No subject
Tue Jun 24 01:16:46 CDT 2008
>Received: from lax.voyager.net (brick.voyager.net [209.153.128.248]) by
> perki.connect.com.au with ESMTP id KAA06239
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 17 Apr 2001 10:43:23 +1000
(EST) Received: from lax.voyager.net (brick.voyager.net [209.153.128.248])
by perki.connect.com.au with ESMTP id KAA06239 (8.8.8/IDA-1.7 for
<radiator at open.com.au>); Tue, 17 Apr 2001 10:43:23 +1000 (EST) Received:
(from mholtz at localhost)
by lax.voyager.net (8.9.3/8.9.3) id UAA13405;
Mon, 16 Apr 2001 20:43:08 -0400
Date: Mon, 16 Apr 2001 20:43:08 -0400
From: Matt Holtz <matt.holtz at voyager.net>
To: Joel Michael <joel at diggy.com.au>
Cc: "carlosm1 at qwest.net" <carlosm1 at qwest.net>,
"radiator at open.com.au" <radiator at open.com.au>
Subject: Re: (RADIATOR) Monitoring with WhatsUp Gold
Message-ID: <20010416204308.E13215 at voyager.net>
References: <01C0C4F6.25B9DAF0.carlosm1 at qwest.net>
<987463681.3332.1.camel at joel> Mime-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <987463681.3332.1.camel at joel>; from joel at diggy.com.au on Tue,
Apr 17, 2001 at 09:27:59AM +1000 Organization: Voyager.net
Content-Type: text/plain; charset=us-ascii
Another possibility is sysmon (www.sysmon.org) which is also free.
Joel Michael wrote:
> On 14 Apr 2001 15:18:16 -0600, Carlos P. Martinez wrote:
> > Hi,
> >
> > I am very interested in knowing about a better network monitoring tool
> > for Radiator than What's up Gold.
> >
> > Thank you in advance for any help or product name.
>
> I can highly recommend NetSaint (http://www.netsaint.org) for network
> monitoring. There is a plugin for radius in the standard plugins
> distribution, and it works very well. However, I do not know if the
> netsaint engine or plugins will compile on non-unix machines, as I've
> never needed to try it.
>
> The best part about NetSaint is the cost. It's free. The worst part is
> configuring it for the first time, the config file syntax looks very
> strange at first, but you learn it quickly enough.
> --
> Joel Michael
> Systems Administrator
> Worldhosting.org
>
> Ph: +61 7 3367 3555
> Fax: +61 7 3367 3544
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Matt Holtz
Systems Engineering Manager
CoreComm, formerly Voyager.net
-------------------------------------------------------
--
Mike McCauley, Open System Consultants
Im travelling at the moment, and our correspondence may be delayed.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27053 invoked by uid 0); 18 Apr 2001 01:05:26 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 01:05:26 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA00361
for radiator-zzlist; Wed, 18 Apr 2001 10:10:55 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA00327
for radiator at open.com.au; Wed, 18 Apr 2001 10:10:43 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA07685
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 09:52:48 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA07685
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 09:52:48 +1000 (EST)
Received: from hugo (acc1-ppp251.mel.dialup.connect.net.au [210.10.128.251])
by entoo.connect.com.au (Postfix) with SMTP
id A71D3DD77F; Wed, 18 Apr 2001 09:50:21 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Jeffrey Wheat" <jeff at cetlink.net>, <radiator at open.com.au>
Subject: Re: (RADIATOR) RewriteUsername help
Date: Wed, 18 Apr 2001 09:50:11 +1000
X-Mailer: KMail [version 1.1.99]
References: <NCEAJFPAIKMLOOCHMOIAKEFDGKAA.jeff at cetlink.net>
In-Reply-To: <NCEAJFPAIKMLOOCHMOIAKEFDGKAA.jeff at cetlink.net>
MIME-Version: 1.0
Message-Id: <0104180950110U.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Jeff -
You would use custom queries for the SQL database, and a format specification
for the detail file - both using special characters: %n, %u and %N.
Have a look at section 6.2 in the Radiator 2.18 reference manual.
hth
Hugh
On Wednesday 18 April 2001 07:00, Jeffrey Wheat wrote:
> Hello all!
>
> I have a special need for stripping the domain name from my
> proxy customers prior to authenication but need the domain
> to be included when writing the accounting records to a file
> and to the sql database. Any suggestions?
