In a real tizz with digest.

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

In a real tizz with digest.

Iandc Davies
All, ( Apologies for the size of the is mail before beginning :-)

Have already got this working once. I inserted an extra printf statement in
the radclient.c file yesterday and remade
just to get extra information. Ever since then its decided not to play ball
even after a reboot and backing out the change.

Now in a real mess and have resorted to clearing out and starting from
fresh with a newly downloaded 1.0.4.tar.gz from the site.

The following procedures were followed (all as root user on a Linux
2.4.20-31.9smp box):
      tar zxvf <of tarball>
in freeradius-1.0.4. directory run ./configure --localstatedir=/var
--sysconfdir=/etc

run make command.
run make install command.

tested installation by running radiusd.
output : "Fri Sep  2 09:57:32 2005 : Info: Starting - reading configuration
files ..."

stopped process with 'kill -9'

Copied dictionary file from an old server version (0.8.1) - file available
at bottom of mail
ran radiusd -X
Found anomolies in file (i.e. duplictate entries for some VALUE statements)
and deleted.

Read $FREERADIUSHOME/doc/rlm_digest
document specified the following:

1. In the /etc/raddb/users file insert entry as below :-
Auth-Type := Digest, User-Password = "test"
            Reply-Message = "Hello, test with Digest"

- - uname started at column zero with a <tab> to Auth-Type - -

2. Initiate radclient with a file called digest (i.e. radclient -f digest
localhost auth testing123)
      User-Name = "test",
      Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7",
      Digest-Realm = "testrealm",
      Digest-Nonce = "1234abcd",
      Digest-Method = "INVITE",
      Digest-URI = "sip:[hidden email]",
      Digest-Algorithm = "MD5",
      Digest-User-Name = "test"

Changed user-name from test to root in both files and user-password to
root-password in users.

Also amended the '=' to ':=' as per Alan's previous mails.

Ran radiusd -X in an xterm with the following output below:

Can't find the 'unexpected comma !! and its driving me crazy.

Cheers in advance.

==========================================================
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/var"
 main: logdir = "/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
 unix: cache = no
 unix: passwd = "/etc/passwd"
 unix: shadow = "(null)"
 unix: group = "/etc/group"
 unix: radwtmp = "/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/etc/raddb/huntgroups"
 preprocess: hints = "/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/etc/raddb/users"
 files: acctusersfile = "/etc/raddb/acct_users"
 files: preproxy_usersfile = "/etc/raddb/preproxy_users"
 files: compat = "no"
/etc/raddb/users[91]: Unexpected trailing comma in check item list for
entry root
Errors reading /etc/raddb/users
radiusd.conf[1035]: files: Module instantiation failed.
====================================================================

Current radiusd.conf file.

=====================================================================
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct

confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd

log_file = ${logdir}/radius.log

libdir = ${exec_prefix}/lib

pidfile = ${run_dir}/radiusd.pid

#user = nobody
#group = nobody

max_request_time = 30

delete_blocked_requests = no

cleanup_delay = 5

max_requests = 1024

bind_address = *

port = 0

#listen {
#       ipaddr = *
#       port = 0
#       type = auth
#}

hostname_lookups = no

allow_core_dumps = no

regular_expressions     = yes
extended_expressions    = yes

log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no

usercollide = no

lower_user = no
lower_pass = no

nospace_user = no
nospace_pass = no

checkrad = ${sbindir}/checkrad

security {
        max_attributes = 200
        reject_delay = 1
        status_server = no
}

proxy_requests  = yes
$INCLUDE  ${confdir}/proxy.conf

$INCLUDE  ${confdir}/clients.conf

snmp    = no
$INCLUDE  ${confdir}/snmp.conf

thread pool {
        start_servers = 5
        max_servers = 32
        min_spare_servers = 3
        max_spare_servers = 10
        max_requests_per_server = 0
}

modules {
        pap {
                encryption_scheme = crypt
        }

        chap {
#               authtype = CHAP
        }

        pam {
#               pam_auth = radiusd
        }
       unix {
                cache = no
                cache_reload = 600

                        passwd = /etc/passwd
                #       shadow = /etc/shadow
                        group = /etc/group

                radwtmp = ${logdir}/radwtmp
        }

$INCLUDE ${confdir}/eap.conf

        mschap {
#               authtype = MS-CHAP
                #use_mppe = no
                #require_encryption = yes
                #require_strong = yes
                #with_ntdomain_hack = no
                #ntlm_auth = "/path/to/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
        }

        ldap {
                server = "ldap.your.domain"
                # identity = "cn=admin,o=My Org,c=UA"
                # password = mypass
                basedn = "o=My Org,c=UA"
                filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                # base_filter = "(objectclass=radiusprofile)"

                start_tls = no

                # tls_cacertfile        = /path/to/cacert.pem
                # tls_cacertdir         = /path/to/ca/dir/
                # tls_certfile          = /path/to/radius.crt
                # tls_keyfile           = /path/to/radius.key
                # tls_randfile          = /path/to/rnd
                # tls_require_cert      = "demand"

                # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
                # profile_attribute = "radiusProfileDn"
                access_attr = "dialupAccess"

                dictionary_mapping = ${raddbdir}/ldap.attrmap

                ldap_connections_number = 5

                # password_header = "{clear}"
                # password_attribute = userPassword
                # edir_account_policy_check=no
                # groupname_attribute = cn
                # groupmembership_filter
= "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
                # groupmembership_attribute = radiusGroupName
                timeout = 4
                timelimit = 3
                net_timeout = 1
                # compare_check_items = yes
                # do_xlat = yes
                # access_attr_used_for_allow = yes
        }

        #
        #passwd etc_smbpasswd {
        #       filename = /etc/smbpasswd
        #       format
= "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
        #       authtype = MS-CHAP
        #       hashsize = 100
        #       ignorenislike = no
        #       allowmultiplekeys = no
        #}

        #passwd etc_group {
        #       filename = /etc/group
        #       format = "=Group-Name:::*,User-Name"
        #       hashsize = 50
        #       ignorenislike = yes
        #       allowmultiplekeys = yes
        #       delimiter = ":"
        #}

        realm IPASS {
                format = prefix
                delimiter = "/"
                ignore_default = no
                ignore_null = no
        }

        realm suffix {
                format = suffix
                delimiter = "@"
                ignore_default = no
                ignore_null = no
        }
       realm realmpercent {
                format = suffix
                delimiter = "%"
                ignore_default = no
                ignore_null = no
        }

        realm ntdomain {
                format = prefix
                delimiter = "\\"
                ignore_default = no
                ignore_null = no
        }

        checkval {
                item-name = Calling-Station-Id
                check-name = Calling-Station-Id
                data-type = string
                #notfound-reject = no
        }

        #
        #attr_rewrite sanecallerid {
        #       attribute = Called-Station-Id
                # may be "packet", "reply", "proxy", "proxy_reply" or
"config"
        #       searchin = packet
        #       searchfor = "[+ ]"
        #       replacewith = ""
        #       ignore_case = no
        #       new_attribute = no
        #       max_matches = 10
        #       ## If set to yes then the replace string will be appended
to the original string
        #       append = no
        #}

        preprocess {
                huntgroups = ${confdir}/huntgroups
                hints = ${confdir}/hints

                with_ascend_hack = no
                ascend_channels_per_line = 23

                with_ntdomain_hack = no

                with_specialix_jetstream_hack = no

                #  H323-Attribute = "value"
                with_cisco_vsa_hack = no
        }
       files {
                usersfile = ${confdir}/users
                acctusersfile = ${confdir}/acct_users
                preproxy_usersfile = ${confdir}/preproxy_users

                #  If you want to use the old Cistron 'users' file
                #  with FreeRADIUS, you should change the next line
                #  to 'compat = cistron'.  You can the copy your 'users'
                #  file from Cistron.
                compat = no
        }

        detail {
                detailfile
= ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
                detailperm = 0600
        }

        # detail auth_log {
                # detailfile
= ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
                # detailperm = 0600
        # }

        # detail reply_log {
                # detailfile
= ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
                # detailperm = 0600
        # }
        # detail pre_proxy_log {
                # detailfile
= ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d

