Ok, here's the situation. I just moved authentication from a Solaris 2.6
x86 machine (64 MB of RAM, PPro 180) to a Solaris 7 x86 machine (256 MB of
RAM, PPro 200). The plan was to move from Livingston Radius
authenticating off flat files to Radiator authenticating off of LDAP.
Other developments have kept me from pursuing the latter option, so when
we moved the authentication, we discovered that Livingston Radius under
Solaris 2.7 couldn't handle our passwd/shadow file (14,000+ entries). It
would authenticate some users, but not after a certain point in the passwd
file. It was time to put Radiator to the test on a simple flat file
authentication scheme. It worked fine as expected, however there are
certain legacy options we've had in our users file. For instance...
DEFAULT Auth-Type = System, Suffix = ".shell"
Service-Type = Login-User,
Login-Host = "our.shell.machine.com",
Login-Service = Rlogin,
Idle-Timeout = 1200,
Session-Timeout = 28800
... where we had different things for different services (ie ppp, cslip,
shell, etc) that it tried to match to and if it couldn't, we had a default
entry...
DEFAULT Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobson-TCP-IP,
Idle-Timeout = 1200,
Session-Timeout = 28800,
Framed-MTU = 1500
Now maybe I'm incredibly misguided but myself and my associate (a looooong
time livingston radius whiz) are having trouble configuring Radiator to
handle this. Moreover, I've printed out the reference manual and read it
front to back, and the concept of realms (as radiator defines them)
doesn't quite seem to make sense to me. I'm at wit's end and need to get
Radiator doing a rather simple authentication scheme off a shadow and
users file and it's stumping me. We can get it to work, but not
efficiently, nor with our default profiles...
Thu Feb 11 23:11:54 1999: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Feb 11 23:11:54 1999: DEBUG: Rewrote user name to marshall
Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthFILE
Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
marshall
Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthUNIX
Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthUNIX looks for match with
marshall
Thu Feb 11 23:11:54 1999: DEBUG: Check item Suffix value '.slip' does not
match '' in request
Thu Feb 11 23:11:54 1999: INFO: Radius::AuthUNIX: Authentication failed
for marshall
Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT1
Thu Feb 11 23:11:54 1999: DEBUG: Handling with Radius::AuthUNIX
Thu Feb 11 23:11:54 1999: DEBUG: Radius::AuthUNIX looks for match with
marshall
Thu Feb 11 23:11:54 1999: DEBUG: Check item Suffix value '.cslip' does not
match '' in request
Thu Feb 11 23:11:54 1999: INFO: Radius::AuthUNIX: Authentication failed
for marshall
Thu Feb 11 23:11:54 1999: DEBUG: Reading users file /etc/radiator/users
Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT2
Thu Feb 11 23:11:55 1999: DEBUG: Handling with Radius::AuthUNIX
Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthUNIX looks for match with
marshall
Thu Feb 11 23:11:55 1999: DEBUG: Check item Suffix value '.shell' does not
match '' in request
Thu Feb 11 23:11:55 1999: INFO: Radius::AuthUNIX: Authentication failed
for marshall
Thu Feb 11 23:11:55 1999: DEBUG: Reading users file /etc/radiator/users
Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT3
Thu Feb 11 23:11:55 1999: DEBUG: Handling with Radius::AuthUNIX
Thu Feb 11 23:11:55 1999: DEBUG: Radius::AuthUNIX looks for match with
marshall
Thu Feb 11 23:11:55 1999: WARNING: No such attribute Framed-IP-Netmask
Thu Feb 11 23:11:55 1999: DEBUG: Packet dump:
Also how does Radiator handle control characters if passed as a username?
Many times, our livingston radius would be filled with horrendous username
attempts and I was wondering if there were any known issues that should
cause us concern.
Thanks in advance,
Brian
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
