help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Help-gnu-radius] Trying to test local authentication

From: Tucker, Nick
Subject: RE: [Help-gnu-radius] Trying to test local authentication
Date: Mon, 29 May 2006 13:45:50 -0400 
Thanks for the responses, Sergey.

At this point I do feel like it is working.

May 28 15:50:33 Main.info: Starting
May 28 15:50:33 Main.info: Terminating the subprocesses
May 28 15:50:33 Main.info: Loading configuration files.
May 28 15:50:33 Main.info: reading /usr/local/etc/raddb/config
May 28 15:50:33 Main.info: /usr/local/etc/raddb/users reloaded.
May 28 15:50:33 Main.info: Ready
May 28 15:50:33 Main.info: Ready to process requests.
May 28 15:53:27 Auth.notice: (Access-Request 10.61.68.15 10 "admin"
CLID=
=^]
): Login OK [admin]

The packet trace verifies the OK response seen from the radius server.

What I'm trying to do with the server itself is not fully working, but I
believe this problem is external to the radius server.

One that note though, looking at the users file for this user I have
defined as "admin", here is the last 2 lines of the data:

        Service-Type = Framed-User,
                Framed-Protocol = PPP

If I am looking for the most plain vanilla authentication possible, do I
need to worry about these values at all?

Thanks


-----Original Message-----
From: Sergey Poznyakoff [mailto:address@hidden 
Sent: Wednesday, May 24, 2006 2:50 PM
To: Tucker, Nick
Cc: address@hidden
Subject: RE: [Help-gnu-radius] Trying to test local authentication

Tucker, Nick <address@hidden> wrote:

> #Client Name            Key
> #----------------       -------------------
> 10.61.68.25             test1
[...]
> Format: ip-address:port:password
> 10.61.29.33:1812:test1

Looks ok.
 
> Side-question:  For semantics purposes, should the Netcache call this
> "password" a "key" instead?  Does all other Radius implementations
call
> this a "key"?

A 'key' or a 'secret'. RFC 2865 calls it 'shared secret'. It is often
called 'shared key'. I have never heard it being called a 'password',
though. 

> Heres the log of when it starts:
> May 24 14:09:50 Main.info: Starting
> May 24 14:09:50 Main.info: Terminating the subprocesses
> May 24 14:09:50 Main.info: Loading configuration files.
> May 24 14:09:50 Main.info: reading /usr/local/etc/raddb/config
> May 24 14:09:50 Main.crit: AUTH bind: Address already in use

Note this critical message. It means that some other process is
listening on your authentication port. Radiusd tries to continue anyway,
but it will not authenticate anything. You should stop radiusd, stop the
process that occupies your authentication port (possibly another
instance of radiusd?) and start radiusd again. A normal startup is when
no critical messages appear in the log. 

> May 24 14:09:50 Main.error: /usr/local/etc/raddb/users:14: No
> User-Password attribute in LHS

You have an error in your users file.

> May 24 14:09:50 Main.error: /usr/local/etc/raddb/users:14: discarding
> user `DEFAULT'

The erroneous entry has been discarded. Therefore it will not be used in
authentication even if radiusd were listening on the auth port.

> ## Default entry.
> DEFAULT Auth-Type = Local,
>                 Simultaneous-Use = 1
>         Service-Type = Framed-User,
>                 Framed-Protocol = PPP

A-ha, this is the offending entry. `Auth-Type = Local' requires
User-Password attribute to be present (please see 
http://www.gnu.org/software/radius/manual/html_node/radius_225.html#SEC3
44)
 
> Since I am not using SQL and everything needs to be done locally.

`Local' authentication means that the password is supplied in the
users file. If you need to authenticate using system passwd/shadow
files, use `Auth-Type = System' (consult the above link).
 
Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]