(RADIATOR) Radiator auth of Redback administrators

Blake Golliher Fri, 01 Sep 2000 18:23:35 -0700
Hello anyone use Redback out here?

        I'm trying to get my administrators to auth against radius, and I'm
having a hard time with it.  The redback documentation states that I have to
have a service-type attribute set, to tell Redback, what type of service
they have, like enable mode and such.  However, everytime I specify a
service-type attribute, authentication gets denied by the redback (below are
the debug output, converted from HEX output), and if I take out the
service-type attribute, I get access, but then the user doesn't have access
to get to enable mode on the redback.  Below are the debug output, logfile
out put on trace 4, config file, and users file entry.  Redback is pretty
stumped, they've only used Livington radius before, and it "just works" as
they put it.  This has me pretty stumped, I'm hopeing somebody has solved
this before, and can shed some light.

thanks, and have a nice holiday weekend, if your in the states.. =)


Blake!


**CONFIG FILE**
BackGround
LogStdout
LogDir          /u01/Radiator-2.14.1/ 

AuthPort 1812
AcctPort 1813

<Client 12.24.80.2>
        Secret mysecret
        DupInterval 0
</Client>

<Client 127.0.0.1>
        Secret mysecret 
        DupInterval 0
</Client>

<Realm DEFAULT>
        <AuthBy FILE>
                Filename ./users
        </AuthBy>
                AcctLogFileName ./acctlog
</Realm>
<Log FILE>
        Filename /u01/Radiator-2.14.1/radasslog
        Trace 4 
</Log>

**USERS FILE**
michaelc@local  Password = "ashworth",
                Service-Type = Adminstrative 

**dictionary for redback VSA's**
ATTRIBUTE       Service-Type            6       integer

VALUE   Service-Type                    Login-User              1
VALUE   Service-Type                    Framed-User             2
VALUE   Service-Type                    Dialback-Login-User     3
VALUE   Service-Type                    Dialback-Framed-User    4
VALUE   Service-Type                    Dialout-Framed-User     5
VALUE   Service-Type                    Administrative          6
VALUE   Service-Type                    Nas-Prompt              7

**REDBACK DEBUG OUTPUT**
**WITH SERVICE TYPE ATTRIBUTE**

S 07:43:39 1Sep2000 Access-Request id: 00 length: 94
Authenticator Field: 71 36 e9 a7 fe 70 2f f0 23 fb 13 26 39 ba da 14
User-Name: michaelc@local
User-Password: ae 48 a5 26 7b 1a 70 50 23 86 8c 86 88 0d d3 f0
NAS-Identifier: jac01-rbr01
Calling-Station-Id: 216.32.32.249
NAS-Port: 00000003
NAS-Port-Type: Virtual (5)
R 07:43:40 1Sep2000 Access-Reject id: 00 length: 36
Authenticator Field: f1 5e 3a 06 f9 ad d4 76 4a e0 36 c7 f2 0c bc 1c
Reply-Message: Request Denied


**RADIATOR LOG OUTPUT TRACE LEVEL4**
Fri Sep  1 17:49:54 2000: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Sep  1 17:49:54 2000: DEBUG: Deleting session for michaelc@local,
12.24.80.2, 1
Fri Sep  1 17:49:54 2000: DEBUG: Handling with Radius::AuthFILE
Fri Sep  1 17:49:54 2000: DEBUG: Radius::AuthFILE looks for match with
michaelc@local
Fri Sep  1 17:49:54 2000: DEBUG: Radius::AuthFILE REJECT: Check item
Service-Type expression 'Adminstrative' does not match '' in request
Fri Sep  1 17:49:54 2000: INFO: Access rejected for michaelc@local: Check
item Service-Type expression 'Adminstrative' does not match '' in request

**REDBACK DEBUG OUTPUT**
** NO SERVICE-TYPE ATTRIBUTE**


S 07:38:23 1Sep2000 Access-Request id: 00 length: 94
Authenticator Field: f9 f9 7d 8f a4 25 d8 6f d3 1e ea 4c 4c 2d f9 a6
User-Name: michaelc@local
User-Password: 1e f1 6c 39 72 38 3b d8 2c c4 7a 8c 95 f6 9c ab
NAS-Identifier: jac01-rbr01
Calling-Station-Id: 216.32.32.249
NAS-Port: 00000001
NAS-Port-Type: Virtual (5)
R 07:38:23 1Sep2000 Access-Accept id: 00 length: 20
Authenticator Field: ee 97 2c 2c 27 4b b5 a7 06 da b5 35 2a f5 f7 41

**RADIATOR LOG OUTPUT TRACE LEVEL4**
Fri Sep  1 17:51:35 2000: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Sep  1 17:51:35 2000: DEBUG: Deleting session for michaelc@local,
12.24.80.2, 1
Fri Sep  1 17:51:35 2000: DEBUG: Handling with Radius::AuthFILE
Fri Sep  1 17:51:35 2000: DEBUG: Reading users file ./users
Fri Sep  1 17:51:35 2000: DEBUG: Radius::AuthFILE looks for match with
michaelc@local
Fri Sep  1 17:51:35 2000: DEBUG: Radius::AuthFILE ACCEPT: 
Fri Sep  1 17:51:35 2000: DEBUG: Access accepted for michaelc@local

Blake Golliher
Network Engineer
Flashcom, Inc.
Tel. 877-352-7426 ex 2599
DID. 714-799-2599

... If it walks out of your refrigerator, LET IT GO !
 

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator auth of Redback administrators

Reply via email to