                # detailperm = 0600
        # }
        # detail post_proxy_log {
                # detailfile
= ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d

                #
                #  This MUST be 0600, otherwise anyone can read
                #  the users passwords!
                # detailperm = 0600
        # }

        acct_unique {
                key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
        }

        $INCLUDE  ${confdir}/sql.conf
        radutmp {
                filename = ${logdir}/radutmp
                username = %{User-Name}
                case_sensitive = yes
                check_with_nas = yes
                perm = 0600
                callerid = "yes"
        }

        radutmp sradutmp {
                filename = ${logdir}/sradutmp
                perm = 0644
                callerid = "no"
        }

        attr_filter {
                attrsfile = ${confdir}/attrs
        }
        counter daily {
                filename = ${raddbdir}/db.daily
                key = User-Name
                count-attribute = Acct-Session-Time
                reset = daily
                counter-name = Daily-Session-Time
                check-name = Max-Daily-Session
                allowed-servicetype = Framed-User
                cache-size = 5000
        }

        always fail {
                rcode = fail
        }
        always reject {
                rcode = reject
        }
        always ok {
                rcode = ok
                simulcount = 0
                mpp = no
        }

        expr {
        }

        digest {
        }
       exec {
                wait = yes
                input_pairs = request
        }

        exec echo {
                wait = yes
                program = "/bin/echo %{User-Name}"
                input_pairs = request
                output_pairs = reply
                #packet_type = Access-Accept
        }

        ippool main_pool {
                range-start = 192.168.1.1
                range-stop = 192.168.3.254
                netmask = 255.255.255.0
                cache-size = 800
                session-db = ${raddbdir}/db.ippool
                ip-index = ${raddbdir}/db.ipindex
                override = no
                # entry may be active. Default: 0
                maximum-timeout = 0
        }

        # $INCLUDE  ${confdir}/x99.conf
}

instantiate {
        exec
        expr
#       daily
}
authorize {
        preprocess
#       auth_log
#       attr_filter
#       chap
#       mschap
#       digest
#       IPASS
        suffix
#       ntdomain
        eap
        files
#       sql
#       etc_smbpasswd
#       ldap
#       daily
#       checkval
}

authenticate {
        Auth-Type PAP {
#               pap
        }
        Auth-Type CHAP {
#               chap
        }
        Auth-Type MS-CHAP {
#               mschap
        }

#       digest
#       pam
        unix
#       Auth-Type LDAP {
#               ldap
#       }
        eap
}

preacct {
        preprocess
        acct_unique
#       IPASS
        suffix
#       ntdomain
        files
}
accounting {
        detail
#       daily
        unix
        radutmp
#       sradutmp
#       main_pool
#       sql
#       pgsql-voip
}

session {
        radutmp
#       sql
}

post-auth {
#       main_pool
#       reply_log
#       sql
#       ldap
#       Post-Auth-Type REJECT {
#               insert-module-name-here
#       }

