(RADIATOR) Radiator and LDAP2 - multiple realm
I am running radiator 3.7.1 on RH7.3. We are, and have been using AuthBy UNIX and the Odyssey Client for months to authenticate our wireless users. Now, I would like to authenticate users based on whether or not they are trying to login to the domain or not. When a user logs in with domain\username, I have been unable to get the request to be handled by the proper handler. I have placed the rewrite username in multiple locations but, never see the handler being used, only the tunnelled by TTLS is ever invoked. I have read the manual but obviously missed something...Can someone point me in the right direction? As a workaround, I tried using ContinueUntilAccept in the tunnelled by TTLS handler and then I fail with the info below. I verified the username and password are correct so, is there another module required? See below Mon Oct 13 16:03:59 2003: DEBUG: Handling with Radius::AuthLDAP2: Mon Oct 13 16:03:59 2003: INFO: Connecting to , port 389 Mon Oct 13 16:03:59 2003: INFO: Attempting to bind to LDAP server :389) Mon Oct 13 16:03:59 2003: ERR: Could not bind connection with CN=Radtest,OU=admin,DC=testrealm,DC=local, , error: LDAP_INVALID_CREDENTIALS (server :389). Mon Oct 13 16:03:59 2003: ERR: Backing off from :389 for 600 seconds Thanks, -- Steve Identifier wlan Secret mysecret DupInterval 2 IgnoreAcctSignature AuthByPolicy ContinueUntilAccept # Strip realm if in MSN format RewriteUsername s/(.*)\\(.*)/$2/ # strips the realm from a User-Name before authenticating it RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ Hostdc1.labnet.local AuthDN CN=Radtest,OU=admin,DC=testrealm,DC=local AuthPassword AuthPassword BaseDN OU=AD Users,DC=testrealm,DC=local ServerChecksPassword UsernameAttr samaccountname AuthByPolicy ContinueUntilAccept # Strip realm if in MSN format RewriteUsername s/(.*)\\(.*)/$2/ # strips the realm from a User-Name before authenticating it RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ # anonymous-PEAP must be in here: Filename /etc/wlanpeople AuthByPolicy ContinueAlways #AuthByPolicy ContinueWhileIgnore # Default # Strip realm if in MSN format # RewriteUsername s/(.*)\\(.*)/$2/ # Convert a MSN realm\user into [EMAIL PROTECTED] # RewriteUsernames/^(.*)\\(.*)/[EMAIL PROTECTED]/ # strips the realm from a User-Name before authenticating it # RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ DBSourcedbi:mysql:radius DBSourcedbi:mysql:database=radius;host=radserver.musc.edu DBUsername radtest DBAuth radpwd AuthSelect # Only insert Start and Stop requests, ack everything else HandleAcctStatusTypes Start,Stop AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef CONNTYPE,%{Client:Identifier},formatted AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef TEXT_TIME_STAMP,Timestamp,integer-date,%Y-%m-%d %H:%M:%S AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIPADDRESS,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef ACCTAUTHENTIC,Acct-Authentic AcctFailedLogFileName %L/%{Client:Identifier}/%m%d%y.missedaccounting.log # Strip realm if in MSN format # RewriteUsername s/(.*)\\(.*)/$2/ # Convert a MSN realm\user into [EMAIL PROTECTED] RewriteUsernames/^(.*)\\(.*)/[EMAIL PROTECTED]/ # strips the realm from a User-Name before authenticating it # RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ Filename /etc/radiator/users EAPType TTLS EAPTLS_CAFile /usr/local/certs/radtest.pem EAPTLS_CertificateFile /usr/local/certs/radtest.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile /usr/local/certs/radtest.pem EAPTLS_PrivateKeyPassword EAPTLS_MaxFragmentSize 1024 AutoMPPEKeys
(RADIATOR) Authentication Issue - Odyssey and iPaq 5450
