[RADIATOR] Async Auth by Thrift
Hi all, I have a custom Auth module to call a few internal API checks via the THRIFT protocol. Unfortunately it currently processes everything in the handle_request sub and is therefore synchronous. Does anyone have a good layout or existing Auth module to study for an asynchronous method of communication? I have looked though the AuthRADIUS module but it's pretty complex and I can't see where to start... Many thanks, Tim Jones *Platform Engineering * ** ** tim.jo...@fon.com Skype: Tim.Jones.Fon C/ Quintanavides 15. Edificio 2, Planta 1ª Parque Empresarial Vía Norte, de Metrovacesa 28050 Las Tablas. Madrid ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] AuthBy FILE
Hello, I'm trying to get authentication set up against eDirectory via LDAP, but wanted to start by seeing if I could get AuthBy FILE to work first. When I attempt to connect with a Windows 7 laptop, I see the following in the logfile. I'm using the eap_peap.cfg file and a Trapeze MX-200 as the authenticator. Any suggestions appreciated. Dan Tue Aug 6 15:39:07 2013: DEBUG: Packet dump: *** Received from 172.16.240.2 port 20009 Code: Access-Request Identifier: 214 Authentic: an<4><249>@J<4>Zd<229>e1Z#<0>Y Attributes: NAS-Port-Id = "AP10/1" Calling-Station-Id = "64-80-99-1E-3F-FC" Called-Station-Id = "00-0B-0E-B5-8A-44:NWHSU-Test" Service-Type = Framed-User User-Name = "dprill" NAS-Port = 23410 EAP-Message = <2><6><0>&<17><1><0><24><232><209><188>2<242><218><148>`H<213><193><174><224><244><193><251><12>5<130><200><179>'<170><190>dprill NAS-Port-Type = Wireless-IEEE-802-11 NAS-IP-Address = 172.16.240.2 NAS-Identifier = "Trapeze" Message-Authenticator = 3<243><30><188>j<159><166><232><9><151><157>>2<170><194><237> Tue Aug 6 15:39:07 2013: DEBUG: Handling request with Handler '', Identifier '' Tue Aug 6 15:39:07 2013: DEBUG: Deleting session for dprill, 172.16.240.2, 23410 Tue Aug 6 15:39:07 2013: DEBUG: Handling with Radius::AuthFILE: Tue Aug 6 15:39:07 2013: DEBUG: Handling with EAP: code 2, 6, 38, 17 Tue Aug 6 15:39:07 2013: DEBUG: Response type 17 Tue Aug 6 15:39:07 2013: DEBUG: Radius::AuthFILE looks for match with dprill [dprill] Tue Aug 6 15:39:07 2013: DEBUG: Radius::AuthFILE ACCEPT: : dprill [dprill] Tue Aug 6 15:39:07 2013: DEBUG: EAP result: 3, Wait for peer challenge Tue Aug 6 15:39:07 2013: DEBUG: AuthBy FILE result: CHALLENGE, Wait for peer challenge Tue Aug 6 15:39:07 2013: DEBUG: Access challenged for dprill: Wait for peer challenge Tue Aug 6 15:39:07 2013: DEBUG: Packet dump: *** Sending to 172.16.240.2 port 20009 Code: Access-Challenge Identifier: 214 Authentic: b<28>8<12><25><31><137>D<141><130><150>%g<10>h<185> Attributes: EAP-Message = <3><6><0><4> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Async Auth by Thrift
On 08/06/2013 01:46 PM, Tim Jones wrote: > Does anyone have a good layout or existing Auth module to study for an > asynchronous method of communication? I have looked though the > AuthRADIUS module but it's pretty complex and I can't see where to start... See AuthDUO.pm in the latest 4.11 patches. It's a new module that does asynchronous communication. Thanks, Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy FILE
Hi No response from the client. What do you see on the client? Windows clients are fussy about their certificates (on that the cert needs to have particular attributes) does your cert match the requirements? alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy FILE
On 08/07/2013 12:11 AM, Dan Prill wrote: > I'm trying to get authentication set up against eDirectory via LDAP, but > wanted to start by seeing if I could get AuthBy FILE to work first. When > I attempt to connect with a Windows 7 laptop, I see the following in the > logfile. I'm using the eap_peap.cfg file and a Trapeze MX-200 as the > authenticator. Any suggestions appreciated. Looks like Radiator thinks you are using LEAP, EAP method 17. Radiator has successfully read the file, found the entry for the user and thinks the password is good. Now it's sending a challenge back to the client and waits the client to respond. Since you mentioned PEAP and Radiator responds with LEAP, maybe there's a configuration mismatch somewhere? Thanks, Heikki > Tue Aug 6 15:39:07 2013: DEBUG: Packet dump: > *** Received from 172.16.240.2 port 20009 > Code: Access-Request > Identifier: 214 > Authentic: an<4><249>@J<4>Zd<229>e1Z#<0>Y > Attributes: > NAS-Port-Id = "AP10/1" > Calling-Station-Id = "64-80-99-1E-3F-FC" > Called-Station-Id = "00-0B-0E-B5-8A-44:NWHSU-Test" > Service-Type = Framed-User > User-Name = "dprill" > NAS-Port = 23410 > EAP-Message = > <2><6><0>&<17><1><0><24><232><209><188>2<242><218><148>`H<213><193><174><224><244><193><251><12>5<130><200><179>'<170><190>dprill > NAS-Port-Type = Wireless-IEEE-802-11 > NAS-IP-Address = 172.16.240.2 > NAS-Identifier = "Trapeze" > Message-Authenticator = > 3<243><30><188>j<159><166><232><9><151><157>>2<170><194><237> > > Tue Aug 6 15:39:07 2013: DEBUG: Handling request with Handler '', > Identifier '' > Tue Aug 6 15:39:07 2013: DEBUG: Deleting session for dprill, > 172.16.240.2, 23410 > Tue Aug 6 15:39:07 2013: DEBUG: Handling with Radius::AuthFILE: > Tue Aug 6 15:39:07 2013: DEBUG: Handling with EAP: code 2, 6, 38, 17 > Tue Aug 6 15:39:07 2013: DEBUG: Response type 17 > Tue Aug 6 15:39:07 2013: DEBUG: Radius::AuthFILE looks for match with > dprill [dprill] > Tue Aug 6 15:39:07 2013: DEBUG: Radius::AuthFILE ACCEPT: : dprill [dprill] > Tue Aug 6 15:39:07 2013: DEBUG: EAP result: 3, Wait for peer challenge > Tue Aug 6 15:39:07 2013: DEBUG: AuthBy FILE result: CHALLENGE, Wait for > peer challenge > Tue Aug 6 15:39:07 2013: DEBUG: Access challenged for dprill: Wait for > peer challenge > Tue Aug 6 15:39:07 2013: DEBUG: Packet dump: > *** Sending to 172.16.240.2 port 20009 > Code: Access-Challenge > Identifier: 214 > Authentic: b<28>8<12><25><31><137>D<141><130><150>%g<10>h<185> > Attributes: > EAP-Message = <3><6><0><4> > Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
