Re: [Help-gnu-radius] Radius Not responding

help-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Radius Not responding

From:	Gerald
Subject:	Re: [Help-gnu-radius] Radius Not responding
Date:	Tue, 23 Sep 2003 15:26:03 -0400 (EDT)

On Tue, 23 Sep 2003, Bob Robichaud wrote:

> Our users file is very large and came from old old radius running MERIT
> radius

Ouch. I had a Merit AAA server I've already replaced. My suggestion.
Format the data into a mysql database creation file &&
Load all the useful non-redundant stuff from Merit users file into the DB
&& consider creating a mysql DB with the users and encrypted passwords.

I'm not and expert on all the permutations possible with the users
file,but I know gnu-radius expects:

joe     Auth-Type = System,

...if you want to authenticate off of the system password file. Either
Sergey or someone more familiar with the users file will have to tell you
if gnu-radius will digest the rest of your users file layout.

> This is what the users file looks like
>
> joe   Authentication-Type="Unix-PW"
>   Framed-Protocol = PPP,
>   Framed-IP-Address = 255.255.255.254,
>   Framed-IP-Netmask = 255.255.255.0,
>   Framed-Routing =Broadcast-Listen,
>   Framed-MTU = 1500,
>   Framed-Compression = Van-Jacobson-TCP-IP

For the static users in my setup I created an attrib database that held
entries for deviations from default. If they have an entry in the attrib
DB they are assigned their unique IP...etc. If not, they all get the
default response.

There is really nice mysql database support built into gnu-radius. :-)

> I could try using Auth-Type and System in my users file but for some reason
> I thought Authentication-Type was needed for Shiva Lan Rover.

If Shiva is like most RAS equipment. It could care less what is in your
users file. He will send over the Username and password to the radius
server and expect a PASS or FAIL response. Most RAS equipment are Radius
ignorant. The users file tells radius where to get the Username and
password from to compare to what Shiva sent it.

One other note from personal experience, flat text files are bad for
anything outside of config files.  That means password files for Username
don't scale very far, and "users" files with Static IP entries ...etc are
bad. You hit too many limitations too soon. Moving/maintaining a 30 MB
password file between multiple radius servers is a bit daunting to script
and in hind sight I should have learned gnu-radius + mysql sooner than I
did. You do have redundant Radius servers right? :-)

Gerald

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnu-radius] Radius Not responding, Bob Robichaud, 2003/09/23
- Re: [Help-gnu-radius] Radius Not responding, Gerald, 2003/09/23
  - Re: [Help-gnu-radius] Radius Not responding, Bob Robichaud, 2003/09/23
    - Re: [Help-gnu-radius] Radius Not responding, Gerald, 2003/09/23
    - Re: [Help-gnu-radius] Radius Not responding, Bob Robichaud, 2003/09/23
    - Re: [Help-gnu-radius] Radius Not responding, Gerald <=
    - Re: [Help-gnu-radius] Radius Not responding, Sergey Poznyakoff, 2003/09/24
    - Re: [Help-gnu-radius] Radius Not responding, Sergey Poznyakoff, 2003/09/24
    - Re: [Help-gnu-radius] Radius Not responding, Sergey Poznyakoff, 2003/09/24

Prev by Date: Re: [Help-gnu-radius] Radius Not responding
Next by Date: [Help-gnu-radius] Autenticación por listas TXT
Previous by thread: Re: [Help-gnu-radius] Radius Not responding
Next by thread: Re: [Help-gnu-radius] Radius Not responding
Index(es):
- Date
- Thread