(RADIATOR) RE: Fw: RADIATOR Evaluation License
Foo, Donald
Donald.Foo at O2.com
Fri Mar 14 00:58:40 CST 2003
Hi Hugh,
Sorry for any inconvenience and thank you for your help, one more question
about the script.
I cannot find AuthenticateAttribute from the Ref menu, the nearest one is
AuthenticateAccounting, any suggection where I can get this function from??
Regards,
Donald
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Friday, March 14, 2003 11:51 AM
To: Foo, Donald
Subject: Re: Fw: RADIATOR Evaluation License
Hello Donald -
You should really post your questions to the Radiator mailing list,
however I will try to help.
You can implement blacklists directly like this:
# define AuthBy clauses
<AuthBy FILE>
Identifier CheckBlacklist
Filename %D/blacklist
AuthenticateAttribute Calling-Station-Id
NoDefaultIfFound
</AuthBy>
<AuthBy ...>
Identifier YourNormalAuthBy
....
</AuthBy>
....
# define Realms or Handlers
<Realm ....>
RejectHasReason
AuthByPolicy ContinueWhileAccept
AuthBy CheckBlacklist
AuthBy YourNormalAuthBy
....
</Realm>
.....
The file "%D/blacklist" would contain this:
# blacklist
DEFAULT Auth-Type = Accept
12345678 Auth-Type = "Reject: You did not pay your bill"
23456789 Auth-Type = "Reject: You did not pay your bill"
.....
regards
Hugh
On Friday, Mar 14, 2003, at 13:50 Australia/Melbourne, Mike McCauley
wrote:
> Hi Hugh,
>
> can you help this person with blacklists?
>
> He is an evaluator. Perhaps you can also encourage him to subscribe to
> ands
> use the mailing list?
>
>
> cheers.
>
>
> ---------- Forwarded Message ----------
>
> Subject: RE: Fw: RADIATOR Evaluation License
> Date: Fri, 14 Mar 2003 10:39:11 +0800
> From: "Foo, Donald" <Donald.Foo at O2.com>
> To: "'Mike McCauley'" <mikem at open.com.au>
> Cc: "Foo, Donald" <Donald.Foo at O2.com>
>
> Hi Mike,
> Some more questions for you.
>
> 1. In the Blacklist authentication, if I want to blacklist one or some
> of
> the Calling-Station-ID (Mobile No. so all same group mobile user will
> use
> the same user ID and password) without any sql database and I put it
> in the
> USERS file in this way.
>
> # From apn1
> DEFAULT Calling-Station-Id = "12345678", Auth-Type = "Reject:You did
> not pay
> your bill"
> # From apn2
> DEFAULT Calling-Station-Id = "23456789", Auth-Type = "Reject:You did
> not pay
> your bill"
> # From apn3
> DEFAULT Calling-Station-Id = "34567890", Auth-Type = "Reject:You did
> not pay
> your bill"
> # From gsn1
> DEFAULT Calling-Station-Id = "45678901", Auth-Type = "Reject:You did
> not pay
> your bill"
> # From gsn2
> DEFAULT Calling-Station-Id = "56789012", Auth-Type = "Reject:You did
> not pay
> your bill"
> # From gsn3
> DEFAULT Calling-Station-Id = "67890123", Auth-Type = "Reject:You did
> not pay
> your bill"
>
> apn1 Password = "secretapn1"
> apn2 Password = "secretapn2"
> apn3 Password = "secretapn3"
>
> gsn1 Password = "secretgsn1"
> gsn2 Password = "secretgsn2"
> gsn3 Password = "secretgsn3"
>
> Will it works?? Since we don't have the Calling-Station-ID return in
> the
> test.
>
> 2. Is there any additional tools which can simplify the input of the
> blacklist (The Calling-Station-ID).
>
> Regards,
> Donald
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Monday, February 10, 2003 12:24 PM
> To: Donald.Foo at O2.com
> Subject: Re: Fw: RADIATOR Evaluation License
>
>
> Hello Donald,
>
> Nicola forwarded me your email.
> I will try to help.
>
> On Mon, 10 Feb 2003 03:09 pm, Nicola Wassell wrote:
>> ----- Original Message -----
>> From: Foo, Donald
>> To: 'Nicola Wassell' ; Foo, Donald
>> Cc: Joanne Davis ; Foo, Donald
>> Sent: Monday, February 10, 2003 3:05 PM
>> Subject: RE: RADIATOR Evaluation License
>>
>>
>> Hi Nicola,
>> Thanks for the email.
>> Actuall I have few questions when I doing the test but not sure where
>> should I get the online help from.