}

pre-proxy {
#       attr_rewrite
#       files
#       pre_proxy_log
}

post-proxy {
#       post_proxy_log
#       attr_rewrite
#       attr_filter
        eap
}
=======================================================================
Current dictionary file
=======================================================================
#
#     Following are the proper new names. Use these.
#
ATTRIBUTE   User-Name         1     string
ATTRIBUTE   User-Password           2     string encrypt=1
ATTRIBUTE   CHAP-Password           3     octets
ATTRIBUTE   NAS-IP-Address          4     ipaddr
ATTRIBUTE   NAS-Port          5     integer
ATTRIBUTE   Service-Type            6     integer
ATTRIBUTE   Framed-Protocol         7     integer
ATTRIBUTE   Framed-IP-Address 8     ipaddr
ATTRIBUTE   Framed-IP-Netmask 9     ipaddr
ATTRIBUTE   Framed-Routing          10    integer
ATTRIBUTE   Filter-Id         11    string
ATTRIBUTE   Framed-MTU        12    integer
ATTRIBUTE   Framed-Compression      13    integer
ATTRIBUTE   Login-IP-Host           14    ipaddr
ATTRIBUTE   Login-Service           15    integer
ATTRIBUTE   Login-TCP-Port          16    integer
ATTRIBUTE   Reply-Message           18    string
ATTRIBUTE   Callback-Number         19    string
ATTRIBUTE   Callback-Id       20    string
ATTRIBUTE   Framed-Route            22    string
ATTRIBUTE   Framed-IPX-Network      23    ipaddr
ATTRIBUTE   State             24    octets
ATTRIBUTE   Class             25    octets
ATTRIBUTE   Vendor-Specific         26    octets
ATTRIBUTE   Session-Timeout         27    integer
ATTRIBUTE   Idle-Timeout            28    integer
ATTRIBUTE   Termination-Action      29    integer
ATTRIBUTE   Called-Station-Id 30    string
ATTRIBUTE   Calling-Station-Id      31    string
ATTRIBUTE   NAS-Identifier          32    string
ATTRIBUTE   Proxy-State       33    octets
ATTRIBUTE   Login-LAT-Service 34    string
ATTRIBUTE   Login-LAT-Node          35    string
ATTRIBUTE   Login-LAT-Group         36    octets
ATTRIBUTE   Framed-AppleTalk-Link   37    integer
ATTRIBUTE   Framed-AppleTalk-Network 38   integer
ATTRIBUTE   Framed-AppleTalk-Zone   39    string
ATTRIBUTE   Acct-Status-Type  40    integer
ATTRIBUTE   Acct-Delay-Time         41    integer
ATTRIBUTE   Acct-Input-Octets 42    integer
ATTRIBUTE   Acct-Output-Octets      43    integer
ATTRIBUTE   Acct-Session-Id         44    string
ATTRIBUTE   Acct-Authentic          45    integer
ATTRIBUTE   Acct-Session-Time 46    integer
ATTRIBUTE       Acct-Input-Packets  47    integer
ATTRIBUTE       Acct-Output-Packets 48    integer
ATTRIBUTE   Acct-Terminate-Cause    49    integer
ATTRIBUTE   Acct-Multi-Session-Id   50    string
ATTRIBUTE   Acct-Link-Count         51    integer
ATTRIBUTE   Acct-Input-Gigawords    52      integer
ATTRIBUTE   Acct-Output-Gigawords   53      integer
ATTRIBUTE   Event-Timestamp         55      date
ATTRIBUTE   CHAP-Challenge          60    string
ATTRIBUTE   NAS-Port-Type           61    integer
ATTRIBUTE   Port-Limit        62    integer
ATTRIBUTE   Login-LAT-Port          63    integer
ATTRIBUTE   Acct-Tunnel-Connection  68    string
ATTRIBUTE   ARAP-Password           70      string
ATTRIBUTE   ARAP-Features           71      string
ATTRIBUTE   ARAP-Zone-Access        72      integer
ATTRIBUTE   ARAP-Security           73      integer
ATTRIBUTE   ARAP-Security-Data      74      string
ATTRIBUTE   Password-Retry          75      integer
ATTRIBUTE   Prompt                  76      integer
ATTRIBUTE   Connect-Info            77    string
ATTRIBUTE   Configuration-Token     78    string
ATTRIBUTE   EAP-Message       79    string
ATTRIBUTE   Message-Authenticator   80    octets
ATTRIBUTE   ARAP-Challenge-Response 84    string      # 10 octets
ATTRIBUTE   Acct-Interim-Interval   85      integer
ATTRIBUTE   NAS-Port-Id       87    string
ATTRIBUTE   Framed-Pool       88    string
ATTRIBUTE   NAS-IPv6-Address  95    octets      # really IPv6
ATTRIBUTE   Framed-Interface-Id     96    octets      # 8 octets
ATTRIBUTE   Framed-IPv6-Prefix      97    octets      # stupid format
ATTRIBUTE   Login-IPv6-Host         98    octets      # really IPv6
ATTRIBUTE   Framed-IPv6-Route 99    string
ATTRIBUTE   Framed-IPv6-Pool  100   string
ATTRIBUTE   Digest-Response         206   string
ATTRIBUTE   Digest-Attributes 207   octets

