(RADIATOR) Bad login count
Chairath K
chairath at lensodatacom.co.th
Wed Dec 12 20:38:21 CST 2001
Hello Hugh,
By now, our some customers don't be happy about bad login limits. They want
us to disable this feature for their account cause they don't want to make a
call to us to reset bad login to 0 when it get to 5.
Well, I read RAdmin manual , and I found that if we leave this field blank ,
then no bad login limits will be applied. But it's not work!!.
In log file you will find that there have 2 login attempts . First login
attempt is occured after I set bad login to be empty and second is occured
after I set it to 0
Regards,
Chairath
P.S. How can I expand login limit .
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Chairath K" <chairath at lensodatacom.co.th>
Cc: "Radiator" <radiator at open.com.au>
Sent: Wednesday, December 12, 2001 11:29 AM
Subject: Re: (RADIATOR) Bad login count
>
> Hello Chairath -
>
> I apologise, but I don't understand the question. Could you please provide
me
> with more details and a trace 4 debug showing the problem.
>
> thanks
>
> Hugh
>
>
> On Tue, 11 Dec 2001 17:51, Chairath K wrote:
> > Hello Hugh,
> >
> > Our Nas send a user with realm. And when I set Bad login count to zero ,
I
> > can login with user2 at test2 also.
> >
> > Regards,
> > Chairath
> >
> > > Hello Chairath -
> > >
> > > The log message shown below is due to the username "user2 at test2" not
> > > being found in the database. This is probably because you have not
used a
> > > RewriteUsername in the Handler to strip the realm (you should use the
> > > same one that you used in the Realm clause).
> > >
> > > regards
> > >
> > > Hugh
> > >
> > > On Tue, 11 Dec 2001 15:17, Chairath K wrote:
> > > > Hello Hugh,
> > > >
> > > > I have got problem about Bad login count. According to section 5.1.9
in
> > > > reference manual of RAdmin version 1.4 , it said that if we leave
this
> > > > field blank, then no bad login limits will be applied. But !! when I
> > > > try
> >
> > ,
> >
> > > > I can't login . In log file shows a message like these
> > > >
> > > >
> > > > Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2 at test2: No
> > > > such user Tue Dec 11 10:53:56 2001: DEBUG: Packet dump:
> > > > *** Sending to 10.20.0.2 port 49156 ....
> > > > Code: Access-Reject
> > > > Identifier: 159
> > > > Authentic: <0><0>4G<0><0><13><21><0><0><31>><0><0>/<172>
> > > > Attributes:
> > > > Reply-Message = "Request Denied"
> > > >
> > > > So how can I fixed it .
> > > > Futhermore , how can I expand login limit to more than 5
> > > >
> > > > Regards,
> > > > Chairath
> > > >
> > > > P.S. Our system are running with Radiator 2.18 and Radmin 1.4
> > > >
> > > > Foreground
> > > > LogStdout
> > > > LogDir d:/Radiator-2.18/log
> > > > DbDir d:/Radiator-2.18
> > > > LogFile %L/logfile-%d-%m-%Y
> > > >
> > > > # Dont turn this up too high, since all log messages are logged
> > > > # to the RADMESSAGES table in the database. 3 will give you
everything
> > > > # except debugging messages
> > > > Trace 4
> > > >
> > > >
> > > > # PreClientHook to add NAS-Port attribute
> > > > PreClientHook file:"%D/addNASPort"
> > > >
> > > > # You will probably want to change this to suit your site.
> > > > # You should list all the clients you have, and their secrets
> > > > # If you are using the Radmin Clients table, you wil probably
> > > > # want to disable this.
> > > > #<Client DEFAULT>
> > > > # Secret mysecret
> > > > # DupInterval 0
> > > > #</Client>
> > > >
> > > > # You can put additonal (or all) client details in your Radmin
> > > > # database table
> > > > # and get their details from there with something like this:
> > > > # You can then use the Radmin 'Add Radius Client' to add new
clients.
