Re: [RADIATOR] (no subject)
Hello Traiano -
You can try setting "IgnoreAcctSignature" in the client clause in the Centos
Radiator configuration.
See section 5.7.3 in the Radiator 4.9 reference manual ("doc/ref.pdf").
regards
Hugh
On 19 May 2012, at 10:15, Traiano Welcome wrote:
> Hi List
>
> I have a a 'cluster' of 5 Radiator radius servers behind a FreeBSD server
> running Radiator in load balancing configuration. The radius servers behind
> the load balancer do authentication and accounting, 4 of them are freebsd
> running in vmware VMs and the fifth is a CentOS physical host. While I see
> the FreeBSD radius auth/acct servers are handling requests correctly, logging
> accounting to a postgresql database, I am seeing all the accounting requests
> proxied via the load-balancer to the CentOS host fail with the following
> error in the logs:
>
> ---
> Sat May 19 00:50:51 2012: WARNING: Bad authenticator in request from
> lo.ad.bal.ancer (na.s.100.20)
> Sat May 19 00:50:51 2012: WARNING: Bad authenticator in request from
> lo.ad.bal.ancer (na.s.100.20)
> Sat May 19 00:50:51 2012: WARNING: Bad authenticator in request from
> lo.ad.bal.ancer (na.s.0.100)
> Sat May 19 00:50:52 2012: WARNING: Bad authenticator in request from
> lo.ad.bal.ancer (na.s.0.100)
> ---
>
> No accounting packets are being logged to the postgresql database on the
> CentOS host, as a consequence (?)
>
> Normally I would expect this to be due to a mismatch in secrets between the
> NAS (here being the Radiator load balancer?) and the auth'ing/accounting
> radiator server, however the secret configured on the freebsd server is
> identical to that on the CentOS host and the radiator load balancer, and the
> FreeBSD radius server is auth'ing and accounting successfully.
>
> Running tcpdump on each system, I can see the following:
>
> - The FreeBSD load-balancer is sending accounting requests to the CentOS load
> balancer, but is seeing no responses in return
> - The CentOS auth/acct server is seeing requests from the load-balancer is
> not sending accounting response packets back to the load balancer
> - The FreeBSD auth/acct server is happily receiving accounting requests and
> sending responses from the load-balancer
>
> So free flow of radius packets between the load-balancer and the CentOS
> radiator server is unlikely to be the issues ... After, all, no responses
> are being sent out by the CentOS host in the first place.
>
> The details of the load balancer and the two radius accounting/auth servers
> behind it are as follows:
>
> 1) FreeBSD Load Balancer server (Radiator Configured as a load balancer)
>
> - FreeBSD 8.2-RELEASE-p6 #0
> - PERL (v5.12.4) built for amd64-freebsd
> - p5-Digest-MD5-2.51
>
> 2) FreeBSD Radiator server handling RADIUS packets from the Load Balancer
> (Radiator configured to auth from and account to a local postgresql database)
>
> - FreeBSD 8.2-RELEASE-p4 #2
> - PERL (v5.12.4) built for amd64-freebsd-thread-multi
> - postgres (PostgreSQL) 8.4.10
> - p5-Digest-MD5-2.51
>
> 3) CentOS Radiator Server handling RADIUS packets from the Load Balancer
> (Radiator configured to auth from and account to a local postgresql database)
>
> - CentOS release 6.2 (Final), 2.6.32-220.el6.x86_64 #1 SMP
> - v5.10.1 (*) built for x86_64-linux-thread-multi
> - (PostgreSQL) 8.4.10
> - Digest::MD5 (2.51)
> - perl-Net-SSLeay-1.35-9.el6.x86_64
> - perl-Digest-HMAC-1.01-22.el6.noarch
> - perl-DBI-1.609-4.el6.x86_64
> - perl-DBD-Pg-2.15.1-3.el6.x86_64
>
> Attached are the radiator configurations for each of the above servers:
>
> 1. My FreeBSD Load balancer's Radiator configuration:
> 2. The Radiator configuration on a working freebsd server:
> 3. The Radiator configuration on the CentOS server:
>
> I've tried the following tests to confirm if this isn't a software/library
> issue:
>
> - reinstalled postgresql, Radiator and the associated PERL libraries a number
> of times, testing different combinations of package versions - no luck
> - tried CPAN perl libraries instead of the centos yum perl modules
> - installed radiator from source and using the rpm package
> - tried radiator 4.8 and 4.9
> - Postgresl 8.4 and 9.2 from source and rpm
> - Confirmed database connectivity between Radiator and Postgresql
> - Upping the radiator Trace level to 5 doesn't reveal any actual details of
> possible cause of failure other than a dump of the radius accounting-request
> packet (that I can recognise anyway :p)
>
> I'd be grateful if someone could point out a likely cause of the CentOS
> Radiator servers non-response to accounting-requests, or suggest some
> additional detailed debugging techniques I could use?
