Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...
Hi, > there must be something wrong in your installation or even your config. check the config doesnt have wierd characters in it I guess... 'cat -v /tmp/radiator-config' there were some changes as the move to 4.11 occured to deal with the config strings in better ways - alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...
Hi, > Sounds really fishy, just wondering if someone else sees the same problem. no. have updated through 4.9m 4.10 and 4.11 by just getting latest version, applying patches and then 'make install' - thats on Solaris as on Linux. the only thing that I can think of is some required library isnt present and is causing issues in a wierd way - this shouldnt be the case...there are libraries you only need if doing certain things - eg Ipv6 or RADSEC alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...
Hi, just verified your minimal configuration with a clean Radiator-4.11 plus patches installation: [root@test-centos64 Radiator-4.11]# cat /tmp/radius.cfg Foreground LogStdout LogDir . DbDir . Trace 4 Identifier myinternal AuthResult REJECT Secret mysecret AuthBy myinternal [root@test-centos64 Radiator-4.11]# radiusd -config_file /tmp/radius.cfg -trace 5 Fri Jul 5 23:07:02 2013: DEBUG: Finished reading configuration file '/tmp/radius.cfg' Fri Jul 5 23:07:02 2013: DEBUG: Reading dictionary file './dictionary' Fri Jul 5 23:07:02 2013: DEBUG: Creating authentication port 0.0.0.0:1645 Fri Jul 5 23:07:02 2013: DEBUG: Creating accounting port 0.0.0.0:1646 Fri Jul 5 23:07:02 2013: NOTICE: Server started: Radiator 4.11 on test-centos64.cksoft.de there must be something wrong in your installation or even your config. ># radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config > Fri Jul 5 18:30:30 2013: WARNING: Could not find AuthBy clause with > Identifier myinternal > Fri Jul 5 18:30:30 2013: DEBUG: Finished reading configuration file > '/tmp/radiator-config' You might want to reverify the minimal configuration. I typoed Identifier myself a couple of days ago. Is above also the error message you get from your full configuration ? Greetings Christian On Fri, 5 Jul 2013, Karl Gaissmaier wrote: > Hi Christian, RADIATOR team and listeners, > > Am 05.07.2013 18:57, schrieb Christian Kratzer: > ... > >> just saw that you start with: >> >> >> >> and close with: >> >> > > uups, sorry but in my original cfg there isn't such a typo > and if I correct this stupid error it's the same problem > as before. > >> sounds fishy. How did you perform the update ? > > It's solaris, I use an own perl installation only for RADIATOR in order > not to depend on the system /usr/bin/perl with the needed CPAN > modules for RADIATOR. > > The perl installation is the same for Radiator-4.9 and 4.11. > I install it via: > > untar thew 4.11 tgz to /radiator/build-4.11 > cd /radiator/build-4.11 > untar the 4.11 patches > > # /special/perl-path/bin/perl Makefile.PL PREFIX=/radiator/install-4.11 > # make > # make test > # make install > # make clean > > and then to test the new installation with this special perl and > with this special INCLUDE path: > >> /special/perl-path/bin/perl -I /radiator/install-4.11/lib/site_perl/ >> /radiator/install-4.11/bin/radiusd -c -log_stdout -trace 5 -config_file >> /tmp/radiator-config > > Did it again, checked the files and rights and still the same error. > BTW, it's not the first time that I update it in this way. > > Sounds really fishy, just wondering if someone else sees the same problem. > >> >> Above configuration should most certainly work. >> >> Could be you have a strange mix of old, new and partially installed Radius >> modules >> and perhaps multiple versions of radiusd on your system. >> >> What does following show: >> >> find / -name Radius.pm >> find / -name AuthINTERNAL.pm >> find / -name radiusd > > foobar# find /radiator/ -name Radius.pm > /radiator/build/Radiator-4.9/Radius/Radius.pm > /radiator/build/Radiator-4.11/Radius/Radius.pm > /radiator/install-4.9/lib/site_perl/5.12.4/Radius/Radius.pm > /radiator/install-4.11/lib/site_perl/5.12.4/Radius/Radius.pm > > foobar# find /radiator/ -name radiusd > /radiator/build/Radiator-4.9/radiusd > /radiator/build/Radiator-4.11/radiusd > /radiator/install-4.9/bin/radiusd > /radiator/install-4.11/bin/radiusd > > foobar# find /radiator/ -name AuthINTERNAL.pm > /radiator/build/Radiator-4.9/Radius/AuthINTERNAL.pm > /radiator/build/Radiator-4.11/Radius/AuthINTERNAL.pm > /radiator/install-4.9/lib/site_perl/5.12.4/Radius/AuthINTERNAL.pm > /radiator/install-4.11/lib/site_perl/5.12.4/Radius/AuthINTERNAL.pm > > Everything as expected and often done during the last 10++ years > > Thanks for your help and hints so far >Charly > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...