I'm having an issue authenticating users with the iPaq 5450 (internal nic) and the Odyssey Client. It appears that when the user authenticates, Radiator initially issues an access-accept and then follows it up with an access-reject. I am only having this issue with the above deviceall other clients authenticate sucessfully. Any ideas would be appreciated. Attached are debugs and the config. Radiator version 3.7.1 on RH7.3. Thanks, -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 # radius.cfg # # Radiator configuration file. # #Foreground #LogStdout LogFile /var/log/radius/%m%d%y.log LogDir /var/log/radius DbDir /etc/radiator PidFile /var/run/radius.pid DictionaryFile /etc/radiator/dictionary # Use a low trace level in production systems. Increase # it to 4 or 5 for debugging, or use the -trace flag to radiusd Trace 4 AuthPort 1645,1812 AcctPort 1646,1813 # Add Clients below... Identifier ppp Secret DupInterval 2 Identifier ppp Secret DupInterval 2 Identifier video Secret DupInterval 2 Identifier vpn Secret DupInterval 2 Identifier wlan Secret DupInterval 2 IgnoreAcctSignature # # PPP Config ## AuthByPolicy ContinueAlways #AuthByPolicy ContinueWhileIgnore # Default DBSourcedbi:mysql:radius DBUsername < > DBAuth < > AuthSelect # Only insert Start and Stop requests, ack everything else HandleAcctStatusTypes Start,Stop AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef CONNTYPE,%{Client:Identifier},formatted AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef TEXT_TIME_STAMP,Timestamp,integer-date,%Y-%m-%d %H:%M:%S AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIPADDRESS,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef ACCTAUTHENTIC,Acct-Authentic AcctFailedLogFileName %L/%{Client:Identifier}/%m%d%y.missedaccountin.log #DefaultSimultaneousUse 1 Filename /etc/passwd.ras # Log accounting to a detail file AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log VPN Config ## AuthByPolicy ContinueAlways #AuthByPolicy ContinueWhileIgnore # Default DBSourcedbi:mysql:radius DBUsername < > DBAuth < > AuthSelect # Only insert Start and Stop requests, ack everything else HandleAcctStatusTypes Start,Stop AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef CONNTYPE,%{Client:Identifier},formatted AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef TEXT_TIME_STAMP,Timestamp,integer-date,%Y-%m-%d %H:%M:%S AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIPADDRESS,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef ACCTAUTHENTIC,Acct-Authentic AcctColumnDef CLASS,Class AcctColumnDef TUNNELCLIENTENDPOINT,Tunnel-Client-Endpoint AcctFailedLogFileName %L/%{Client:Identifier}/%m%d%y.missedaccountin.log #DefaultSimultaneousUse 1 Filename /etc/passwd.ras
Re: (RADIATOR) Question about AuthBy ADSI
Hugh, Layers 8 & 9 prevent me from running Radiator on anything but a Linux box, I have no bias. :-) I am not very familiar with AD. My understanding is that policies can be managed for users, machines, etc. In our environment, we are mapping drives and limiting machines/user rights to resources. We would like for these policies to be passed down from the AD server. In the meantime...I have been trying to get it working via LDAP2. Unfortunately, I must be missing something because it does not look like AuthBy LDAP 2 is ever being used. I attached my config and a debug of an attempt to connect from a machine logging into the domain. Can you tell me what I am missing? Notice that I have the Tunnelled by TTLS and PEAP commented out, *do not* have an anonymous user in my password file, but, I can authenticate wireless users via TTLS sucessfully. Am I mistaken or should this be happening? - Just not those trying to authenticate to the domain. Thanks, Steve Hugh Irvine wrote: Hello Steve - You can use the AuthBy RADIUS clause to forward radius requests to a remote radius server. The exact configuration will depend on what else you are already