Re: (RADIATOR) Realm authentication problems
Hi Felix On May 5, 3:02pm, Felix Izquierdo wrote: > Subject: Re: (RADIATOR) Realm authentication problems > Mike McCauley wrote: > > > Mike, in relation with this issue, is it posible to strip the realm only > > > for authentication but not for accounting? > > > > No, not easily. > > > > It might be possible to set up one Handler that does accounting and does not > > strip the realm, and a differnt Handler than does strip the realm: > > > > Is posible ( in a future version ) to permit the use of the > RewriteUsername sentence in the AuthBy context? It seems a solution... The AuthBy GROUP understands RewriteUsername, so you could enclose any AuthBy inside an AuthBy GROUP and get the same effect now. Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Realm authentication problems
Mike McCauley wrote: > > Mike, in relation with this issue, is it posible to strip the realm only > > for authentication but not for accounting? > > No, not easily. > > It might be possible to set up one Handler that does accounting and does not > strip the realm, and a differnt Handler than does strip the realm: > Is posible ( in a future version ) to permit the use of the RewriteUsername sentence in the AuthBy context? It seems a solution... Félix __ DATAGRAMA SERVICIOS INTERNET C/ Acer 30Tlf: +34 3 223 00 98 08038 BARCELONA ( Spain ) Fax: +34 3 223 12 66 mailto:[EMAIL PROTECTED] http://www.datagrama.net __ ÿ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Realm authentication problems
Mike McCauley schrieb: > > > [...] > > Mike, in relation with this issue, is it posible to strip the realm only > > for authentication but not for accounting? > > No, not easily. > > It might be possible to set up one Handler that does accounting and does not > strip the realm, and a differnt Handler than does strip the realm: > > # This will handle acocunting starts and stops: > > Eureka, that's what I missed for my configuration with the second Accounting only Radiator on a differnt box. Thanks Charly -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration Tel/Fax: ++49 731 50 22499/22471 pgp-key available: http://www.uni-ulm.de/urz/Netzwerk/uuca/keylist.html === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Realm authentication problems
On May 4, 3:02pm, Felix Izquierdo wrote: > Subject: Re: (RADIATOR) Realm authentication problems > Mike McCauley wrote: > > the prooblem is that you are logging in with fer8@interlinea2000, but in the > > user dataabse, your username is just fer8. > > > > Therefore you must add a rewriteUsername so that it strips the realm off before > > authenticating: > > > > Mike, in relation with this issue, is it posible to strip the realm only > for authentication but not for accounting? No, not easily. It might be possible to set up one Handler that does accounting and does not strip the realm, and a differnt Handler than does strip the realm: # This will handle acocunting starts and stops: # This will handle all the rest: RewriteUsername See what I mean? But that may not be suitable to you because of other constraints on how you are using Handlers and Realms? Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Realm authentication problems
Hello Fernando, the prooblem is that you are logging in with fer8@interlinea2000, but in the user dataabse, your username is just fer8. Therefore you must add a rewriteUsername so that it strips the realm off before authenticating: # This remove the realm from the user anme before authenticating, # because th user database does not have the realm on the username RewriteUsername s/^([^@]+).*/$1/ PasswordLogFileName %L/%d-%m-%y-password.log FramedGroup 0 Filename %D/users.ftf Hope that helps. Cheers. On May 4, 10:47am, Fernando Martin wrote: > Subject: (RADIATOR) Realm authentication problems > Hi all, > > I have running radiator 2.13.1 with patches over NT 4.0 SP3. My nas a PM3 > > I have defined a radius.cfg with two realms like this: > > .. > # Realm Interlinea2000 > > > PasswordLogFileName %L/%d-%m-%y-password.log > > > > FramedGroup 0 > Filename %D/users.ftf > > > AcctLogFileName %L/%d-%m-%y-detail.log > > AcctLogFileFormat %t %d %m %Y %n %a %{Acct-Status-Type} %{NAS-Port} > %{Acct-Input-Octets} %{Acct-Output-Octets} %{Connect-Rate} %{Connect-Info} > > > > > # Default Realm > > > PasswordLogFileName %L/%d-%m-%y-password.log > > > # SE seleeciona El FrameGoupBaseAddress 0 (Pool) > FramedGroup 0 > Filename %D/users.ftf > > > AcctLogFileName %L/%d-%m-%y-detail.log > > AcctLogFileFormat %t %d %m %Y %n %a %{Acct-Status-Type} %{NAS-Port} > %{Acct-Input-Octets} %{Acct-Output-Octets} %{Connect-Rate} %{Connect-Info} > > > .. > > users.ftf has a user fer8: > fer8User-Password = "fer8" > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-IP-Netmask = 255.255.255.255, > Framed-Routing = None, > Framed-MTU = 1500, > Framed-Compression = Van-Jacobson-TCP-IP > > > The problem is that I can not access with username fer8@interlinea2000 and > password fer8 . The system rejects me. But all seems to be ok ! > > Whit trace 4 we can see that: > > > Tue May 4 09:26:01 1999: DEBUG: Packet dump: > *** Received from 194.224.0.62 port 1028 > Code: Access-Request > Identifier: 129 > Authentic: > <187>D<208><172><10><183><22><170>;<186><178><156><241><240><13><224> > Attributes: > User-Name = "fer8@interlinea2000" > User-Password = "w<252><30>O<147> <189>Y'G<128><157><7>g<28>m" > NAS-IP-Address = 194.224.0.62 > NAS-Port = 41 > NAS-Port-Type = ISDN > Service-Type = Framed-User > Framed-Protocol = PPP > Called-Station-Id = "943319101" > Calling-Station-Id = "943639698" > > Tue May 4 09:26:01 1999: DEBUG: Handling request with Handler > 'Realm=interlinea2000' > Tue May 4 09:26:01 1999: DEBUG: Handling with Radius::AuthFILE > Tue May 4 09:26:01 1999: DEBUG: Radius::AuthFILE looks for match with > fer8@interlinea2000 > Tue May 4 09:26:01 1999: INFO: Access rejected for fer8@interlinea2000: No > such user > Tue May 4 09:26:01 1999: DEBUG: Packet dump: > *** Sending to 194.224.0.62 port 1028 > Code: Access-Reject > Identifier: 129 > Authentic: > <187>D<208><172><10><183><22><170>;<186><178><156><241><240><13><224> > Attributes: > Reply-Message = "Request Denied" > > > So, it says: > > 'Realm=interlinea2000' > User-Name = "fer8@interlinea2000" > INFO: Access rejected for fer8@interlinea2000: No such user > > Why is user fer8@interlinea2000, and not fer8? I think the system detects > realm: interlinea2000, so it must authenticate user fer8 no more. is it right? > How to solution that? Any idea? > > Thanks for your help and time. > > Best regards, > > PD: Sorry for my questions, too many this week, but I want to finish my > radiator configuration. We are very close :-) > Fernando Martin > Interlinea2000 > http://www.i2000.es > Voz:(943)-621033 > Fax:(943)-627340 > > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Fernando Martin -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Realm authentication problems
Hi, i think you probably need to do a "RewriteUsername" to strip your "@Interlinea200" realm to get authenticated as "fer8" only. i hope this helps. Regards, Darwin > So, it says: > > 'Realm=interlinea2000' > User-Name = "fer8@interlinea2000" > INFO: Access rejected for fer8@interlinea2000: No such user > > Why is user fer8@interlinea2000, and not fer8? I think the system detects > realm: interlinea2000, so it must authenticate user fer8 no more. is it > right? > How to solution that? Any idea? > > Thanks for your help and time. > > Best regards, > > PD: Sorry for my questions, too many this week, but I want to finish my > radiator configuration. We are very close :-) > Fernando Martin > Interlinea2000 > http://www.i2000.es > Voz:(943)-621033 > Fax:(943)-627340 > --- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- darwin a. bawasanta [EMAIL PROTECTED] pgp-id: 0x367CADAC network security admin. SKYinternet incorporated philippines tel:+63 32 4126282 loc 104 pager: ec# 963589 marsma|ow@IRC =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "Expecting different output from the same input is lunacy." -- Albert Einstein === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Realm authentication problems
Mike McCauley wrote: > the prooblem is that you are logging in with fer8@interlinea2000, but in the > user dataabse, your username is just fer8. > > Therefore you must add a rewriteUsername so that it strips the realm off before > authenticating: > Mike, in relation with this issue, is it posible to strip the realm only for authentication but not for accounting? Thanks. Félix __ DATAGRAMA SERVICIOS INTERNET C/ Acer 30Tlf: +34 3 223 00 98 08038 BARCELONA ( Spain ) Fax: +34 3 223 12 66 mailto:[EMAIL PROTECTED] http://www.datagrama.net __ ÿ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.