Re: xradius and otp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Neil,

--snip--
[Thu Sep 20 13:54:55 2007] [debug] worker.c(1740): AcceptMutex: sysvsem
(default: sysvsem)
[Thu Sep 20 13:55:19 2007] [notice] xradius: val size: '0'
[Thu Sep 20 13:55:33 2007] [error] [client 172.16.200.31] xradius:
RADIUS Request for user 'tester' failed: (-1) No valid RADIUS responses
received
[Thu Sep 20 13:55:33 2007] [error] [client 172.16.200.31] user tester:
authentication failure for "/": Password Mismatch
[Thu Sep 20 13:56:10 2007] [notice] xradius: val size: '0'
[Thu Sep 20 13:56:14 2007] [notice] xradius: fetched
'IjKmbC+8toO7NKNuErcRLA==':'IjKmbC+8toO7NKNuErcRLA=H\x04'
[Thu Sep 20 13:56:28 2007] [error] [client 172.16.200.31] xradius:
RADIUS Request for user 'tester' failed: (-1) No valid RADIUS responses
received, referer: http://secret-site3/
[Thu Sep 20 13:56:28 2007] [error] [client 172.16.200.31] user tester:
authentication failure for "/test.html": Password Mismatch, referer:
http://secret-site3/
[Thu Sep 20 13:57:12 2007] [notice] xradius: fetched
'aTxP/tosCqyPguRBSKnLsQ==':'IjKmbC+8toO7NKNuErcRLA=H\x04'
[Thu Sep 20 13:57:16 2007] [notice] xradius: fetched
'aTxP/tosCqyPguRBSKnLsQ==':'aTxP/tosCqyPguRBSKnLsQ=H\x04'
[Thu Sep 20 13:57:30 2007] [error] [client 172.16.200.31] xradius:
RADIUS Request for user 'tester' failed: (-1) No valid RADIUS responses
received
[Thu Sep 20 13:57:30 2007] [error] [client 172.16.200.31] user tester:
authentication failure for "/": Password Mismatch
[Thu Sep 20 13:57:44 2007] [notice] xradius: fetched
'aq2e1WySSutGTSFhgU2uew==':'aTxP/tosCqyPguRBSKnLsQ=H\x04'
[Thu Sep 20 13:57:48 2007] [notice] xradius: fetched
'aq2e1WySSutGTSFhgU2uew==':'aq2e1WySSutGTSFhgU2uew=H\x04'
--snip--

The access right for the dbm file is ok. At the moment I get these logs.
I compiled the xradius auth without memcache support. 
    ./configure --with-apxs=/usr/bin/apxs2 --without-apr-memcache

Actually I do not know the memcached and I am not sure what to pass to
--with-apr-memcache.
There is indeed a memcached package and a libmemcache0 but no
libapr_memcache.
As it is not real big installation with need for ultimate performance,
I'd like to choose the easiest and not necessarily the most performant
way. ;)

Confused and kind regards
Cornelius


Neil A. Hillard schrieb:
> Cornelius,
>
> Cornelius Kölbel wrote:
>   
>> I am trying to use mod_auth_xradius with ubuntu 7.04, apache 2.2
>> I compiled and installed/configured it successfully. Thanks to an earlier questions.
>>
>> But I'd like to use one time passwords.
>>
>> The first time I access my website http://secret-site3 the authentication works fine.
>>
>> But when i click on another link on this page, i time out and some times I get a second auth request.
>>
>> My vhost config looks like this:
>>
>> --snip--
>> LoadModule auth_xradius_module /usr/lib/apache2/modules/mod_auth_xradius.so
>> ## If you do not want Authentication Caching, set:
>> #AuthXRadiusCache none -
>> AuthXRadiusCache dbm "/usr/lib/apache2/auth_xradius_cache"
>> # 1h Timeout.
>> AuthXRadiusCacheTimeout 3600
>>     
>
> <snip>
>
>   
>> Is it right that the basic authentication sends the credentials again, when going to another link?
>> Then of course the OTP would not be valid anymore.
>>
>> I think the module needs to remember, that the user was authenticated. I think mod_auth_radius of freeradius used to use session cookies, but this module won't run with apache 2.2.
>> How could it be done using mod_auth_xradius?
>>     
>
> The purpose of the cache is to store the username / password pairs so
> they can be validated without hitting the RADIUS server (which would
> fail).  You appear to have configured the cache but it doesn't appear to
> be working.
>
> I can confirm that we are using it in this exact situation (in fact Paul
> wrote it for us!) and we don't have any problems.
>
> We actually use memcache:
>
> AuthXRadiusCache memcache "127.0.0.1:11211"
>
> but it may be something to do with your permissions on:
>
> /usr/lib/apache2/auth_xradius_cache
>
> Does the user Apache is running as have permission to access/create the
> file?
>
> HTH,
>
>
> 				Neil.
>
>   


--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.
For all your IT requirements visit: http://www.transtec.co.uk


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux