(RADIATOR) Bad login count

[Chairath K]

Hello Hugh,

By now, our some customers don't be happy about bad login limits. They want
us to disable this feature for their account cause they don't want to make a
call to us to reset bad login to 0 when it get to 5.

Well, I read RAdmin manual , and I found that if we leave this field blank ,
then no bad login limits will be applied. But it's not work!!.

In log file you will find that there have 2 login attempts  . First login
attempt is occured after I set bad login to be empty and second is occured
after I set it to 0

Regards,
Chairath

P.S.  How can I expand login limit  .

----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Chairath K" <chairath at lensodatacom.co.th>
Cc: "Radiator" <radiator at open.com.au>
Sent: Wednesday, December 12, 2001 11:29 AM
Subject: Re: (RADIATOR) Bad login count


>
> Hello Chairath -
>
> I apologise, but I don't understand the question. Could you please provide
me
> with more details and a trace 4 debug showing the problem.
>
> thanks
>
> Hugh
>
>
> On Tue, 11 Dec 2001 17:51, Chairath K wrote:
> > Hello Hugh,
> >
> > Our Nas send a user with realm. And when I set Bad login count to zero ,
I
> > can login with user2 at test2 also.
> >
> > Regards,
> > Chairath
> >
> > > Hello Chairath -
> > >
> > > The log message shown below is due to the username "user2 at test2" not
> > > being found in the database. This is probably because you have not
used a
> > > RewriteUsername in the Handler to strip the realm (you should use the
> > > same one that you used in the Realm clause).
> > >
> > > regards
> > >
> > > Hugh
> > >
> > > On Tue, 11 Dec 2001 15:17, Chairath K wrote:
> > > > Hello Hugh,
> > > >
> > > > I have got problem about Bad login count. According to section 5.1.9
in
> > > > reference manual of RAdmin version 1.4 , it said that if we leave
this
> > > > field blank, then no bad login limits will be applied. But !! when I
> > > > try
> >
> > ,
> >
> > > > I can't login . In log file shows a message like these
> > > >
> > > >
> > > > Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2 at test2: No
> > > > such user Tue Dec 11 10:53:56 2001: DEBUG: Packet dump:
> > > > *** Sending to 10.20.0.2 port 49156 ....
> > > > Code:       Access-Reject
> > > > Identifier: 159
> > > > Authentic:  <0><0>4G<0><0><13><21><0><0><31>><0><0>/<172>
> > > > Attributes:
> > > >  Reply-Message = "Request Denied"
> > > >
> > > > So how can I fixed it .
> > > > Futhermore ,  how can I expand login limit  to more than 5
> > > >
> > > > Regards,
> > > > Chairath
> > > >
> > > > P.S. Our system are running with Radiator 2.18 and Radmin 1.4
> > > >
> > > > Foreground
> > > > LogStdout
> > > > LogDir  d:/Radiator-2.18/log
> > > > DbDir  d:/Radiator-2.18
> > > > LogFile %L/logfile-%d-%m-%Y
> > > >
> > > > # Dont turn this up too high, since all log messages are logged
> > > > # to the RADMESSAGES table in the database. 3 will give you
everything
> > > > # except debugging messages
> > > > Trace 4
> > > >
> > > >
> > > > # PreClientHook to add NAS-Port attribute
> > > > PreClientHook file:"%D/addNASPort"
> > > >
> > > > # You will probably want to change this to suit your site.
> > > > # You should list all the clients you have, and their secrets
> > > > # If you are using the Radmin Clients table, you wil probably
> > > > # want to disable this.
> > > > #<Client DEFAULT>
> > > > # Secret mysecret
> > > > # DupInterval 0
> > > > #</Client>
> > > >
> > > > # You can put additonal (or all) client details in your Radmin
> > > > # database table
> > > > # and get their details from there with something like this:
> > > > # You can then use the Radmin 'Add Radius Client' to add new
clients.
> > > > <ClientListSQL>
> > > >  DBSource dbi:ODBC:Radmin
> > > >  DBUsername xxx
> > > >  DBAuth  xxxx
> > > > </ClientListSQL>
> > > >
> > > > #<AuthBy RADIUS>
> > > > # Identifier ProxyTofunk
> > > > # Host 10.2.0.6
> > > > # Secret test
> > > > #</AuthBy>
> > > >
> > > > #<Realm funk>
> > > > # strip Realm
> > > > # RewriteUsername s/^([^@]+).*/$1/
> > > > # AuthBy ProxyTofunk
> > > > #</Realm>
> > > >
> > > > <AuthBy RADMIN>
> > > >  Identifier RADMINAUTH
