Re: (RADIATOR) ARGH!!!!! (problem solved with static ip not working)
Hello Jay - On Wed, 17 Nov 1999, Jay West wrote: > It took me a long time to isolate the problem I was having with reply > attributes not being passed back to the NAS. Finally after a decent nights > sleep, basic troubleshooting with radpwtst and (eek!) reading the manual, > the problem was found. > Good! > I was using the sample common-sql.cfg and sql.cfg in the goodies directory. > It does not define an AuthSelect. Therefore radiator uses a built-in default > authselect which does NOT return check and reply items, just the password. > > I know it's documented as above, but wouldn't it make sense for the built-in > default authselect to INCLUDE the check and reply items, not just the > password?? Surely other people have run into this > Thanks for the comment - we'll take it under consideration. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) ARGH!!!!! (problem solved with static ip not working)
It took me a long time to isolate the problem I was having with reply attributes not being passed back to the NAS. Finally after a decent nights sleep, basic troubleshooting with radpwtst and (eek!) reading the manual, the problem was found. I was using the sample common-sql.cfg and sql.cfg in the goodies directory. It does not define an AuthSelect. Therefore radiator uses a built-in default authselect which does NOT return check and reply items, just the password. I know it's documented as above, but wouldn't it make sense for the built-in default authselect to INCLUDE the check and reply items, not just the password?? Surely other people have run into this Thanks to all who helped me along the way! Jay West === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) ARGH!!!
Sorry guys - meaningless gripe here, but one just out of frustration! Doesn't it s*** those of you not using MS mail readers how MS mail clients don't send messages with hard line breaks at 80 characters!! (This is not aimed at anyone inparticular) Jeremy --- Jeremy Burton Database Administrator, Netspace Online Systems [EMAIL PROTECTED] [EMAIL PROTECTED], [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Argh!
> 2) if the secrets were different, my log file shouldn't > show any user authentication attemps though should it? It would show an attempt with a password with random (probably 8-bit) characters. Be sure the IP address you have set for the secret in your Radiator config file matches the IP address the NAS is sending in the Radius request (which is not necessarily the same as the IP address that the request was sent from). HTH Stuart === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Argh!
>> 3) Even though radpwtst works ok (except for the above), when I move into >> production and point my NAS at radiator, all user authentication fails with >> "bad password" (even user/passwords that worked with radpwtst)?! > >Probably you dont have the shared secret set in Radiator to agree with the one >in your NAS. Hum - ok - then 1) Is the secret case sensitive? 2) if the secrets were different, my log file shouldn't show any user authentication attemps though should it? I would think if the secret was wrong then radiusd wouldn't even look at the incoming request and reply with bad password... Jay West PS - Mike, so far I'm REALLY impressed by how well designed radiator is, and how flexible. Kudos! === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Argh!
On Mar 18, 8:19pm, Jay West wrote: > Subject: (RADIATOR) Argh! > Several Radiator questions for the folks here from a radiator newbie > > The following questions all pertain to radiator 2.13.1 on FreeBSD 3.1 (O/S > was installed with DES, NOT MD5, but the perl MD5 lib is present and > working)... > > 1) The documentation states all dictionary files must have at least 4 > attributes, which are user-name, user-password, encrypted-password, and > acct-delay-time. However, some of these are missing from the stock supplied > dictionary.whatever files. User-Password and Encrypted-Password for example > aren't in the supplied dictionary.livingston. Is this an oversight or > misunderstanding on my part? Mostly oversight. You should find that the standard dictionary will suit you, and that (at least) is complete. > > 2) radiusd starts fine and radpwtst gives correct results when run. However, > when I look at the detail and logfile files, the user is assigned a strange > IP address (206.63something as I recall) when my user file specified > 255.255.255.254 should be passed back to the NAS (radpwtst). Yes, radpwtst has 203.63.154.1 hard coded into it. Its not clever enough to take note of the IP address passed back in the access accept and then use it in subsequent accounting requests. > > 3) Even though radpwtst works ok (except for the above), when I move into > production and point my NAS at radiator, all user authentication fails with > "bad password" (even user/passwords that worked with radpwtst)?! Probably you dont have the shared secret set in Radiator to agree with the one in your NAS. > > If it helps, my NAS is a cisco 3620. When users dial in they ask the cisco > for authentication, which in turn passes the request off to my radiator > machine. I was using a livingston 2.x radius setup with the same equipment > and all worked fine. Passwords are just cleartext in the users file. > > Any suggestions from the crowd? Hope that helps. Cheers. > > Thanks in advance! > > Jay West > > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Jay West -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia Consulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Argh!
Several Radiator questions for the folks here from a radiator newbie The following questions all pertain to radiator 2.13.1 on FreeBSD 3.1 (O/S was installed with DES, NOT MD5, but the perl MD5 lib is present and working)... 1) The documentation states all dictionary files must have at least 4 attributes, which are user-name, user-password, encrypted-password, and acct-delay-time. However, some of these are missing from the stock supplied dictionary.whatever files. User-Password and Encrypted-Password for example aren't in the supplied dictionary.livingston. Is this an oversight or misunderstanding on my part? 2) radiusd starts fine and radpwtst gives correct results when run. However, when I look at the detail and logfile files, the user is assigned a strange IP address (206.63something as I recall) when my user file specified 255.255.255.254 should be passed back to the NAS (radpwtst). 3) Even though radpwtst works ok (except for the above), when I move into production and point my NAS at radiator, all user authentication fails with "bad password" (even user/passwords that worked with radpwtst)?! If it helps, my NAS is a cisco 3620. When users dial in they ask the cisco for authentication, which in turn passes the request off to my radiator machine. I was using a livingston 2.x radius setup with the same equipment and all worked fine. Passwords are just cleartext in the users file. Any suggestions from the crowd? Thanks in advance! Jay West === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.