Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

2013-07-05 Thread A . L . M . Buxey 
Hi,

> there must be something wrong in your installation or even your config.

check the config doesnt have wierd characters in it I guess... 'cat -v 
/tmp/radiator-config'

there were some changes as the move to 4.11 occured to deal with the config 
strings 
in better ways - 

alan
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

2013-07-05 Thread A . L . M . Buxey 
Hi,

> Sounds really fishy, just wondering if someone else sees the same problem.

no. have updated through 4.9m 4.10 and 4.11 by just getting latest version, 
applying
patches and then 'make install' - thats on Solaris as on Linux.  the only thing 
that
I can think of is some required library isnt present and is causing issues in a 
wierd
way - this shouldnt be the case...there are libraries you only need if doing 
certain
things - eg Ipv6 or RADSEC 

alan
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

2013-07-05 Thread Christian Kratzer 
Hi,

just verified your minimal configuration with a clean Radiator-4.11 plus 
patches installation:

   [root@test-centos64 Radiator-4.11]# cat /tmp/radius.cfg
   Foreground
   LogStdout
   LogDir  .
   DbDir   .
   Trace   4

   
  Identifier myinternal
  AuthResult REJECT
   

   
  Secret  mysecret
   

   
  AuthBy myinternal
   
   [root@test-centos64 Radiator-4.11]# radiusd -config_file /tmp/radius.cfg 
-trace 5
   Fri Jul  5 23:07:02 2013: DEBUG: Finished reading configuration file 
'/tmp/radius.cfg'
   Fri Jul  5 23:07:02 2013: DEBUG: Reading dictionary file './dictionary'
   Fri Jul  5 23:07:02 2013: DEBUG: Creating authentication port 0.0.0.0:1645
   Fri Jul  5 23:07:02 2013: DEBUG: Creating accounting port 0.0.0.0:1646
   Fri Jul  5 23:07:02 2013: NOTICE: Server started: Radiator 4.11 on 
test-centos64.cksoft.de

there must be something wrong in your installation or even your config.

># radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config
> Fri Jul  5 18:30:30 2013: WARNING: Could not find AuthBy clause with 
> Identifier myinternal
> Fri Jul  5 18:30:30 2013: DEBUG: Finished reading configuration file 
> '/tmp/radiator-config'

You might want to reverify the minimal configuration.

I typoed Identifier myself a couple of days ago.

Is above also the error message you get from your full configuration ?

Greetings
Christian





On Fri, 5 Jul 2013, Karl Gaissmaier wrote:

> Hi Christian, RADIATOR team and listeners,
>
> Am 05.07.2013 18:57, schrieb Christian Kratzer:
> ...
>
>> just saw that you start with:
>>
>>  
>>
>> and close with:
>>
>>  
>
> uups, sorry but in my original cfg there isn't such a typo
> and if I correct this stupid error it's the same problem
> as before.
>
>> sounds fishy.   How did you perform the update ?
>
> It's solaris, I use an own perl installation only for RADIATOR in order
> not to depend on the system /usr/bin/perl with the needed CPAN
> modules for RADIATOR.
>
> The perl installation is the same for Radiator-4.9 and 4.11.
> I install it via:
>
> untar thew 4.11 tgz to /radiator/build-4.11
> cd /radiator/build-4.11
> untar the 4.11 patches
>
> # /special/perl-path/bin/perl Makefile.PL PREFIX=/radiator/install-4.11
> # make
> # make test
> # make install
> # make clean
>
> and then to test the new installation with this special perl and
> with this special INCLUDE path:
>
>> /special/perl-path/bin/perl -I /radiator/install-4.11/lib/site_perl/ 
>> /radiator/install-4.11/bin/radiusd -c -log_stdout -trace 5 -config_file 
>> /tmp/radiator-config
>
> Did it again, checked the files and rights and still the same error.
> BTW, it's not the first time that I update it in this way.
>
> Sounds really fishy, just wondering if someone else sees the same problem.
>
>>
>> Above configuration should most certainly work.
>>
>> Could be you have a strange mix of old, new and partially installed Radius 
>> modules
>> and perhaps multiple versions of radiusd on your system.
>>
>> What does following show:
>>
>> find / -name Radius.pm
>> find / -name AuthINTERNAL.pm
>> find / -name radiusd
>
> foobar# find /radiator/ -name Radius.pm
> /radiator/build/Radiator-4.9/Radius/Radius.pm
> /radiator/build/Radiator-4.11/Radius/Radius.pm
> /radiator/install-4.9/lib/site_perl/5.12.4/Radius/Radius.pm
> /radiator/install-4.11/lib/site_perl/5.12.4/Radius/Radius.pm
>
> foobar# find /radiator/ -name radiusd
> /radiator/build/Radiator-4.9/radiusd
> /radiator/build/Radiator-4.11/radiusd
> /radiator/install-4.9/bin/radiusd
> /radiator/install-4.11/bin/radiusd
>
> foobar# find /radiator/ -name AuthINTERNAL.pm
> /radiator/build/Radiator-4.9/Radius/AuthINTERNAL.pm
> /radiator/build/Radiator-4.11/Radius/AuthINTERNAL.pm
> /radiator/install-4.9/lib/site_perl/5.12.4/Radius/AuthINTERNAL.pm
> /radiator/install-4.11/lib/site_perl/5.12.4/Radius/AuthINTERNAL.pm
>
> Everything as expected and often done during the last 10++ years
>
> Thanks for your help and hints so far
>Charly
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>

