Hello Brian,
up until a few minutes ago, Radiator did not honour Suffix check items. There
is a new version of AuthGeneric.pm at
http://www.open.com.au/radiator/downloads/patches-2.12/AuthGeneric.pm
that does.
The onoy thing is that you wil need to change the order in your defaults to
this:
DEFAULT Suffix = ".shell", Auth-Type = System
Service-Type = Login-User,
Login-Host = "our.shell.machine.com",
Login-Service = Rlogin,
Idle-Timeout = 1200,
Session-Timeout = 28800
because of the way that Radiator check items and cascading work.
Hope that helps.
Cheers.
On Feb 11, 11:49pm, Brian Baggett wrote:
> Subject: (RADIATOR) Radiator blues
> Ok, here's the situation. I just moved authentication from a Solaris 2.6
> x86 machine (64 MB of RAM, PPro 180) to a Solaris 7 x86 machine (256 MB of
> RAM, PPro 200). The plan was to move from Livingston Radius
> authenticating off flat files to Radiator authenticating off of LDAP.
> Other developments have kept me from pursuing the latter option, so when
> we moved the authentication, we discovered that Livingston Radius under
> Solaris 2.7 couldn't handle our passwd/shadow file (14,000+ entries). It
> would authenticate some users, but not after a certain point in the passwd
> file. It was time to put Radiator to the test on a simple flat file
> authentication scheme. It worked fine as expected, however there are
> certain legacy options we've had in our users file. For instance...
>
> DEFAULT Auth-Type = System, Suffix = ".shell"
> Service-Type = Login-User,
> Login-Host = "our.shell.machine.com",
> Login-Service = Rlogin,
> Idle-Timeout = 1200,
> Session-Timeout = 28800
>
> ... where we had different things for different services (ie ppp, cslip,
> shell, etc) that it tried to match to and if it couldn't, we had a default
> entry...
>
> DEFAULT Auth-Type = System
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Idle-Timeout = 1200,
> Session-Timeout = 28800,
> Framed-MTU = 1500
>
>
> Now maybe I'm incredibly misguided but myself and my associate (a looooong
> time livingston radius whiz) are having trouble configuring Radiator to
> handle this. Moreover, I've printed out the reference manual and read it
> front to back, and the concept of realms (as radiator defines them)
> doesn't quite seem to make sense to me. I'm at wit's end and need to get
> Radiator doing a rather simple authentication scheme off a shadow and
> users file and it's stumping me. We can get it to work, but not
> efficiently, nor with our default profiles...
>
> Thu Feb 11 23:11:54 1999: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu Feb 11 23:11:54 1999: DEBUG: Rewrote user name to marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthFILE
> Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
> marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthUNIX
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthUNIX looks for match with
> marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Check item Suffix value '.slip' does not
> match '' in request
> Thu Feb 11 23:11:54 1999: INFO: Radius::AuthUNIX: Authentication failed
> for marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1
> Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthUNIX
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthUNIX looks for match with
> marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Check item Suffix value '.cslip' does not
> match '' in request
> Thu Feb 11 23:11:54 1999: INFO: Radius::AuthUNIX: Authentication failed
> for marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT2
> Thu Feb 11 23:11:55 1999: DEBUG: Handling with Radius::AuthUNIX
> Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthUNIX looks for match with
> marshall
> Thu Feb 11 23:11:55 1999: DEBUG: Check item Suffix value '.shell' does not
> match '' in request
> Thu Feb 11 23:11:55 1999: INFO: Radius::AuthUNIX: Authentication failed
> for marshall
> Thu Feb 11 23:11:55 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT3
> Thu Feb 11 23:11:55 1999: DEBUG: Handling with Radius::AuthUNIX
> Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthUNIX looks for match with
> marshall
> Thu Feb 11 23:11:55 1999: WARNING: No such attribute Framed-IP-Netmask
> Thu Feb 11 23:11:55 1999: DEBUG: Packet dump:
>
> Also how does Radiator handle control characters if passed as a username?
> Many times, our livingston radius would be filled with horrendous username
> attempts and I was wondering if there were any known issues that should
> cause us concern.
>
> Thanks in advance,
>
> Brian
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Brian Baggett
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
