Hello Blake -
Your users file entry is incorrect, as the Service-Type is being used as a
check item, not a reply item (due to the trailing comma on the first line).
Try this:
# **USERS FILE**
michaelc@local Password = "ashworth"
Service-Type = Administrative-User
also not that the standard Radiator dictionary defines "Administrative-User".
hth
Hugh
On Sat, 02 Sep 2000, Blake Golliher wrote:
> Hello anyone use Redback out here?
>
> I'm trying to get my administrators to auth against radius, and I'm
> having a hard time with it. The redback documentation states that I have to
> have a service-type attribute set, to tell Redback, what type of service
> they have, like enable mode and such. However, everytime I specify a
> service-type attribute, authentication gets denied by the redback (below are
> the debug output, converted from HEX output), and if I take out the
> service-type attribute, I get access, but then the user doesn't have access
> to get to enable mode on the redback. Below are the debug output, logfile
> out put on trace 4, config file, and users file entry. Redback is pretty
> stumped, they've only used Livington radius before, and it "just works" as
> they put it. This has me pretty stumped, I'm hopeing somebody has solved
> this before, and can shed some light.
>
> thanks, and have a nice holiday weekend, if your in the states.. =)
>
>
> Blake!
>
>
> **CONFIG FILE**
> BackGround
> LogStdout
> LogDir /u01/Radiator-2.14.1/
>
> AuthPort 1812
> AcctPort 1813
>
> <Client 12.24.80.2>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Client 127.0.0.1>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy FILE>
> Filename ./users
> </AuthBy>
> AcctLogFileName ./acctlog
> </Realm>
> <Log FILE>
> Filename /u01/Radiator-2.14.1/radasslog
> Trace 4
> </Log>
>
> **USERS FILE**
> michaelc@local Password = "ashworth",
> Service-Type = Adminstrative
>
> **dictionary for redback VSA's**
> ATTRIBUTE Service-Type 6 integer
>
> VALUE Service-Type Login-User 1
> VALUE Service-Type Framed-User 2
> VALUE Service-Type Dialback-Login-User 3
> VALUE Service-Type Dialback-Framed-User 4
> VALUE Service-Type Dialout-Framed-User 5
> VALUE Service-Type Administrative 6
> VALUE Service-Type Nas-Prompt 7
>
> **REDBACK DEBUG OUTPUT**
> **WITH SERVICE TYPE ATTRIBUTE**
>
> S 07:43:39 1Sep2000 Access-Request id: 00 length: 94
> Authenticator Field: 71 36 e9 a7 fe 70 2f f0 23 fb 13 26 39 ba da 14
> User-Name: michaelc@local
> User-Password: ae 48 a5 26 7b 1a 70 50 23 86 8c 86 88 0d d3 f0
> NAS-Identifier: jac01-rbr01
> Calling-Station-Id: 216.32.32.249
> NAS-Port: 00000003
> NAS-Port-Type: Virtual (5)
> R 07:43:40 1Sep2000 Access-Reject id: 00 length: 36
> Authenticator Field: f1 5e 3a 06 f9 ad d4 76 4a e0 36 c7 f2 0c bc 1c
> Reply-Message: Request Denied
>
>
> **RADIATOR LOG OUTPUT TRACE LEVEL4**
> Fri Sep 1 17:49:54 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Sep 1 17:49:54 2000: DEBUG: Deleting session for michaelc@local,
> 12.24.80.2, 1
> Fri Sep 1 17:49:54 2000: DEBUG: Handling with Radius::AuthFILE
> Fri Sep 1 17:49:54 2000: DEBUG: Radius::AuthFILE looks for match with
> michaelc@local
> Fri Sep 1 17:49:54 2000: DEBUG: Radius::AuthFILE REJECT: Check item
> Service-Type expression 'Adminstrative' does not match '' in request
> Fri Sep 1 17:49:54 2000: INFO: Access rejected for michaelc@local: Check
> item Service-Type expression 'Adminstrative' does not match '' in request
>
> **REDBACK DEBUG OUTPUT**
> ** NO SERVICE-TYPE ATTRIBUTE**
>
>
> S 07:38:23 1Sep2000 Access-Request id: 00 length: 94
> Authenticator Field: f9 f9 7d 8f a4 25 d8 6f d3 1e ea 4c 4c 2d f9 a6
> User-Name: michaelc@local
> User-Password: 1e f1 6c 39 72 38 3b d8 2c c4 7a 8c 95 f6 9c ab
> NAS-Identifier: jac01-rbr01
> Calling-Station-Id: 216.32.32.249
> NAS-Port: 00000001
> NAS-Port-Type: Virtual (5)
> R 07:38:23 1Sep2000 Access-Accept id: 00 length: 20
> Authenticator Field: ee 97 2c 2c 27 4b b5 a7 06 da b5 35 2a f5 f7 41
>
> **RADIATOR LOG OUTPUT TRACE LEVEL4**
> Fri Sep 1 17:51:35 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Sep 1 17:51:35 2000: DEBUG: Deleting session for michaelc@local,
> 12.24.80.2, 1
> Fri Sep 1 17:51:35 2000: DEBUG: Handling with Radius::AuthFILE
> Fri Sep 1 17:51:35 2000: DEBUG: Reading users file ./users
> Fri Sep 1 17:51:35 2000: DEBUG: Radius::AuthFILE looks for match with
> michaelc@local
> Fri Sep 1 17:51:35 2000: DEBUG: Radius::AuthFILE ACCEPT:
> Fri Sep 1 17:51:35 2000: DEBUG: Access accepted for michaelc@local
>
> Blake Golliher
> Network Engineer
> Flashcom, Inc.
> Tel. 877-352-7426 ex 2599
> DID. 714-799-2599
>
> ... If it walks out of your refrigerator, LET IT GO !
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
