Hi John -
It would also be useful to include debug output at Trace level 4 showing what
is happening. I would have expected to see at least a couple of errors when
Radiator started up with this configuration.
On Sat, 07 Aug 1999, [EMAIL PROTECTED] wrote:
> Hi;
>
> We installed Radiator last weekend on our system and since that time our dialup NT
>(4.0) customers have had problems accessing the system. They authenticate just fine
>but can't browse. To really confuse things this only happens when they dialup into
>our PM3's not our Ascend's.
>
> I know that this doesn't sound like a Radius problem, but that is the only thing
>that has changed on our system.
>
> Here is the info from our config files that is relivant:
>
> From radius.cfg:
>
> <Realm DEFAULT>
> AuthByPolicy ContinueUntilAccept
>
> <AuthBy FILE>
> # The filename defaults to %D/users
> </AuthBy>
>
> # Log accounting to the detail file in LogDir
> MaxSessions 1
> AcctLogFileName %L/detail
> SessionDatabase SDB1
> </Realm>
> <Realm thiswontmatchanything>
> # This clause says that for entries in the users file
> # that specify Auth-Type=System, use the UNIX module to
> # authenticate them
> <AuthBy UNIX>
> Identifier System
> Filename /etc/master.passwd
> </AuthBy>
> SessionDatabase SDB1
> </Realm>
>
I have rewritten part of your config as follows:
# SessionDatabase is a global parameter using either SQL or DBM
<SessionDatabase SQL>
DBSource ....
DBUsername ...
DBAuth ...
</SessionDatabase>
# This clause says that for entries in the users file
# that specify Auth-Type=System, use the UNIX module to
# authenticate them
<AuthBy UNIX>
Identifier System
Filename /etc/master.passwd
</AuthBy>
# Set up a DEFAULT Realm
<Realm DEFAULT>
<AuthBy FILE>
Filename %D/users # Make it clear what users file
</AuthBy>
# Set maximum number of sessions to 1
MaxSessions 1
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
</Realm>
>
> From users:
>
> DEFAULT Auth-Type=System
> User-Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.0,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobsen-TCP-IP,
> Session-Timeout = 28800,
> Idle-Timeout = 1800
>
The standard dictionary supplied with Radiator does not define
"User-Service-Type", but rather "Service-Type", so that may be your problem.
If your pm3's and ascends are behaving differently to the same set of reply
items as shown above, then the problem must be with the reply items. You should
check the debug output on the NAS equipment to see what is going on.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
