(RADIATOR) Profiles problems
Hugh Irvine
hugh at open.com.au
Wed Nov 12 22:20:55 CST 2003
Hello Brandon -
Thanks for your mail.
Unfortunately I meant "a trace 4 debug from Radiator" (not a trace 4
debug from radpwtst).
In any event, I suspect that at the very least the "TimeOfDay" radius
attribute is not defined in your Radiator dictionary.
regards
Hugh
On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote:
> Hugh,
>
> Note: I don't care that I left my ip address in there or the
> "encrypted"
> password. This is a test server with test data.
>
> Brandon
>
> ----- Original Message -----
> From: "Brandon Lehmann" <blehmann at glis.cc>
> To: "Hugh Irvine" <hugh at open.com.au>
> Cc: <owner-radiator at open.com.au>; <radiator at open.com.au>
> Sent: Wednesday, November 12, 2003 5:43 PM
> Subject: Re: (RADIATOR) Profiles problems
>
>
>> Hugh,
>>
>> Trace 4 with the config in my original message shows:
>>
>> --- START----
>> Reading dictionary file './dictionary'
>> sending Access-Request...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1645 ....
>> Code: Access-Request
>> Identifier: 120
>> Authentic: 1234567890123456
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> NAS-Port-Type = Async
>> User-Password =
>> ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
>>
>> No reply
>> sending Accounting-Request Start...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1646 ....
>> Code: Accounting-Request
>> Identifier: 121
>> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> NAS-Port-Type = Async
>> Acct-Session-Id = "00001234"
>> Acct-Status-Type = Start
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> Acct-Delay-Time = 0
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1646 ....
>> Code: Accounting-Response
>> Identifier: 121
>> Authentic: f>e#O#<156><150>S<239>N<240><234><182><23><229>
>> Attributes:
>>
>> OK
>> sending Accounting-Request Stop...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1646 ....
>> Code: Accounting-Request
>> Identifier: 122
>> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> NAS-Port-Type = Async
>> Acct-Session-Id = "00001234"
>> Acct-Status-Type = Stop
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> Acct-Delay-Time = 0
>> Acct-Session-Time = 1000
>> Acct-Input-Octets = 20000
>> Acct-Output-Octets = 30000
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1646 ....
>> Code: Accounting-Response
>> Identifier: 122
>> Authentic: 5Y<2>V<137><180>L<2>R<138>vzai<248><184>
>> Attributes:
>>
>> OK
>> -----END----
>>
>>
>> Chaning AuthByPolicy to ContinueWhileAccept returns this:
>>
>> -----START-----
>> Reading dictionary file './dictionary'
>> sending Access-Request...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1645 ....
>> Code: Access-Request
>> Identifier: 81
>> Authentic: 1234567890123456
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> NAS-Port-Type = Async
>> User-Password =
>> ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1645 ....
>> Code: Access-Reject
>> Identifier: 81
>> Authentic: <201>KV<189>Ao<213><235><254>3<22>z>h<239><4>
>> Attributes:
>> Reply-Message = "Request Denied"
>>
>> Rejected: Request Denied
>> sending Accounting-Request Start...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1646 ....
>> Code: Accounting-Request
>> Identifier: 82
>> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> NAS-Port-Type = Async
>> Acct-Session-Id = "00001234"
>> Acct-Status-Type = Start
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> Acct-Delay-Time = 0
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1646 ....
>> Code: Accounting-Response
>> Identifier: 82
>> Authentic: <237><157><221><24><8><3><11><235><207><167>t<226>SVQ<227>
>> Attributes:
>>
>> OK
>> sending Accounting-Request Stop...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1646 ....
>> Code: Accounting-Request
>> Identifier: 83
>> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> NAS-Port-Type = Async
>> Acct-Session-Id = "00001234"
>> Acct-Status-Type = Stop
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> Acct-Delay-Time = 0
>> Acct-Session-Time = 1000
>> Acct-Input-Octets = 20000
>> Acct-Output-Octets = 30000
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1646 ....
>> Code: Accounting-Response
>> Identifier: 83
>> Authentic: <4>\<212>g'`<252><214><23><246>>A]<136><172><174>
>> Attributes:
>>
>> OK
>>
>> ----END-----
>>
>> Removing the Authby clause for the profile & timeofday returns this
>> (with
>> ContinueWhileAccept):
>>
>> ----START------
>> Reading dictionary file './dictionary'
>> sending Access-Request...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1645 ....
>> Code: Access-Request
>> Identifier: 251
>> Authentic: 1234567890123456
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> NAS-Port-Type = Async
>> User-Password =
>> ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1645 ....
>> Code: Access-Reject
>> Identifier: 251
>> Authentic: <2>I<24> <180>7<222><164><151>k<213><22>O<15><255>N
>> Attributes:
>> Reply-Message = "Request Denied"
>>
>> Rejected: Request Denied
>> sending Accounting-Request Start...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1646 ....