Hi Christian, RADIATOR team and listeners, Am 05.07.2013 18:57, schrieb Christian Kratzer: ... > just saw that you start with: > > > > and close with: > > uups, sorry but in my original cfg there isn't such a typo and if I correct this stupid error it's the same problem as before. > sounds fishy. How did you perform the update ? It's solaris, I use an own perl installation only for RADIATOR in order not to depend on the system /usr/bin/perl with the needed CPAN modules for RADIATOR. The perl installation is the same for Radiator-4.9 and 4.11. I install it via: untar thew 4.11 tgz to /radiator/build-4.11 cd /radiator/build-4.11 untar the 4.11 patches # /special/perl-path/bin/perl Makefile.PL PREFIX=/radiator/install-4.11 # make # make test # make install # make clean and then to test the new installation with this special perl and with this special INCLUDE path: > /special/perl-path/bin/perl -I /radiator/install-4.11/lib/site_perl/ > /radiator/install-4.11/bin/radiusd -c -log_stdout -trace 5 -config_file > /tmp/radiator-config Did it again, checked the files and rights and still the same error. BTW, it's not the first time that I update it in this way. Sounds really fishy, just wondering if someone else sees the same problem. > > Above configuration should most certainly work. > > Could be you have a strange mix of old, new and partially installed Radius > modules > and perhaps multiple versions of radiusd on your system. > > What does following show: > > find / -name Radius.pm > find / -name AuthINTERNAL.pm > find / -name radiusd foobar# find /radiator/ -name Radius.pm /radiator/build/Radiator-4.9/Radius/Radius.pm /radiator/build/Radiator-4.11/Radius/Radius.pm /radiator/install-4.9/lib/site_perl/5.12.4/Radius/Radius.pm /radiator/install-4.11/lib/site_perl/5.12.4/Radius/Radius.pm foobar# find /radiator/ -name radiusd /radiator/build/Radiator-4.9/radiusd /radiator/build/Radiator-4.11/radiusd /radiator/install-4.9/bin/radiusd /radiator/install-4.11/bin/radiusd foobar# find /radiator/ -name AuthINTERNAL.pm /radiator/build/Radiator-4.9/Radius/AuthINTERNAL.pm /radiator/build/Radiator-4.11/Radius/AuthINTERNAL.pm /radiator/install-4.9/lib/site_perl/5.12.4/Radius/AuthINTERNAL.pm /radiator/install-4.11/lib/site_perl/5.12.4/Radius/AuthINTERNAL.pm Everything as expected and often done during the last 10++ years Thanks for your help and hints so far Charly ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] proxying POD reply packets
In AuthRADIUS.pm, routine sub handleReply, should "Disconnect-Request-NAKed" also be listed in the code bellow? Works for me now. The NAKed request now gets forwarded to the original requester (radpwtst). # RadiusResult tells Synchronous mode that we have # finished with this packet and what the result was # ReplyHook above could set op->{RadiusResult} to force a # required reponse type if (!defined $op->{RadiusResult}) { if ($p->code eq 'Access-Accept' || $p->code eq 'Accounting-Response' || $p->code eq 'Disconnect-Request-ACKed' || $p->code eq 'Disconnect-Request-NAKed' || $p->code eq 'Change-Filter-Request-ACKed') { $op->{RadiusResult} = $main::ACCEPT; On 05/07/13 10:02 AM, Michael wrote: > Does anyone know of any issues with receiving reply packets from a > packet-of-disconnect request which is proxied through radiator? For my > POD requests, i inject them into radiator using radpwtst and have them > configured to proxy to the proper device. The POD does work. When a > session is matched and a user is disconnected, the AKed reply comes back > to radiator and proxies back to radpwtst and radpwtst will exit with "OK". > > But, when the device respondes with NOT acknowledged (ie. no matching > session found), that reply is NOT proxied back to radpwtst and therefore > produces a no response timeout issue for radpwtst. > > > > > This is an example of the NAKed request coming back with "No Matching > Session" which is correct, but it just stops and doesn't appear to > forward that reply back to the waiting radpwtst. > > > *** Received from 1.1.1.1 port 1700 > Code: Disconnect-Request-NAKed > Identifier: 22 > Authentic: > Attributes: > Reply-Message = "No Matching Session" > Error-Cause = Session-Context-Not-Found > > Fri Jul 5 09:50:26 2013: DEBUG: Accounting rejected: Proxied > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > > ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...
