Hello,
we are using a one time password generator which has a radius interface. This one is hosted at an outsourcing provider, so I want to maintain local profiles for the different users types. I proxy the authentication request to the OTP radius server and add an additional stage for the profiles as outlined in the examples. (see the attached config-, user- and profile-files) The problem is that after the successful radius proxy authenti- cation the request returns with an Access-Accept but no further processing of the profiles is done. (please have a look at the trace at the end) Without the radius proxying everything works fine with the profiles, so what's my mistake ? Do you have any ideas ? Thanks in advance Stefan Gründel --------------------------------------------------------------- Stefan Gründel [EMAIL PROTECTED] IT Security MLP Login GmbH Tel.: +49 / (0)6221 / 308-2378 Forum 7 Fax.: +49 / (0)6221 / 308-1621 69126 Heidelberg Radiator Configuration: ----------------------- Foreground LogStdout Trace 4 # Set this to the directory where your logfile and details file are to go LogDir /var/log/radius # PID File in /var/run PidFile /var/run/radiusd.pid # Set this to the database directory. It should contain these files: # users The user database # dictionary The dictionary for your NAS DbDir /usr/local/etc/raddb AuthPort 1645 AcctPort 1646 <Client localhost> Secret mysecret DupInterval 0 Identifier RAS </Client> #---------------------- # RADIUS_PROXY #---------------------- <AuthBy RADIUS> Identifier RADIUS_PROXY <Host y.y.y.y> Secret xxxxxxxx </Host> </AuthBy> #---------------------- # LOCAL_PROFILE #---------------------- <AuthBy GROUP> Identifier LOCAL_PROFILE AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ <AuthBy FILE> Filename /usr/local/etc/raddb/dynamic_users </AuthBy> <AuthBy FILE> Filename /usr/local/etc/raddb/profiles # Pseudo-Attribut Profile entfernen StripFromReply Profile </AuthBy> </AuthBy> #---------------------- # Handler #---------------------- <Handler Request-Type = Accounting-Request> # lokales Accounting in ein File AcctLogFileName /var/log/radius/detail </Handler> <Handler> AuthByPolicy ContinueWhileAccept RewriteUsername s/^(.*)/$1\@MLP/ AuthBy RADIUS_PROXY AuthBy LOCAL_PROFILE </Handler> ------------------------------------------------------------- File profiles: -------------- DEFAULT Reply:Profile = RAS-Login Service-Type = Framed-User, Framed-Protocol = PPP, Filter-Id = RAS-Login Userfile: --------- sgruende Client-Identifier = RAS Profile = RAS-Login ------------------------------------------------------------- linux:/usr/local/etc/raddb # radpwtst -s localhost -secret mysecret -nostart -nostop -trace -user sgruende -password 59894217 gives: Thu Dec 20 00:52:14 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 32843 .... Code: Access-Request Identifier: 178 Authentic: 1234567890123456 Attributes: User-Name = "sgruende" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<204><178>g<148><155>n5<193><188>8<9><160><216>}x<153>" Thu Dec 20 00:52:14 2001: DEBUG: Check if Handler Request-Type = Accounting-Request should be used to handle this request Thu Dec 20 00:52:14 2001: DEBUG: Check if Handler should be used to handle this request Thu Dec 20 00:52:14 2001: DEBUG: Handling request with Handler '' Thu Dec 20 00:52:14 2001: DEBUG: Rewrote user name to sgruende@MLP Thu Dec 20 00:52:14 2001: DEBUG: Deleting session for sgruende, 203.63.154.1, 1234 Thu Dec 20 00:52:14 2001: DEBUG: Handling with Radius::AuthRADIUS Thu Dec 20 00:52:14 2001: DEBUG: Packet dump: *** Sending to 10.96.177.6 port 1645 .... Code: Access-Request Identifier: 1 Authentic: 1234567890123456 Attributes: User-Name = "sgruende@MLP" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<167><173><207>C<242><179>@<153><182>(S<164><215>U<214>-" Thu Dec 20 00:52:14 2001: DEBUG: Packet dump: *** Received from 10.96.177.6 port 1645 .... Code: Access-Accept Identifier: 1 Authentic: <176>;<164><227>8/<203><174><149><176><13><146>C<195><146><152> Attributes: Framed-Protocol = PPP Filter-Id = "std.in" Framed-MTU = 1500 Reply-Message = "geschafft" Session-Timeout = 900 Framed-IP-Address = 255.255.255.254 Service-Type = Framed-User Thu Dec 20 00:52:14 2001: DEBUG: Received reply in AuthRADIUS for req 1 from 10.96.177.6:1645 Thu Dec 20 00:52:14 2001: DEBUG: Access accepted for sgruende@MLP Thu Dec 20 00:52:14 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 32843 .... Code: Access-Accept Identifier: 178 Authentic: 1234567890123456 Attributes: Framed-Protocol = PPP Filter-Id = "std.in" Framed-MTU = 1500 Reply-Message = "geschafft" Session-Timeout = 900 Framed-IP-Address = 255.255.255.254 Service-Type = Framed-User === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.