[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: offtopic: radius server

You may want to check the versions of snmp that you have running on the 
two boxes and verify that the redhat 9 snmpget program can get the 
information off the NAS to verify simultanious logins.

There were a number of bugs in the snmp protocol that were patched over 
the last year or so and you may find that this has affected the ability of 
the radius server to query your NAS. 

You may want to do things such as turning on debugging for snmp on the
cisco box and verify that the redhat box is indeed sending an snmp request 
to verify port usage.

Another thing to check is that you didnt just copy the binary over and 
have the helper apps (snmp applications) in a different directory or 
outside the path environment that the radius server runs with (are the 
logs generating errors like "cant find snmpget" or similar ?)

Turn on as much debug info on the radius server as you can - not too sure 
about the cistron radius server but it should have flags to pass at 
startup that will increase the ammount of debug messages it sends to its 
logfiles. This may also impart clues as to whats going on.

Also check that you are not firewalling the snmp replys from the NAS (or 
even the outgoing request)

On another note, you may want to look into purchasing Radiator 
(http://www.open.com.au) - it is IMHO the best radius server out there and 
very affordable, support is excellent, the developers are active on their 
mailing lists and respond to queries within minuites and it is highly 
configurable with excellend debug output. It also runs well with Redhat 
7.x, 8 and 9


On Tue, 9 Mar 2004, Nabin Limbu wrote:

> Hi,
> Sorry for asking an off topic question. But its really important for me.
> I have gone throught the mailing list of radiusd-cistron but in vain.  
> I thought some one might be using radiusd-cistron and may help me.
> I am using radiusd-cistron-1.6.7 with portslave and cisco router as NAS
> in RH 9 box.
> I had no problem in RedHat 7 with the same configuration but in RedHat
> 9.0, radius can't restrict multiple connections.
> I have also gone through the manual of simultaneous connection but
> didn't help me much. I have checked the secret key and snmp key both in
> my NAS and in /etc/clients and they are also same.
> How can I solve this problem? Is there any way to diagonise the problem
> further?
> Below are the configuration of my radius server. Did I leave any thing
> in the configuration part?
> 1) /etc/naslist
> -----------------
>          access          cisco
>          access          portslave
> localhost		access		portslave
> 2) /etc/clients
> ---------------                                                                   
>          secretkey1
>          secretkey2
> localhost		secretkey2
> 3) /etc/huntgroups
> ---------------------
> cisco           NAS-IP-Address =
> portslave1      NAS-IP-Address =, NAS-Port-Id = 0-3
> portslave2      NAS-IP-Address =, NAS-Port-Id = 5-6
> 4) /etc/raddb/users
> ----------------------
> # Restrict email users from dialing into cisco ports
> DEFAULT Group = "email", Huntgroup-Name = "cisco", Auth-Type = Reject
>         Reply-Message = "Email users are not allowed to dial in this number",
>         Fall-Through = No
> # Allow email users from dialing into portslave prots (C4 - C6)
> DEFAULT Group = "email", Huntgroup-Name = "portslave2", Auth-Type = System, Simultaneous-Use = 1
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-Routing = None,
>         Fall-Through = No
> # Default setting for all remaining users
> DEFAULT Auth-Type = System, Simultaneous-Use = 1
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>        Framed-Routing = None
> Hoping for your kind support.
> With Regards
> Nabin Limbu

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]