>
> The best place to get help during evaluation is the free email mailing
> list.
> Details on subscribing and using the mailing list can be found at:
>
> http://www.open.com.au/mailing.html
>
> I have tried to answer your questions below.
> If you have any additional questions, you should subscribe and send
> them to
> the Radiator mailing list.
>
>> 1. Bad authenticator warning message
>>
>> Mon Jan 20 14:39:46 2003: DEBUG: Received reply in AuthRADIUS for req
>> 2
>> from 10.85.4.5:1813 Mon Jan 20 14:39:46 2003: WARNING: Bad
>> authenticator
>> received in reply to ID 2 Mon Jan 20 14:39:46 2003: DEBUG: Accounting
>> accepted
>> Mon Jan 20 14:39:46 2003: DEBUG: Packet dump:
>> *** Sending to 10.85.4.254 port 21645 ....
>> Code: Accounting-Response
>> Identifier: 82
>> Authentic: ,<141>e'<5>|<216>dyD<243><181>$M<28><251>
>> Attributes:
>>
>> I'd confirm the secret key are the same in both side (actually I'd
>> changed
>> it twice). Herewith is the configuration.
>>
>> <AuthBy RADIUS>
>> RetryTimeout 25
>> NoForwardAuthentication
>> Secret test123
>> AcctPort 1813
>> Host 10.85.4.5
>> </AuthBy>
>
> Looks OK, though the timeout is rather long.
>
> As you guess, normally, 'Bad authenticator' would mean that the remote
> radius
> server and your server have different Radius shared secrets.
>
> What sort of Radius server is at 10.85.4.5 port 1813? Is it
> complaining
> about
> _your_ authenticator? If so its pretty sure the shared secrets are
> different.
>
> But.... some Radius servers do not implement correct authenticator
> algorithms.
> If that is the case, you can set the
>
> IgnoreReplySignature
>
> parameter in your AuthBy RADIUS to disable authenticator checking from
> proxied
> requests.
>
>> 2. Blacklist authentication.
>> As I know Blacklist can be done with mysql database, my question is
>> can we
>> use plane/text database to do the samething? (like ./user)
>
> Yes.
>
> You can have user entries in a file like this:
>
> baduser Auth-Type=Reject
>
> nastyuser Auth-Type=Reject:some explanatory message
>
> etc...
>
> More details in the reference manual.
> There are other ways to skin this cat if you have unusual requirements.
>
>> 3. Since I am using a CISCO router to be a RAS server, the caller-id
>> is
>> always "async". Can we grand some fack caller-id to the accounting?
>
> Do you mean the User-Name is always 'async'? Very unusual, and probably
> broken.
>
> You can use the RewriteUsername paramter to rewrite User-Name in many
> ways.
>
> You can use Radiator hooks to change/add/rewrite any other attribute.
>
>> 4. Is there anyway to extend the evaluation licenses and how?
>
> Yes, on your request we can issue you with a key to extend your eval
> period,
>
> or to remove your request limitations..
>
> Hope that helps.
>
> Cheers.
>
>> Thanks and Regards,
>> Donald
>>
>>
>> -----Original Message-----
>> From: Nicola Wassell [mailto:nicola at open.com.au]
>> Sent: Monday, February 10, 2003 9:55 AM
>> To: donald.foo at o2.com
>> Cc: Joanne Davis
>> Subject: RADIATOR Evaluation License
>>
>>
>> Hello
>>
>>
>>
>> You currently have evaluation copies of RADIATOR and RADAR. The
>> evaluation licenses will expire soon. We are very interested to know
>> how
>> your evaluation is progressing and to what extent they meet your
>> selection
>> criteria.
>>
>>
>>
>> What do you like about them?
>>
>>
>>
>> What DON'T you like about them?
>>
>>
>>
>> Maybe you haven't started your evaluation yet! Are you having any
>> problems with installation or configuration that we can help you with?
>>
>>
>>
>> Have you subscribed to the Radiator mailing list?
>> http://www.open.com.au/mailing.html
>>
>>
>>
>> Do you intend to proceed with an order?
>> http://www.open.com.au/ordering.html If YES, why?
>>
>>
>>
>> If NO, why not?
>>
>>
>>
>> We appreciate the value of time and would be very grateful for your
>> thoughts on how our products could be improved. Take the trouble to
>> reply
>> - AND tell us your T-SHIRT size as well.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Nicola Wassell nicola at open.com.au
>> Open System Consultants Pty. Ltd
>>
>> 24 Bateman Street Hampton, VIC 3188 Australia
>> http://www.open.com.au
>> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
>> TLS,
>> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
> -------------------------------------------------------
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list