>
> Let me know if I should send some packet traces in addition to the above!
>
> Many Thanks in advance!
> Traiano
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
h...@open.com.a
Re: [RADIATOR] (no subject)
On 05/03/2012 07:41 AM, Alex Sharaz wrote: > from the ldap_aps.cfg file in .../goodies > > # Supports PAP, MSCHAPV2, but not CHAP, MSCHAPV1 or DIGEST-MD5 > # Supports TTLS-EAP-MSCHAPV2. > # Can support PEAP-EAP-MSCHAPV2 (but this simple config file is not set > up for > # that) > # > > So how do I support peap-eap-mschapv2 using ldap_aps ? Hmm, try this: EAPType PEAP, TTLS, MSCHAP-V2 If/when it does not work, reply with logs. I do not have a suitable test server right now here, but I'll see what can be done, if whatever it does with TTLS/EAP-MSCHAP-V2 is not good enough for PEAP/EAP-MSCHAP-V2. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: (RADIATOR) (no subject)
Hello Mau Lim -
Your AcctColumnDef is incorrect.
You must define the DateFormat seperately:
AcctColumnDef TIMESTAMP, Timestamp, integer-date
Note that the default for "integer-date" should work for MySQL.
Please have a look at sections 6.3 and 6.28.14 in the Radiator 3.5
reference manual ("doc/ref.html").
regards
Hugh
On Tuesday, Mar 11, 2003, at 19:43 Australia/Melbourne, mau lim wrote:
I'm trying to insert TIME_STAMP into a mysql datetime field with
AcctColumnDef TIMESTAMP, Timestamp, DateFormat '%Y-%m-%d %X'
but it seem not working
--
Mau Lim
Programmer
American Technologies, Inc.
