Re: (RADIATOR) CHAP works, PAP doesn't ( solved )
Hi all, To follow up on my own post of some time ago: This is solved now, and although it is a bit difficult to trace the original problem now, I believe it was caused by a combination of a secret with characters like ; } and ! together with some misunderstanding when changing this. Thanks Hugh and Wim for your assistance! gerard -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: website access / ipass authentication
Hi Hugh,
OK. I have manually installed a second copy of radiator in
/radiatordb/radiatorhttp directory.
I have changed the port accordingly.
I made a copy of the /etc/init.d/radiator file and save it as
/etc/init.d/radiatorhttp
I edited radiatorhttp to reflect the config of my new radiator install and
used the
RH chkconfig to add the service to the system.
The problem I noticed now is that when I use the service command on
radiatorhttp
it appears to work on my original radiator installation!
service (start/stop/restart/status) radiatorhttp actuallly works on my
radiator service
and not radiatorhttp. Any ideas?
Please find attached my /etc/init.d/radiator /etc/init.d/radiatorhttp
files.
Regards,
Tunde Itayemi.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, January 11, 2003 5:25 AM
Subject: Re: website access / ipass authentication
Hello Tunde -
If you want to use different port numbers, why not just use two
instances of Radiator?
Otherwise, have a look at a trace 4 debug to see what attributes are
included in the radius requests that you can use.
regards
Hugh
On Saturday, Jan 11, 2003, at 04:02 Australia/Melbourne, Ayotunde
Itayemi wrote:
Hi Hugh, Hi All,
I have the ipass netserver installed on my RADIUS server. I also want
to use radiator to
authenticate access to some webpages on the same server. The problem
is that the
config for ipass netserver and webserver authentication both use the
localhost client
designation. The only way out I see it to change the port that the
webserver uses for
radius authentication and configure radiator to also listen on (this)
extra port.
The issue now is how do I differentiate requests from the two ports
and process the
requests accordingly using two different Realm clauses - or cascaded
AuthBys?
Please advice?
Regards,
Tunde Itayemi.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
#!/bin/sh
#
# radiator This shell script takes care of starting and stopping \
# Radiator (radius daemon).
#
# chkconfig: 2345 90 15
# description: radiator is the radius daemon required for RAS AAA.
# processname: /usr/bin/radiusd
#
# Startup script for Radiator on Linux. Install this as
# /etc/init.d/radiator. If you have chkconfig, you can use
# chkconfig -add radiator
# to generate the required start asnd stop entries in /etc/rc[2345].d/
# Otherwise, you need to add symlinks to /etc/rc[2345].d/
#
# config: /etc/radiator/radius.cfg
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 2000 Open System Consultants
# $Id: linux-radiator.init,v 1.4 2002/08/20 00:56:30 mikem Exp $
# Source 'em up
. /etc/init.d/functions
RADIUSD=/radiatordb/radiatorhttp/radiusd
RADIATOR_CONFIG=/radiatordb/radiatorhttp/radius.cfg
RADIATOR_ARGS=
# Source additional OPTIONS if we have them.
if [ -f /etc/sysconfig/radiator ] ; then
. /etc/sysconfig/radiator
fi
if [ ! -x $RADIUSD ]; then
exit 0
fi
start() {
# don't do squat if we don't have the config file
if [ -f $RADIATOR_CONFIG ]; then
echo -n Starting Radiator:
daemon $RADIUSD -config_file $RADIATOR_CONFIG $RADIATOR_ARGS
RETVAL=$?
echo
else
echo Unable to find config file $RADIATOR_CONFIG!
fi
return $RETVAL
}
stop() {
echo -n Shutting down Radiator:
killproc /radiatordb/radiatorhttp/radiusd
RETVAL=$?
echo
return $RETVAL
}
case $1 in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
status)
status /radiatordb/radiatorhttp/radiusd
RETVAL=$?
