radius-apache authentication problem
Hi I want to implement otp authentication for a web site. Radius and otp scripts works well together but apache don't send any authentication data to radius. I followed instructions in http://www.freeradius.org/mod_auth_radius/ but apache mod_authn_file wants passwords and could not be disabled. when i removed the module no authn provider configured are seen in apache error logs. Changing AuthBasicAuthorative on or off in .htaccess didn't solve the problem. Problem stems from apache but someone solves such a problem can respond me.
You might try using mod_auth_xradius: http://www.outoforder.cc/projects/apache/mod_auth_xradius/ More information can be found here: http://www.howtoforge.com/apache_radius_two_factor_authentication HTH, Nick On 3/26/07, Ramazan Ulker <ulkerra@gmail.com> wrote:
Hi I want to implement otp authentication for a web site. Radius and otp scripts works well together but apache don't send any authentication data to radius. I followed instructions in http://www.freeradius.org/mod_auth_radius/ but apache mod_authn_file wants passwords and could not be disabled. when i removed the module no authn provider configured are seen in apache error logs. Changing AuthBasicAuthorative on or off in .htaccess didn't solve the problem. Problem stems from apache but someone solves such a problem can respond me.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/
no change, same errors. mod_auth_xradius don't work in apache 2.2.3 On 3/26/07, Nick Owen <nowen@wikidsystems.com> wrote:
You might try using mod_auth_xradius: http://www.outoforder.cc/projects/apache/mod_auth_xradius/
More information can be found here: http://www.howtoforge.com/apache_radius_two_factor_authentication
HTH,
Nick
On 3/26/07, Ramazan Ulker <ulkerra@gmail.com> wrote:
Hi I want to implement otp authentication for a web site. Radius and otp scripts works well together but apache don't send any authentication data to radius. I followed instructions in http://www.freeradius.org/mod_auth_radius/ but apache mod_authn_file wants passwords and could not be disabled. when i removed the module no authn provider configured are seen in apache error logs. Changing AuthBasicAuthorative on or off in .htaccess didn't solve the problem. Problem stems from apache but someone solves such a problem can respond me.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 3/27/07, Ramazan Ulker <ulkerra@gmail.com> wrote:
no change, same errors. mod_auth_xradius don't work in apache 2.2.3
I have only tested with 2.2.2. FWIW, authn_file_module is loaded. Why don't you post the relevant portions of your htaccess and httpd.conf files. -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/
Hi these are error lines in apache error log and apache conf files. thanks for your assistance [Wed Mar 28 09:26:27 2007] [error] [client 127.0.0.1] (9)Bad file descriptor: Could not open password file: (null) [Wed Mar 28 09:26:27 2007] [crit] [client 127.0.0.1] configuration error: couldn't check user. No user file?: /favicon.ico .htaccess file content AuthType Basic AuthBasicAuthoritative off AuthName "RADIUS authentication for localhost" AuthXRadiusAddServer "localhost:1812" "testing123" AuthXRadiusTimeout 2 AuthXRadiusRetries 2 require valid-user httpd.conf relevant part vhost.conf is similar except directory path DocumentRoot "/home/web" <Directory "/home/web"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> and apache modules APACHE_MODULES="actions alias auth_xradius auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include info log_config mime negotiation setenvif ssl suexec status userdir php5 vhost_alias" these modules suceessfully imported to loadmodule.conf On 3/27/07, Nick Owen <nowen@wikidsystems.com> wrote:
On 3/27/07, Ramazan Ulker <ulkerra@gmail.com> wrote:
no change, same errors. mod_auth_xradius don't work in apache 2.2.3
I have only tested with 2.2.2. FWIW, authn_file_module is loaded. Why don't you post the relevant portions of your htaccess and httpd.conf files.
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 3/28/07, Ramazan Ulker <ulkerra@gmail.com> wrote:
Hi these are error lines in apache error log and apache conf files. thanks for your assistance
No problem. The fewer passwords the better :). I don't see anything that stands out. However, when I set up apache with our two-factor I did everything inside of httpd.conf inside the vhost listing: <VirtualHost> .... <Location "/WiKIDBlog/*/cbentry_view"> AuthType Basic AuthName "WiKID Two-factor + Apache" AuthXRadiusAddServer "wikid_server:1812" "radius_secret" AuthXRadiusTimeout 7 AuthXRadiusRetries 2 require valid-user </Location> </VirtualHost> So, perhaps apache is getting confused about what mechanism to use where, putting it all in one place might clarify things. HTH, Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/
FWIW, I have had a chance to test this on 2.2.3 and it did not work for me either. Not sure if it is a bug in apache or a change has been made and the mod_auth modules need updating. On 3/29/07, Nick Owen <nowen@wikidsystems.com> wrote:
On 3/28/07, Ramazan Ulker <ulkerra@gmail.com> wrote:
Hi these are error lines in apache error log and apache conf files. thanks for your assistance
No problem. The fewer passwords the better :). I don't see anything that stands out. However, when I set up apache with our two-factor I did everything inside of httpd.conf inside the vhost listing:
<VirtualHost> .... <Location "/WiKIDBlog/*/cbentry_view"> AuthType Basic AuthName "WiKID Two-factor + Apache" AuthXRadiusAddServer "wikid_server:1812" "radius_secret" AuthXRadiusTimeout 7 AuthXRadiusRetries 2 require valid-user </Location> </VirtualHost>
So, perhaps apache is getting confused about what mechanism to use where, putting it all in one place might clarify things.
HTH,
Nick
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/
participants (2)
-
Nick Owen -
Ramazan Ulker