> > > >  # Change DBSource, DBUsername, DBAuth for your database
> > > >  # See the reference manual. You will also have to
> > > >  # change the one in <SessionDatabse SQL> below
> > > >  # so its the same
> > > >  DBSource dbi:ODBC:Radmin
> > > >  DBUsername xxx
> > > >  DBAuth  xxxx
> > > >  DateFormat %e %m  %Y %T
> > > >  # You can add to or change these if you want, but you
> > > >  # will probably want to change the database schema first
> > > >  AccountingTable RADUSAGE
> > > >  AcctColumnDef USERNAME,User-Name
> > > >  AcctColumnDef TIME_STAMP,Timestamp,integer
> > > >  AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> > > >  AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> > > >  AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > > >  AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> > > >  AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > > >  AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > > >  AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> > > >  AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> > > >  AcctColumnDef NASIDENTIFIER,NAS-Identifier
> > > >  AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> > > >  AcctColumnDef NASPORT,NAS-Port,integer
> > > >  AcctColumnDef DNIS,Called-Station-Id
> > > >  AcctColumnDef DATE,Timestamp,integer-date
> > > >  # This updates the time and octets left
> > > >  # for this user
> > > >  AcctSQLStatement update RADUSERS set
> > > > TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> > > > OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> > > > OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where
USERNAME='%n'
> > > >
> > > > </AuthBy>
> > > >
> > > > <AuthBy GROUP>
> > > >   Identifier WithIdleTimeout
> > > >   AuthBy RADMINAUTH
> > > >  # These are the classic things to add to each users
> > > >  # reply to allow a PPP dialup session. It may be
> > > >  # different for your NAS. This will add some
> > > >  # reply items to everyone's reply
> > > >  AddToReply Framed-Protocol = PPP,\
> > > >   Service-Type = Framed-User,\
> > > >          Framed-IP-Netmask = 255.255.255.255,\
> > > >          Framed-Routing = None,\
> > > >          Framed-MTU = 1500,\
> > > >   Framed-Compression = Van-Jacobson-TCP-IP,\
> > > >   Idle-Timeout = 600,\
> > > >   Class = %{NAS-Port}
> > > > </AuthBy>
> > > >
> > > > <AuthBy GROUP>
> > > >   Identifier WithOutIdleTimeout
> > > >   AuthBy RADMINAUTH
> > > >  # These are the classic things to add to each users
> > > >  # reply to allow a PPP dialup session. It may be
> > > >  # different for your NAS. This will add some
> > > >  # reply items to everyone's reply
> > > >  AddToReply Framed-Protocol = PPP,\
> > > >   Service-Type = Framed-User,\
> > > >          Framed-IP-Netmask = 255.255.255.255,\
> > > >          Framed-Routing = None,\
> > > >          Framed-MTU = 1500,\
> > > >   Framed-Compression = Van-Jacobson-TCP-IP,\
> > > >   Class = %{NAS-Port}
> > > > </AuthBy>
> > > >
> > > > <AuthBy FILE>
> > > >  Identifier TimeZone
> > > >  Filename %D/adsl.users
> > > > </AuthBy>
> > > >
> > > > <Handler Request-Type=Accounting-Request>
> > > >  AuthBy RADMINAUTH
> > > > </Handler>
> > > >
> > > > <Handler Realm=test1>
> > > >  AuthBy TimeZone
> > > > </Handler>
> > > >
> > > > <Handler Realm=test2>
> > > >  AuthBy WithOutIdleTimeout
> > > > </Handler>
> > > >
> > > > <Handler>
> > > >  AuthBy WithIdleTimeout
> > > > </Handler>
> > > >
> > > >
> > > > # Handle User with NO Realm with RADMIN
> > > > #<Realm>
> > > > # AuthBy RADMINAUTH
> > > > #</Realm>
> > > >
> > > > # Handle everyone with RADMIN
> > > > #<Realm DEFAULT>
> > > > # AuthBy RADMINAUTH
> > > > #</Realm>
> > > >
> > > > <SessionDatabase SQL>
> > > >  # This database spec usually should be exactly the same
> > > >  # as in <AuthBy RADMIN> above
> > > >  DBSource dbi:ODBC:Radmin
> > > >  DBUsername xxxx
> > > >  DBAuth  xxxx
> > > >  ClearNasQuery
> > > > </SessionDatabase>
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logfile-13-12-2001
Type: application/octet-stream
Size: 10347 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20011213/0124dc57/attachment.obj>