;;
*)
echo Usage: $0 {start|stop|restart|status}
exit 1
esac
exit $RETVAL
#!/bin/sh
#
# radiator This shell script takes care of starting and stopping \
# Radiator (radius daemon).
#
# chkconfig: 2345 90 15
# description: radiator is the radius daemon required for RAS AAA.
# processname: /usr/bin/radiusd
#
# Startup script for Radiator on Linux. Install this as
# /etc/init.d/radiator. If you have chkconfig, you can use
# chkconfig -add radiator
# to generate the required start asnd stop entries in /etc/rc[2345].d/
# Otherwise, you need to add symlinks to /etc/rc[2345].d/
#
# config: /etc/radiator/radius.cfg
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 2000 Open System Consultants
# $Id: linux-radiator.init,v 1.4 2002/08/20 00:56:30 mikem Exp $
# Source 'em up
. /etc/init.d/functions
RADIUSD=/usr/bin/radiusd
RADIATOR_CONFIG=/etc/radiator/radius.cfg
RADIATOR_ARGS=
# Source additional OPTIONS if we have them.
if [ -f /etc/sysconfig/radiator ] ; then
. /etc/sysconfig/radiator
fi
if [ ! -x $RADIUSD ]; then
exit 0
fi
start() {
# don't do squat if we don't have the
Re: (RADIATOR) Re: website access / ipass authentication
Hello Tunde - I am afraid I can't help you with questions about service as I don't use it. I generally use the restartWrapper utility included in the goodies directory. regards Hugh On Monday, Jan 13, 2003, at 23:38 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, OK. I have manually installed a second copy of radiator in /radiatordb/radiatorhttp directory. I have changed the port accordingly. I made a copy of the /etc/init.d/radiator file and save it as /etc/init.d/radiatorhttp I edited radiatorhttp to reflect the config of my new radiator install and used the RH chkconfig to add the service to the system. The problem I noticed now is that when I use the service command on radiatorhttp it appears to work on my original radiator installation! service (start/stop/restart/status) radiatorhttp actuallly works on my radiator service and not radiatorhttp. Any ideas? Please find attached my /etc/init.d/radiator /etc/init.d/radiatorhttp files. Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 5:25 AM Subject: Re: website access / ipass authentication Hello Tunde - If you want to use different port numbers, why not just use two instances of Radiator? Otherwise, have a look at a trace 4 debug to see what attributes are included in the radius requests that you can use. regards Hugh On Saturday, Jan 11, 2003, at 04:02 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I have the ipass netserver installed on my RADIUS server. I also want to use radiator to authenticate access to some webpages on the same server. The problem is that the config for ipass netserver and webserver authentication both use the localhost client designation. The only way out I see it to change the port that the webserver uses for radius authentication and configure radiator to also listen on (this) extra port. The issue now is how do I differentiate requests from the two ports and process the requests accordingly using two different Realm clauses - or cascaded AuthBys? Please advice? Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. radiatorhttp.txtradiator.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Expression to Add a realm to a username
I guess I was able to do the impossible. :) I wrote a RewriteUsername hook that adds a domainname only on users that don't already have a domain name. Let me know if this will break something in some odd way. Here's my handler: Handler Called-Station-Id=/50979X|50976X|50979X/ # # # RewriteUsername s/^([^@]+)$/$1\@newdomain\.com/ AcctLogFileName %L/%Y%m%d-newdomain-detail SessionDatabase newdomainDB RejectHasReason AuthBy RADIUS Host xx.xx.xx.xxx Secret xx AuthPort 1812 AcctPort 1813 LocalAddress xx.xx.xxx.xxx StripFromRequest NAS-Port-Id,NAS-Port-Type /AuthBy /Handler -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Monday, December 30, 2002 1:06 PM To: Kevin McKee Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Expression to Add a realm to a username Hello Kevin - You will need to write a PreAuthHook for this Handler, as a simple RewriteUsername will not work. There are some example