455 Gen. Bautista St.
San Juan 1500, Metro Manila,
Philippine
Tel: (632) 7230601 to 12
Fax: (632) 7237951
Email : [EMAIL PROTECTED]
URL: http://www.ati.com.ph
http://rentech.com.ph
http://tgraf.com.ph
http://latticenetworks.com.ph
http://bndistributors.com.ph
http://pixografx.com.ph
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) (no subject)
Hello Mau Lim - Please send a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. regards Hugh On Monday, Mar 10, 2003, at 20:49 Australia/Melbourne, mau lim wrote: I have set up radiator with AuthBy SQL with prepaid setup the problem is sometime it did't work the AuthSQL would reject the request but the accounting will push thur thou allowing the connection -- Mau Lim Programmer American Technologies, Inc. 455 Gen. Bautista St. San Juan 1500, Metro Manila, Philippine Tel: (632) 7230601 to 12 Fax: (632) 7237951 Email : [EMAIL PROTECTED] URL: http://www.ati.com.ph http://rentech.com.ph http://tgraf.com.ph http://latticenetworks.com.ph http://bndistributors.com.ph http://pixografx.com.ph === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) no subject
Hello Gopi - Thanks for sending the configuration and trace. It looks to me like your users file is not correctly set up, it should look like this: # define users # first line is check items (no trailing comma) # second and following lines are reply items gopikrishna Password = . Service-Type = Framed-User, Framed-Protocol = PPP, .. If you still have problems, please send me a copy of the users file. regards Hugh > Hello Everyone, > > I am new to radius. > I downloaded the demo version of radiator 2.19 for Windows 2000 server to > test with our Radius clients. Our setup is like this. > Our devices have radius client to authenticate the users who are logging in > to the device. For this, it will contact with the radius server with the > name and encrypted password. I configured the same key at the client and > at the server(simple.cfg). But I am getting reply "Redius Access Reject" > message from Radiator. Could you please correct my problem. > Any help in this is highly appreciated. > > > Thanks, > Gopi krishna. > > --- >-- --- > Radiator Configuration file (simple.cfg) > --- >-- > > Foreground > LogStdout > LogDir. > DbDir . > # User a lower trace level in production systems: > Trace 4 > > # You will probably want to add other Clients to suit your site, > # one for each NAS you want to work with > > Secret mysecret > DupInterval 0 > > > > Secret gopikrishna123 > DupInterval 0 > > > > > Filename ./users > > # Log accounting to a detail file > AcctLogFileName ./detail > > > > --- > Packet dump > > > Mon Mar 18 18:08:13 2002: DEBUG: Packet dump: > *** Received from 192.168.19.93 port 1080 > Code: Access-Request > Identifier: 135 > Authentic: <165><157><1>K<11><147><8><178><230>M<220><220><17><21>p<157> > Attributes: > User-Name = "gopikrishna" > User-Password = > ")<15><238>+'<151>FQ4<196><164><127><142><170>3<174>" NAS-IP-Address = > 192.168.19.93 > NAS-Port-Type = Virtual > > Mon Mar 18 18:08:13 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Mon Mar 18 18:08:13 2002: DEBUG: Deleting session for > gopikrishna, 192.168.19.9 3, > Mon Mar 18 18:08:13 2002: DEBUG: Handling with Radius::AuthFILE: > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > gopikrish na > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: Check > item Service-Typ e expression 'Administrative-User' does not match '' in > request Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match > with DEFAULT1 Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: > Check item Service-Typ e expression 'Login-User' does not match '' in > request Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match > with DEFAULT2 Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: > Check item Service-Typ e expression 'Outbound-User' does not match '' in > request Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match > with DEFAULT3 Mon Mar 18 18:08:13 2002: WARNING: Could not find Identifier > for Auth-Type 'Syst em' > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: Could not find > Identif ier for Auth-Type 'System' > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT4 Mon Mar 18 18:08:13 2002: WARNING: Could not find Identifier for > Auth-Type 'Syst em' > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: Could not find > Identif ier for Auth-Type 'System' > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT5 Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: > Username not prefixed with P > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT6 Mon Mar 18 18:08:13 2002: WARNING: This AuthBy does not know how > to check Group membership > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: User gopikrishna > is no t in Group group1 > Mon Mar 18 18:08:13 2002: INFO: Access rejected for gopikrishna: User > gopikrishn a is not in Group group1 > Mon Mar 18 18:08:13 2002: DEBUG: Packet dump: > *** Sending to 192.168.19.93 port 1080 > Code: Access-Reject > Identifier: 135 > Authentic: <165><157><1>K<11><147><8><178><230>M<220><220><17><21>p<157> > Attributes: > Reply-Message = "Request Denied" > > --- -- Radiator: the most port
RE: (RADIATOR) no subject
Looks like users file problem. Confusion between check items, reply items and comments > -Original Message- > From: Mike McCauley [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, March 19, 2002 2:59 PM > To: [EMAIL PROTECTED] > Subject: (RADIATOR) no subject > > > > -- Forwarded Message -- > > Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Gopi > > Krishna" <[EMAIL PROTECTED]>] > Date: Mon, 18 Mar 2002 19:18:59 -0600 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > > From [EMAIL PROTECTED] Mon Mar 18 19:18:59 2002 > Received: from windlord.WWP.COM (mail.worldwidepackets.com [12.46.89.6]) > by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g2J1Iw328952 > for <[EMAIL PROTECTED]>; Mon, 18 Mar 2002 19:18:59 -0600 > content-class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: text/plain; > charset="iso-8859-1" > Subject: > X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 > Date: Mon, 18 Mar 2002 18:48:21 -0800 > Message-ID: <[EMAIL PROTECTED]> > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Index: AcHO8IggWybdzIaHRWK2d6jkIX4VLA== > From: "Gopi Krishna" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Content-Transfer-Encoding: 8bit > X-MIME-Autoconverted: from quoted-printable to 8bit by server1.open.com.au > id > g2J1Ix328953 > > Hello Everyone, > > I am new to radius. > I downloaded the demo version of radiator 2.19 for Windows 2000 server to > test with our Radius clients. Our setup is like this. > Our devices have radius client to authenticate the users who are logging > in > to the device. For this, it will contact with the radius server with the > name and encrypted password. I configured the same key at the client and > at > the server(simple.cfg). But I am getting reply "Redius Access Reject" > message from Radiator. Could you please correct my problem. > Any help in this is highly appreciated. > > > Thanks, > Gopi krishna. > > -- > --- > --- > Radiator Configuration file (simple.cfg) > -- > --- > > > Foreground > LogStdout > LogDir. > DbDir . > # User a lower trace level in production systems: > Trace 4 > > # You will probably want to add other Clients to suit your site, > # one for each NAS you want to work with > > Secret mysecret > DupInterval 0 > > > > Secret gopikrishna123 > DupInterval 0 > > > > > Filename ./users > > # Log accounting to a detail file > AcctLogFileName ./detail > > > > --- > Packet dump > > > Mon Mar 18 18:08:13 2002: DEBUG: Packet dump: > *** Received from 192.168.19.93 port 1080 > Code: Access-Request > Identifier: 135 > Authentic: <165><157><1>K<11><147><8><178><230>M<220><220><17><21>p<157> > Attributes: > User-Name = "gopikrishna" > User-Password = > ")<15><238>+'<151>FQ4<196><164><127><142><170>3<174>" > NAS-IP-Address = 192.168.19.93 > NAS-Port-Type = Virtual > > Mon Mar 18 18:08:13 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Mon Mar 18 18:08:13 2002: DEBUG: Deleting session for > gopikrishna, 192.168.19.9 3, > Mon Mar 18 18:08:13 2002: DEBUG: Handling with Radius::AuthFILE: > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > gopikrish na > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: Check > item > Service-Typ e expression 'Administrative-User' does not match '' in > request > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT1 Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: Check > item Service-Typ e expression 'Login-User' does not match '' in request > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT2 Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: Check > item Service-Typ e expression 'Outbound-User' does not match '' in > request > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT3 Mon Mar 18 18:08:13 2002: WARNING: Could not find Identifier for > Auth-Type 'Syst em' > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: Could not find > Identif ier for Auth-Type 'System' > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT4 Mon Mar 18 18:08:13 2002: WARNING: Could not find Identifier for > Auth-Type 'Syst em' > Mon Mar 18 18:08:13 2002: DEBUG: Radius::AuthFILE REJECT: Could not find > Identif ier for Auth-Type '
Re: (RADIATOR) (no subject)
Hello Jim - On Fri, 25 Aug 2000, Jim Hatch wrote: > radiator still not authenticating..works with radpwtst but does not > seem to work when someone dials in > Please send me a copy of the currently executing configuration file together with a trace 4 debug of what is happening - this is the way that I can see what is going on. The last configuration file you sent has the clause in it again, so please comment it out, and make sure there is a "Trace 4" in the file. many thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
