offtopic: radius server
Steve
steve at focb.co.nz
Tue Mar 9 16:34:00 UTC 2004
You may want to check the versions of snmp that you have running on the
two boxes and verify that the redhat 9 snmpget program can get the
information off the NAS to verify simultanious logins.
There were a number of bugs in the snmp protocol that were patched over
the last year or so and you may find that this has affected the ability of
the radius server to query your NAS.
You may want to do things such as turning on debugging for snmp on the
cisco box and verify that the redhat box is indeed sending an snmp request
to verify port usage.
Another thing to check is that you didnt just copy the binary over and
have the helper apps (snmp applications) in a different directory or
outside the path environment that the radius server runs with (are the
logs generating errors like "cant find snmpget" or similar ?)
Turn on as much debug info on the radius server as you can - not too sure
about the cistron radius server but it should have flags to pass at
startup that will increase the ammount of debug messages it sends to its
logfiles. This may also impart clues as to whats going on.
Also check that you are not firewalling the snmp replys from the NAS (or
even the outgoing request)
On another note, you may want to look into purchasing Radiator
(http://www.open.com.au) - it is IMHO the best radius server out there and
very affordable, support is excellent, the developers are active on their
mailing lists and respond to queries within minuites and it is highly
configurable with excellend debug output. It also runs well with Redhat
7.x, 8 and 9
:-)
--
Steve.
On Tue, 9 Mar 2004, Nabin Limbu wrote:
> Hi,
>
> Sorry for asking an off topic question. But its really important for me.
> I have gone throught the mailing list of radiusd-cistron but in vain.
> I thought some one might be using radiusd-cistron and may help me.
>
> I am using radiusd-cistron-1.6.7 with portslave and cisco router as NAS
> in RH 9 box.
>
> I had no problem in RedHat 7 with the same configuration but in RedHat
> 9.0, radius can't restrict multiple connections.
>
> I have also gone through the manual of simultaneous connection but
> didn't help me much. I have checked the secret key and snmp key both in
> my NAS and in /etc/clients and they are also same.
>
> How can I solve this problem? Is there any way to diagonise the problem
> further?
>
> Below are the configuration of my radius server. Did I leave any thing
> in the configuration part?
>
> 1) /etc/naslist
> -----------------
> 202.52.231.195 access cisco
> 202.52.231.194 access portslave
> localhost access portslave
>
> 2) /etc/clients
> ---------------
> 202.52.231.195 secretkey1
> 202.52.231.194 secretkey2
> localhost secretkey2
>
> 3) /etc/huntgroups
> ---------------------
> cisco NAS-IP-Address = 202.52.231.195
> portslave1 NAS-IP-Address = 202.52.231.194, NAS-Port-Id = 0-3
> portslave2 NAS-IP-Address = 202.52.231.194, NAS-Port-Id = 5-6
>
> 4) /etc/raddb/users
> ----------------------
> # Restrict email users from dialing into cisco ports
> DEFAULT Group = "email", Huntgroup-Name = "cisco", Auth-Type = Reject
> Reply-Message = "Email users are not allowed to dial in this number",
> Fall-Through = No
>
> # Allow email users from dialing into portslave prots (C4 - C6)
> DEFAULT Group = "email", Huntgroup-Name = "portslave2", Auth-Type = System, Simultaneous-Use = 1
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Routing = None,
> Fall-Through = No
>
> # Default setting for all remaining users
> DEFAULT Auth-Type = System, Simultaneous-Use = 1
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Routing = None
>
>
> Hoping for your kind support.
>
> With Regards
> Nabin Limbu
>
>
>
More information about the redhat-list
mailing list