Hi, On Fri, 5 Jul 2013, Karl Gaissmaier wrote: > Hi RADIATOR team, > > I tried to upgrade from 4.9 to 4.11 (up to date patches applied) and I'm > no longer able to parse my old cfg file. > > >>> Identifiers are no longer recognized. <<< > > I stripped it down to the bare minimum: > >> Foreground >> LogStdout >> LogDir . >> DbDir . >> Trace 4 >> >> >> Identifier myinternal >> AuthResult REJECT >> >> >> >> Secret mysecret >> >> >> >> AuthBy myinternal >> just saw that you start with: and close with: try following instead AuthBy myinternal If you are still having problems post the output of the commands from my previous mail. Greetings Christian > > and I get still the following WARNING: > >> # radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config >> Fri Jul 5 18:30:30 2013: WARNING: Could not find AuthBy clause with >> Identifier myinternal >> Fri Jul 5 18:30:30 2013: DEBUG: Finished reading configuration file >> '/tmp/radiator-config' > > Please check if it's a current bug or if it's my fault. > >> OS: SunOS foobar 5.11 11.1 sun4v sparc SUNW,Sun-Fire-T200 >> perl -v:perl 5, version 12, subversion 4 (v5.12.4) built for sun4-solaris >> radiusd -v: This is Radiator 4.11 on foobar > > > > Best Regards >Charly > > > -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...
Hi, On Fri, 5 Jul 2013, Karl Gaissmaier wrote: > Hi RADIATOR team, > > I tried to upgrade from 4.9 to 4.11 (up to date patches applied) and I'm > no longer able to parse my old cfg file. > > >>> Identifiers are no longer recognized. <<< > > I stripped it down to the bare minimum: > >> Foreground >> LogStdout >> LogDir . >> DbDir . >> Trace 4 >> >> >> Identifier myinternal >> AuthResult REJECT >> >> >> >> Secret mysecret >> >> >> >> AuthBy myinternal >> > > and I get still the following WARNING: > >> # radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config >> Fri Jul 5 18:30:30 2013: WARNING: Could not find AuthBy clause with >> Identifier myinternal >> Fri Jul 5 18:30:30 2013: DEBUG: Finished reading configuration file >> '/tmp/radiator-config' sounds fishy. How did you perform the update ? Above configuration should most certainly work. Could be you have a strange mix of old, new and partially installed Radius modules and perhaps multiple versions of radiusd on your system. What does following show: find / -name Radius.pm find / -name AuthINTERNAL.pm find / -name radiusd Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...
Hi RADIATOR team, I tried to upgrade from 4.9 to 4.11 (up to date patches applied) and I'm no longer able to parse my old cfg file. >>> Identifiers are no longer recognized. <<< I stripped it down to the bare minimum: > Foreground > LogStdout > LogDir . > DbDir . > Trace 4 > > > Identifier myinternal > AuthResult REJECT > > > > Secret mysecret > > > > AuthBy myinternal > and I get still the following WARNING: ># radiusd -c -log_stdout -trace 5 -config_file /tmp/radiator-config > Fri Jul 5 18:30:30 2013: WARNING: Could not find AuthBy clause with > Identifier myinternal > Fri Jul 5 18:30:30 2013: DEBUG: Finished reading configuration file > '/tmp/radiator-config' Please check if it's a current bug or if it's my fault. > OS: SunOS foobar 5.11 11.1 sun4v sparc SUNW,Sun-Fire-T200 > perl -v:perl 5, version 12, subversion 4 (v5.12.4) built for sun4-solaris > radiusd -v: This is Radiator 4.11 on foobar Best Regards Charly -- Karl Gaissmaier Universität Ulm kiz, Kommunikations und Informationszentrum 89069 Ulm Tel.: 49(0)731/50-22499 Fax : 49(0)731/50-12-22499 ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] tacacs unlimited badlogins count
On 07/04/2013 05:19 PM, Murat Bilal wrote: > I have radiator setup for tacacs.Default BADLOGINS value is 0.If > BADLOGINS value reach 5, account is locked.I want to make this BADLOGINS > such a value,so that nobodies account is locked. See the reference manual for MaxBadLogins. The default 0 should mean bad login count is ignore. You could also consider defining IncrementBadLogins with empty value to disable it. Thanks, Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] proxying POD reply packets
Does anyone know of any issues with receiving reply packets from a packet-of-disconnect request which is proxied through radiator? For my POD requests, i inject them into radiator using radpwtst and have them configured to proxy to the proper device. The POD does work. When a session is matched and a user is disconnected, the AKed reply comes back to radiator and proxies back to radpwtst and radpwtst will exit with "OK". But, when the device respondes with NOT acknowledged (ie. no matching session found), that reply is NOT proxied back to radpwtst and therefore produces a no response timeout issue for radpwtst. This is an example of the NAKed request coming back with "No Matching Session" which is correct, but it just stops and doesn't appear to forward that reply back to the waiting radpwtst. *** Received from 1.1.1.1 port 1700 Code: Disconnect-Request-NAKed Identifier: 22 Authentic: Attributes: Reply-Message = "No Matching Session" Error-Cause = Session-Context-Not-Found Fri Jul 5 09:50:26 2013: DEBUG: Accounting rejected: Proxied ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator