Topic: apache 2.0.58 with Radius

[madRAM]

Hi folks,

I have an issue with my Apache 2.0.58 for which Steffen was so kind and compiled Radius support. I think I need mod_auth_basic for the Radius authentication (based on mod_auth_radius) to work, but apparently that module does not exist in the modules directory.

Can anyone tell me how basic authentication in any way is supposed to work without mod_auth_basic? If I uncomment the LoadModule line in my httpd.conf apache complains that AuthType is not allowed here when, later on in my httpd.conf I have this statement:

AuthType Basic
AuthName "Radius Authentication"
AuthAuthority Off
...

Please, can someone tell me what to do?

Christian

[James Blond]

RTM=read the manual!

http://www.freeradius.org/mod_auth_radius/

httpd.conf

[Steffen]

In 2.0.58 there is no mod_auth_basic, it is a 2.2 module.

From the 2.2 Manual:

.. mod_auth is now split into mod_auth_basic and mod_authn_file.... , see http://httpd.apache.org/docs/2.2/new_features_2_2.html

In 2.0.58 enable: LoadModule auth_module modules/mod_auth.so


Steffen

[madRAM]

Thanks for your reply but, maybe I don't get the point. I have all the options that you posted in my VirtualHost directive. Do I need to capsule them in a Location directive WITHIN my VirtualHost?

Regards,

Christian

[Steffen]

The AuthType directive selects the type of user authentication for a directory.

Context: directory, .htaccess

So yo need to put the directives in a diectory or location container, or in a .htaccess file.


Steffen

[madRAM]

Ok that was definately my fault. I should have read the manual in more detail. I'm sorry for that.

Now I am able to start both Apache versions with mod_auth_radius support. I do have one last problem though. Whenever I try to log in using my OTP I receive an Internal Server Error and in the log of the Apache I see the following lines:

Internal error: pcfg_openfile() called with NULL filename
[client IP] (9) Bad file descriptor: Could not open password file: (null)

I think this is due to that fact that Apache still wants to use normal authentication. I think this is because I can't use the directive

AuthAuthoritative off

When I try to use it, I get an error when starting the apache - seems like he does not know about that directive.

I'm really sorry to bothering you with this issue, but you are kind of my last hope )

Christian

[Steffen]

AuthAuthoritative off works here on 2.0.58

Did you defined ? :

#
# AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]]
#

For example:
# Use localhost, the old RADIUS port, secret 'testing123',
# time out after 5 seconds, and retry 3 times.

AddRadiusAuth localhost:1645 testing123 5:3


Steffen

[Steffen]

From the manual at www.freeradius.org/mod_auth_radius/ :

You must have at least one authentication method as authoritative. If
they all return "DECLINED", you get a "server configuration error"
message.

Steffen

[madRAM]

Thanks a lot Steffen,

I was able to get past this error by now - and of course facing the next one

Apache is now sending authentication request against a Microsoft IAS in the internal network.

I will try and go on with this.

Again, thanks for all your help.

Christian

[gkmekala]

First I tried with radius auth module on apache2.2.4. It crashes apache. I found that it works on apsche2.0.58. It worked for me with plain apache2 but not in conjuntion with mod_jk where the actual webapp is in tomcat.
Any help is appreciated.