-- 
Christian Kratzer  CK Software GmbH
Email:   c...@cksoft.de  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0  D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9  HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

2013-07-05 Thread Karl Gaissmaier 
Hi Christian, RADIATOR team and listeners,

Am 05.07.2013 18:57, schrieb Christian Kratzer:
...

> just saw that you start with:
>
>  
>
> and close with:
>
>  

uups, sorry but in my original cfg there isn't such a typo
and if I correct this stupid error it's the same problem
as before.

> sounds fishy.   How did you perform the update ?

It's solaris, I use an own perl installation only for RADIATOR in order 
not to depend on the system /usr/bin/perl with the needed CPAN
modules for RADIATOR.

The perl installation is the same for Radiator-4.9 and 4.11.
I install it via:

untar thew 4.11 tgz to /radiator/build-4.11
cd /radiator/build-4.11
untar the 4.11 patches

# /special/perl-path/bin/perl Makefile.PL PREFIX=/radiator/install-4.11
# make
# make test
# make install
# make clean

and then to test the new installation with this special perl and
with this special INCLUDE path:

> /special/perl-path/bin/perl -I /radiator/install-4.11/lib/site_perl/ 
> /radiator/install-4.11/bin/radiusd -c -log_stdout -trace 5 -config_file 
> /tmp/radiator-config

Did it again, checked the files and rights and still the same error.
BTW, it's not the first time that I update it in this way.

Sounds really fishy, just wondering if someone else sees the same problem.

>
> Above configuration should most certainly work.
>
> Could be you have a strange mix of old, new and partially installed Radius 
> modules
> and perhaps multiple versions of radiusd on your system.
>
> What does following show:
>
> find / -name Radius.pm
> find / -name AuthINTERNAL.pm
> find / -name radiusd

foobar# find /radiator/ -name Radius.pm
/radiator/build/Radiator-4.9/Radius/Radius.pm
/radiator/build/Radiator-4.11/Radius/Radius.pm
/radiator/install-4.9/lib/site_perl/5.12.4/Radius/Radius.pm
/radiator/install-4.11/lib/site_perl/5.12.4/Radius/Radius.pm

foobar# find /radiator/ -name radiusd
/radiator/build/Radiator-4.9/radiusd
/radiator/build/Radiator-4.11/radiusd
/radiator/install-4.9/bin/radiusd
/radiator/install-4.11/bin/radiusd

foobar# find /radiator/ -name AuthINTERNAL.pm
/radiator/build/Radiator-4.9/Radius/AuthINTERNAL.pm
/radiator/build/Radiator-4.11/Radius/AuthINTERNAL.pm
/radiator/install-4.9/lib/site_perl/5.12.4/Radius/AuthINTERNAL.pm
/radiator/install-4.11/lib/site_perl/5.12.4/Radius/AuthINTERNAL.pm

Everything as expected and often done during the last 10++ years

Thanks for your help and hints so far
Charly
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] proxying POD reply packets

2013-07-05 Thread Michael 

In AuthRADIUS.pm, routine sub handleReply, should 
"Disconnect-Request-NAKed" also be listed in the code bellow?

