On 02/09/2011 05:37 PM, Adam Bishop wrote: > * Can I disable PAP?
You can not stop client sending User-Password attribute, but you can create a handler that rejects the request if the attribute is present. That could direct the users to move e.g. from TTLS/PAP to TTLS/MSCHAPv2 or something else that does not cause passwords to be logged with Trace 4. > * Using fork with AuthByNTLM causes the request to fail: > > Wed Feb 9 15:22:24 2011: DEBUG: Handling with Radius::AuthNTLM: Wed Feb 9 > 15:22:24 2011: DEBUG: AuthBy NTLM result: IGNORE, forked > > Anyone used fork with NTLM? This does not look like failure to me. This is logged by the parent meanwhile the newly forked child is handling the request. The real result should come from the child process once it finishes. You should see messages from the child in the logs while it does NTLM authentication. Why would you need to use fork with NTLM? > * What do I need to do to get these types of accounting requests handled? > The standard user accounting packets are handled fine, but the NAS status > updates aren't: Just guessing here, but if you use Handlers that try to match realms there is no User-Name where the realm comes from. You could try a Handler that has Request-Type = Accounting-Request, Acct-Status-Type = Accounting-On > *** Received from 193.63.63.103 port 1814 .... > Code: Accounting-Request > Identifier: 217 > Authentic: <6><7><204><18><175><169>.<176><146>$<30><168><221><255>l<143> > Attributes: > Acct-Status-Type = Accounting-On > Acct-Authentic = RADIUS > NAS-IP-Address = 193.63.63.103 > NAS-Identifier = "HiveAP3" > Called-Station-Id = "00-19-77-1B-CD-60:eduroam-dev" > Acct-Terminate-Cause = NAS-Reboot > Proxy-State = 0 > > Wed Feb 9 15:21:40 2011: WARNING: Could not find a handler for : request is > ignored > > Thanks for your help, No problem. Please send your config file (no secrets) if you need further comments. Thanks! -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
