Hello Rabbie -
I suspect the shared secrets are not correct between "radpwtst" and the corresponding Client clause in the Radiator configuration.
There was also a recent fix for this in Radiator 3.7.1 (from the history file):
â AuthBy RADIUS now correctly handles replies of type Disconnect-Request-ACKed. Contributed by Robert Thomson.
regards
Hugh
On 16/12/2003, at 10:33 AM, Rabbie Zalaf wrote:
Hi All.
Â
I am trying to set up a reverse RADIUS proxy to do POD to our LNS.
Â
If I send the Disconnect-Request directly to the LNS it works fine..
Eg:
radpwtst -trace 4 -acct_port 1234 -secret xxxxxxx -s xxx.xxx.xxx.xxx -noauth -noacct -code Disconnect-Request -dictionary /etc/radiator/dictionary "User-Name=DISCONNECTME"
Â
However, if send the request to the localhost so it gets proxies, it comes back as INVALID AUTHENTICATOR...
Â
Tue Dec 1610:15:472003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 1234 ....
Code:ÂÂÂÂÂÂ Disconnect-Request
Identifier: 1
Authentic:Â <127><191>b<215><215><135><143><217>Y<220><227><30><130>E>Z
Attributes:
ÂÂÂÂÂÂÂ User-Name = "DISCONNECTME"
Â
Tue Dec 1610:15:472003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.xxx port 1234 ....
Code:ÂÂÂÂÂÂ Disconnect-Request-NAKed
Identifier: 1
Authentic:Â Y<216><128>+',<141><174>6$<132><201>P<230>L9
Attributes:
ÂÂÂÂÂÂÂ Reply-Message = "Invalid Authenticator"
Â
Â
Here is the config for my proxy.
Â
#Foreground
#LogStdout
LogDirÂÂÂÂÂÂÂÂÂ /var/log/radius
DbDirÂÂÂÂÂÂÂÂÂÂ /etc/radiator
Â
# ServerId is defined on command line
PidFileÂÂÂÂÂÂÂÂ %L/%{GlobalVar:ServerId}.pid
LogFileÂÂÂÂÂÂÂÂ %L/%{GlobalVar:ServerId}/logfile-%Y-%m-%d
Â
TraceÂÂÂÂÂÂÂÂÂÂ 4
Â
BindAddress xxx.xxx.xxx.xxx
Â
AuthPort 1815
AcctPort
Â
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Â
<ClientListSQL>
ÂÂÂÂÂÂÂ DBSourceÂÂÂÂÂÂÂ dbi:mysql:radius
ÂÂÂÂÂÂÂ DBUsernameÂÂÂÂÂ username
ÂÂÂÂÂÂÂ DBAuthÂÂÂÂÂÂÂÂ ÂÂÂÂÂpassword
</Client>
Â
<Handler>
ÂÂÂÂÂÂÂ <AuthBy RADIUS>
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ HostÂÂÂÂÂÂÂÂÂÂÂ 1.2.3.4
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ AuthPortÂÂÂÂÂÂ 1234
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ SecretÂÂÂÂÂÂÂÂÂ somesecret
ÂÂÂÂÂÂÂ </AuthBy>
</Handler>
Â
Any help would be greately appreciated.
Â
Rabbie Zalaf Network Consultant Leading Edge Internet 02 9497 4024 http://www.leadingedgeinternet.net.au
-----BEGIN GEEK CODE BLOCK----- VERSION: 3.1 GIT d++ s:>s-:- a22 C++++ L U+++ P+ L+++>$L+++++ E--- W+++ w-- M-- t+++ G++ -----END GEEK CODE BLOCK-----
This document together with any attachments is confidential and is intended for the named recipient only. It can not be copied, disclosed, passed on or duplicated in any way shape or form, without the prior permission of the author. If you are not the intended recipient please contact the author immediately and destroy the message. All parties acknowledge that any breach of confidence or disclosures made by any party, (including their employees, agents and contracted service providers such as solicitors, accountants, auditors and others), which may result in a commercial loss to Leading Edge Group, may result in Leading Edge Group exercising such rights as are available to them in connection with that loss.
Â
Â
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
