Re: WebDAV HTTP Auth to RADIUS, possible?
Michael Check wrote: On 8/31/06, Michael Check <[EMAIL PROTECTED]> wrote: WebDAV will allow either Basic or Digest (it uses the same HTTP Auth mechanism that Apache provides) so I think it will work. Even with DAV On, you can have AuthType Basic - so my assumption at this point is that it will work. I'll report back to the list. I'm having difficulty getting Basic authentication done with mod_auth_radius Here is the http conf directives used: AddRadiusAuth 127.0.0.1:1812 testing123 5:3 AddRadiusCookieValid 5 AllowOverride None Options None AuthType Basic AuthName "Calendars" #AuthAuthoritative Off AuthRadiusAuthoritative On AuthRadiusCookieValid 5 AuthRadiusActive On require valid-user Our configuration for Apache 1.3 (but it was for https authentication, not for WebDAV...) was AuthAuthoritative on AuthRadiusAuthoritative on As far as I remember the order of module declaration was also important. We had : LoadModule access_module libexec/mod_access.so LoadModule radius_auth_module libexec/mod_auth_radius.so LoadModule auth_module libexec/mod_auth.so Hope it will help you -- Samuel Degrande LIFL - UMR8022 CNRS - INRIA Futurs - Bat M3 Phone: (33)3.28.77.85.30 USTL - Universite de Lille 1 Fax: (33)3.28.77.85.37 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE [CA certs: http://igc.services.cnrs.fr/CNRS-Standard/recherche.html ] smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WebDAV HTTP Auth to RADIUS, possible?
"Michael Check" <[EMAIL PROTECTED]> wrote: > [Thu Aug 31 14:28:45 2006] [crit] [client 192.168.2.147] configuration > error: couldn't check user. No user file?: / That's Apache saying it can't authenticate the user, and isn't doing RADIUS. > #AuthAuthoritative Off I think you have to uncomment that. Apache is a bit magic, to be honest. I was never clear on what it was doing or why. It doesn't have the equivalent to FreeRADIUS's "debugging mode", which means my efforts to get apache to work the way I want are limited to random changes and best wishes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: WebDAV HTTP Auth to RADIUS, possible?
On 8/31/06, Michael Check <[EMAIL PROTECTED]> wrote: WebDAV will allow either Basic or Digest (it uses the same HTTP Auth mechanism that Apache provides) so I think it will work. Even with DAV On, you can have AuthType Basic - so my assumption at this point is that it will work. I'll report back to the list. I'm having difficulty getting Basic authentication done with mod_auth_radius As the docs say, I'm getting an Internal Error 500 with apache when I try to authenticate. The apache error is: [Thu Aug 31 14:28:45 2006] [crit] [client 192.168.2.147] configuration error: couldn't check user. No user file?: / [Thu Aug 31 14:28:45 2006] [crit] [client 192.168.2.147] configuration error: couldn't check user. No user file?: /favicon.ico [Thu Aug 31 14:28:53 2006] [crit] [client 192.168.2.147] configuration error: couldn't check user. No user file?: / Here is the http conf directives used: AddRadiusAuth 127.0.0.1:1812 testing123 5:3 AddRadiusCookieValid 5 AllowOverride None Options None AuthType Basic AuthName "Calendars" #AuthAuthoritative Off AuthRadiusAuthoritative On AuthRadiusCookieValid 5 AuthRadiusActive On require valid-user Running radiusd -X, I do not get any response at the radius server at all when it appears that apache is supposed to send the radius packet. So that leadds me to believe that the apache server does not have an authoritative authentication mechanism like in the docs? Is there something I should be looking for? Any direction you can help with would be great. Thanks! Michael Check - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WebDAV HTTP Auth to RADIUS, possible?
On 8/30/06, Alan DeKok <[EMAIL PROTECTED]> wrote: "Michael Check" <[EMAIL PROTECTED]> wrote: > Is it possible to set up an Apache 1.3 server with WebDAV to > authenticate to a freeRADIUS? Unless I'm mistaken, webdav uses HTTP digest for authentication. That makes it difficult. If it's using basic authentication, mod_auth_radius can help. > We're using freeRadius 1.1.0 on OSX.4, successfully authenticatiing > off an Active Directory master. If it's using HTTP digest authentication, then this is impossible. HTTP digest requires the clear-text password, and AD doesn't supply it. Thanks Alan and Samuel. I d/l the mod-auth_radius and got it installed. I haven't successfully gotten it to work, but I haven't spent enough time yet. Task for today. WebDAV will allow either Basic or Digest (it uses the same HTTP Auth mechanism that Apache provides) so I think it will work. Even with DAV On, you can have AuthType Basic - so my assumption at this point is that it will work. I'll report back to the list. Thanks! Michael Check - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WebDAV HTTP Auth to RADIUS, possible?
"Michael Check" <[EMAIL PROTECTED]> wrote: > Is it possible to set up an Apache 1.3 server with WebDAV to > authenticate to a freeRADIUS? Unless I'm mistaken, webdav uses HTTP digest for authentication. That makes it difficult. > Ideally, I would like to tell the Apache directives to look at > freeRADIUS for authentication using the httpd.conf file. If it's using basic authentication, mod_auth_radius can help. > We're using freeRadius 1.1.0 on OSX.4, successfully authenticatiing > off an Active Directory master. If it's using HTTP digest authentication, then this is impossible. HTTP digest requires the clear-text password, and AD doesn't supply it. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WebDAV HTTP Auth to RADIUS, possible?
Michael Check wrote: Is it possible to set up an Apache 1.3 server with WebDAV to authenticate to a freeRADIUS? Ideally, I would like to tell the Apache directives to look at freeRADIUS for authentication using the httpd.conf file. Has anyone ever done this or able to point me in a direction? Is it even possible? We're using freeRadius 1.1.0 on OSX.4, successfully authenticatiing off an Active Directory master. I don't know a lot about WebDAV, but I think that it uses classical Apache authentication mecanism, right ? Then, you could use mod_auth_radius (http://www.freeradius.org/mod_auth_radius), or use a PAM authentication + a PAM radius module (http://www.freeradius.org/pam_radius_auth) -- Samuel Degrande LIFL - UMR8022 CNRS - INRIA Futurs - Bat M3 Phone: (33)3.28.77.85.30 USTL - Universite de Lille 1 Fax: (33)3.28.77.85.37 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE [CA certs: http://igc.services.cnrs.fr/CNRS-Standard/recherche.html ] smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WebDAV HTTP Auth to RADIUS, possible?
Is it possible to set up an Apache 1.3 server with WebDAV to authenticate to a freeRADIUS? Ideally, I would like to tell the Apache directives to look at freeRADIUS for authentication using the httpd.conf file. Has anyone ever done this or able to point me in a direction? Is it even possible? We're using freeRadius 1.1.0 on OSX.4, successfully authenticatiing off an Active Directory master. Thanks in advance, Michael Check - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
