Hello Stefan -
The port numbers and secret are only evaluated at run time as you have discovered.
A better method for dealing with multiple, changing radius proxies is to use the AuthBy SQLRADIUS clause which stores the target details in an SQL database. See section 6.45 in the Radiator 3.6 reference manual ("doc/ref.html").
regards
Hugh
On Friday, Sep 12, 2003, at 00:33 Australia/Melbourne, [EMAIL PROTECTED] wrote:
Hello all,
I want to define global variables for remote radius servers, their Auth-Port and Radius secret for use in a radius proxy statement. (I have to change these settings from time to time) (See the attached radius config below)
Strange things are happening: Some of the defined global vars get evaluated correctly: %{GlobalVar:radius1} and %{GlobalVar:radius2} Some are ignored: %{GlobalVar:secret} and %{GlobalVar:port} (see the trace below)
I'm bugging around with this issue for some days now ...
Any ideas out there ? Thanks for your input :-)
Best regards Stefan Gr�ndel
my config: ---------- Trace 4 LogDir /var/log/radius_test PidFile /var/run/radiusd_test.pid DbDir /etc/radiator
AuthPort 1822 AcctPort 1823
<Client localhost> Secret mysecret Identifier TEST </Client>
# Global Variables DefineFormattedGlobalVar radius1 ldap2.mlp-ag.com DefineFormattedGlobalVar radius2 ldap.mlp-ag.com DefineFormattedGlobalVar port 1812 DefineFormattedGlobalVar secret xxxxxxxxxx
<AuthBy GROUP> Identifier RADIUS_PROXY_PUR <AuthBy RADIUS> Host %{GlobalVar:radius1},%{GlobalVar:radius2} Secret %{GlobalVar:secret} AuthPort %{GlobalVar:port} Retries 1 RetryTimeout 2 FailureBackoffTime 300 </AuthBy> </AuthBy>
<Handler Request-Type = Accounting-Request > AcctLogFileName /var/log/radius_test/detail </Handler>
<Handler Client-Identifier = TEST> Identifier TEST AuthBy RADIUS_PROXY_PUR </Handler> ===========================================================
my radpwtst call: ----------------- radpwtst -s localhost -secret mysecret -user test -password 57805074 -auth_port 1822 -noacct -trace 4 -time Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 127.0.0.1 port 1822 .... Code: Access-Request Identifier: 32 Authentic: 1234567890123456 Attributes: User-Name = "test" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<204><188>g<157><154>l3<194><188>8<9><160><216>}x<153>"
No reply time for 1 iterations: 5 s ===========================================================
my log:
-------
Thu Sep 11 15:51:47 2003: DEBUG: Finished reading configuration file
'/etc/radiator/radius_test.cfg'
Thu Sep 11 15:51:47 2003: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
Thu Sep 11 15:51:47 2003: DEBUG: Creating authentication port 0.0.0.0:1822
Thu Sep 11 15:51:47 2003: DEBUG: Creating accounting port 0.0.0.0:1823
Thu Sep 11 15:51:47 2003: NOTICE: Server started: Radiator 3.6 on ldap1
Thu Sep 11 15:52:02 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 32834 .... Code: Access-Request Identifier: 32 Authentic: 1234567890123456 Attributes: User-Name = "test" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<204><188>g<157><154>l3<194><188>8<9><160><216>}x<153>"
Thu Sep 11 15:52:02 2003: DEBUG: Handling request with Handler
'Client-Identifier = TEST'
Thu Sep 11 15:52:02 2003: DEBUG: Deleting session for test, 203.63.154.1,
1234
Thu Sep 11 15:52:02 2003: DEBUG: Handling with Radius::AuthGROUP
Thu Sep 11 15:52:02 2003: DEBUG: Handling with Radius::AuthRADIUS
Thu Sep 11 15:52:02 2003: DEBUG: Packet dump:
*** Sending to 10.96.22.61 port 0 ....
Code: Access-Request
Identifier: 1
Authentic: 1234567890123456
Attributes:
User-Name = "test"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
Thu Sep 11 15:52:04 2003: DEBUG: Timed out, retransmitting Thu Sep 11 15:52:04 2003: DEBUG: Packet dump: *** Sending to 10.96.22.61 port 0 .... Code: Access-Request Identifier: 1 Authentic: 1234567890123456 Attributes: User-Name = "test" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
Thu Sep 11 15:52:06 2003: INFO: AuthRADIUS: No reply after 1 retransmissions to 10.96.22.61:0 for test (32) Thu Sep 11 15:52:06 2003: DEBUG: Packet dump: *** Sending to 10.96.22.58 port 0 .... Code: Access-Request Identifier: 1 Authentic: 1234567890123456 Attributes: User-Name = "test" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
Thu Sep 11 15:52:08 2003: DEBUG: Timed out, retransmitting Thu Sep 11 15:52:08 2003: DEBUG: Packet dump: *** Sending to 10.96.22.58 port 0 .... Code: Access-Request Identifier: 1 Authentic: 1234567890123456 Attributes: User-Name = "test" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "0<131><208><132>:<170><5><25><25><130>[<207><222><172>C<5>"
Thu Sep 11 15:52:10 2003: INFO: AuthRADIUS: No reply after 1
retransmissions to 10.96.22.58:0 for test (32)
Thu Sep 11 15:52:10 2003: INFO: AuthRADIUS could not find a working host
to forward to. Ignoring
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