ATTRIBUTE   Fall-Through            500   integer
ATTRIBUTE   Exec-Program            502   string
ATTRIBUTE   Exec-Program-Wait 503   string

ATTRIBUTE   User-Category           1029  string
ATTRIBUTE   Group-Name        1030  string
ATTRIBUTE   Huntgroup-Name          1031  string
ATTRIBUTE   Simultaneous-Use  1034  integer
ATTRIBUTE   Strip-User-Name         1035  integer
ATTRIBUTE   Hint              1040  string
ATTRIBUTE   Pam-Auth          1041  string
ATTRIBUTE   Login-Time        1042  string
ATTRIBUTE   Stripped-User-Name      1043  string
ATTRIBUTE   Current-Time            1044  string
ATTRIBUTE   Realm             1045  string
ATTRIBUTE   No-Such-Attribute 1046  string
ATTRIBUTE   Packet-Type       1047  integer
ATTRIBUTE   Proxy-To-Realm          1048  string
ATTRIBUTE   Replicate-To-Realm      1049  string
ATTRIBUTE   Acct-Session-Start-Time 1050  date
ATTRIBUTE   Acct-Unique-Session-Id  1051  string
ATTRIBUTE   Client-IP-Address 1052  ipaddr
ATTRIBUTE   Ldap-UserDn       1053  string
ATTRIBUTE   NS-MTA-MD5-Password     1054  string
ATTRIBUTE   SQL-User-Name           1055  string
ATTRIBUTE   LM-Password       1057  octets
ATTRIBUTE   NT-Password       1058  octets
ATTRIBUTE   SMB-Account-CTRL  1059  integer
ATTRIBUTE   SMB-Account-CTRL-TEXT   1061  string
ATTRIBUTE   User-Profile            1062  string
ATTRIBUTE   Digest-Realm            1063  string
ATTRIBUTE   Digest-Nonce            1064  string
ATTRIBUTE   Digest-Method           1065  string
ATTRIBUTE   Digest-URI        1066  string
ATTRIBUTE   Digest-QOP        1067  string
ATTRIBUTE   Digest-Algorithm  1068  string
ATTRIBUTE   Digest-Body-Digest      1069  string
ATTRIBUTE   Digest-CNonce           1070  string
ATTRIBUTE   Digest-Nonce-Count      1071  string
ATTRIBUTE   Digest-User-Name  1072  string
ATTRIBUTE   Pool-Name         1073  string
ATTRIBUTE   Ldap-Group        1074  string
ATTRIBUTE   Module-Success-Message  1075  string
ATTRIBUTE   Module-Failure-Message  1076  string
#           X99-Fast          1077  integer
ATTRIBUTE   Rewrite-Rule            1078  string
ATTRIBUTE   Sql-Group         1079  string

ATTRIBUTE   Auth-Type         1000  integer
ATTRIBUTE   Menu              1001  string
ATTRIBUTE   Termination-Menu  1002  string
ATTRIBUTE   Prefix                  1003  string
ATTRIBUTE   Suffix                  1004  string
ATTRIBUTE   Group             1005  string
ATTRIBUTE   Crypt-Password          1006  string
ATTRIBUTE   Connect-Rate            1007  integer
ATTRIBUTE   Add-Prefix        1008  string
ATTRIBUTE   Add-Suffix        1009  string
ATTRIBUTE   Expiration        1010  date
ATTRIBUTE   Autz-Type         1011  integer

VALUE       Service-Type            Login-User        1
VALUE       Service-Type            Framed-User       2
VALUE       Service-Type            Callback-Login-User     3
VALUE       Service-Type            Callback-Framed-User    4
VALUE       Service-Type            Outbound-User           5
VALUE       Service-Type            Administrative-User     6
VALUE       Service-Type            NAS-Prompt-User         7
VALUE       Service-Type            Authenticate-Only 8
VALUE       Service-Type            Callback-NAS-Prompt     9
VALUE       Service-Type            Call-Check        10
VALUE       Service-Type            Callback-Administrative 11