hooks in the file goodies/hooks.txt in the Radiator 3.5 distribution. regards Hugh On Tuesday, Dec 31, 2002, at 05:16 Australia/Melbourne, Kevin McKee wrote: We are currently using Handlers to authenticate using Called-Station-ID. One of our proxy customer is asking that we add a default realm to all of his users that don't use a realm. If they have a realm, then he would like that username passed along 'as-is'. This seems to be something that should be handled with a RewriteUsername expression, but I'm having problems getting my brain around that regular expression. Would anyone care to share the expression that they have written to solve this problem? -Kevin McKee- Northwest Telephone, Inc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Expression to Add a realm to a username
Hello Kevin - This should work fine as far as I can see. Good thinking! regards Hugh On Tuesday, Jan 14, 2003, at 12:04 Australia/Melbourne, Kevin McKee wrote: I guess I was able to do the impossible. :) I wrote a RewriteUsername hook that adds a domainname only on users that don't already have a domain name. Let me know if this will break something in some odd way. Here's my handler: Handler Called-Station-Id=/50979X|50976X|50979X/ # # # RewriteUsername s/^([^@]+)$/$1\@newdomain\.com/ AcctLogFileName %L/%Y%m%d-newdomain-detail SessionDatabase newdomainDB RejectHasReason AuthBy RADIUS Host xx.xx.xx.xxx Secret xx AuthPort 1812 AcctPort 1813 LocalAddress xx.xx.xxx.xxx StripFromRequest NAS-Port-Id,NAS-Port-Type /AuthBy /Handler -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Monday, December 30, 2002 1:06 PM To: Kevin McKee Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Expression to Add a realm to a username Hello Kevin - You will need to write a PreAuthHook for this Handler, as a simple RewriteUsername will not work. There are some example hooks in the file goodies/hooks.txt in the Radiator 3.5 distribution. regards Hugh On Tuesday, Dec 31, 2002, at 05:16 Australia/Melbourne, Kevin McKee wrote: We are currently using Handlers to authenticate using Called-Station-ID. One of our proxy customer is asking that we add a default realm to all of his users that don't use a realm. If they have a realm, then he would like that username passed along 'as-is'. This seems to be something that should be handled with a RewriteUsername expression, but I'm having problems getting my brain around that regular expression. Would anyone care to share the expression that they have written to solve this problem? -Kevin McKee- Northwest Telephone, Inc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Handler
Hould would I do something like this I would like to use a handler online if handler 1 Client-Identifer = Comindico NAS-IP-Address = 203.194.30.244 /handler handler 2 Client-Identifer = Comindico NAS-IP-Address != 203.194.30.244 NAS-IP-Address != 203.222.153.14 /handler handler 3 Client-Identifer = Max NAS-IP-Address = 203.222.153.14 /handler I have the handlers for each but am now lost as to how you use multiple clauses in a handler or even if you can... - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Handler
Hello Chris - You should set up the Identifiers in your Client clauses appropriately, then use something like this: # define Client clauses Client Identifier Comindico-Whatever /Client Client Identifier Comindico-SomethingElse /Client . # define AuthBy clauses AuthBy Identifier CheckUser /AuthBy . # define Handlers Handler Client-Identifier = Comindico-Whatever AuthBy CheckUser /Handler Handler Client-Identifier = Comindico-SomethingElse AuthBy CheckUser /Handler . regards Hugh On Tuesday, Jan 14, 2003, at 17:40 Australia/Melbourne, Chris Kay wrote: Hould would I do something like this I would like to use a handler online if handler 1 Client-Identifer = Comindico NAS-IP-Address = 203.194.30.244 /handler handler 2 Client-Identifer = Comindico NAS-IP-Address != 203.194.30.244 NAS-IP-Address != 203.222.153.14 /handler handler 3 Client-Identifer = Max NAS-IP-Address = 203.222.153.14 /handler I have the handlers for each but am now lost as to how you use multiple clauses in a handler or even if you can... - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