doing in your configuration file. I am not sure I understand what you mean by "domain policies" - can you give me a bit more detail? BTW - Radiator runs just fine on W2K server. regards Hugh On Thursday, Jul 24, 2003, at 00:44 Australia/Melbourne, Steve Caporossi wrote: Running radiator on a W2K server does not appear to be an option for us...I need to forward any domain logins ie, domain\username to a Windows radius server, but only if they try to login to the domain. Has anyone done this and be willing to share their methodology? Can the domain policies be passed down to the machine as well using AuthBy LDAP, AuthBy Radius or AuthBy NT? Are there any advantages, or disadvantages, between these? Thanks, Steve Hugh Irvine wrote: Hello Steve - Correct. AuthBy ADSI and the new AuthBy LSA clauses are only supported on recent Windows releases. You can either try the AuthBy NT clause, or you can run an instance of Radiator on the Windows host and proxy requests to it. You will find details on AuthBy NT in section 6.27 of the manual ("doc/ref.html"). regards Hugh On Wednesday, Jul 23, 2003, at 06:13 Australia/Melbourne, Steve Caporossi wrote: I am running radiator 3.6 (fully patched) on RH7.3 and need to tie into AD for domain login and username/password checking. In the reference manual section 6.40 it has the statement, It is only available on Windows 2000 platforms. It is implemented in AuthADSI.pm" I am a little confused...does this mean that radiator needs to be running on W2K? Thanks, -- Steve === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 # radius.cfg # #Foreground #LogStdout LogFile /var/log/radius/%m%d%y.log LogDir /var/log/radius DbDir /etc/radiusserver PidFile /var/run/radius.pid DictionaryFile /etc/radiusserver/dictionary # Use a low trace level in production systems. Increase # it to 4 or 5 for debugging, or use the -trace flag to radiusd Trace 4 AuthPort 1645,1812 AcctPort 1646,1813 # Add Clients below... Identifier ppp Secret mysecret DupInterval 2 NasType Cisco SNMPCommunity private Identifier ppp Secret mysecret DupInterval 2 NasType Cisco SNMPCommunity private Identifier vpn Secret mysecret DupInterval 2 NasType Cisco SNMPCommunity private Identifier wlan Secret mysecret DupInterval 2 NasType Cisco SNMPCommunity private IgnoreAcctSignature # # PPP Config ## # AuthByPolicy ContinueAlways AuthByPolicy ContinueWhileIgnore # Default DBSourcedbi:mysql:radius DBUsername dbuser DBAuth password
Re: (RADIATOR) Question about AuthBy ADSI
Running radiator on a W2K server does not appear to be an option for us...I need to forward any domain logins ie, domain\username to a Windows radius server, but only if they try to login to the domain. Has anyone done this and be willing to share their methodology? Can the domain policies be passed down to the machine as well using AuthBy LDAP, AuthBy Radius or AuthBy NT? Are there any advantages, or disadvantages, between these? Thanks, Steve Hugh Irvine wrote: Hello Steve - Correct. AuthBy ADSI and the new AuthBy LSA clauses are only supported on recent Windows releases. You can either try the AuthBy NT clause, or you can run an instance of Radiator on the Windows host and proxy requests to it. You will find details on AuthBy NT in section 6.27 of the manual ("doc/ref.html"). regards Hugh On Wednesday, Jul 23, 2003, at 06:13 Australia/Melbourne, Steve Caporossi wrote: I am running radiator 3.6 (fully patched) on RH7.3 and need to tie into AD for domain login and username/password checking. In the reference manual section 6.40 it has the statement, It is only available on Windows 2000 platforms. It is implemented in AuthADSI.pm" I am a little confused...does this mean that radiator needs to be running on W2K? Thanks, -- Steve === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about AuthBy ADSI
