FW: Trouble with HTTPS and mod_auth_radius

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

FW: Trouble with HTTPS and mod_auth_radius

Zawacki Jason D Contr AFRL/IFOS
Is there a mod_auth_radius list I can direct this question to?

Thanks,
Jason

-----Original Message-----
From: Zawacki Jason D Contr AFRL/IFOS
Sent: Monday, June 06, 2005 11:43 AM
To: '[hidden email]'
Subject: Trouble with HTTPS and mod_auth_radius

Hey folks,
 
I'm having trouble getting my configuration to work with SSL enabled in
apache 1.3.33 using mod_auth_radius (mod_auth_radius.c,v 1.15 2003/03/24
19:16:15).  This same setup works fine when SSL is not enabled.  If I go to
the page I've configured for radius auth, I get an Internal Server Error.
I've shut off all other authentications for this location (NTLM) and the
mod_auth module is not being activated.  Even so, the apache error log
indicates that it is looking for a user file as if I were using mod_auth.
Here is my setup:
 
...
LoadModule radius_auth_module   libexec/mod_auth_radius.so
...
#AddModule mod_auth.c
...
AddModule mod_auth_radius.c
...
AddRadiusAuth   X.X.X.X:1812 XXXXXXXXXXXXXXXXXXXXXX
AddRadiusCookieValid    5
...
<Location /test-radius>
AllowOverride None
order allow,deny
allow from all
 
AuthName "RRS Radius test"
AuthType Basic
NTLMAuthoritative off
NTLMAuth off
NTLMBasicAuth off
AuthRadiusAuthoritative on
AuthRadiusActive on
require valid-user
</Location>

Like I said, the same setup works fine for a non-SSL URL, which puzzles me
greatly.  I'm using this box to test several authentication schemes
including ldap, ntlm, and kerberos and none of demonstrated the same
behavior.

Any help is greatly appreciated.

Jason
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: FW: Trouble with HTTPS and mod_auth_radius

Alan DeKok
Zawacki Jason D Contr AFRL/IFOS <[hidden email]> wrote:
> Is there a mod_auth_radius list I can direct this question to?

  Not really.  This list is good enough.

> Like I said, the same setup works fine for a non-SSL URL, which puzzles me
> greatly.  I'm using this box to test several authentication schemes
> including ldap, ntlm, and kerberos and none of demonstrated the same
> behavior.

  I'd love to know why.  When I wrote mod_auth_radius, there was
little documentation about the internals of Apache.  So the module may
not "do the right thing".

  At this point, it may be worth re-writing the module to follow the
outline of one which does work, and just change "ntlm" to "radius",
for example.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: FW: Trouble with HTTPS and mod_auth_radius

Cris Boisvert
That would be great.. I tried to work with mod_auth_radius and couldn't get
it to go a while back and really wanted have a site that was only available
to Authenticated users.
(just my 2 cents)
I was trying it out on macs running apache..(That could have been the
problem)

 

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Alan
DeKok
Sent: Thursday, June 09, 2005 3:56 PM
To: FreeRadius users mailing list
Subject: Re: FW: Trouble with HTTPS and mod_auth_radius

Zawacki Jason D Contr AFRL/IFOS <[hidden email]> wrote:
> Is there a mod_auth_radius list I can direct this question to?

  Not really.  This list is good enough.

> Like I said, the same setup works fine for a non-SSL URL, which
> puzzles me greatly.  I'm using this box to test several authentication
> schemes including ldap, ntlm, and kerberos and none of demonstrated
> the same behavior.

  I'd love to know why.  When I wrote mod_auth_radius, there was little
documentation about the internals of Apache.  So the module may not "do the
right thing".

  At this point, it may be worth re-writing the module to follow the outline
of one which does work, and just change "ntlm" to "radius", for example.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005
 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html