Re: (RADIATOR) Question in

Hugh Irvine Thu, 02 Oct 2003 19:14:14 -0700

Hello MAN -

All of the attributes in the current radius request are passed to the external command on standard input, and the results are returned on standard output. Please refer to section 6.26 in the Radiator manual ("doc/ref.html"). If you want to add any parameters to be passed to the external program you should add them as attributes to the current request before calling the AuthBy EXTERNAL clause.

You should also look at the source code in the file "Radius/AuthEXTERNAL.pm" to see exactly what happens.

regards

Hugh

On Friday, Oct 3, 2003, at 11:22 Australia/Melbourne, Man Meng Fei wrote:

Hi Mke and Hugh
May i know how should i pass the parameter into the perl script when i
execute <AUTH EXTERNAL> and how can get the result after execute the
perl script ?

Thank

MAN

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Man Meng Fei
Sent: Thursday, October 02, 2003 1:58 PM
To: 'Mike McCauley'; 'Hugh Irvine'
Cc: [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Question in <AuthBy EXTERNAL>


Hi
Do i need to pass any parameter to testcommand.pl ?

MAN

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Mike McCauley
Sent: Thursday, October 02, 2003 12:36 PM
To: Hugh Irvine; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Question in <AuthBy EXTERNAL>

Hi Hugh,

If you look at godies/external.cfg, you will see he needs something like this:

Command c:/perl/bin/perl ./goodies/testcommand.pl

DOS does not know how to interpret #!/usr/bin/perl so it cant run
C:\Perl\bin\testcommand.pl without some cluues.

Cheers.

On Thu, 2 Oct 2003 12:23 pm, Hugh Irvine wrote:

Hello Man Meng Fei -

I suspect that Radiator is not able to run the external command.

What happens when you run the following in a MS-DOS window:

C:\Perl\bin\testcommand.pl

There is probably something wrong with either the path or the contents

of the file.

regards

Hugh

On Thursday, Oct 2, 2003, at 03:56 Australia/Melbourne, Man Meng Fei

wrote:

Hi
Currently i am using a sample configuration (external.cfg) and perl
script (testcommand.pl) which can be retrieved from goodies
directory to understand the implementation of <AuthBy EXTERNAL>.
But after i executed it, i can't get the expected test result. I got

No

Reply at Radius client. I hope someone can help me to make this

<AuthBy

EXTERNAL> sample working.

Lastly i attached Radius Configration file which i used for the
testing and Radius Server and Radius Client's output result

Man Meng Fei

----------radius.cfg-----------
# external.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with #
EXTERNAL authentication. #
# There is an example external program called testcommand.pl
# in the goodies directory, whichthe example below uses. It
# will accept the request if the username is "fred" otherwise reject
# it.
#
# So if you run Radiator with this config file, then do
# radpwtst -noacct -trace -user fred
# you will see something like:
# sending Access-Request...
# OK
# Code:       Access-Accept
# Identifier: 109
# Authentic:  <12>_B<215><2>=<149><140>kBM<130><221><10>.S
# Attributes:
#         Reply-Message = "you are fred"
#
#
# And if you do:
# radpwtst -noacct -trace -user someoneelse
# you will see something like:
# sending Access-Request...
# Rejected
# Code:       Access-Reject
# Identifier: 70
# Authentic:

<165><206>RiJ<208><139><245><129>@<170><136><23>s<24><23>

# Attributes:
#         Reply-Message = "you are NOT fred, you are 'someoneelse'"
#         Reply-Message = "Request Denied"


#
# You should consider this file to be a starting point only # $Id:
external.cfg,v 1.3 2003/09/22 23:30:56 mikem Exp $

Foreground
LogStdout
LogDir          c:/Program Files/Radiator
DbDir           c:/Program Files/Radiator

Trace 4

# You will probably want to change this to suit your site. <Client
DEFAULT>
        Secret  mysecret
        DupInterval 0
</Client>

<Realm DEFAULT>
        <AuthBy EXTERNAL>
                # For NT, you might want something like this
                Command C:\Perl\bin\testcommand.pl

                # For Unix, maybe something like this
#               #Command ./goodies/testcommand.pl

                # This will cause the User-Password
                # to be decrypted before being passed to the
                # external program
                DecryptPassword

                # You might prefer use this to tell AuthBy EXTERNAL
                # to get the result from the first line of the
                # output. The permitted values are ACCEPT, REJECT
                # IGNORE CHALLENGE or REJECT_IMMEDIATE. ON Win98
                # its the only way to get it to work.
                # We recommend you use this method
                ResultInOutput
        </AuthBy>
</Realm>

-------Radius Server Output--------------------------

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\man\Desktop>PERL c:\perl\bin\radiusd Thu
Oct  2 01:16:58 2003: DEBUG: Finished reading configuration file
'C:\Program  Files\Radiator\radius.cfg'
This Radiator license will expire on 2004-02-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your evaluation period, contact [EMAIL PROTECTED]

Thu Oct 2 01:16:58 2003: DEBUG: Reading dictionary file 'c:/Program

Files/Radia tor/dictionary'
Thu Oct  2 01:16:58 2003: DEBUG: Creating authentication port
0.0.0.0:1645 Thu Oct  2 01:16:58 2003: DEBUG: Creating accounting
port

0.0.0.0:1646

Thu Oct 2 01:16:58 2003: NOTICE: Server started: Radiator 3.7 on

man

(EVALUATIO
N)
Thu Oct  2 01:18:52 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3006 ....
Code:       Access-Request
Identifier: 67
Authentic:  1234567890123456
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password =
"<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"

Thu Oct  2 01:18:52 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT' Thu Oct  2 01:18:52 2003: DEBUG:  Deleting session
for mikem, 203.63.154.1, 1234
Thu Oct  2 01:18:52 2003: DEBUG: Running command:
C:\Perl\bin\testcommand.pl
Thu Oct  2 01:25:09 2003: ERR: ResultInOutput is enabled, but the

first

line of from the E
XTRNAL command is an unknown result code
Thu Oct  2 01:25:09 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3006 ....
Code:       Accounting-Request
Identifier: 68
Authentic:

<30>Z<190><154>(<20><153><30><10>c<24><237><243><176>V<236>

Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0

Thu Oct  2 01:25:09 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT' Thu Oct  2 01:25:09 2003: DEBUG:  Adding session for

mikem, 203.63.154.1, 1234
Thu Oct  2 01:25:09 2003: DEBUG: Running command:
C:\Perl\bin\testcommand.pl


-------Radius Client Output-------------------------- Microsoft
Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\man\Desktop>perl c:\perl\bin\radpwtst
-user mikem -password fred

sending Access-Request...
No reply
sending Accounting-Request Start...
No reply
sending Accounting-Request Stop...
No reply

C:\Documents and Settings\man\Desktop>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe
radiator' in the body of the message.


NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?


--
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.


NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Question in

Reply via email to