I am running radiator 3.6 (fully patched) on RH7.3 and need to tie into AD for domain login and username/password checking. In the reference manual section 6.40 it has the statement, It is only available on Windows 2000 platforms. It is implemented in AuthADSI.pm" I am a little confused...does this mean that radiator needs to be running on W2K? Thanks, -- Steve === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Fwd: (RADIATOR) Odyssey client and Radiator - Question
It seems to me that the accounting is useless if everything appears to come from "anonymous". Is there a way to configure radiator so it records the actual username that authenticated? Funk says this will be possible in the new release of their radius server and suggests I buy it...not acceptable to us. Thanks, Steve Mike McCauley wrote: Hello Steve, Begin forwarded message: From: Steve Caporossi <[EMAIL PROTECTED]> Date: Tue Mar 4, 2003 00:38:57 Australia/Melbourne To: [EMAIL PROTECTED] Subject: (RADIATOR) Odyssey client and Radiator - Question We are evaluating the Odyssey client for authenticating our wireless users via TTLS. I noticed that unless a user sets their username under the TTLS settings tab, "anonymous" is recorded in the logs. Is anyone else using this client and, have you come up with a workaround for this behavior? This is the normal and expected behaviour for TTLS. They put anonymous by default in the outer request so that the 'real' user name is not available for sniffing. The downside is that the Radius requests all appear to be from 'anonymous'. You can change this behaviour in the Odyssey client by editing the Profile/TTLS Setting page, and changing the 'Anonymous name:' field. Hope that helps. Cheers. Thanks, -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Odyssey client and Radiator - Question
We are evaluating the Odyssey client for authenticating our wireless users via TTLS. I noticed that unless a user sets their username under the TTLS settings tab, "anonymous" is recorded in the logs. Is anyone else using this client and, have you come up with a workaround for this behavior? Thanks, -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) EAP_TTLS
Mike, I downloaded and applied the patches as you recommended. That fixed the problem. I guess I had an earlier patch set. Thanks for all your help. Radiator support Rules! Steve Mike McCauley wrote: > Hi Steve, > > thanks for your note and the suggestion of your colleague, but I suspect this > problem is occurring because you dont have (or arent running) the > AuthGeneric.pm from the 3.3.1 patches. The latest AuthGeneric.pm defines > EAPType as an array, not as a scalar. Perhaps you have an earlier patch set? > > Pls let me know how you go. > > > > On Tue, 1 Oct 2002 22:36, Steve Caporossi wrote: > >>Mike and Hugh, >> >>I downloaded, and installed the patches but got the same results...A >>colleague of mine, Chris Dufala, looked at the code in EAP.pm...tweaked >>it a bit and now it is working. You should have an received an email >>from him as well. However, since you are more familiar with all the >>code, maybe this was just a temporary fix for our problem, and may >>introduce problems later? >> >>His email is below >> >>I am an associate of Steve Caporrossi's at the Medical University of >>South Carolina. >> >>Steve had notified you, regarding a problem using EAP-TTLS with the >>3.3.1 version >>of Radiator with patches applied. While looking through the EAP.pm >>module, I located >>a small syntax error in the code that was preventing a sucessful >>connection using the >>Odyssey Client : >> >>Error Message : >> >>Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't >> use string ("TTLS") as an ARRAY ref while "strict refs" in use at >> /usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. >> >>Resolution : (lines 117 & 118) >> >>Current : >># my $defaulttype = $eap_name_to_type{$self->{EAPType}[0]} >>#|| return ($main::REJECT, "Unknown default EAP type >>$self->{EAPType}[0]"); >> >>Change to : >>my $defaulttype = $eap_name_to_type{$self->{EAPType}} >> >>|| return ($main::REJECT, "Unknown default EAP type >> >>$self->{EAPType}"); >> >> >>I hope this helps :> >> >>-Chris >> >>Thanks, >> >>Steve >> >>Mike McCauley wrote: >> >>>Hello Steve, >>> >>>On Tue, 1 Oct 2002 08:27, Hugh Irvine wrote: >>> >>>>Hello Steve - >>>> >>>>I have copied this mail to Mike, as he has been doing quite a bit of >>>>work on this code recently. >>>> >>>>You should download the latest patches from the web site and install >>>>them. >>>> >>>>Mike will be able to answer any questions. >>> >>>Yes, as Hugh suggests, you should collect the latest patches from >>>www.open.com.au/radiator/downloads/patches-3.3.1 and then let me know >>>what you see. >>> >>>Cheers. >>> >>> >>>>regards >>>> >>>>Hugh >>>> >>>>On Tuesday, October 1, 2002, at 03:20 AM, Steve Caporossi wrote: >>>> >>>>>Hugh- >>>>> >>>>>Can you tell me what this means? I looked through the EAP.pm >>>>>butdo not understand alot of it. >>>>> >>>>>Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't >>>>>use string ("TTLS") as an ARRAY ref while "strict refs" in use at >>>>>/usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. >>>>> >>>>>I recently upgraded to 3.3.1, from 3.2, since then, I have been >>>>>getting this error when trying to use EAP_TTLS and the Odyssey client. >>>>>The config file is the same that I had in version 3.2. >>>>> >>>>>Thanks, >>>>> >>>>>Steve >>>>> >>>>>*** >>>>>** >>>>> >>>>>My logs show the following... >>>>> >>>>>Mon Sep 30 12:44:25 2002: DEBUG: Packet dump: >>>>>*** Received from x.x.x.135 port 1030 >>>>>Code: Access-Request >>>>>Identifier: 3 >>>>>Authentic: ^<236><21><243><153><4><203><225><232>4.R<150>u<162><21> >>>>>Attributes: >>
Re: (RADIATOR) EAP_TTLS
Mike and Hugh, I downloaded, and installed the patches but got the same results...A colleague of mine, Chris Dufala, looked at the code in EAP.pm...tweaked it a bit and now it is working. You should have an received an email from him as well. However, since you are more familiar with all the code, maybe this was just a temporary fix for our problem, and may introduce problems later? His email is below I am an associate of Steve Caporrossi's at the Medical University of South Carolina. Steve had notified you, regarding a problem using EAP-TTLS with the 3.3.1 version of Radiator with patches applied. While looking through the EAP.pm module, I located a small syntax error in the code that was preventing a sucessful connection using the Odyssey Client : Error Message : Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't use string ("TTLS") as an ARRAY ref while "strict refs" in use at /usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. Resolution : (lines 117 & 118) Current : # my $defaulttype = $eap_name_to_type{$self->{EAPType}[0]} #|| return ($main::REJECT, "Unknown default EAP type $self->{EAPType}[0]"); Change to : my $defaulttype = $eap_name_to_type{$self->{EAPType}} || return ($main::REJECT, "Unknown default EAP type $self->{EAPType}"); I hope this helps :> -Chris Thanks, Steve Mike McCauley wrote: > Hello Steve, > > On Tue, 1 Oct 2002 08:27, Hugh Irvine wrote: > >>Hello Steve - >> >>I have copied this mail to Mike, as he has been doing quite a bit of >>work on this code recently. >> >>You should download the latest patches from the web site and install >>them. >> >>Mike will be able to answer any questions. > > > Yes, as Hugh suggests, you should collect the latest patches from > www.open.com.au/radiator/downloads/patches-3.3.1 and then let me know what > you see. > > Cheers. > > >>regards >> >>Hugh >> >>On Tuesday, October 1, 2002, at 03:20 AM, Steve Caporossi wrote: >> >>>Hugh- >>> >>>Can you tell me what this means? I looked through the EAP.pm >>>butdo not understand alot of it. >>> >>>Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't >>>use string ("TTLS") as an ARRAY ref while "strict refs" in use at >>>/usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. >>> >>>I recently upgraded to 3.3.1, from 3.2, since then, I have been >>>getting this error when trying to use EAP_TTLS and the Odyssey client. >>> The config file is the same that I had in version 3.2. >>> >>>Thanks, >>> >>>Steve >>> >>>*** >>>** >>> >>>My logs show the following... >>> >>>Mon Sep 30 12:44:25 2002: DEBUG: Packet dump: >>>*** Received from x.x.x.135 port 1030 >>>Code: Access-Request >>>Identifier: 3 >>>Authentic: ^<236><21><243><153><4><203><225><232>4.R<150>u<162><21> >>>Attributes: >>> User-Name = "username" >>> NAS-IP-Address = x.x.x.135 >>> Called-Station-Id = "004096439873" >>> Calling-Station-Id = "00078592640e" >>> NAS-Identifier = "usb3ap1" >>> NAS-Port = 37 >>> Framed-MTU = 1400 >>> NAS-Port-Type = 19 >>> EAP-Message = <2><0><0><13><1>username >>> Message-Authenticator = >>><127>1@<26><194><180><230><203><189><138>(<188><214>h<23>" >>> >>>Mon Sep 30 12:44:25 2002: DEBUG: Handling request with Handler >>>'Realm=DEFAULT' >>>Mon Sep 30 12:44:25 2002: DEBUG: Deleting session for username, >>>x.x.x.135, 37 >>>Mon Sep 30 12:44:25 2002: DEBUG: Handling with Radius::AuthSQL >>>Mon Sep 30 12:44:25 2002: DEBUG: Handling with Radius::AuthUNIX: >>>Mon Sep 30 12:44:25 2002: DEBUG: Radius::AuthUNIX looks for match with >>>username >>>Mon Sep 30 12:44:25 2002: DEBUG: Handling with EAP >>>Mon Sep 30 12:44:25 2002: DEBUG: EAP code 2, 0, 13 >>>Mon Sep 30 12:44:25 2002: DEBUG: Response type 1 >>>Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't >>>use string ("TTLS") as an ARRAY ref while "strict refs" in use at >>
(RADIATOR) EAP_TTLS
Hugh- Can you tell me what this means? I looked through the EAP.pm butdo not understand alot of it. Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't use string ("TTLS") as an ARRAY ref while "strict refs" in use at /usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. I recently upgraded to 3.3.1, from 3.2, since then, I have been getting this error when trying to use EAP_TTLS and the Odyssey client. The config file is the same that I had in version 3.2. Thanks, Steve * My logs show the following... Mon Sep 30 12:44:25 2002: DEBUG: Packet dump: *** Received from x.x.x.135 port 1030 Code: Access-Request Identifier: 3 Authentic: ^<236><21><243><153><4><203><225><232>4.R<150>u<162><21> Attributes: User-Name = "username" NAS-IP-Address = x.x.x.135 Called-Station-Id = "004096439873" Calling-Station-Id = "00078592640e" NAS-Identifier = "usb3ap1" NAS-Port = 37 Framed-MTU = 1400 NAS-Port-Type = 19 EAP-Message = <2><0><0><13><1>username Message-Authenticator = <127>1@<26><194><180><230><203><189><138>(<188><214>h<23>" Mon Sep 30 12:44:25 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Sep 30 12:44:25 2002: DEBUG: Deleting session for username, x.x.x.135, 37 Mon Sep 30 12:44:25 2002: DEBUG: Handling with Radius::AuthSQL Mon Sep 30 12:44:25 2002: DEBUG: Handling with Radius::AuthUNIX: Mon Sep 30 12:44:25 2002: DEBUG: Radius::AuthUNIX looks for match with username Mon Sep 30 12:44:25 2002: DEBUG: Handling with EAP Mon Sep 30 12:44:25 2002: DEBUG: EAP code 2, 0, 13 Mon Sep 30 12:44:25 2002: DEBUG: Response type 1 Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't use string ("TTLS") as an ARRAY ref while "strict refs" in use at /usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. Mon Sep 30 12:44:25 2002: DEBUG: Radius::AuthUNIX REJECT: Could not handle an EAP request Mon Sep 30 12:44:25 2002: INFO: Access rejected for username: Could not handle an EAP request Mon Sep 30 12:44:25 2002: DEBUG: Packet dump: *** Sending to x.x.x.135 port 1030 Code: Access-Reject Identifier: 3 Authentic: ^<236><21><243><153><4><203><225><232>4.R<150>u<162><21> Attributes: Reply-Message = "Request Denied" === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Help getting MySQL Accounting working
