Hi, cat radiusclient.conf |grep -v ^#|grep -v ^$ auth_order radius,local login_tries 4 login_timeout 60 nologin /etc/nologin issue /etc/radiusclient-ng/issue authserver localhost acctserver localhost servers /etc/radiusclient-ng/servers dictionary /etc/radiusclient-ng/dictionary login_radius /usr/sbin/login.radius seqfile /var/run/opensips/radius.seq mapfile /etc/radiusclient-ng/port-id-map default_realm radius_timeout 10 radius_retries 3 bindaddr localhost login_local /bin/login
BR Uwe Leon Li schrieb: > Hi, > > What is your radiusclient.conf like? > > Regards, > Leon > > -----Original Message----- > From: Uwe Kastens [mailto:ki...@kiste.org] > Sent: Friday, 5 June 2009 7:28 PM > To: Leon Li > Cc: users@lists.opensips.org > Subject: Re: [OpenSIPS-Users] No RADIUS traffic > > Hi, > > I do not have that login.radius on my system - I think its not used with > opensips. I would say there might be an permissions issue. I can > remember I had lots of trouble, cause I don't wanted to run everything > as root:root. > > > My setup looks like that > > seqfile /var/run/opensips/radius.seq with > -rw-r--r-- 1 opensips opensips > > and > > drwxr-xr-x opensips opensips /etc/radiusclient-ng > > BR > > Uwe > > > > Leon Li schrieb: >> There is no such a file in the directory. Will it be generated by >> radiusclient-ng? >> >> Also, the radiusclient.conf shows: >>> # program to call for a RADIUS authenticated login >>> >>> login_radius /usr/local/sbin/login.radius >> I checked /usr/local/sbin/login.radius, but it is only a dummy script. >> How it can be changed? >> >> Thanks, >> Leon >> >> -----Original Message----- >> From: Uwe Kastens [mailto:ki...@kiste.org] >> Sent: Thursday, 4 June 2009 5:12 PM >> To: Leon Li >> Cc: users@lists.opensips.org >> Subject: Re: [OpenSIPS-Users] No RADIUS traffic >> >> Hi, >> >> If I remember it correctly I had the same problem some day and it was >> caused by wrong permissions on /var/run/radius.seq. >> >> Just a guess >> >> BR >> >> Uwe >> >> >> Leon Li schrieb: >>> Hi, >>> >>> >>> >>> I am try to use RADIUS server. However, after configuration, I found >>> there is no RADIUS traffic at all. >>> >>> >>> >>> Log shows: >>> >>> Jun 4 06:45:59 /usr/local/sbin/openser[396]: rc_avpair_new: unknown >>> attribute 5 >>> >>> Jun 4 06:45:59 /usr/local/sbin/openser[396]: >>> ERROR:auth_radius:radius_authorize_sterman: rc_auth failed >>> >>> >>> >>> But nothing on RADIUS server end. >>> >>> >>> >>> OpenSIPs + radiusclient-ng on one box and RADIUS is on another. >>> >>> >>> >>> My radiusclient.conf is like: >>> >>> >>> >>> # General settings >>> >>> >>> >>> # specify which authentication comes first respectively which >>> >>> # authentication is used. possible values are: "radius" and "local". >>> >>> # if you specify "radius,local" then the RADIUS server is asked >>> >>> # first then the local one. if only one keyword is specified only >>> >>> # this server is asked. >>> >>> auth_order radius,local >>> >>> >>> >>> # maximum login tries a user has >>> >>> login_tries 4 >>> >>> >>> >>> # timeout for all login tries >>> >>> # if this time is exceeded the user is kicked out >>> >>> login_timeout 60 >>> >>> >>> >>> # name of the nologin file which when it exists disables logins. >>> >>> # it may be extended by the ttyname which will result in >>> >>> # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable >>> >>> # logins on /dev/ttyS2) >>> >>> nologin /etc/nologin >>> >>> >>> >>> # name of the issue file. it's only display when no username is > passed >>> # on the radlogin command line >>> >>> issue /usr/local/etc/radiusclient-ng/issue >>> >>> >>> >>> # RADIUS settings >>> >>> >>> >>> # RADIUS server to use for authentication requests. this config >>> >>> # item can appear more then one time. if multiple servers are >>> >>> # defined they are tried in a round robin fashion if one >>> >>> # server is not answering. >>> >>> # optionally you can specify a the port number on which is remote >>> >>> # RADIUS listens separated by a colon from the hostname. if >>> >>> # no port is specified /etc/services is consulted of the radius >>> >>> # service. if this fails also a compiled in default is used. >>> >>> authserver 202.158.212.103:1812 >>> >>> >>> >>> # RADIUS server to use for accouting requests. All that I >>> >>> # said for authserver applies, too. >>> >>> # >>> >>> acctserver 202.158.212.103:1813 >>> >>> >>> >>> # file holding shared secrets used for the communication >>> >>> # between the RADIUS client and server >>> >>> servers /usr/local/etc/radiusclient-ng/servers >>> >>> >>> >>> # dictionary of allowed attributes and values >>> >>> # just like in the normal RADIUS distributions >>> >>> dictionary /usr/local/etc/radiusclient-ng/dictionary >>> >>> >>> >>> # program to call for a RADIUS authenticated login >>> >>> login_radius /usr/local/sbin/login.radius >>> >>> >>> >>> # file which holds sequence number for communication with the >>> >>> # RADIUS server >>> >>> seqfile /var/run/radius.seq >>> >>> >>> >>> # file which specifies mapping between ttyname and NAS-Port attribute >>> >>> mapfile /usr/local/etc/radiusclient-ng/port-id-map >>> >>> >>> >>> # default authentication realm to append to all usernames if no >>> >>> # realm was explicitly specified by the user >>> >>> # the radiusd directly form Livingston doesnt use any realms, so > leave >>> # it blank then >>> >>> default_realm >>> >>> #aarnet.edu.au >>> >>> >>> >>> # time to wait for a reply from the RADIUS server >>> >>> radius_timeout 10 >>> >>> >>> >>> # resend request this many times before trying the next server >>> >>> radius_retries 3 >>> >>> >>> >>> # local address from which radius packets have to be sent >>> >>> bindaddr * >>> >>> >>> >>> # LOCAL settings >>> >>> >>> >>> # program to execute for local login >>> >>> # it must support the -f flag for preauthenticated login >>> >>> login_local /bin/login >>> >>> >>> >>> Any suggestion will be appreciated. >>> >>> >>> >>> Thanks >>> >>> Leon >>> >>> >>> >>> >>> >>> >>> > ------------------------------------------------------------------------ >>> _______________________________________________ >>> Users mailing list >>> Users@lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > -- kiste lat: 54.322684, lon: 10.13586 _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users