Hello All.
Been several years since I've had to post anything hear but here is my
issue.
We are upgrading from 2.13 to 2.19. I had copied over the radius.cfg file
from the one machine to the next.
When attempting to authenticate from a test server that works just fine on
the 2.13 machine, I get this in the log file:
---Begin Log Excerpt----------------------------
Mon Feb 18 14:43:42 2002: DEBUG: Handling request with Handler
'Realm=vpn.compuware.com'
Mon Feb 18 14:43:42 2002: DEBUG: Deleting session for u43007, 10.255.255.5,
1645
Mon Feb 18 14:43:42 2002: DEBUG: Handling with Radius::AuthSQL
Mon Feb 18 14:43:42 2002: DEBUG: Handling with Radius::AuthSQL:
Mon Feb 18 14:43:42 2002: DEBUG: Query is: select password, 'Service-Type =
Login-User, Auth-Type = System' from serauser where
serauser='[EMAIL PROTECTED]'
Mon Feb 18 14:43:42 2002: DEBUG: Radius::AuthSQL looks for match with
[EMAIL PROTECTED]
Mon Feb 18 14:43:42 2002: DEBUG: Query is: select password, 'Service-Type =
Login-User, Auth-Type = System' from serauser where serauser='DEFAULT'
Mon Feb 18 14:43:42 2002: INFO: Access rejected for
[EMAIL PROTECTED]: No such user
---End Log Excerpt------------------------------
It is failing because the realm has been appended to the username. In the
config file which I have attached below, I am using the '%n' substitution
and it works Ok in 2.13. I figured that there was some change between 2.13
and 2.19 and I was correct. I attempted to use '%u' instead and the
resulting logfile entry looks like this:
---Begin Log Excerpt----------------------------
Mon Feb 18 14:51:52 2002: DEBUG: Handling request with Handler
'Realm=vpn.compuware.com'
Mon Feb 18 14:51:52 2002: DEBUG: Deleting session for u33357, 10.255.255.5,
1645
Mon Feb 18 14:51:52 2002: DEBUG: Handling with Radius::AuthSQL
Mon Feb 18 14:51:52 2002: DEBUG: Handling with Radius::AuthSQL:
Mon Feb 18 14:51:52 2002: DEBUG: Query is: select password, 'Service-Type =
Login-User, Auth-Type = System' from serauser where serauser='u33357'
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthSQL looks for match with
[EMAIL PROTECTED]
Mon Feb 18 14:51:52 2002: ERR: Attribute number 79 is not defined in your
dictionary
Mon Feb 18 14:51:52 2002: DEBUG: Handling with Radius::AuthUNIX: System
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthUNIX looks for match with
[EMAIL PROTECTED]
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthSQL REJECT: No such user
Mon Feb 18 14:51:52 2002: DEBUG: Query is: select password, 'Service-Type =
Login-User, Auth-Type = System' from serauser where serauser='u33357'
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthSQL looks for match with
DEFAULT
Mon Feb 18 14:51:52 2002: DEBUG: Handling with Radius::AuthUNIX: System
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthUNIX looks for match with
[EMAIL PROTECTED]
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthSQL REJECT: No such user
Mon Feb 18 14:51:52 2002: DEBUG: Query is: select password, 'Service-Type =
Login-User, Auth-Type = System' from serauser where serauser='u33357'
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthSQL looks for match with
DEFAULT1
Mon Feb 18 14:51:52 2002: DEBUG: Handling with Radius::AuthUNIX: System
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthUNIX looks for match with
[EMAIL PROTECTED]
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthSQL REJECT: No such user
Mon Feb 18 14:51:52 2002: DEBUG: Query is: select password, 'Service-Type =
Login-User, Auth-Type = System' from serauser where serauser='u33357'
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthSQL looks for match with
DEFAULT2
Mon Feb 18 14:51:52 2002: DEBUG: Handling with Radius::AuthUNIX: System
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthUNIX looks for match with
[EMAIL PROTECTED]
Mon Feb 18 14:51:52 2002: DEBUG: Radius::AuthSQL REJECT: No such user
Mon Feb 18 14:51:52 2002: DEBUG: Query is: select password, 'Service-Type =
Login-User, Auth-Type = System' from serauser where serauser='u33357'
---End Log Excerpt------------------------------
And it continues to throw these messages up until I kill the process.
Here is the config file (less secrets) that I use on the 2.13 install. I
would appreciate any help or direction anybody can give.
Regards,
Tim Young
Internet Security Analyst
Compuware Corporation
---Begin radius.cfg------------------------------
# radius.cfg
#
# This is a very simple radius.cfg that you can use to get started.
# only the most important parameters are set here. The full set
# of parameters can be seen in radius.cfg in the top of the distribution
tree.
