Hello Richard -
On Friday 02 March 2001 14:46, Richard Davis wrote:
> I am currently using a freeware radius server called Icradius and would
> like to also use Radiator to incorporate it into future versions of our
> product. I know that the NASes out at Ziplink will accept these
> name-value pairs, because I used them to test our other radius server.
> I have included my config files below. You will notice that these are
> about the simplest possible configuration imaginable. I have tried
> lots of alternative to get this to work, but not have succeeded.
> What's even more annoying is that I get virtually nothing in the logs.
> It's as if Access-Requests come to Radiator, it acknowledges and logs
> the request, then drops the packet.
>
> It seems to me that even if I had botched my config files, if Radiator
> can at least find the users file (which it does), it should reply with
> an
> Access-Reject. However, it does not. It simply does nothing. This is
> confirmed when I do tcpdump, which shows packets coming in, but no
> packets going out in reply.
>
> If anyone has an idea why this very simple config is not working, I
> would
> be deeply appreciate it. I have tried to add the PasswordLogFileName
> tag
> to give a little information, but it didn't even touch the logfile, yet
> alone write it (I tried touching the file, but it still didn't write
> it.). I've fiddled around with lots and lots of other parameters as
> well
> without any success.
>
> At the end of the day, it is difficult to debug, because I can't see
> much
> in the logs.
>
> This is my radius.cfg file:
>
> Foreground
> LogStdout
> LogDir /usr/local/etc/raddb/
> DbDir /usr/local/etc/raddb/
> DictionaryFile /usr/local/etc/raddb/dictionary
>
> AuthPort 1645
> AcctPort 1646
>
> # User a lower trace level in production systems:
> Trace 4
>
>
> # You will probably want to change this to suit your site.
>
> <Client athena.ziplink.net>
> Secret XXXXXXX
> DupInterval 0
> </Client>
>
> <Client zeus.ziplink.net>
> Secret XXXXXXX
> DupInterval 0
> </Client>
>
> <Client DEFAULT>
> Secret XXXXXXX
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy FILE>
> Filename /usr/local/etc/raddb/users
> DefaultReply
> Service-Type=Framed-User,Framed-Protocol=PPP,Framed-MTU = 1500
> Nocache
> </AuthBy>
> </Realm>
>
>
> This is the file /usr/local/etc/raddb/users
>
> [EMAIL PROTECTED]
> User-Password = "fred",
> Framed-Protocol = PPP,
> Framed-MTU = 1500,
> Idle-Timeout = 900
>
Your user entry above is incorrect, it should be:
[EMAIL PROTECTED] User-Password = "fred"
Framed-Protocol = PPP,
Framed-MTU = 1500,
Idle-Timeout = 900
All check items must appear on the first line (beginning in column 1
*without* a comma at the end of the line), and all reply items must appear on
the second and subsequent lines with white space at the begining and a comma
on all lines except the last.
I would be interested to see a complete trace 4 showing the startup messages
from Radiator. The simplest way to do this is just to run radiusd from the
command line.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.