Discussion:
mod_auth_radius-2.0 difficulty
Tippens, Jennifer
2004-11-01 21:11:58 UTC
Permalink
Hello all,

I have used mod_auth_radius with apache 1.x.x with no problems. We
recently started upgrading the apache servers to 2.0. I downloaded the
mod_auth_radius-2.0.c from http://www.freeradius.org/mod_auth_radius/ .
It is version 1.5.7. The module compiled correctly with apxs.
I configured this module similar to how I configured the old one for
apache 1.3.x. When I go to the diredtory I want to control, I get a
login box. When I type in my login name and password, I get "Internal
Server Error". The logs say:
"configuration error: couldn't check user. No user file?: /wijsp"

Is there a way to increase the log level for this?

I have:
LoadModule radius_auth_module modules/mod_auth_radius-2.0.so
right after auth_module in the httpd.conf.

I have:
<IfModule mod_auth_radius-2.0.c>
AddRadiusAuth auth1.mail.vanderbilt.edu:1645 XXXXXXXXXXX 5
AddRadiusCookieValid 720
</IfModule>
at the very end of the httpd.conf file. Obviously, XXXXXXXXXXX is our
radius secret.

Within the virtual host in the ssl.conf file (we use ssl), I have:

Alias /wijsp "/export/apps/webi/uat/65/nodes/corvette/mycluster/APACHE
SSL FOR TOMCAT/MasterWebServer-129.59.10.49_1443/wijsp"
<Directory "/export/apps/webi/uat/65/nodes/corvette/mycluster/APACHE SSL
FOR TOMCAT/MasterWebServer-129.59.10.49_1443/wijsp">
Options FollowSymLinks
AllowOverride All
SSLRequireSSL
AuthType Basic
AuthName "Webi 6.5"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
require valid-user
</Directory>


I have been trying to get this to work all day, and I am being pressured
by the "powers that be" to get this working soon. Does anyone have any
tips, hints, directions that can help me? If I have grossly
misinterpreted the documentation, please let me know that as well.

I do appreciate any help you can give.

Thanks,
Jennifer

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
v***@gmx.net
2004-11-03 23:26:36 UTC
Permalink
I bet if you set up a sniffer trace or use snoop, you probably would see your Apache2 wasn't even talking to the RADIUS server. I just got it all worked out on Solaris 8 and Mac OS X 10.3 after several days of similar head-scratching. Here's what I had to do to make Apache 2.0.52 use mod_auth_radius-2.0:

In httpd.conf, DO NOTHING except using the LoadModule directive to initialize mod_auth_radius-2.0.

In ssl.conf, put the mod_auth_radius directives there.

*** begin abridged ssl.conf ***
[the usual ssl stuff]

<IfDefine SSL>
[more usual ssl stuff]

<VirtualHost _default_:80>
</VirtualHost>

<VirtualHost _default_:443>
[more usual ssl stuff]

*** only works for me when IfModule is placed here ***
<IfModule mod_auth_radius-2.0.c>
AddRadiusAuth localhost:1645 testing123 5:3
AddRadiusCookieValid 5
</IfModule>

<Location "/search.html">
AuthName "RADIUS SSL"
AuthType Basic
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
require valid-user
</Location>

[more usual ssl stuff]
</VirtualHost>

</IfDefine>

*** end abridged ssl.conf ***

I tried placing <IfModule mod_auth_radius-2.0.c> in all sorts of other places plausible in httpd.conf and ssl.conf. Apache2 simply did not talk to the RADIUS server (and kept returning 500 internal server error) except using the placement I posted above.

Y. J. Zhang
Post by Tippens, Jennifer
Hello all,
I have used mod_auth_radius with apache 1.x.x with no problems. We
recently started upgrading the apache servers to 2.0. I downloaded the
mod_auth_radius-2.0.c from http://www.freeradius.org/mod_auth_radius/ .
It is version 1.5.7. The module compiled correctly with apxs.Ê
I configured this module similar to how I configured the old one for
apache 1.3.x. When I go to the diredtory I want to control, I get a
login box. When I type in my login name and password, I get "Internal
"configuration error: couldn't check user. No user file?: /wijsp"
Is there a way to increase the log level for this?Ê
LoadModule radius_auth_module modules/mod_auth_radius-2.0.so
right after auth_module in the httpd.conf.
<IfModule mod_auth_radius-2.0.c>
AddRadiusAuth auth1.mail.vanderbilt.edu:1645 XXXXXXXXXXX 5
AddRadiusCookieValid 720
</IfModule>
at the very end of the httpd.conf file. Obviously, XXXXXXXXXXX is our
radius secret.
Alias /wijsp "/export/apps/webi/uat/65/nodes/corvette/mycluster/APACHE
SSL FOR TOMCAT/MasterWebServer-129.59.10.49_1443/wijsp"
<Directory "/export/apps/webi/uat/65/nodes/corvette/mycluster/APACHE SSL
FOR TOMCAT/MasterWebServer-129.59.10.49_1443/wijsp">
Options FollowSymLinks
AllowOverride All
SSLRequireSSL
AuthType Basic
AuthName "Webi 6.5"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
require valid-user
</Directory>
I have been trying to get this to work all day, and I am being pressured
by the "powers that be" to get this working soon. Does anyone have any
tips, hints, directions that can help me? If I have grossly
misinterpreted the documentation, please let me know that as well.
I do appreciate any help you can give.
Thanks,
Jennifer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...