Can anyone give me any hints as to why I cannot get any accounting entries in my database? Below is my radius config and the output from a Trace 4. I am authenticating from the system password file OK but no accounting is being put into the database. I am running RH7.2 and Radiator 3.0. Thanks, Steve *** Config *** # radius.cfg## Radiator configuration file.# # #Foreground#LogStdoutLogDir /var/log/radiusDbDir /etc/radiator# Use a low trace level in production systems. Increase# it to 4 or 5 for debugging, or use the -trace flag to radiusdTrace 4 # Add other Clients below... Identifier ppp Secret removed DupInterval 0 Identifier ppp Secret removed DupInterval 0 Identifier vpn Secret removed DupInterval 0 Filename /etc/shadow # Log accounting to a detail file AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log DBSource dbi:mysql:radiuslogs DBUsername removed DBAuth removed AuthSelect AccountingTable ACCOUNTING AcctColumnDef USERNAME,username AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets,integer AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef NASIPADDRESS,NAS-IP-Address, AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASPORTTYPE,NAS-Port-Type AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef ACCTAUTHENTIC,Acct-Authentic AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol AcctColumnDef ACCTLINKCNT,Acct-Link-Count AcctColumnDef ACCTMULTISESSID,Acct-Multi-Session-Id AcctColumnDef CLASS,Class AcctColumnDef ACCOUNTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef TUNNELCLIENTENDPOINT,Tunnel-Client-Endpoint # AcctFailedLogFileName %D/missedaccounting *** TRACE 4 *** Mon Jul 29 15:37:22 2002: DEBUG: Packet dump:*** Received from x.x.x.x port 1645 Code: Access-RequestIdentifier: 57Authentic: ?R<210><13>r<<135><132>R<192><4><28><207>9<183><134>Attributes: NAS-IP-Address = x.x.x.x NAS-Port = 114 NAS-Port-Type = Async User-Name = "username" Called-Station-Id = "3238732" Calling-Station-Id = "5551212" User-Password = "<202><2>]L><195><197>u<184><248><130><198><128>.<30>9" Service-Type = Framed-User Framed-Protocol = PPP Mon Jul 29 15:37:22 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'Mon Jul 29 15:37:22 2002: DEBUG: Deleting session for username, x.x.x.x, 114Mon Jul 29 15:37:22 2002: DEBUG: Handling with Radius::AuthUNIX: Mon Jul 29 15:37:22 2002: DEBUG: Radius::AuthUNIX looks for match with usernameMon Jul 29 15:37:22 2002: DEBUG: Radius::AuthUNIX ACCEPT: Mon Jul 29 15:37:22 2002: DEBUG: Access accepted for usernameMon Jul 29 15:37:22 2002: DEBUG: Packet dump:*** Sending to x.x.x.x port 1645 Code: Access-AcceptIdentifier: 57Authentic: ?R<210><13>r<<135><132>R<192><4><28><207>9<183><134>Attributes: Mon Jul 29 15:37:22 2002: DEBUG: Packet dump:*** Received from x.x.x.x port 1646 Code: Accounting-RequestIdentifier: 58Authentic: Q<29>:<144>-A<198><199>z<154>*}<<145>Q<171>Attributes: NAS-IP-Address = x.x.x.x NAS-Port = 114 NAS-Port-Type = Async User-Name = "username" Called-Station-Id = "3238732" Calling-Station-Id = "5551212" Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "01D4" Framed-Protocol = PPP Acct-Link-Count = 1 Acct-Multi-Session-Id = "44" Framed-IP-Address = x.x.x.49 Acct-Delay-Time = 0 Mon Jul 29 15:37:22 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'Mon Jul 29 15:37:22 2002: DEBUG: Adding session for username, x.x.x.x, 114Mon Jul 29 15:37:22 2002: DEBUG: Handling with Radius::AuthUNIX: M