[OpenSIPS-Users] No RADIUS traffic

Leon Li Leon.Li at aarnet.edu.au
Fri Jun 5 02:37:07 CEST 2009 

There is no such a file in the directory. Will it be generated by
radiusclient-ng?

Also, the radiusclient.conf shows:
> # program to call for a RADIUS authenticated login
> 
> login_radius    /usr/local/sbin/login.radius

I checked /usr/local/sbin/login.radius, but it is only a dummy script.
How it can be changed?

Thanks,
Leon 

-----Original Message-----
From: Uwe Kastens [mailto:kiste at kiste.org] 
Sent: Thursday, 4 June 2009 5:12 PM
To: Leon Li
Cc: users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] No RADIUS traffic

Hi,

If I remember it correctly I had the same problem some day and it was
caused by wrong permissions on /var/run/radius.seq.

Just a guess

BR

Uwe


Leon Li schrieb:
> Hi,
> 
>  
> 
> I am try to use RADIUS server. However, after configuration, I found
> there is no RADIUS traffic at all.
> 
>  
> 
> Log shows:
> 
> Jun  4 06:45:59  /usr/local/sbin/openser[396]: rc_avpair_new: unknown
> attribute 5
> 
> Jun  4 06:45:59  /usr/local/sbin/openser[396]:
> ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
> 
>  
> 
> But nothing on RADIUS server end.
> 
>  
> 
> OpenSIPs + radiusclient-ng on one box and RADIUS is on another.
> 
>  
> 
> My radiusclient.conf is like:
> 
>  
> 
> # General settings
> 
>  
> 
> # specify which authentication comes first respectively which
> 
> # authentication is used. possible values are: "radius" and "local".
> 
> # if you specify "radius,local" then the RADIUS server is asked
> 
> # first then the local one. if only one keyword is specified only
> 
> # this server is asked.
> 
> auth_order      radius,local
> 
>  
> 
> # maximum login tries a user has
> 
> login_tries     4
> 
>  
> 
> # timeout for all login tries
> 
> # if this time is exceeded the user is kicked out
> 
> login_timeout   60
> 
>  
> 
> # name of the nologin file which when it exists disables logins.
> 
> # it may be extended by the ttyname which will result in
> 
> # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
> 
> # logins on /dev/ttyS2)
> 
> nologin /etc/nologin
> 
>  
> 
> # name of the issue file. it's only display when no username is passed
> 
> # on the radlogin command line
> 
> issue   /usr/local/etc/radiusclient-ng/issue
> 
>  
> 
> # RADIUS settings
> 
>  
> 
> # RADIUS server to use for authentication requests. this config
> 
> # item can appear more then one time. if multiple servers are
> 
> # defined they are tried in a round robin fashion if one
> 
> # server is not answering.
> 
> # optionally you can specify a the port number on which is remote
> 
> # RADIUS listens separated by a colon from the hostname. if
> 
> # no port is specified /etc/services is consulted of the radius
> 
> # service. if this fails also a compiled in default is used.
> 
> authserver      202.158.212.103:1812
> 
>  
> 
> # RADIUS server to use for accouting requests. All that I
> 
> # said for authserver applies, too.
> 
> #
> 
> acctserver      202.158.212.103:1813
> 
>  
> 
> # file holding shared secrets used for the communication
> 
> # between the RADIUS client and server
> 
> servers         /usr/local/etc/radiusclient-ng/servers
> 
>  
> 
> # dictionary of allowed attributes and values
> 
> # just like in the normal RADIUS distributions
> 
> dictionary      /usr/local/etc/radiusclient-ng/dictionary
> 
>  
> 
> # program to call for a RADIUS authenticated login
> 
> login_radius    /usr/local/sbin/login.radius
> 
>  
> 
> # file which holds sequence number for communication with the
> 
> # RADIUS server
> 
> seqfile         /var/run/radius.seq
> 
>  
> 
> # file which specifies mapping between ttyname and NAS-Port attribute
> 
> mapfile         /usr/local/etc/radiusclient-ng/port-id-map
> 
>  
> 
> # default authentication realm to append to all usernames if no
> 
> # realm was explicitly specified by the user
> 
> # the radiusd directly form Livingston doesnt use any realms, so leave
> 
> # it blank then
> 
> default_realm
> 
> #aarnet.edu.au
> 
>  
> 
> # time to wait for a reply from the RADIUS server
> 
> radius_timeout  10
> 
>  
> 
> # resend request this many times before trying the next server
> 
> radius_retries  3
> 
>  
> 
> # local address from which radius packets have to be sent
> 
> bindaddr *
> 
>  
> 
> # LOCAL settings
> 
>  
> 
> # program to execute for local login
> 
> # it must support the -f flag for preauthenticated login
> 
> login_local     /bin/login
> 
>  
> 
> Any suggestion will be appreciated.
> 
>  
> 
> Thanks
> 
> Leon
> 
>  
> 
>  
> 
> 
>
------------------------------------------------------------------------
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


-- 

kiste lat: 54.322684, lon: 10.13586

More information about the Users mailing list