>
> MTIA,
> Jeff
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27067 invoked by uid 0); 18 Apr 2001 01:07:26 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 01:07:26 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA00368
for radiator-zzlist; Wed, 18 Apr 2001 10:11:03 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA00336
for radiator at open.com.au; Wed, 18 Apr 2001 10:10:46 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA07686
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 09:52:48 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA07686
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 09:52:48 +1000 (EST)
Received: from hugo (acc1-ppp251.mel.dialup.connect.net.au [210.10.128.251])
by entoo.connect.com.au (Postfix) with SMTP
id 23BE8DD6F8; Wed, 18 Apr 2001 09:50:18 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Andy De Petter" <adepette at krameria.net>, <julio.prada at bt.es>,
<radiator at open.com.au>
Subject: Re: (RADIATOR) performance issue
Date: Wed, 18 Apr 2001 09:45:08 +1000
X-Mailer: KMail [version 1.1.99]
References: <NMEIJMCFCECINGDHLNMOKEOJFFAA.adepette at krameria.net>
In-Reply-To: <NMEIJMCFCECINGDHLNMOKEOJFFAA.adepette at krameria.net>
MIME-Version: 1.0
Message-Id: <0104180945080S.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Andy -
The session database will be accessed by both authentication (to delete and
to check limits) and accounting (to insert and delete).
cheers
Hugh
On Wednesday 18 April 2001 00:19, Andy De Petter wrote:
> > Your problem sounds familiar to us because at the beginning, we launched
> > tests of 1000 authentication requests and the 40% were dropped.
>
> Were those 40% authentication or accounting?
>
> I'm running accounting & authentication on different daemons.. and the
> session db is configured on the accounting daemon, so authentication here
> is not affected, by any slowdown of the accounting daemon.
>
> -Andy
>
> --
> "For nothing can seem foul to those that win."
> - Henry IV, Pt1, Act 5, Sc 1
>
> *** DISCLAIMER ***
> This e-mail and any attachments thereto may contain information, which
> is confidential and/or protected by intellectual property rights and
> are intended for the sole use of the recipient(s) named above. Any use
> of the information contained herein (including, but not limited to,
> total or partial reproduction, communication or distribution in any
> form) by persons other than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender
> either by telephone or by e-mail and delete the material from any
> computer. Thank you for your cooperation.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27075 invoked by uid 0); 18 Apr 2001 01:08:24 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 01:08:24 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA00367
for radiator-zzlist; Wed, 18 Apr 2001 10:11:03 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA00346
for radiator at open.com.au; Wed, 18 Apr 2001 10:10:47 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA07679
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 09:52:46 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA07679
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 09:52:46 +1000 (EST)
Received: from hugo (acc1-ppp251.mel.dialup.connect.net.au [210.10.128.251])
by entoo.connect.com.au (Postfix) with SMTP
id 00E23DD7C1; Wed, 18 Apr 2001 09:50:19 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Feite Brekeveld <brekeveld at aucs-europe.net>, radiator at open.com.au
Subject: Re: (RADIATOR) processing Acct-Session-Id field before it gets into the database
Date: Wed, 18 Apr 2001 09:46:36 +1000
X-Mailer: KMail [version 1.1.99]
References: <3ADC6FE4.3AA193F4 at aucs-europe.net>
In-Reply-To: <3ADC6FE4.3AA193F4 at aucs-europe.net>
MIME-Version: 1.0
Message-Id: <0104180946360T.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Feite -
If you send me a copy of your configuration file (no secrets), and some
details on what you want to do, I will be happy to help.
regards
Hugh
On Wednesday 18 April 2001 02:31, Feite Brekeveld wrote:
> Hi,
>
> I would like to do some modification to the Acct-Session-Id field before
> it gets logged into the database (Postgresql).
>
> I did some experimenting with the PreProcessingHandler but it seems not
> to be run when a request comes in.
>
> Please some tips on this one .
>
> Thanks,
>
>
> Feite Brekeveld
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27097 invoked by uid 0); 18 Apr 2001 01:13:06 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 01:13:06 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA00360
for radiator-zzlist; Wed, 18 Apr 2001 10:10:53 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA00319;
Wed, 18 Apr 2001 10:10:42 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA07683
(8.8.8/IDA-1.7); Wed, 18 Apr 2001 09:52:47 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA07683
(8.8.8/IDA-1.7); Wed, 18 Apr 2001 09:52:47 +1000 (EST)
Received: from hugo (acc1-ppp251.mel.dialup.connect.net.au [210.10.128.251])
by entoo.connect.com.au (Postfix) with SMTP
id D5054DD4C9; Wed, 18 Apr 2001 09:50:15 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Andy De Petter" <adepette at krameria.net>,
"Radiator Mailing" <radiator at open.com.au>
Subject: Re: (RADIATOR) performance issue
Date: Wed, 18 Apr 2001 09:42:22 +1000
X-Mailer: KMail [version 1.1.99]
References: <NMEIJMCFCECINGDHLNMOAENOFFAA.adepette at krameria.net>
In-Reply-To: <NMEIJMCFCECINGDHLNMOAENOFFAA.adepette at krameria.net>
Cc: mikem at open.com.au
MIME-Version: 1.0
Message-Id: <0104180942220R.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Andy -
There has been some work done on the session database recently and Mike has
added some indexing and a modified query for MySQL that includes a "limit 1"
when searching for an address.
You should upgrade to Radiator 2.18 (plus patches).
