radius authentication

Salman Afzal salman at neduet.edu.pk
Thu Feb 8 10:54:35 UTC 2001 

Daniel,

Thanks , now its working but  fortunately i'm using inn-2.3.0. and i have to
make some changes in your sugession. here it is

readers.conf--------------------start----------------------
 the local machine

auth "localhost" {
    hosts: "localhost, 127.0.0.1, stdin"
    default: "<localhost>"
}


auth "all" {
    hosts: "*"
    auth: "radius -f  /usr/local/news/etc/radius.conf"
}

access "localhost" {
    users: "<localhost>"
    newsgroups: "*"
}

access "all" {
    users: "*"
    newsgroups: "*"
    access: "Read Post"
}

and the same as you sugessted in radius.conf.

regards
salman



Daniel G. Thompson wrote:

> Salman,
>
> Try replacing your auth section for radius to something like this:
>
> auth all {
>    hosts: "0.0.0.0"
>    auth: "radius -f /news/etc/radius.conf"
>    default: <FAIL>
>    default-domain: "mydomain.com"
> }
>
> ##  Then replace your  Access section of readers.conf with this:
> ##
>
> access "localhost" {
>     users: "<localhost>"
>     newsgroups: "*"
> }
>
> access "mydomain.com" {
>    users: "*@mydomain.com"
>    newsgroups: "*"
>    access: "Read Post"
> }
>
> access fail {
>    users: <FAIL>@mydomain.com"
>    newsgroups: "!*"
> }
>
> ## In Radius.conf I only have the following set:
> ##
>
> radhost:192.16.1.2 ## Replace with the ip-address of your radius server.
> secret:online
>
> _______________________________________________________
>
> This is of course making the assumption that you have a working radius
> server that has an access file that includes a line for your news server.
> If you have not already done so, you might want to verify that your radius
> server is working.
>
> I have had radius running here for a number of years, yet I spent many hours
> working on this very same problem only to discover that my radius server
> would not authenticate the news server. I added radius to a spare machine
> that I have running here and it still would not work, so I downloaded the
> latest Cistron-radius and set it up on the spare machine. As soon as I had
> the Cistron-radius set up properly the authentication worked fine.
>
> I was using Ascend-radius ( a variant of Livingston-radius) to authenticate
> my dialup users, however it just would not work with the innd. The
> Cistron-radius
> will however work with news, and it works with my dialups.
>
> I am certainly no expert on innd at all, but I just recently went through
> making
> radius auth work with innd and thought I might be able to share some things
> that I learned while configuring innd.
>
> Dan Thompson
> dan at waycom.com
>
> > Hi ,
> >
> > Thanks Daniel,  for the sugession.
> >
> > Here is the configuration of readers.conf and radius.conf, i'm using the
> > livingston radius server on linux box. please suggest if any changes are
> > required in the configuration.of news server files.
> >
> > READERS.CONF----------------------start------------------------
> > auth "localhost" {
> >     hosts: "localhost, 127.0.0.1, stdin"
> >     default: "<localhost>"
> > }
> > access "localhost" {
> >     users: "<localhost>"
> >     newsgroups: "*"
> > }
> > auth "all" {
> >     hosts: "*"
> >     auth: "radius"
> > }
> >
> > access "all" {
> >     users: "*"
> >     newsgroups: "*"
> >     access: "Read Post"
> > -----------------------------------end----------------------------
> >
> > RADIUS.CONF------------------start----------------------
> >
> > radhost:       authorize.domain.com
> > radport:        1645
> > lochost:       news.domain.com
> > #locport:       119
> > secret:        news
> > #prefix:        news-
> > #suffix:        @example.com
> >
> > -------------------------end------------------------------------
> >
> > regards
> > Salman Afzal
> >
> >
> > Daniel G. Thompson wrote:
> >
> > > Yes, INN will authenticate through radius. I have tried authentication
> to
> > > three different radius servers and have come to the conclusion that if
> you
> > > want to use radius authentication you should first install
> Cistron-Radius.
> > > I can tell you for certain Ascend=Radius does not work.
> > >
> > > Now with that out of the way.....
> > >
> > > You might want to send a snippet of your readers.conf file as well as
> > > one from your radius.conf file so that the people here can take a look
> > > at them.
> > >
> > > Dan
> > >
> > > > Hi all,
> > > >
> > > > I am trying to authenticate the readers from remote radius server,
> could
> > > > any one please help me and let me know if it is possible to get it
> > > > working , as i am still unable to do so . since i configured my
> > > > readers.conf and radius.conf according to the man pages.
> > > >
> > > > thanks
> > > > salman
> > > >
> > > >
> > > > -- Binary/unsupported file stripped by Listar --
> > > > -- Type: text/x-vcard
> > > > -- File: vcard.vcf
> > > > -- Desc: Card for Salman  Afzal
> > > >
> > > >
> > > >
> >
> >
> >




-- Binary/unsupported file stripped by Listar --
-- Type: text/x-vcard
-- File: vcard.vcf
-- Desc: Card for Salman  Afzal

More information about the inn-workers mailing list