL PROTECTED]> wrote: > I'm using Freeradius as a Proxy Radius to the ACE/Server. When I try > to authenticate in the Apache Server it execute several requests of > user and password in the Proxy Radius causing PASSCODE REUSE ATTACK > detect in the ACE/Server. > > How can execute only one request to the Proxy Freeradius ???????? Read the documentation which comes with mod_auth_radius, and the comments at the start of the C file. It describes when the module sends multiple requests, why, and how to fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
