Fwd: Re: Fwd: RE: (RADIATOR) CFG files diffs
Hugh Irvine
hugh at open.com.au
Sun Apr 7 18:29:25 CDT 2002
Hello -
Here is Mike's reply.
regards
Hugh
---------- Forwarded Message ----------
Subject: Re: Fwd: RE: (RADIATOR) CFG files diffs
Date: Sun, 7 Apr 2002 11:17:20 +1000
From: Mike McCauley <mikem at open.com.au>
To: hugh at open.com.au
Hi Hugh,
I think the most likely explanation is that theris no secret for that client
in the database. Earlier versions of Radiaor would not have complained if
there were no secret for a particilar client. I will improive the error so it
says which client has the problem.
Cheers
On Sat, 6 Apr 2002 16:20, you wrote:
> Mikey -
>
> Here are the files.
>
> cheers
>
> Hugh
>
>
> ---------- Forwarded Message ----------
>
> Subject: RE: (RADIATOR) CFG files diffs
> Date: Fri, 5 Apr 2002 13:12:25 -0800 (PST)
> From: Jesus Duarte <jduarte at cnnw.net>
> To: Ronan Eckelberry <radiator at gowebco.com>
> Cc: radiator at open.com.au
>
> Here is the .cfg file. The documentation seems to indicate that the
> secret is not need because it is in the mysql database.
>
> There is not much to the logfile but it is at the end of the cfg.
>
> Foreground
> LogDir /var/log/radius
> LogFile %L/detail.%d.log
> DbDir /usr/local/radiator
> Trace 4
> PidFile /var/run/radius.pid
> AuthPort 1645
> AcctPort 1646
> DictionaryFile %D/dictionary
> #DictionaryFile %D/dictionary.cisco
> #DictionaryFile %D/dictionary.nortel
> #DictionaryFile %D/dictionary.ascend
> #DictionaryFile %D/dictionary.ascend2
> #DictionaryFile %D/dictionary.usr.merit
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
> #<Client DEFAULT>
> # Secret mysecret
> # DupInterval 0
> # IgnoreAcctSignature
> #</Client>
> <Client localhost>
> Secret specialsecret
> DupInterval 0
> </Client>
> # You can put additonal (or all) client details in your Radmin
> # database table
> # and get their details from there with something like this:
> # You can then use the Radmin 'Add Radius Client' to add new clients.
> <ClientListSQL>
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth top secret
> </ClientListSQL>
>
> # Handle everyone with RADMIN
>
> <Realm DEFAULT>
> RewriteUsername s/^([^@]+).*/$1/
>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth highsecret
>
> # Verify called_station_id
> AuthSelect select
>
> PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID,
>M AXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where
> USERNAME='%n' and ACTIVE='1'
>
> AuthColumnDef 3,Called-Station-Id,check
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> #AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
>
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Service-Type=Framed-User,\
> # Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Session-Timeout = 28800,\
> Framed-Compression = Van-Jacobson-TCP-IP
>
> </AuthBy>
> </Realm>
>
> #<Realm /cnnw/i>
> # RewriteUsername s/^([^@]+).*/$1/
> #
> # <AuthBy RADIUS>
> # #Identifier ProxyToMerit
> # Host 208.187.190.253
> # Secret guess
> # AuthPort 1645
> # IgnoreAccountingResponse
> # </AuthBy>
> #</Realm>
>
> <Realm /netmask/i>
> RewriteUsername s/^([^@]+).*/$1/
>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth lalala
>
> # Verify called_station_id
> AuthSelect select
>
> PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID,
>M AXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where
> USERNAME='%n' and ACTIVE='1'
>
> AuthColumnDef 3,Called-Station-Id,check
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> #AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
>
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Service-Type=Framed-User,\
> Framed-IP-Netmask = 255.255.255.224,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
> </AuthBy>
> </Realm>
>
> <Realm /netmask240/i>
> RewriteUsername s/^([^@]+).*/$1/
>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth wrong
>
> # Verify called_station_id
> AuthSelect select
>
> PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID,
>M AXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where
> USERNAME='%n' and ACTIVE='1'
>
> AuthColumnDef 3,Called-Station-Id,check
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> #AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
>
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Service-Type=Framed-User,\
> Framed-IP-Netmask = 255.255.255.240,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
> </AuthBy>
> </Realm>
>
> <Realm /dedicated/i>
> RewriteUsername s/^([^@]+).*/$1/
>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth blah
>
> # Verify called_station_id
> AuthSelect select
>
> PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID,
>M AXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where
> USERNAME='%n' and ACTIVE='1'
>
> AuthColumnDef 3,Called-Station-Id,check
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> #AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
>
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Service-Type=Framed-User,\
> # Framed-IP-Netmask = 255.255.255.0,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
>
> </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth stuff
>
> </SessionDatabase>
>
> # You can also set up an address pool for Radiator to manage.
> # The standard Radmin tables include a RADPOOL address pool table.
> # see the example in addressallocator.cfg
>
> ----------Logfile-------
> Thu Apr 4 16:11:46 2002: DEBUG: Adding Clients from SQL database
> Thu Apr 4 16:11:46 2002: DEBUG: Query is: select
> NASIDENTIFIER,
> SECRET,
> IGNOREACCTSIGNATURE,
> DUPINTERVAL,
> DEFAULTREALM,
> NASTYPE,
> SNMPCOMMUNITY,
> LIVINGSTONOFFS,
> LIVINGSTONHOLE,
> FRAMEDGROUPBASEADDRESS,
> FRAMEDGROUPMAXPORTSPERCLASSC,
> REWRITEUSERNAME,
> NOIGNOREDUPLICATES,
> PREHANDLERHOOK from RADCLIENTLIST
>
> Thu Apr 4 16:11:46 2002: ERR: No Secret defined for Radius::Client at
> '/usr/local/etc/ipns.cfg' line 37 Thu Apr 4 16:11:46 2002: INFO: Server
> started: Radiator 3.0 on triton.ipns.com
>
>
> Der Hausmeister
> ~~~~~~JESUS
> ~~~~~~
> Jesus Duarte
> UNIX System Administrator (geek)
> IPNS/CNNW
>
> jesus at cnnw.net jduarte at cnnw.net postmaster at cnnw.net
> abuse at cnnw.net support at cnnw.net dns at cnnw.net
> abuse at ipns.com jesus at ipns.com
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> -------------------------------------------------------
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
-------------------------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list