Hi Hugh,
Thank you very much for your help.
It did work with only AuthBy SYSTEM *without* the UseGetspnam parameter. I
had my secret of the localhost wrong! How stupid of me :-( !!
Its working fine but I have another problem now for simultaneous logins.
Here is the trace 4 of the problem:
Tue Jul 11 19:46:20 2000: DEBUG: Radius::AuthSYSTEM looks for match with
bu0018
Tue Jul 11 19:46:20 2000: DEBUG: Checking if user is still online:
Livingston, bu0018, 202.52.251.3, 18, 7500B356 202.52.251.53Tue Jul 11
19:46:20 2000: DEBUG: Running command `/usr/local/bin/snmpget 202.52.251.3
public .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.2.5`
Tue Jul 11 19:46:20 2000: DEBUG: Running command `/usr/local/bin/snmpget
202.52.251.3 public
.iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.5.23`
Tue Jul 11 19:46:20 2000: NOTICE: Session for bu0018 at 202.52.251.3:18
has gone away
Tue Jul 11 19:46:20 2000: DEBUG: Deleting session for bu0018,
202.52.251.3, 18
Tue Jul 11 19:46:20 2000: DEBUG: Radius::AuthSYSTEM ACCEPT:
Tue Jul 11 19:46:20 2000: DEBUG: Radius::AuthFILE ACCEPT:
Tue Jul 11 19:46:20 2000: DEBUG: Access accepted for bu0018
Tue Jul 11 19:46:20 2000: DEBUG: Packet dump:
*** Sending to 202.52.251.2 port 1026 ....
Code: Access-Accept
The userbu0018 is still logged in 202.52.251.3:18 but Radiator assumes
that the session for it has gone away, deletes the session and accepts the
user bu0018 to login again simultaneously . Is it something with the
SNMPGET program? I have ucd-snmp utilities installed. But it shows no
errors.
Here is my radius.cfg
#radius.cfg
Foreground
#LogStdout
Trace 4
PidFile %L/radiusd.pid
AuthPort 1645
AcctPort 1646
LogDir /var/adm/radacct/Radiator
DbDir /usr/local/etc/raddb
LogFile %L/logfile
#LogFile
DictionaryFile %D/dictionary
#DictionaryFile %D/dictionary.cisco
#DictionaryFile %D/dictionary.ascend
#DictionaryFile %D/dictionary.ascend2
#DictionaryFile %D/dictionary.usr.merit
#LivingstonMIB .iso.org.dod.internet.private.enterprises.307
#LivingstonOffs 29
#LivingstonHole 2
SnmpgetProg /usr/local/bin/snmpget
<Client dmg-pm1.mos.com.np>
Secret mysecret1
NasType Livingston
DefaultRealm mos.com.np
</Client>
.
.
.
<Client 202.52.251.3>
Secret mysecret2
NasType Livingston
DefaultRealm mos.com.np
</Client>
<Realm mos.com.np>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
Filename %D/users
</AuthBy>
AcctLogFileName %L/detail
<AuthBy UNIX>
GroupFilename %D/group
</AuthBy>
<AuthBy SYSTEM>
Identifier System
</AuthBy>
</Realm>
<Realm DEFAULT>
<AuthBy RADIUS>
Host sungava.mos.com.np
Secret mylocalpass
AuthPort 1745
AcctPort 1746
Retries 3
RetryTimeout 5
</AuthBy>
</Realm>
<SessionDatabase DBM>
Filename %L/online
</SessionDatabase>
------------------------------------------------------
my users file:
DEFAULT Auth-Type = System, Group = ppp2, Simultaneous-Use = 2
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Routing = Listen,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Auth-Type = System, Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Routing = Listen,
Framed-Compression = Van-Jacobson-TCP-IP
------------------------------------------------------
I hope my radius.cfg & the users file is ok.
Thanking you in advance.
Regards,
Deepak
On Tue, 11 Jul 2000, Hugh Irvine wrote:
>
> Hello Deepak -
>
> Thanks for sending the trace - it shows that you are getting the password
> string back from the AuthBy SYSTEM call. However, as the password check fails I
> wonder if you are trying to use CHAP authentication? If so, that will be the
> problem, as you cannot do CHAP with encrypted passwords - you must use PAP.
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