#
# As it stands, it will authenticate a single client and a
# single realm from a flat file
# database, and save the accounting info to a single details file.
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: radius.cfg,v 1.2 1998/03/01 11:54:16 mikem Exp $
# Set this to the directory where your logfile and details file are to go
LogDir /var/log/radius
#LogFile %L/logfile.%C.%Y%m%d
LogFile %L/logfile.%Y%m%d
# Set this to the database directory. It should contain these files:
# users The user database
# dictionary The dictionary for your NAS
DbDir /usr/local/etc/raddb
PidFile /usr/local/etc/radiusd.pid
#Trace 4
Trace 4
AuthPort 1645
AcctPort 1646
<Client localhost>
Secret mysecret
DupInterval 0
</Client>
# This clause defines a single client to listen to
# Thebox.compuware.com - answers PAL requests
<Client 1.2.3.4>
Secret blah1
DefaultRealm compuware.com
</Client>
# Replacement for thebox
<Client 5.6.7.8>
Secret blah2
DefaultRealm compuware.com
</Client>
#Client config for boris (Shiva VPN server)
#<Client boris.eco.compuware.com>
# Secret blah3
# DefaultRealm vpn.eco.compuware.com
#</Client>
# Client config for tkt2ride
<Client tkt2ride.compuware.com>
Secret blah4
DefaultRealm vpn2.compuware.com
IgnoreAcctSignature
</Client>
# Client config for ammut
<Client ammut.compuware.com>
Secret blah5
DefaultRealm vpn3.compuware.com
IgnoreAcctSignature
</Client>
# Client config for natasha
<Client natasha.compuware.com>
Secret blah6
DefaultRealm vpn.compuware.com
</Client>
<Client rocky.nl.compuware.com>
Secret blah7
DefaultRealm vpn.nl.compuware.com
</Client>
<Realm vpn.eco.compuware.com>
# <AuthBy FILE>
# Filename %D/VPN_User
# Nocache
# DynamicCheck Group
# </AuthBy>
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select password, 'Service-Type = Login-User,
Auth-Type = System' \
from serauser where serauser='%n'
EncryptedPassword
</AuthBy>
<AuthBy SQL>
# DynamicCheck Group
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select seragroup from seragroup where
serauser='%n' and seragroup = '%{Shiva-VPN-Group}'
AuthColumnDef 0, Shiva-VPN-Group, check
</AuthBy>
AcctLogFileName %L/Boris.%Y%m%d
</Realm>
<Realm vpn.compuware.com>
# <AuthBy FILE>
# Filename %D/VPN_User
# Nocache
# DynamicCheck Group
# </AuthBy>
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select password, 'Service-Type = Login-User,
Auth-Type = System' \
from serauser where serauser='%u'
EncryptedPassword
</AuthBy>
<AuthBy SQL>
# DynamicCheck Group
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select seragroup from seragroup where
serauser='%u' and seragroup = '%{Shiva-VPN-Group}'
AuthColumnDef 0, Shiva-VPN-Group, check
</AuthBy>
AcctLogFileName %L/Natasha.%Y%m%d
</Realm>
#Realm setup for tkt2ride
<Realm vpn2.compuware.com>
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select password, 'Service-Type = Login-User,
Auth-Type = System' \
from serauser where serauser='%n'
EncryptedPassword
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select seragroup from seragroup where
serauser='%n' and seragroup = '%{Shiva-VPN-Group}'
AuthColumnDef 0, Shiva-VPN-Group, check
</AuthBy>
AcctLogFileName %L/tkt2ride.%Y%m%d
</Realm>
#Realm setup for ammut
<Realm vpn3.compuware.com>
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select password, 'Service-Type = Login-User,
Auth-Type = System' \
from serauser where serauser='%n'
EncryptedPassword
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select seragroup from seragroup where
serauser='%n' and seragroup = '%{Shiva-VPN-Group}'
AuthColumnDef 0, Shiva-VPN-Group, check
</AuthBy>
AcctLogFileName %L/ammut.%Y%m%d
</Realm>
<Realm vpn.nl.compuware.com>
# <AuthBy FILE>
# Filename %D/VPN_User
# Nocache
# DynamicCheck Group
# </AuthBy>
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select password, 'Service-Type = Login-User,
Auth-Type = System' \
from serauser where serauser='%n'
EncryptedPassword
</AuthBy>
<AuthBy SQL>
# DynamicCheck Group
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select seragroup from seragroup where
serauser='%n' and seragroup = '%{Shiva-VPN-Group}'
AuthColumnDef 0, Shiva-VPN-Group, check
</AuthBy>
AcctLogFileName %L/Rocky.%Y%m%d
</Realm>
<Realm compuware.com>
RewriteUsername s/^([^@]+).*/$1/
# PasswordLogFileName %L/Worldcom.pass
AuthByPolicy ContinueWhileAccept
<AuthBy FILE>
Filename %D/Worldcom_User
</AuthBy>
<AuthBy SQL>
DynamicReply Service-Type
DBSource dbi:mysql:serauser
DBUsername radius
DBAuth blah
AuthSelect select password from serauser where serauser='%n'
EncryptedPassword
# AddToReply Service-Type = %{Service-Type}
AddToReply Idle-Timeout = 1800, Service-Type=%{Service-Type}
</AuthBy>
# RewriteUsername s/^(.*)/$[EMAIL PROTECTED]/
AcctLogFileName %L/Worldcom.%Y%m%d
</Realm>
# This clause defines a single realm to handle
#<Realm DEFAULT>
# <AuthBy FILE>
# # The filename defaults to %D/users
# </AuthBy>
# # Log accounting to the detail file in LogDir
# AcctLogFileName %L/detail
#</Realm>
# The following is a dummy realm for holding authby Unix
<Realm thisisnotarealrealmbutjustaholder>
<AuthBy UNIX>
Identifier System
Filename %D/passwd
GroupFilename %D/group
DynamicCheck Group
</AuthBy>
</Realm>
---End radius.cfg-----------------------------------
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