VALUE       Framed-Protocol         PPP               1
VALUE       Framed-Protocol         SLIP              2
VALUE       Framed-Protocol         ARAP              3
VALUE       Framed-Protocol         Gandalf-SLML            4
VALUE       Framed-Protocol         Xylogics-IPX-SLIP 5
VALUE       Framed-Protocol         X.75-Synchronous  6

VALUE       Framed-Routing          None              0
VALUE       Framed-Routing          Broadcast         1
VALUE       Framed-Routing          Listen                  2
VALUE       Framed-Routing          Broadcast-Listen  3

VALUE       Framed-Compression      None              0
VALUE       Framed-Compression      Van-Jacobson-TCP-IP     1
VALUE       Framed-Compression      IPX-Header-Compression  2
VALUE       Framed-Compression      Stac-LZS          3

VALUE       Login-Service           Telnet                  0
VALUE       Login-Service           Rlogin                  1
VALUE       Login-Service           TCP-Clear         2
VALUE       Login-Service           PortMaster        3
VALUE       Login-Service           LAT               4
VALUE       Login-Service           X25-PAD                 5
VALUE       Login-Service           X25-T3POS         6
VALUE       Login-Service           TCP-Clear-Quiet         7

VALUE       Login-TCP-Port          Telnet                  23
VALUE       Login-TCP-Port          Rlogin                  513
VALUE       Login-TCP-Port          Rsh               514

VALUE       Acct-Status-Type  Start             1
VALUE       Acct-Status-Type  Stop              2
VALUE       Acct-Status-Type  Interim-Update          3
VALUE       Acct-Status-Type  Alive             3
VALUE       Acct-Status-Type  Accounting-On           7
VALUE       Acct-Status-Type  Accounting-Off          8
#     RFC 2867 Additional Status-Type Values
VALUE       Acct-Status-Type  Tunnel-Start            9
VALUE       Acct-Status-Type  Tunnel-Stop       10
VALUE       Acct-Status-Type  Tunnel-Reject           11
VALUE       Acct-Status-Type  Tunnel-Link-Start 12
VALUE       Acct-Status-Type  Tunnel-Link-Stop  13
VALUE       Acct-Status-Type  Tunnel-Link-Reject      14

VALUE       Acct-Authentic          RADIUS                  1
VALUE       Acct-Authentic          Local             2

VALUE       Termination-Action      Default                 0
VALUE       Termination-Action      RADIUS-Request          1

VALUE       NAS-Port-Type           Async             0
VALUE       NAS-Port-Type           Sync              1
VALUE       NAS-Port-Type           ISDN              2
VALUE       NAS-Port-Type           ISDN-V120         3
VALUE       NAS-Port-Type           ISDN-V110         4
VALUE       NAS-Port-Type           Virtual                 5
VALUE       NAS-Port-Type           PIAFS             6
VALUE       NAS-Port-Type           HDLC-Clear-Channel      7
VALUE       NAS-Port-Type           X.25              8
VALUE       NAS-Port-Type           X.75              9
VALUE       NAS-Port-Type           G.3-Fax                 10
VALUE       NAS-Port-Type           SDSL              11
VALUE       NAS-Port-Type           ADSL-CAP          12
VALUE       NAS-Port-Type           ADSL-DMT          13
VALUE       NAS-Port-Type           IDSL              14
VALUE       NAS-Port-Type           Ethernet          15
VALUE       NAS-Port-Type           xDSL              16
VALUE       NAS-Port-Type           Cable             17
VALUE       NAS-Port-Type           Wireless-Other          18
VALUE       NAS-Port-Type           Wireless-802.11         19

VALUE           Acct-Terminate-Cause    User-Request            1
VALUE           Acct-Terminate-Cause    Lost-Carrier            2
VALUE           Acct-Terminate-Cause    Lost-Service            3
VALUE           Acct-Terminate-Cause    Idle-Timeout            4
VALUE           Acct-Terminate-Cause    Session-Timeout         5
VALUE           Acct-Terminate-Cause    Admin-Reset             6
VALUE           Acct-Terminate-Cause    Admin-Reboot            7
VALUE           Acct-Terminate-Cause    Port-Error              8
VALUE           Acct-Terminate-Cause    NAS-Error               9
VALUE           Acct-Terminate-Cause    NAS-Request             10
VALUE           Acct-Terminate-Cause    NAS-Reboot              11
VALUE           Acct-Terminate-Cause    Port-Unneeded           12
VALUE           Acct-Terminate-Cause    Port-Preempted          13
VALUE           Acct-Terminate-Cause    Port-Suspended          14
VALUE           Acct-Terminate-Cause    Service-Unavailable     15
VALUE           Acct-Terminate-Cause    Callback                16
VALUE           Acct-Terminate-Cause    User-Error              17
VALUE           Acct-Terminate-Cause    Host-Request            18