Works for me now.  The NAKed request now gets forwarded to the original 
requester (radpwtst).




 # RadiusResult tells Synchronous mode that we have
 # finished with this packet and what the result was
 # ReplyHook above could set op->{RadiusResult} to force a
 # required reponse type
 if (!defined $op->{RadiusResult})
 {
 if ($p->code eq 'Access-Accept'
 || $p->code eq 'Accounting-Response'
 || $p->code eq 'Disconnect-Request-ACKed'
 || $p->code eq 'Disconnect-Request-NAKed'
 || $p->code eq 'Change-Filter-Request-ACKed')
 {
 $op->{RadiusResult} = $main::ACCEPT;






On 05/07/13 10:02 AM, Michael wrote:
> Does anyone know of any issues with receiving reply packets from a
> packet-of-disconnect request which is proxied through radiator?  For my
> POD requests, i inject them into radiator using radpwtst and have them
> configured to proxy to the proper device.  The POD does work.  When a
> session is matched and a user is disconnected, the AKed reply comes back
> to radiator and proxies back to radpwtst and radpwtst will exit with "OK".
>
> But, when the device respondes with NOT acknowledged (ie. no matching
> session found), that reply is NOT proxied back to radpwtst and therefore
> produces a no response timeout issue for radpwtst.
>
>
>
>
> This is an example of the NAKed request coming back with "No Matching
> Session" which is correct, but it just stops and doesn't appear to
> forward that reply back to the waiting radpwtst.
>
>
> *** Received from 1.1.1.1 port 1700 
> Code:   Disconnect-Request-NAKed
> Identifier: 22
> Authentic:
> Attributes:
>   Reply-Message = "No Matching Session"
>   Error-Cause = Session-Context-Not-Found
>
> Fri Jul  5 09:50:26 2013: DEBUG: Accounting rejected: Proxied
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
>
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

2013-07-05 Thread Christian Kratzer 
Hi,

On Fri, 5 Jul 2013, Karl Gaissmaier wrote:

> Hi RADIATOR team,
>
> I tried to upgrade from 4.9 to 4.11 (up to date patches applied) and I'm
> no longer able to parse my old cfg file.
>
> >>> Identifiers are no longer recognized. <<<
>
> I stripped it down to the bare minimum:
>
>> Foreground
>> LogStdout
>> LogDir  .
>> DbDir   .
>> Trace   4
>>
>> 
>> Identifier  myinternal
>> AuthResult  REJECT
>> 
>>
>> 
>> Secret  mysecret
>> 
>>
>> 
>> AuthBy  myinternal
>> 

just saw that you start with:



and close with:



try following instead


AuthBy  myinternal


If you are still having problems post the output of the commands from my 
previous mail.

Greetings
Christian

>
> and I get still the following WARNING:
>
>> # radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config
>> Fri Jul  5 18:30:30 2013: WARNING: Could not find AuthBy clause with 
>> Identifier myinternal
>> Fri Jul  5 18:30:30 2013: DEBUG: Finished reading configuration file 
>> '/tmp/radiator-config'
>
> Please check if it's a current bug or if it's my fault.
>
>> OS: SunOS foobar 5.11 11.1 sun4v sparc SUNW,Sun-Fire-T200
>> perl -v:perl 5, version 12, subversion 4 (v5.12.4) built for sun4-solaris
>> radiusd -v: This is Radiator 4.11 on foobar
>
>
>
> Best Regards
>Charly
>
>
>

-- 
Christian Kratzer  CK Software GmbH
Email:   c...@cksoft.de  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0  D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9  HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

2013-07-05 Thread Christian Kratzer 
Hi,

On Fri, 5 Jul 2013, Karl Gaissmaier wrote:

