Hi Neil, hi Paul,
strange strange.
Finally I gave myself a kick in the a... and compiled the
libapr_memcache and the mod_auth_xradius with memcache support.
uah. It was not realy straightforward.
I am not really a developer, so some things might look very dirty:
Here some quick notes:
1. download apr_memcache-0.7.0
2. ./configure prefix=/usr
3. edit Makefile and memcache/Makefile this way:
LIBTOOL = /usr/share/apr-1.0/build/libtool --tag=gcc
4. make && make install
5. configure mod_auth_xradius
./configure --with-apxs=/usr/bin/apxs2 --with-apr-memcache=/usr/lib
6. Make will not find the header file of apr_memcache, so I just copied
it to mod_auth_xradius-0.4.6/include/apr_memcache.h
(yeah, ugly)
7. edit Makefile of mod_auth_xradius:
LIBTOOL = /usr/share/apr-1.0/build/libtool --tag=gcc
8. make && make install
9. reconfigure the apache (memcached runs on 11211 on (k)ubuntu by
default.)
and now it works fine with my OTP-Token.
Thanks for all your work and help.
Kind regards
Corenlius
Cornelius Kölbel schrieb:
> Hello Neil,
>
> --snip--
> [Thu Sep 20 13:54:55 2007] [debug] worker.c(1740): AcceptMutex: sysvsem
> (default: sysvsem)
> [Thu Sep 20 13:55:19 2007] [notice] xradius: val size: '0'
> [Thu Sep 20 13:55:33 2007] [error] [client 172.16.200.31] xradius:
> RADIUS Request for user 'tester' failed: (-1) No valid RADIUS responses
> received
> [Thu Sep 20 13:55:33 2007] [error] [client 172.16.200.31] user tester:
> authentication failure for "/": Password Mismatch
> [Thu Sep 20 13:56:10 2007] [notice] xradius: val size: '0'
> [Thu Sep 20 13:56:14 2007] [notice] xradius: fetched
> 'IjKmbC+8toO7NKNuErcRLA==':'IjKmbC+8toO7NKNuErcRLA=H\x04'
> [Thu Sep 20 13:56:28 2007] [error] [client 172.16.200.31] xradius:
> RADIUS Request for user 'tester' failed: (-1) No valid RADIUS responses
> received, referer: http://secret-site3/
> [Thu Sep 20 13:56:28 2007] [error] [client 172.16.200.31] user tester:
> authentication failure for "/test.html": Password Mismatch, referer:
> http://secret-site3/
> [Thu Sep 20 13:57:12 2007] [notice] xradius: fetched
> 'aTxP/tosCqyPguRBSKnLsQ==':'IjKmbC+8toO7NKNuErcRLA=H\x04'
> [Thu Sep 20 13:57:16 2007] [notice] xradius: fetched
> 'aTxP/tosCqyPguRBSKnLsQ==':'aTxP/tosCqyPguRBSKnLsQ=H\x04'
> [Thu Sep 20 13:57:30 2007] [error] [client 172.16.200.31] xradius:
> RADIUS Request for user 'tester' failed: (-1) No valid RADIUS responses
> received
> [Thu Sep 20 13:57:30 2007] [error] [client 172.16.200.31] user tester:
> authentication failure for "/": Password Mismatch
> [Thu Sep 20 13:57:44 2007] [notice] xradius: fetched
> 'aq2e1WySSutGTSFhgU2uew==':'aTxP/tosCqyPguRBSKnLsQ=H\x04'
> [Thu Sep 20 13:57:48 2007] [notice] xradius: fetched
> 'aq2e1WySSutGTSFhgU2uew==':'aq2e1WySSutGTSFhgU2uew=H\x04'
> --snip--
>
> The access right for the dbm file is ok. At the moment I get these logs.
> I compiled the xradius auth without memcache support.
> ./configure --with-apxs=/usr/bin/apxs2 --without-apr-memcache
>
> Actually I do not know the memcached and I am not sure what to pass to
> --with-apr-memcache.
> There is indeed a memcached package and a libmemcache0 but no
> libapr_memcache.
> As it is not real big installation with need for ultimate performance,
> I'd like to choose the easiest and not necessarily the most performant
> way. ;)
>
> Confused and kind regards
> Cornelius
>
>
> Neil A. Hillard schrieb:
>
>> Cornelius,
>>
>> Cornelius Kölbel wrote:
>>
>>
>>> I am trying to use mod_auth_xradius with ubuntu 7.04, apache 2.2
>>> I compiled and installed/configured it successfully. Thanks to an earlier
>>> questions.
>>>
>>> But I'd like to use one time passwords.
>>>
>>> The first time I access my website http://secret-site3 the authentication
>>> works fine.
>>>
>>> But when i click on another link on this page, i time out and some times I
>>> get a second auth request.
>>>
>>> My vhost config looks like this:
>>>
>>> --snip--
>>> LoadModule auth_xradius_module /usr/lib/apache2/modules/mod_auth_xradius.so
>>> ## If you do not want Authentication Caching, set:
>>> #AuthXRadiusCache none -
>>> AuthXRadiusCache dbm "/usr/lib/apache2/auth_xradius_cache"
>>> # 1h Timeout.
>>> AuthXRadiusCacheTimeout 3600
>>>
>>>
>> <snip>
>>
>>
>>
>>> Is it right that the basic authentication sends the credentials again, when
>>> going to another link?
>>> Then of course the OTP would not be valid anymore.
>>>
>>> I think the module needs to remember, that the user was authenticated. I
>>> think mod_auth_radius of freeradius used to use session cookies, but this
>>> module won't run with apache 2.2.
>>> How could it be done using mod_auth_xradius?
>>>
>>>
>> The purpose of the cache is to store the username / password pairs so
>> they can be validated without hitting the RADIUS server (which would
>> fail). You appear to have configured the cache but it doesn't appear to
>> be working.
>>
>> I can confirm that we are using it in this exact situation (in fact Paul
>> wrote it for us!) and we don't have any problems.
>>
>> We actually use memcache:
>>
>> AuthXRadiusCache memcache "127.0.0.1:11211"
>>
>> but it may be something to do with your permissions on:
>>
>> /usr/lib/apache2/auth_xradius_cache
>>
>> Does the user Apache is running as have permission to access/create the
>> file?
>>
>> HTH,
>>
>>
>> Neil.
>>
>>
>>
>
>
> --
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
> For all your IT requirements visit: http://www.transtec.co.uk
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> " from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> --
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
> For all your IT requirements visit: http://www.transtec.co.uk
>
>
>
--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.
For all your IT requirements visit: http://www.transtec.co.uk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