> > > > <ClientListSQL>
> > > > DBSource dbi:ODBC:Radmin
> > > > DBUsername xxx
> > > > DBAuth xxxx
> > > > </ClientListSQL>
> > > >
> > > > #<AuthBy RADIUS>
> > > > # Identifier ProxyTofunk
> > > > # Host 10.2.0.6
> > > > # Secret test
> > > > #</AuthBy>
> > > >
> > > > #<Realm funk>
> > > > # strip Realm
> > > > # RewriteUsername s/^([^@]+).*/$1/
> > > > # AuthBy ProxyTofunk
> > > > #</Realm>
> > > >
> > > > <AuthBy RADMIN>
> > > > Identifier RADMINAUTH
> > > > # Change DBSource, DBUsername, DBAuth for your database
> > > > # See the reference manual. You will also have to
> > > > # change the one in <SessionDatabse SQL> below
> > > > # so its the same
> > > > DBSource dbi:ODBC:Radmin
> > > > DBUsername xxx
> > > > DBAuth xxxx
> > > > DateFormat %e %m %Y %T
> > > > # You can add to or change these if you want, but you
> > > > # will probably want to change the database schema first
> > > > AccountingTable RADUSAGE
> > > > AcctColumnDef USERNAME,User-Name
> > > > AcctColumnDef TIME_STAMP,Timestamp,integer
> > > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> > > > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> > > > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > > > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> > > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > > > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > > > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> > > > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> > > > AcctColumnDef NASIDENTIFIER,NAS-Identifier
> > > > AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> > > > AcctColumnDef NASPORT,NAS-Port,integer
> > > > AcctColumnDef DNIS,Called-Station-Id
> > > > AcctColumnDef DATE,Timestamp,integer-date
> > > > # This updates the time and octets left
> > > > # for this user
> > > > AcctSQLStatement update RADUSERS set
> > > > TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> > > > OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> > > > OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where
USERNAME='%n'
> > > >
> > > > </AuthBy>
> > > >
> > > > <AuthBy GROUP>
> > > > Identifier WithIdleTimeout
> > > > AuthBy RADMINAUTH
> > > > # These are the classic things to add to each users
> > > > # reply to allow a PPP dialup session. It may be
> > > > # different for your NAS. This will add some
> > > > # reply items to everyone's reply
> > > > AddToReply Framed-Protocol = PPP,\
> > > > Service-Type = Framed-User,\
> > > > Framed-IP-Netmask = 255.255.255.255,\
> > > > Framed-Routing = None,\
> > > > Framed-MTU = 1500,\
> > > > Framed-Compression = Van-Jacobson-TCP-IP,\
> > > > Idle-Timeout = 600,\
> > > > Class = %{NAS-Port}
> > > > </AuthBy>
> > > >
> > > > <AuthBy GROUP>
> > > > Identifier WithOutIdleTimeout
> > > > AuthBy RADMINAUTH
> > > > # These are the classic things to add to each users
> > > > # reply to allow a PPP dialup session. It may be
> > > > # different for your NAS. This will add some
> > > > # reply items to everyone's reply
> > > > AddToReply Framed-Protocol = PPP,\
> > > > Service-Type = Framed-User,\
> > > > Framed-IP-Netmask = 255.255.255.255,\
> > > > Framed-Routing = None,\
> > > > Framed-MTU = 1500,\
> > > > Framed-Compression = Van-Jacobson-TCP-IP,\
> > > > Class = %{NAS-Port}
> > > > </AuthBy>
> > > >
> > > > <AuthBy FILE>
> > > > Identifier TimeZone
> > > > Filename %D/adsl.users
> > > > </AuthBy>
> > > >
> > > > <Handler Request-Type=Accounting-Request>
> > > > AuthBy RADMINAUTH
> > > > </Handler>
> > > >
> > > > <Handler Realm=test1>
> > > > AuthBy TimeZone
> > > > </Handler>
> > > >
> > > > <Handler Realm=test2>
> > > > AuthBy WithOutIdleTimeout
> > > > </Handler>
> > > >
> > > > <Handler>
> > > > AuthBy WithIdleTimeout
> > > > </Handler>
> > > >
> > > >
> > > > # Handle User with NO Realm with RADMIN
> > > > #<Realm>
> > > > # AuthBy RADMINAUTH
> > > > #</Realm>
> > > >
> > > > # Handle everyone with RADMIN
> > > > #<Realm DEFAULT>
> > > > # AuthBy RADMINAUTH
> > > > #</Realm>
> > > >
> > > > <SessionDatabase SQL>
> > > > # This database spec usually should be exactly the same
> > > > # as in <AuthBy RADMIN> above
> > > > DBSource dbi:ODBC:Radmin
> > > > DBUsername xxxx
> > > > DBAuth xxxx
> > > > ClearNasQuery
> > > > </SessionDatabase>
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logfile-13-12-2001
Type: application/octet-stream
Size: 10347 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20011213/0124dc57/attachment.obj>
More information about the radiator
mailing list