You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mike VanHorn <mi...@wright.edu> on 2006/05/11 21:43:38 UTC
[users@httpd] Mod_auth_radius
I'm using mod_auth_radius with Apache 2.2.2 to protect a directory. Here's
the entries from the log file:
[Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1154): Radius Auth
for: servername requests /path-to-protected-directory/ :
file=/full-path-to-protected-directory/
[Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1185): No cookie
found. Trying RADIUS authentication.\n
[Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(894): Sending
packet on radius-server
[Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1223): RADIUS
Authentication for user=my-user-name password=my-password OK. Cookie expiry
in 60 minutes\n
[Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1225): Adding
cookie bad0609dc93dcae84e4316263abb792a44639f6b\n
[Thu May 11 15:32:43 2006] [crit] [client my-ip-address] configuration
error: couldn't check access. No groups file?:
/path-to-protected-directory/
Looking at the "[debug]" messages above, it looks like the radius
authentication worked fine, and my username was authenticated, and it told
apache to server the page. However, from the "[crit]" message, apache thinks
that mod_auth_radius didn't work right.
Other things on the server, protected with "regular" password files, work
fine, and if you enter the wrong username and password on those, you get my
custom error page for a 401 error. With the mod_auth_radius protected
directory, it just returns a 500 (server error). From that, I assume that
apache is NOT thinking mod_auth_radius said "no, the person is not
authorized"; if it had done that, it would have returned the 401 page.
Instead, it seems to be that when mod_auth_radius is finished, apache fails
in some other way.
A huge thanks, and maybe some beer*, if anyone can give me a clue to what's
going on.
Thanks!
* The University probably won't let me buy anyone beer; but the huge thanks
is guaranteed.
---
Mike VanHorn
Senior Computer Systems Administrator
College of Engineering and Computer Science
Wright State University
265 Russ Engineering Center
937-775-5157
michael.vanhorn@wright.edu
http://www.cs.wright.edu/~mvanhorn/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Mod_auth_radius
Posted by Joost de Heer <sa...@xs4all.nl>.
Mike VanHorn wrote:
>
>> Did you load all the needed modules? You need mod_auth_basic.so for
>> basic
>> authentication.
>
> Yes. Well, I think so, anyway. I'm looking in to mod_authnz_external now,
> as
> it comes with a radius authenticator, and adheres to the new
> authentication
> model that Apache 2.1/2.2.x introduced. From reading the documentation for
> mod_authnz_external, it sounds like mod_auth_radius isn't working because
> it
> isn't communication back to mod_auth_basic, so mod_auth_basic fails and
> that's why I get the error.
Get mod_auth_xradius from www.outoforder.cc, and compile it with
-DUSING_2_1_RECENT (to activate the new AAA code). After that, configure
it as documented, and use 'AuthBasicProvider xradius' to set it as the
basic authentication provider.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Mod_auth_radius
Posted by Mike VanHorn <mi...@wright.edu>.
> Did you load all the needed modules? You need mod_auth_basic.so for basic
> authentication.
Yes. Well, I think so, anyway. I'm looking in to mod_authnz_external now, as
it comes with a radius authenticator, and adheres to the new authentication
model that Apache 2.1/2.2.x introduced. From reading the documentation for
mod_authnz_external, it sounds like mod_auth_radius isn't working because it
isn't communication back to mod_auth_basic, so mod_auth_basic fails and
that's why I get the error.
Thank you for your interest.
---
Mike VanHorn
Senior Computer Systems Administrator
College of Engineering and Computer Science
Wright State University
265 Russ Engineering Center
937-775-5157
michael.vanhorn@wright.edu
http://www.cs.wright.edu/~mvanhorn/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Mod_auth_radius
Posted by Joost de Heer <sa...@xs4all.nl>.
Mike VanHorn wrote:
>
> I'm using mod_auth_radius with Apache 2.2.2 to protect a directory. Here's
> the entries from the log file:
>
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1154): Radius
> Auth
> for: servername requests /path-to-protected-directory/ :
> file=/full-path-to-protected-directory/
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1185): No cookie
> found. Trying RADIUS authentication.\n
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(894): Sending
> packet on radius-server
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1223): RADIUS
> Authentication for user=my-user-name password=my-password OK. Cookie
> expiry
> in 60 minutes\n
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1225): Adding
> cookie bad0609dc93dcae84e4316263abb792a44639f6b\n
> [Thu May 11 15:32:43 2006] [crit] [client my-ip-address] configuration
> error: couldn't check access. No groups file?:
> /path-to-protected-directory/
Did you load all the needed modules? You need mod_auth_basic.so for basic
authentication.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org