This is not Embperl related, I forward it to the modperl mailing list where
the Apache modules are discussed
Gerald
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Christian
> Sent: Monday, March 20, 2000 10:31 AM
> To: [EMAIL PROTECTED]
> Subject: AuthenRadius problem
>
>
> Hi all,
>
> I'm having a problem with the Apache::AuthenRadius module using the
> Cistron RADIUSD server. Basically I'd like to allow our users to log in
> to certain web pages (e.g., stats on their usage etc.) and the simplest
> way to do this seems to be to use the local RADIUS server. The problem
> is that I've configured the RADIUS server (being used by a Cisco AS5300
> RAS) not to allow access to customers who have fibre connections or
> mailbox accounts etc. (since obviously we don't want people dialing up
> with these).
>
> The solution seemed to be to allow RADIUS to let all users in but only
> if the server the request came in from was the web server and not the
> Cisco. I did this by adding a DEFAULT entry at the end of the
> /etc/raddb/users file which was basically the same as the previous
> default ones before it, except it did not include a 'Group = 'foo'"
> section and instead included a 'NAS-IP-Address = a.b.c.d':
>
> DEFAULT Auth-Type = System, NAS-IP-Address = 203.153.224.20
> Service-Type = Framed-User,
> Framed-Protocol = PPP
> Framed-IP-Address = 203.153.225.100+,
>
> My httpd.conf also has:
> PerlSetVar Auth_Radius_host 203.153.224.20
> PerlSetVar Auth_Radius_port 1812
> PerlSetVar Auth_Radius_secret xxxx
> PerlSetVar Auth_Radius_timeout 5
>
> I also made sure that the web server's IP address was set up in the
> /etc/raddb/clients and naslist files. When I test this via the radtest
> utility on the web server, it accepts the user if the password is
> correct:
>
> Mon Mar 20 15:18:41 2000: Auth: Login OK: [astral] (from nas eagle/S0)
> (from /var/log/radius.log)
>
> however, when I try it through the web page it gives "Authentication
> failed":
>
> Mon Mar 20 15:19:18 2000: Auth: Invalid user: [astral] (from nas
> eagle/S0)
> (/var/log/radius.log)
>
> [Mon Mar 20 15:33:19 2000] [error] access to /stats failed for
> 203.153.224.20, reason: Apache::AuthenRadius failed for user astral
> (/var/log/apache/error.log)
>
> If I change the user ("astral" in this case) into a group which is
> permitted dial-up access then it works AND if I put in a wrong password
> then it gives me a message of "Login incorrect" (i.e., a different
> message to above). When I take away the entry which allows access from
> the web server's IP address, radtest gives access denied so, from my
> limited understanding of RADIUS, this configuration would seem to be
> correct -- but either way Apache::AuthenRadius won't let me in! If
> anyone has any ideas then I would appreciate them very much.
>
> Another (probably unrelated) problem I'm having is trying to setup
> authentication using just a simple text file through pages on the same
> server (although a different virtual host). I've set up the following
> in httpd.conf:
>
> <VirtualHost 203.153.224.20>
> ServerName staff.amnet.net.au
> ServerAlias www.staff.amnet.net.au
> DocumentRoot /var/local/staff-www
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog /var/log/apache/error.log
> TransferLog /var/log/apache/access.log
> <Directory /var/local/staff-www>
> AllowOverride AuthConfig
> </Directory>
> </VirtualHost>
>
> And the following .htaccess file:
> AuthType Basic
> AuthName staff
> AuthUserFile /var/local/internal-passwd
> require valid user
>
> However, Apache still seems to be trying to use RADIUS to authenticate
> since I get an "Invalid user" message in my radius.log file and a
> similar failure message in Apache's error logs. Any ideas on what I
> might be doing wrong here with either of these issues (particularly the
> first one) would be much appreciated.
>
> Regards,
>
> --
> Christian Payne
> Systems Administrator
> Amnet Internet Services
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
