[RADIATOR] the use of TunnelledByTTLS=0 changed?

2011-05-23 Thread Roel Hoek 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

We are in a process of migrating our radius servers to another host. On
the old host we are running Radiator 3.17.1. On de new host we run 4.8

On the old server we make use of TunnelledByTTLS=0 to differentiate
between inner (TTLS,PEAP) and outer EAP authentication.:



EAPType TTLS,PEAP

EAPTLS_CAFile /etc/radiator/pki/CAs/661141457_chain.pem
.
.
.




.
.




.
.


It looks like TunnelledByTTLS is not set anymore and the right handler
can not be selected.

The problem can easily solved by changing the Handler order and remove
Handler check attribute TunnelledByTTLS=0.



- -- 

regards,

Roel Hoek
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands
Telephone +31 53 489 4598, Fax +31 53 489 2383
r.h.h...@utwente.nl; http://www.utwente.nl/icts
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3aLPMACgkQJwlRSGnYBcY8YwCgpuTTMYrwSZUYIDLyMvboB+up
NM4AnRZ7sAVwkmhGmXPPA1ZDAUlBcNoQ
=lUP4
-END PGP SIGNATURE-
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] the use of TunnelledByTTLS=0 changed?

2011-05-23 Thread Heikki Vatiainen 
On 05/23/2011 12:46 PM, Roel Hoek wrote:

> We are in a process of migrating our radius servers to another host. On
> the old host we are running Radiator 3.17.1. On de new host we run 4.8
> 
> On the old server we make use of TunnelledByTTLS=0 to differentiate
> between inner (TTLS,PEAP) and outer EAP authentication.:

You are correct, somewhere between 3.17.1 and 4.8 Handler check changed.

Note that even with 3.17.1 TunnelledByTTLS was never 0. It was either
not defined at all (undef) or had a value that was larger than 0. So it
was a bit incorrect to make the implication that if TunnelledByTTLS can
be 1, it can also be 0.

The solution you have found (reorder handlers and remove
TunnelledByTTLS=0) is correct and will work also with older versions
including 3.17.1.

Thanks for highlighting this change!
Heikki


>  Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByTTLS=0>
> 
> EAPType TTLS,PEAP
> 
> EAPTLS_CAFile /etc/radiator/pki/CAs/661141457_chain.pem
> .
> .
> .
> 
> 
> 
>  Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByTTLS=1>
> .
> .
> 
> 
> 
>  Client-Identifier=/^WLAN-ID$|^LOCALHOST-ID$/,TunnelledByPEAP=1>
> .
> .
> 
> 
> It looks like TunnelledByTTLS is not set anymore and the right handler
> can not be selected.
> 
> The problem can easily solved by changing the Handler order and remove
> Handler check attribute TunnelledByTTLS=0.
> 
> 
> 
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] linux init script patch

2011-05-23 Thread Heikki Vatiainen 
On 05/20/2011 12:01 PM, Alexander Hartmaier wrote:

> In my endless quest for a working init script to ease config for new
> users here's a patch against Radiator-4.8 + patches from today (this
> includes two patches to the linux init script).

Thanks. I have added this to the list to check before next release.
Making startup scripts and RPMS universal seems to be an endless quest
from what I have seen :)

> This is to make it work on a Debian 6 box with Radiator installed with
> perl Makefile.PL; make install which installs into /usr/local/bin and
> not /usr/bin as the default init script points at.
> I assume that the rpm installs a working init script so the one in the
> goodies dir should work for people installing from the tar.gz.

Good point. The locations are different. The script that comes with RPM
is currently the same as goodies/linux-radiator.init.

> Also as I pointed out before the pid file should be in the /var/run dir
> to be LSB conform.
> If you want to run radiator as non-root it has to go in a /var/run
> subdir that is owned or at least writeable by the user.

Running as non-root might be the reason why the pid file is in the log
directory by default. Permissions for log files have to match the user
radiusd runs on, so this makes the log dir very convenient place to have
the pid file too.

As an example, a quick look at Ubuntu 10.04 shows its /var/run is a
tmpfs and the startup scripts seem to need code to create the
subdirectry during every boot.

It's certainly possible to change to /var/run, but it is a bit hard to
say how difficult it is to do universally.

> Please also take a look at my mail from the 24th January!

Thanks, I will make a note of that too.

> I've also added an error message if the radiator binary can't be
> executed, occured for me because it couldn't be found at all, maybe a -f
> check should go in there before the -x.

Printing out the expected location might be useful here too.

> Cheers, Alex

Thanks again, Alex!

Heikki


> root@radiator:/etc/init.d# diff -u radiator
> /root/Radiator-4.8/goodies/linux-radiator.init
> --- radiator2011-05-20 10:58:06.0 +0200
> +++ /root/Radiator-4.8/goodies/linux-radiator.init2011-05-19
> 23:36:28.0 +0200
> @@ -6,7 +6,7 @@
>   # chkconfig: 2345 90 15
>   # description: radiator is the radius daemon required for RAS AAA.
>   # processname: /usr/bin/radiusd
> -# pidfile: /var/run/radiator.pid
> +# pidfile: /var/log/radius/radiusd.pid
>   # config: /etc/radiator/radius.cfg
>   # config: /etc/sysconfig/radiator
>   #
> @@ -41,9 +41,9 @@
> 
>   [ -f "${SYSCONFIG}" ] && . "${SYSCONFIG}"
> 
> -[ -z "${RADIUSD}" ] && RADIUSD=/usr/local/bin/radiusd
> +[ -z "${RADIUSD}" ] && RADIUSD=/usr/bin/radiusd
>   [ -z "${RADIATOR_CONFIG}" ] && RADIATOR_CONFIG=/etc/radiator/radius.cfg
> -[ -z "${RADIUSD_PIDFILE}" ] && RADIUSD_PIDFILE="/var/run/radiator.pid"
> +[ -z "${RADIUSD_PIDFILE}" ] &&
> RADIUSD_PIDFILE="/var/log/radius/radiusd.pid"
>   [ -z "${RADIATOR_ARGS}" ] && RADIATOR_ARGS=""
>   [ -z "${RADIUSD_ARGS}" ] && RADIUSD_ARGS="-pid_file $RADIUSD_PIDFILE
> -config_file $RADIATOR_CONFIG -daemon $RADIATOR_ARGS"
> 
> @@ -60,10 +60,7 @@
>   elif  [ -x /sbin/start-stop-daemon ]; then
>   # Debian
>   STARTPROC="/sbin/start-stop-daemon --start --pidfile
> ${RADIUSD_PIDFILE} --exec $RADIUSD -- $RADIUSD_ARGS"
> -CHECKPROC=
> -if [ -f ${RADIUSD_PIDFILE} ]; then
>   CHECKPROC="ps -fp `cat ${RADIUSD_PIDFILE}`"
> -fi
>   KILLPROC="/sbin/start-stop-daemon --stop --pidfile ${RADIUSD_PIDFILE}"
>   RELOADPROC="/sbin/start-stop-daemon --stop --signal HUP --pidfile
> ${RADIUSD_PIDFILE}"
>   TRACEUPPROC="/sbin/start-stop-daemon --stop --signal USR1 --pidfile
> ${RADIUSD_PIDFILE}"
> @@ -93,7 +90,6 @@
>   fi
> 
>   if [ ! -x $RADIUSD ]; then
> -echo Unable to find executable radiusd binary!
>   exit 0
>   fi
> 
> 
> 
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH   Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be 
> privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.

[RADIATOR] After RPM update radiator can't be stopped

2011-05-23 Thread W.Siebert 
Hello,

till yesterday we had Radiator 4.7-3 on our mashine.

After update to 4.8:


rpm -Uvh Radiator-4.8-1.noarch.rpm

radiator can't be stopped:



/etc/init.d/radiator restart
Shutting down Radiator: pidof: invalid options on command line!

In messages:
VMRHEL01 radiator: -p shutdown failed
VMRHEL01 radiator: radiusd startup succeeded

can you help please



Kind regards
Waldemar Siebert



___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator