[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnu-radius] Just can't figure this one out
|
From: |
Erik Olson |
|
Subject: |
[Help-gnu-radius] Just can't figure this one out |
|
Date: |
Thu, 24 Jun 2004 14:38:31 -0400 |
Friends,
I'm very stumped about this configuration and it's probably due to my
fundmental lack of understanding how radius works, but I've been trying to
do this on my own for days now and I'm hoping someone might be able to give
me a few pointers.
I want to use Exec-Program-Wait to authenticate users on their calling
station ID, allowing dialup internet to any family member, but I cannot get
even a simple echo "0" to work.
I've set up an extremely simple configuration just to make sure things are
working in general. Right now, any (DEFAULT) user can log in and
authenticate as long as their password is "mermaid". That is working fine.
I created an entry in "users" for a user named "erik". When I use radauth,
it returns PASS, however when I try to actually initiate a session, I get a
Login incorrect:
( Here I inserted spaces in the user name to prevent them from being
reformatted as a mailto link)
>>>>>>>> dial-up as "erik" fails:
Jun 24 14:02:02 Auth.notice: (Access-Request 66.77.22 1 "erik @ myrealm.com"
CLID=7270000000 CSID=7270000000): Login incorrect [erik @
myrealm.com/{chap-password}]
>>>>>>>> dial-up as any random user name works:
Jun 24 14:02:53 Auth.notice: (Access-Request 66.77.22 1 "nothing @
myrealm.com" CLID=7270000000 CSID=7270000000): Login OK
[nothing @ myrealm.com]
>>>>>>>> radauth erik mermaid results in PASS
Jun 24 14:06:59 Auth.notice: (Access-Request local 174 "erik"): Login OK
[erik]
Here is my users file:
DEFAULT Auth-Type = Local,
Simultaneous-Use = 1,
Strip-User-Name = Yes,
User-Password = mermaid
Service-Type = Framed-User,
Framed-Protocol = PPP,
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip 66.77.41.0/24",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in drop tcp srcport = 80",
Ascend-Data-Filter = "ip in forward",
Session-Timeout=3600
erik Auth-Type = Local,
Simultaneous-Use = 1,
Strip-User-Name = Yes,
User-Password = mermaid
Service-Type = Framed-User,
Framed-Protocol = PPP,
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip 66.77.41.0/24",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in drop tcp srcport = 80",
Ascend-Data-Filter = "ip in forward",
Session-Timeout=3600
Of course, I don't want to use the users file, I want to have an external
app run that authenticates the Calling Station ID and then returns 0 or 1
For the purposes of testing I've written a C program that does nothing but
printf("0\n"). I've also tried this with a shell script. In the users file
I added a lines like
Exec-Program-Wait = "/usr/local/etc/raddb/test",
Where test is a shell script or binary executable that does nothing but
output '0'. In both cases I get
Jun 23 16:00:09 Auth.error: <stdout of /usr/local/etc/raddb/pf1
$C{Calling-Station-Id}>:1: unknown attribute `1/
SO MY QUESTION is
a) Why does user "erik" not work, when it is exactly the same as DEFAULT,
and radauth returns PASS?
b) Why does my Exec-Program-Wait always give me this error regardless of
what I execute (as long as it is found. I get a "not found" error if I give
a bogus executable name)?
Any tips on this would be GREATLY appreciated !
thanks,
Erik
- [Help-gnu-radius] Just can't figure this one out,
Erik Olson <=