>> Code: Accounting-Request
>> Identifier: 252
>> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> NAS-Port-Type = Async
>> Acct-Session-Id = "00001234"
>> Acct-Status-Type = Start
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> Acct-Delay-Time = 0
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1646 ....
>> Code: Accounting-Response
>> Identifier: 252
>> Authentic: <203>r<199><16>8<247>G<146><29>fe<135>`<20><133>Q
>> Attributes:
>>
>> OK
>> sending Accounting-Request Stop...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1646 ....
>> Code: Accounting-Request
>> Identifier: 253
>> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> NAS-Port-Type = Async
>> Acct-Session-Id = "00001234"
>> Acct-Status-Type = Stop
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> Acct-Delay-Time = 0
>> Acct-Session-Time = 1000
>> Acct-Input-Octets = 20000
>> Acct-Output-Octets = 30000
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1646 ....
>> Code: Accounting-Response
>> Identifier: 253
>> Authentic: TZ<243><171><164><236><146>h<14>+<186>)<190><14><<197>
>> Attributes:
>>
>> OK
>> ----------END---------
>>
>> And with the authbyclaus for timeofday removed and the policy set to
>> ContinueAlways:
>>
>> --------START---------
>> Reading dictionary file './dictionary'
>> sending Access-Request...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1645 ....
>> Code: Access-Request
>> Identifier: 62
>> Authentic: 1234567890123456
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> NAS-Port-Type = Async
>> User-Password =
>> ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1645 ....
>> Code: Access-Accept
>> Identifier: 62
>> Authentic:
>> 9<165>Y<201><211><140><2>u<210><251><161><200>3<149><179><1>
>> Attributes:
>> Service-Type = Framed-User
>> Session-Timeout = 18000
>> Idle-Timeout = 1740
>> Framed-IP-Netmask = 255.255.255.255
>> Port-Limit = 3
>>
>> OK
>> sending Accounting-Request Start...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1646 ....
>> Code: Accounting-Request
>> Identifier: 63
>> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> NAS-Port-Type = Async
>> Acct-Session-Id = "00001234"
>> Acct-Status-Type = Start
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> Acct-Delay-Time = 0
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1646 ....
>> Code: Accounting-Response
>> Identifier: 63
>> Authentic: <1>.<245><190>|!.1g<201>0<201><148><229><234>%
>> Attributes:
>>
>> OK
>> sending Accounting-Request Stop...
>> Packet dump:
>> *** Sending to 63.148.117.3 port 1646 ....
>> Code: Accounting-Request
>> Identifier: 64
>> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>> User-Name = "brandon"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> NAS-Port-Type = Async
>> Acct-Session-Id = "00001234"
>> Acct-Status-Type = Stop
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> Acct-Delay-Time = 0
>> Acct-Session-Time = 1000
>> Acct-Input-Octets = 20000
>> Acct-Output-Octets = 30000
>>
>> Packet dump:
>> *** Received from 63.148.117.3 port 1646 ....
>> Code: Accounting-Response
>> Identifier: 64
>> Authentic: <237><203>Z_<169><202>Um#&<241><136><29>8<145><23>
>> Attributes:
>>
>> OK
>> --------END----------
>>
>> As for a crash course in TimeOfDay, its a radius attribute that is
>> used to
>> define when a user can login. Say 7:30am to 3:30pm etc ->
>> "07:30-15:30" or
>> cannot login "!00:00-02:00" -> midnight to 2am. It is pretty similar
>> to
> the
>> Radiator Time attribute. However I have tried changing the columndef
>> to
>> "AuthColumnDef 0,Time,reply" and adding "Al" to the front of the
>> field to
>> apply for all days as the radiator manual shows. What I need to do is
> limit
>> a few users to only login during certain hours (at their bosses
>> request).
>> For now I have just added a stored procedure to my SQL server and a
>> job to
>> turn the account on and off at the specified time however that will
>> not
> work
>> forever.
>>
>> Thanks for the help,
>>
>> Brandon
>>
>> Note: This is running Radiator 3.7.1 on Windows 2000 SP4, w/
>> activestate
>> perl 5.6.1 using a 3com total control.
>>
>> ----- Original Message -----
>> From: "Hugh Irvine" <hugh at open.com.au>
>> To: "Brandon Lehmann" <blehmann at glis.cc>
>> Cc: <owner-radiator at open.com.au>; <radiator at open.com.au>
>> Sent: Wednesday, November 12, 2003 5:03 PM
>> Subject: Re: (RADIATOR) Profiles problems
>>
>>
>>>
>>> Hello Brandon -
>>>
>>> Could you please send me a trace 4 debug showing what is happening,
>>> and
>>> a bit more detail on what exactly you are wanting to have happen? I
>>> am
>>> not clear on what the TimeOfDay reply item is meant to do.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 13/11/2003, at 7:10 AM, Brandon Lehmann wrote:
>>>
>>>> Hi List,
>>>>
>>>> I cannot get the radius server to return the profile while using
>>>> the following configuration:
>>>>
>>>> ------START-----
>>>> LogStdout c:/radiator/stdout.txt
>>>> LogDir c:/radiator
>>>> DbDir c:/radiator.
