Problems authenticating using mod_auth_radius.. help!


#1

I am seeing the following error when I try to access an URL that should require authentication.

[Fri Dec 09 16:33:24 2005] [error] [client 10.80.25.74] (9)Bad file number: Could not open password file: (null), referer: 10.80.20.150/nagios/

I have an .htaccess file in a directory, /usr/local/nagios/sbin, and I am prompted by that for a user/password, but once I submit the user/password the above error is generated in my error-log.

Does anyone have any idea what is going on?

Here is my relevant httpd.conf configuration:

LoadModule radius_auth_module modules/mod_auth_radius-2.0.so

# # AddRadiusAuth server:Port] timeout : retries ]] AddRadiusAuth 10.x.x.x:1645 passwordhere 5:3 AddRadiusCookieValid 0 AllowOverride AuthConfig Order allow,deny Allow from all Options ExecCGI

Here is my .htaccess file in /usr/local/nagios/sbin:

AuthType Basic
AuthName “RADIUS authentication for light.sege.local”
#AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusActive On
require valid-user

I have captured traffic, and no RADIUS requests are sent from the system, it appears to be an internal problem, but I am at a loss. Any help would be greatly appreciated.

Thanks…


#2

Your issue is noted to be a password error. Have you created a password file that .htaccess will use? You do mention requirements for a valid user in your .htaccess file, but you don’t point it to any file with a list of users and passwords. Mayhap this is the issue? I’m not familiar at all with Radius - I use Apache, myself - so I’m not going to yet try and offer any suggestions about your web server set up.

Edited Wed Dec 14 2005, 04:31PM ]


#3

I figured out the problem, apparently mod_auth was changedin httpd 2.2, and the AuthAuthoritative command was changed to AuthBasicAuthoritative, which was the root of my problem. Without AuthBasicAuthoritative off, mod_auth_basic was being used, and since there was no password it was crapping out. Since I was using RADIUS, I did not need a password, as authentication was done on the RADIUS server itself.

Hopefully someone else may find this information useful, and thanks for your assistance.