I am currently using a freeware radius server called Icradius and would
like to also use Radiator to incorporate it into future versions of our
product. I know that the NASes out at Ziplink will accept these
name-value pairs, because I used them to test our other radius server.
I have included my config files below. You will notice that these are
about the simplest possible configuration imaginable. I have tried
lots of alternative to get this to work, but not have succeeded.
What's even more annoying is that I get virtually nothing in the logs.
It's as if Access-Requests come to Radiator, it acknowledges and logs
the request, then drops the packet.
It seems to me that even if I had botched my config files, if Radiator
can at least find the users file (which it does), it should reply with
an
Access-Reject. However, it does not. It simply does nothing. This is
confirmed when I do tcpdump, which shows packets coming in, but no
packets going out in reply.
If anyone has an idea why this very simple config is not working, I
would
be deeply appreciate it. I have tried to add the PasswordLogFileName
tag
to give a little information, but it didn't even touch the logfile, yet
alone write it (I tried touching the file, but it still didn't write
it.). I've fiddled around with lots and lots of other parameters as
well
without any success.
At the end of the day, it is difficult to debug, because I can't see
much
in the logs.
This is my radius.cfg file:
Foreground
LogStdout
LogDir /usr/local/etc/raddb/
DbDir /usr/local/etc/raddb/
DictionaryFile /usr/local/etc/raddb/dictionary
AuthPort 1645
AcctPort 1646
# User a lower trace level in production systems:
Trace 4
# You will probably want to change this to suit your site.
<Client athena.ziplink.net>
Secret XXXXXXX
DupInterval 0
</Client>
<Client zeus.ziplink.net>
Secret XXXXXXX
DupInterval 0
</Client>
<Client DEFAULT>
Secret XXXXXXX
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy FILE>
Filename /usr/local/etc/raddb/users
DefaultReply
Service-Type=Framed-User,Framed-Protocol=PPP,Framed-MTU = 1500
Nocache
</AuthBy>
</Realm>
This is the file /usr/local/etc/raddb/users
[EMAIL PROTECTED]
User-Password = "fred",
Framed-Protocol = PPP,
Framed-MTU = 1500,
Idle-Timeout = 900
This is a trace of a typical session when dialing into Ziplink's NAS:
Thu Mar 1 17:58:44 2001: DEBUG: Packet dump:
*** Received from 206.15.158.137 port 50131 ....
Code: Access-Request
Identifier: 35
Authentic: <147><248>])S<129><250>`c<215>}eN<180><11>d
Attributes:
User-Name = "[EMAIL PROTECTED]"
User-Password = "<203>nw<138><235>{<10>
<185>Il<169>6G<172><194>"
NAS-IP-Address = 216.8.63.10
NAS-Port = 1368080
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Called-Station-Id = "2122025465"
Calling-Station-Id = "2125840303"
NAS-Identifier = "NYC-main"
Acct-Session-Id = "0284421182"
NAS-Port-Type = Async
Port-Limit = 0
The password matches, although it's apparently encrypted in this log.
The username matches. The reference manual states that the default
Service-Type is Framed-User, which is sent in the Access-Request packet.
I also know that the NAS happens to like the Access-Reply packets
User-Password = "fred",
Framed-Protocol = PPP,
Framed-MTU = 1500,
Idle-Timeout = 900
that I put in my users file, but these never get sent.
If I dial in with [EMAIL PROTECTED], I get the same sort of
Access-Request in the log, yet nothing happens. If anyone has any idea
why I don't get an Access-Reject back at least, I am very eager to know
why.
Thanks,
Richard Davis
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
