Fri Jul 12 15:05:37 2002: DEBUG: Reading users file /usr/local/etc/radius/users
Fri Jul 12 15:05:38 2002: INFO: Server started: Radiator 3.1 on KWGENLX01
Wed Jul 17 20:18:22 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32903 ....
Code: Access-Request
Identifier: 96
Authentic: 1234567890123456
Attributes:
User-Name = "radius"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<137><234>,<222><216>3v<146><188>8<9><160><216>}x<153>"
Wed Jul 17 20:18:22 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jul 17 20:18:22 2002: DEBUG: Deleting session for radius, 203.63.154.1, 1234
Wed Jul 17 20:18:22 2002: DEBUG: Handling with Radius::AuthFILE: CheckUsers
Wed Jul 17 20:18:22 2002: DEBUG: Radius::AuthFILE looks for match with radius
Wed Jul 17 20:18:22 2002: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Wed Jul 17 20:18:22 2002: DEBUG: Handling with NT
Wed Jul 17 20:18:22 2002: DEBUG: Radius::AuthFILE ACCEPT:
Wed Jul 17 20:18:22 2002: DEBUG: Access accepted for radius
Wed Jul 17 20:18:22 2002: WARNING: No such attribute Framed-Protocal
Wed Jul 17 20:18:22 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32903 ....
Code: Access-Accept
Identifier: 96
Authentic: 1234567890123456
Attributes:
Service-Type = Framed-User
Framed-Protocal = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.255
Wed Jul 17 20:18:22 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32903 ....
Code: Accounting-Request
Identifier: 97
Authentic: <216>!<211><234><146><8>!<231><131>DC<4>-<214><16>p
Attributes:
User-Name = "radius"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Framed-IP-Address = 255.255.255.254
Acct-Delay-Time = 0
Wed Jul 17 20:18:22 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jul 17 20:18:22 2002: DEBUG: Adding session for radius, 203.63.154.1, 1234
Wed Jul 17 20:18:22 2002: DEBUG: Handling with Radius::AuthFILE: CheckUsers
Wed Jul 17 20:18:22 2002: DEBUG: Accounting accepted
Wed Jul 17 20:18:22 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32903 ....
Code: Accounting-Response
Identifier: 97
Authentic: <216>!<211><234><146><8>!<231><131>DC<4>-<214><16>p
Attributes:
Wed Jul 17 20:18:22 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32903 ....
Code: Accounting-Request
Identifier: 98
Authentic: <180><189><208><251><201>\5A@K<0>f<210><186>n<217>
Attributes:
User-Name = "radius"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Framed-IP-Address = 255.255.255.254
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Wed Jul 17 20:18:22 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jul 17 20:18:22 2002: DEBUG: Deleting session for radius, 203.63.154.1, 1234
Wed Jul 17 20:18:22 2002: DEBUG: Handling with Radius::AuthFILE: CheckUsers
Wed Jul 17 20:18:22 2002: DEBUG: Accounting accepted
Wed Jul 17 20:18:22 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32903 ....
Code: Accounting-Response
Identifier: 98
Authentic: <180><189><208><251><201>\5A@K<0>f<210><186>n<217>
Attributes:
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: 07/11/2002 05:15PM
Subject: Re: (RADIATOR) Auth by NT group & Radius rejects expired passwords
# define AuthBy clauses
<AuthBy NT>
Identifier CheckPrimary
Domain KWI_CSBP
DomainController KWI_NT5
</AuthBy>
<AuthBy NT>
Identifier CheckBackup
Domain KWI_CSBP
DomainController KWDRPNT01
</AuthBy>
<AuthBy FILE>
Identifier CheckUsers
Filename /usr/local/etc/radius/users
AddToReply Service-Type = Framed-User, \
Framed-Protocal = PPP, \
Framed-IP-Address = 255.255.255.254, \
Framed-IP-Netmask = 255.255.255.255
</AuthBy>
<Realm DEFAULT>
AuthBy CheckUsers
# Log accounting to a detail file
AcctLogFileName %L/detail
</Realm>
# Full copy of users our "users" file below
DEFAULT Auth-Type = CheckPrimary, Group = Dialup
DEFAULT Auth-Type = CheckBackup, Group = Dialup
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: 06/29/2002 09:00AM
Subject: Re: (RADIATOR) Auth by NT group & Radius rejects expired passwords
Hello Richard -I notice that Ashley Kent has already sent you an example (thanks Ash).You should also note that there is a patched version of AuthNT.pm for Radiator 3.1 that implements a number of new flags for dealing with password expiry, etc.Finally, there is usually no way to prompt a client for anything as the dialup client doesn't display any return messages (ie: Microsoft).regardsHughOn Fri, 28 Jun 2002 15:16, [EMAIL PROTECTED] wrote:> We would like Radiator to auth to an NT group on the Domain. But we are> unsure of how to get it working. We have been trying to use the Group => XXX, but we must have the syntax wrong. If we could get an example> Radius.cfg to copy from someone it would help heaps.>> We also have an issue were Radiator rejects expired passwords for clients> logging on. Is there a way to have the client prompted to change the> expired password when dialing in.>> I have included a copy of our radius.cfg. Please make explanations simple> as we are newbies. :-)>> Thanks> Richard>>> # define AuthBy clauses>> <Realm DEFAULT>> <AuthBy NT>>> Identifier CheckPrimary> Domain KWI_CSBP> DomainController KWI_NT5>> </AuthBy>>> <AuthBy NT>> Identifier CheckBackup> Domain KWI_CSBP> DomainController KWDRPNT01>> </AuthBy>>>> <AuthBy NT>> AddToReply Service-Type = Framed-User, \> Framed-Protocal = PPP, \> Framed-IP-Address = 255.255.255.254, \> Framed-IP-Netmask = 255.255.255.255> </AuthBy>>> # Log accounting to a detail file> AcctLogFileName %L/detail>> </Realm>>>>> ===> Archive at http://www.open.com.au/archives/radiator/> Announcements on [EMAIL PROTECTED]> To unsubscribe, email '[EMAIL PROTECTED]' with> 'unsubscribe radiator' in the body of the message.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.===Archive at http://www.open.com.au/archives/radiator/Announcements on [EMAIL PROTECTED] unsubscribe, email '[EMAIL PROTECTED]' with'unsubscribe radiator' in the body of the message.==Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
