Hello Brian,

up until a few minutes ago, Radiator did not honour Suffix check items. There
is a new version of AuthGeneric.pm at
http://www.open.com.au/radiator/downloads/patches-2.12/AuthGeneric.pm
that does.

The onoy thing is that you wil need to change the order in your defaults to
this:

DEFAULT Suffix = ".shell", Auth-Type = System
         Service-Type = Login-User,
         Login-Host = "our.shell.machine.com",
         Login-Service = Rlogin,
         Idle-Timeout = 1200,
         Session-Timeout = 28800

because of the way that Radiator check items and cascading work.

Hope that helps.

Cheers.

On Feb 11, 11:49pm, Brian Baggett wrote:
> Subject: (RADIATOR) Radiator blues
> Ok, here's the situation.  I just moved authentication from a Solaris 2.6
> x86 machine (64 MB of RAM, PPro 180) to a Solaris 7 x86 machine (256 MB of
> RAM, PPro 200).  The plan was to move from Livingston Radius
> authenticating off flat files to Radiator authenticating off of LDAP.
> Other developments have kept me from pursuing the latter option, so when
> we moved the authentication, we discovered that Livingston Radius under
> Solaris 2.7 couldn't handle our passwd/shadow file (14,000+ entries).  It
> would authenticate some users, but not after a certain point in the passwd
> file.   It was time to put Radiator to the test on a simple flat file
> authentication scheme.  It worked fine as expected, however there are
> certain legacy options we've had in our users file.  For instance...
>
> DEFAULT Auth-Type = System, Suffix = ".shell"
>         Service-Type = Login-User,
>         Login-Host = "our.shell.machine.com",
>         Login-Service = Rlogin,
>         Idle-Timeout = 1200,
>         Session-Timeout = 28800
>
> ... where we had different things for different services (ie ppp, cslip,
> shell, etc) that it tried to match to and if it couldn't, we had a default
> entry...
>
> DEFAULT Auth-Type = System
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 255.255.255.254,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-Compression = Van-Jacobson-TCP-IP,
>         Idle-Timeout = 1200,
>         Session-Timeout = 28800,
>         Framed-MTU = 1500
>
>
> Now maybe I'm incredibly misguided but myself and my associate (a looooong
> time livingston radius whiz) are having trouble configuring Radiator to
> handle this.  Moreover, I've printed out the reference manual and read it
> front to back, and the concept of realms (as radiator defines them)
> doesn't quite seem to make sense to me.  I'm at wit's end and need to get
> Radiator doing a rather simple authentication scheme off a shadow and
> users file and it's stumping me.  We can get it to work, but not
> efficiently, nor with our default profiles...
>
> Thu Feb 11 23:11:54 1999: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu Feb 11 23:11:54 1999: DEBUG: Rewrote user name to marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthFILE
> Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
> marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthUNIX
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthUNIX looks for match with
> marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Check item Suffix value '.slip' does not
> match '' in request
> Thu Feb 11 23:11:54 1999: INFO: Radius::AuthUNIX: Authentication failed
> for marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1
> Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthUNIX
> Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthUNIX looks for match with
> marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Check item Suffix value '.cslip' does not
> match '' in request
> Thu Feb 11 23:11:54 1999: INFO: Radius::AuthUNIX: Authentication failed
> for marshall
> Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT2
> Thu Feb 11 23:11:55 1999: DEBUG: Handling with Radius::AuthUNIX
> Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthUNIX looks for match with
> marshall
> Thu Feb 11 23:11:55 1999: DEBUG: Check item Suffix value '.shell' does not
> match '' in request
> Thu Feb 11 23:11:55 1999: INFO: Radius::AuthUNIX: Authentication failed
> for marshall
> Thu Feb 11 23:11:55 1999: DEBUG: Reading users file /etc/radiator/users
> Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT3
> Thu Feb 11 23:11:55 1999: DEBUG: Handling with Radius::AuthUNIX
> Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthUNIX looks for match with
> marshall
> Thu Feb 11 23:11:55 1999: WARNING: No such attribute Framed-IP-Netmask
> Thu Feb 11 23:11:55 1999: DEBUG: Packet dump:
>
> Also how does Radiator handle control characters if passed as a username?
> Many times, our livingston radius would be filled with horrendous username
> attempts and I was wondering if there were any known issues that should
> cause us concern.
>
> Thanks in advance,
>
> Brian
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Brian Baggett



-- 
Mike McCauley                                [EMAIL PROTECTED]
Open System Consultants Pty. Ltd             Unix, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia    Consulting and development
Phone, Fax: +61 3 9598-0985                  http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to