#VALUE            Tunnel-Type       L2TP              3
#VALUE            Tunnel-Medium-Type      IP                1

VALUE       Prompt                  No-Echo                 0
VALUE       Prompt                  Echo              1

VALUE       Auth-Type         Local             0
VALUE       Auth-Type         System                  1
VALUE       Auth-Type         SecurID                 2
VALUE       Auth-Type         Crypt-Local       3
VALUE       Auth-Type         Reject                  4
VALUE       Auth-Type         ActivCard         5
VALUE       Auth-Type         EAP               6
VALUE       Auth-Type         ARAP              7

VALUE       Auth-Type         Ldap              252 # deleted due to
duplication below
VALUE       Auth-Type         Pam               253 # deleted due to
duplication below
VALUE       Auth-Type         Accept                  254

VALUE       Auth-Type         PAP               1024
VALUE       Auth-Type         CHAP              1025
VALUE       Auth-Type         LDAP              1026
VALUE       Auth-Type         PAM               1027
VALUE       Auth-Type         MS-CHAP                 1028
VALUE       Auth-Type         Kerberos          1029
VALUE       Auth-Type         CRAM              1030
VALUE       Auth-Type         NS-MTA-MD5        1031
VALUE       Auth-Type         CRAM              1032   # deleted due to
duplication above
VALUE       Auth-Type         SMB               1033

VALUE       Autz-Type         Local             0

VALUE       Fall-Through            No                0
VALUE       Fall-Through            Yes               1

VALUE       Packet-Type Access-Request                1
VALUE       Packet-Type Access-Accept                 2
VALUE       Packet-Type Access-Reject                 3
VALUE       Packet-Type Accounting-Request            4
VALUE       Packet-Type Accounting-Response           5
VALUE       Packet-Type Accounting-Status       6
VALUE       Packet-Type Password-Request        7
VALUE       Packet-Type Password-Accept               8
VALUE       Packet-Type Password-Reject               9
VALUE       Packet-Type Accounting-Message            10
VALUE       Packet-Type Access-Challenge        11
VALUE       Packet-Type Status-Server                 12
VALUE       Packet-Type Status-Client                 13

==================================================================================


Ian Davies {02476 564662}
          Internal   (x740 4662)
IMS-SIPAC
Software Development Engineer


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: In a real tizz with digest.

Alan DeKok
"Iandc Davies" <[hidden email]> wrote:
> Copied dictionary file from an old server version (0.8.1) - file available
> at bottom of mail

  PLEASE don't do that.  It's not necessary at all.  The dictionaries
SHOULD NOT be edited, unless you know EXACTLY what you're doing.

> 1. In the /etc/raddb/users file insert entry as below :-
> Auth-Type := Digest, User-Password = "test"
>             Reply-Message = "Hello, test with Digest"
>
> - - uname started at column zero with a <tab> to Auth-Type - -

  That entry should start off with a user name:

test Auth-Type := Digest, User-Password := "test"
            Reply-Message = "Hello, test with Digest"

> 2. Initiate radclient with a file called digest (i.e. radclient -f digest
> localhost auth testing123)
...
> Changed user-name from test to root in both files and user-password to
> root-password in users.

  That WILL NOT WORK.  The user name is used to create the hash in
Digest-Response.  Changing the user name means that the test vector
will be wrong, and the test will fail.

> Ran radiusd -X in an xterm with the following output below:
>
> Can't find the 'unexpected comma !! and its driving me crazy.

  It's probably a side-effect of having no user name in the entry in
the "users" file.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html