> Hi RADIATOR team,
>
> I tried to upgrade from 4.9 to 4.11 (up to date patches applied) and I'm
> no longer able to parse my old cfg file.
>
> >>> Identifiers are no longer recognized. <<<
>
> I stripped it down to the bare minimum:
>
>> Foreground
>> LogStdout
>> LogDir  .
>> DbDir   .
>> Trace   4
>>
>> 
>> Identifier  myinternal
>> AuthResult  REJECT
>> 
>>
>> 
>> Secret  mysecret
>> 
>>
>> 
>> AuthBy  myinternal
>> 
>
> and I get still the following WARNING:
>
>> # radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config
>> Fri Jul  5 18:30:30 2013: WARNING: Could not find AuthBy clause with 
>> Identifier myinternal
>> Fri Jul  5 18:30:30 2013: DEBUG: Finished reading configuration file 
>> '/tmp/radiator-config'

sounds fishy.   How did you perform the update ?

Above configuration should most certainly work.

Could be you have a strange mix of old, new and partially installed Radius 
modules
and perhaps multiple versions of radiusd on your system.

What does following show:

find / -name Radius.pm
find / -name AuthINTERNAL.pm
find / -name radiusd

Greetings
Christian

-- 
Christian Kratzer  CK Software GmbH
Email:   c...@cksoft.de  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0  D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9  HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...

2013-07-05 Thread Karl Gaissmaier 
Hi RADIATOR team,

I tried to upgrade from 4.9 to 4.11 (up to date patches applied) and I'm
no longer able to parse my old cfg file.

 >>> Identifiers are no longer recognized. <<<

I stripped it down to the bare minimum:

> Foreground
> LogStdout
> LogDir  .
> DbDir   .
> Trace   4
>
> 
> Identifier  myinternal
> AuthResult  REJECT
> 
>
> 
> Secret  mysecret
> 
>
> 
> AuthBy  myinternal
> 

and I get still the following WARNING:

># radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config
> Fri Jul  5 18:30:30 2013: WARNING: Could not find AuthBy clause with 
> Identifier myinternal
> Fri Jul  5 18:30:30 2013: DEBUG: Finished reading configuration file 
> '/tmp/radiator-config'

Please check if it's a current bug or if it's my fault.

> OS: SunOS foobar 5.11 11.1 sun4v sparc SUNW,Sun-Fire-T200
> perl -v:perl 5, version 12, subversion 4 (v5.12.4) built for sun4-solaris
> radiusd -v: This is Radiator 4.11 on foobar



Best Regards
Charly


-- 
Karl Gaissmaier
Universität Ulm
kiz, Kommunikations und Informationszentrum
89069 Ulm
Tel.: 49(0)731/50-22499
Fax : 49(0)731/50-12-22499
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] tacacs unlimited badlogins count

2013-07-05 Thread Heikki Vatiainen 
On 07/04/2013 05:19 PM, Murat Bilal wrote:

> I have radiator setup for tacacs.Default BADLOGINS value is 0.If
> BADLOGINS value reach 5, account is locked.I want to make this BADLOGINS
> such a value,so that nobodies account is locked.

See the reference manual for MaxBadLogins. The default 0 should mean bad
login count is ignore. You could also consider defining
IncrementBadLogins with empty value to disable it.

Thanks,
Heikki

-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] proxying POD reply packets

2013-07-05 Thread Michael 

Does anyone know of any issues with receiving reply packets from a 
packet-of-disconnect request which is proxied through radiator?  For my 
POD requests, i inject them into radiator using radpwtst and have them 
configured to proxy to the proper device.  The POD does work.  When a 
session is matched and a user is disconnected, the AKed reply comes back 
to radiator and proxies back to radpwtst and radpwtst will exit with "OK".

But, when the device respondes with NOT acknowledged (ie. no matching 
session found), that reply is NOT proxied back to radpwtst and therefore 
produces a no response timeout issue for radpwtst.




This is an example of the NAKed request coming back with "No Matching 
Session" which is correct, but it just stops and doesn't appear to 
forward that reply back to the waiting radpwtst.


*** Received from 1.1.1.1 port 1700 
Code:   Disconnect-Request-NAKed
Identifier: 22
Authentic:
Attributes:
 Reply-Message = "No Matching Session"
 Error-Cause = Session-Context-Not-Found

Fri Jul  5 09:50:26 2013: DEBUG: Accounting rejected: Proxied

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator