help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Help-gnu-radius] Trying to test local authentication

From: Sergey Poznyakoff
Subject: RE: [Help-gnu-radius] Trying to test local authentication
Date: Wed, 24 May 2006 21:49:58 +0300 
Tucker, Nick <address@hidden> wrote:

> #Client Name            Key
> #----------------       -------------------
> 10.61.68.25             test1
[...]
> Format: ip-address:port:password
> 10.61.29.33:1812:test1

Looks ok.
 
> Side-question:  For semantics purposes, should the Netcache call this
> "password" a "key" instead?  Does all other Radius implementations call
> this a "key"?

A 'key' or a 'secret'. RFC 2865 calls it 'shared secret'. It is often
called 'shared key'. I have never heard it being called a 'password',
though. 

> Heres the log of when it starts:
> May 24 14:09:50 Main.info: Starting
> May 24 14:09:50 Main.info: Terminating the subprocesses
> May 24 14:09:50 Main.info: Loading configuration files.
> May 24 14:09:50 Main.info: reading /usr/local/etc/raddb/config
> May 24 14:09:50 Main.crit: AUTH bind: Address already in use

Note this critical message. It means that some other process is
listening on your authentication port. Radiusd tries to continue anyway,
but it will not authenticate anything. You should stop radiusd, stop the
process that occupies your authentication port (possibly another
instance of radiusd?) and start radiusd again. A normal startup is when
no critical messages appear in the log. 

> May 24 14:09:50 Main.error: /usr/local/etc/raddb/users:14: No
> User-Password attribute in LHS

You have an error in your users file.

> May 24 14:09:50 Main.error: /usr/local/etc/raddb/users:14: discarding
> user `DEFAULT'

The erroneous entry has been discarded. Therefore it will not be used in
authentication even if radiusd were listening on the auth port.

> ## Default entry.
> DEFAULT Auth-Type = Local,
>                 Simultaneous-Use = 1
>         Service-Type = Framed-User,
>                 Framed-Protocol = PPP

A-ha, this is the offending entry. `Auth-Type = Local' requires
User-Password attribute to be present (please see 
http://www.gnu.org/software/radius/manual/html_node/radius_225.html#SEC344)
 
> Since I am not using SQL and everything needs to be done locally.

`Local' authentication means that the password is supplied in the
users file. If you need to authenticate using system passwd/shadow
files, use `Auth-Type = System' (consult the above link).
 
Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]