Hello Man Meng Fei -
I suspect that Radiator is not able to run the external command.
What happens when you run the following in a MS-DOS window:
C:\Perl\bin\testcommand.pl
There is probably something wrong with either the path or the contents of the file.
regards
Hugh
On Thursday, Oct 2, 2003, at 03:56 Australia/Melbourne, Man Meng Fei wrote:
Hi
Currently i am using a sample configuration (external.cfg) and perl
script (testcommand.pl) which can be retrieved from goodies directory to
understand the implementation of <AuthBy EXTERNAL>.
But after i executed it, i can't get the expected test result. I got No
Reply at Radius client. I hope someone can help me to make this <AuthBy
EXTERNAL> sample working.
Lastly i attached Radius Configration file which i used for the testing and Radius Server and Radius Client's output result
Man Meng Fei
----------radius.cfg----------- # external.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # EXTERNAL authentication. # # There is an example external program called testcommand.pl # in the goodies directory, whichthe example below uses. It # will accept the request if the username is "fred" otherwise reject # it. # # So if you run Radiator with this config file, then do # radpwtst -noacct -trace -user fred # you will see something like: # sending Access-Request... # OK # Code: Access-Accept # Identifier: 109 # Authentic: <12>_B<215><2>=<149><140>kBM<130><221><10>.S # Attributes: # Reply-Message = "you are fred" # # # And if you do: # radpwtst -noacct -trace -user someoneelse # you will see something like: # sending Access-Request... # Rejected # Code: Access-Reject # Identifier: 70 # Authentic: <165><206>RiJ<208><139><245><129>@<170><136><23>s<24><23> # Attributes: # Reply-Message = "you are NOT fred, you are 'someoneelse'" # Reply-Message = "Request Denied"
# # You should consider this file to be a starting point only # $Id: external.cfg,v 1.3 2003/09/22 23:30:56 mikem Exp $
Foreground LogStdout LogDir c:/Program Files/Radiator DbDir c:/Program Files/Radiator
Trace 4
# You will probably want to change this to suit your site. <Client DEFAULT> Secret mysecret DupInterval 0 </Client>
<Realm DEFAULT> <AuthBy EXTERNAL> # For NT, you might want something like this Command C:\Perl\bin\testcommand.pl # For Unix, maybe something like this # #Command ./goodies/testcommand.pl
# This will cause the User-Password # to be decrypted before being passed to the # external program DecryptPassword
# You might prefer use this to tell AuthBy EXTERNAL # to get the result from the first line of the # output. The permitted values are ACCEPT, REJECT # IGNORE CHALLENGE or REJECT_IMMEDIATE. ON Win98 # its the only way to get it to work. # We recommend you use this method ResultInOutput </AuthBy> </Realm>
-------Radius Server Output--------------------------
Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\man\Desktop>PERL c:\perl\bin\radiusd Thu Oct 2 01:16:58 2003: DEBUG: Finished reading configuration file 'C:\Program Files\Radiator\radius.cfg' This Radiator license will expire on 2004-02-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED]
Thu Oct 2 01:16:58 2003: DEBUG: Reading dictionary file 'c:/Program Files/Radia tor/dictionary' Thu Oct 2 01:16:58 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Thu Oct 2 01:16:58 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Thu Oct 2 01:16:58 2003: NOTICE: Server started: Radiator 3.7 on man (EVALUATIO N) Thu Oct 2 01:18:52 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3006 .... Code: Access-Request Identifier: 67 Authentic: 1234567890123456 Attributes: User-Name = "mikem" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
Thu Oct 2 01:18:52 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Oct 2 01:18:52 2003: DEBUG: Deleting session for mikem, 203.63.154.1, 1234 Thu Oct 2 01:18:52 2003: DEBUG: Running command: C:\Perl\bin\testcommand.pl Thu Oct 2 01:25:09 2003: ERR: ResultInOutput is enabled, but the first line of from the E XTRNAL command is an unknown result code Thu Oct 2 01:25:09 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3006 .... Code: Accounting-Request Identifier: 68 Authentic: <30>Z<190><154>(<20><153><30><10>c<24><237><243><176>V<236> Attributes: User-Name = "mikem" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0
Thu Oct 2 01:25:09 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Oct 2 01:25:09 2003: DEBUG: Adding session for mikem, 203.63.154.1, 1234 Thu Oct 2 01:25:09 2003: DEBUG: Running command: C:\Perl\bin\testcommand.pl
-------Radius Client Output-------------------------- Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\man\Desktop>perl c:\perl\bin\radpwtst -user mikem -password fred
sending Access-Request... No reply sending Accounting-Request Start... No reply sending Accounting-Request Stop... No reply
C:\Documents and Settings\man\Desktop>
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