>>>>
>>>> <Client DEFAULT>
>>>> Secret !removed for my protection!
>>>> DupInterval 0
>>>> </Client>
>>>>
>>>> <Realm DEFAULT>
>>>>
>>>> AuthByPolicy ContinueAlways
>>>>
>>>> <AuthBy SQL>
>>>> Identifier ACCT1
>>>> DBSource dbi:ODBC:!removed for my protection!
>>>> DBUsername !removed for my protection!
>>>> DBAuth !removed for my protection!
>>>>
>>>> AuthSelect
>>>>
>>>> AccountingTable radacct1
>>>> AcctColumnDef UserName,User-Name
>>>> AcctColumnDef LogDateTime,Timestamp,integer-date
>>>> AcctColumnDef AcctStatusType,Acct-Status-Type
>>>> AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
>>>> AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
>>>> AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
>>>> AcctColumnDef AcctInputPackets,Acct-Input-Packets,integer
>>>> AcctColumnDef
>>>> AcctOutputPackets,Acct-Output-Packets,integer
>>>> AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
>>>> AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause
>>>> AcctColumnDef NasIPAddress,NAS-IP-Address
>>>> AcctColumnDef NasIdentifier,NAS-Identifier
>>>> AcctColumnDef NasPortId,NAS-Port,integer
>>>> AcctColumnDef NasPortType,NAS-Port-Type,integer
>>>> AcctColumnDef ConnectInfo,Connect-Info
>>>> AcctColumnDef ServiceType,Service-Type
>>>> AcctColumnDef FramedProtocol,Framed-Protocol
>>>> AcctColumnDef FramedAddress,Framed-IP-Address
>>>> AcctColumnDef CallingStationId,Calling-Station-Id
>>>> </AuthBy>
>>>>
>>>> <AuthBy SQL>
>>>> Identifier AUTH1
>>>> DBSource dbi:ODBC:!removed for my protection!
>>>> DBUsername !removed for my protection!
>>>> DBAuth !removed for my protection!
>>>>
>>>> AuthSelect select
>>>> ClearTextPassword,ServiceType,SessionLimit, \
>>>> IdleLimit,StaticIP,IPNetmask,FramedRoute,PortLimit, \
>>>> PortLimit,ProfileID from Customers where
>>>> CustomerID=%0 \
>>>> and Disable is null
>>>> AuthColumnDef 0,Password,check
>>>> AuthColumnDef 1,Service-Type,reply
>>>> AuthColumnDef 2,Session-Timeout,reply
>>>> AuthColumnDef 3,Idle-Timeout,reply
>>>> AuthColumnDef 4,Framed-IP-Address,reply
>>>> AuthColumnDef 5,Framed-IP-Netmask,reply
>>>> AuthColumnDef 6,Framed-Route,reply
>>>> AuthColumnDef 7,Port-Limit,reply
>>>> AuthColumnDef 8,Simultaneous-Use,check
>>>> AuthColumnDef 9,Profile,reply
>>>> </AuthBy>
>>>> <AuthBy SQL>
>>>> DBSource dbi:ODBC:!removed for my protection!
>>>> DBUsername !removed for my protection!
>>>> DBAuth !removed for my protection!
>>>>
>>>> AuthSelect SELECT timeofday FROM profiles WHERE \
>>>> [profile]='%{Reply:Profile}'
>>>> AuthColumnDef 0,TimeOfDay,reply
>>>>
>>>> StripFromReply Profile
>>>> </AuthBy>
>>>>
>>>> SessionDatabase SDB1
>>>>
>>>> </Realm>
>>>>
>>>> <SessionDatabase SQL>
>>>> Identifier SDB1
>>>> DBSource dbi:ODBC:!removed for my protection!
>>>> DBUsername !removed for my protection!
>>>> DBAuth !removed for my protection!
>>>> </SessionDatabase>
>>>> -------END----
>>>>
>>>> If I change "AuthByPolicy ContinueAlways" to "AuthByPolicy
>>>> ContinueWhileAccept" then the server always returns "Request
>>>> Denied".
>>>> Any
>>>> input would be greatly appreciated. Note: I have already searched
>>>> the
>>>> list
>>>> archives, nothing seems to work.
>>>>
>>>> Thank you,
>>>>
>>>> Brandon Lehmann
>>>> Network Administrator
>>>> Great Lakes Internet Service, LLC.
>>>> The Computer Loft, Inc.
>>>> 218 Justice St
>>>> Fremont, Ohio 43420
>>>> 419.332.3553
>>>> blehmann at glis.cc
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> NB: have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>>
>>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list