I have also copied Mike on this mail so he can give you the details.
cheers
Hugh
On Tuesday 17 April 2001 20:33, Andy De Petter wrote:
> Hello,
>
> I'm having a bit of a problem with the session database, on Radiator
> 2.17.1. I have 2 radius servers running, sharing a remote SQL database for
> all active sessions. The authentication of clients, also happens through
> remote SQL databases, on different machines than the session db.
>
> Now, when the session database is enabled, I have a very high amount of UDP
> packets (mostly accounting) dropped, between the access servers, and the
> radius servers. When disabling it, nearly no packets are dropped. The
> session database, runs on a high-end Sun Enterprise server, with plenty of
> CPU and memory, and is dedicated to the session db (MySQL). The load on
> the session db server, is nearly nothing, and the SQL server isn't showing
> any performance problems. Also the load on the radius servers, isn't
> rising, after enabling the session db.
>
> At first sight, this doesn't really seem to be a network problem, as there
> is a direct dedicated line, between access servers, and radius servers.
>
> Something, that might be interesting aswell, is that the incoming/outgoing
> traffic multiplies by 5, when enabling the session database, and outgoing
> traffic is nearly half of incoming traffic.... while without the session
> database, in/outgoing traffic is approx. equal to eachother.
>
> I know this might sound a bit confusing, and might require you to read the
> problem a few times, before understanding it .. but it's really odd, and at
> the moment, I can't afford to enable the session db, due to the packetloss
> between access servers and radius servers in that case :-/
>
> -Andy
>
> --
> "For nothing can seem foul to those that win."
> - Henry IV, Pt1, Act 5, Sc 1
>
> *** DISCLAIMER ***
> This e-mail and any attachments thereto may contain information, which
> is confidential and/or protected by intellectual property rights and
> are intended for the sole use of the recipient(s) named above. Any use
> of the information contained herein (including, but not limited to,
> total or partial reproduction, communication or distribution in any
> form) by persons other than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender
> either by telephone or by e-mail and delete the material from any
> computer. Thank you for your cooperation.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27232 invoked by uid 0); 18 Apr 2001 02:29:57 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 02:29:57 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA00573
for radiator-zzlist; Wed, 18 Apr 2001 11:40:20 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA00557
for radiator at open.com.au; Wed, 18 Apr 2001 11:40:14 +1000 (EST)
>Received: from cirrus.netspace.net.au (cirrus.netspace.net.au [203.10.110.75]) by perki.connect.com.au with ESMTP id LAA12055
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 11:22:55 +1000 (EST)
Received: from cirrus.netspace.net.au (cirrus.netspace.net.au [203.10.110.75]) by perki.connect.com.au with ESMTP id LAA12055
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 11:22:55 +1000 (EST)
Received: from wave.office.netspace.net.au (root at wave.Office.netspace.net.au [210.15.210.19])
by cirrus.netspace.net.au (8.11.3/8.11.3) with ESMTP id f3I1MsT73994
for <radiator at open.com.au>; Wed, 18 Apr 2001 11:22:54 +1000 (EST)
Received: (from jpburton at localhost)
by wave.office.netspace.net.au (8.11.0/8.11.0/Debian 8.11.0-6) id f3I1Msn04775
for radiator at open.com.au; Wed, 18 Apr 2001 11:22:54 +1000
From: Jeremy Burton <jpburton at netspace.net.au>
Date: Wed, 18 Apr 2001 11:22:54 +1000
To: radiator at open.com.au
Subject: (RADIATOR) Session Database Curly..
Message-ID: <20010418112254.B3630 at netspace.net.au>
Mime-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Content-Type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi All,
I have a question 'bout session databases... We have a setup where we
provide dialup access for a subsidiary (but separate) company - ie they
have their own customers but use our dialup equipment. To do this, we give
them their own dialin number on our NAS and use
<Handler Client-Port-DNIS=9xxxxxxx> as the way of telling radiator to
forward the requests onto their radius server. That way, a user of their
service doesn't need to append @theirname.com.au to the end of their
usernames to get authenticated properly. This is all working fine except
for one problem: we use an SQL session database to keep track of
simultaneous use for our own customers. If a user called user1 logs into
their service, and then a user called user1 with simultaneous use=1 logs
into our service, they are denied. Why? Because the session database
already has an entry for user user1. In theory, a nice way around it would
be to have in the session database username at realm, however that is just
the problem: we don't have differenct realms here. Is there some way of
indicating within an AuthBy that we don't want the session database used
for the present AuthBy. This way, if we have an AuthBy purely for
forwarding, we can bypass the session database.
Thanks,
Jeremy
--
Jeremy Burton
Database Administrator, Netspace Online Systems
jpburton at netspace.net.au
jpburton at thedonkeys.org
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27329 invoked by uid 0); 18 Apr 2001 03:01:53 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 03:01:53 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA00673
for radiator-zzlist; Wed, 18 Apr 2001 12:10:20 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA00661
for radiator at open.com.au; Wed, 18 Apr 2001 12:10:15 +1000 (EST)
>Received: from rex.isdn.net (rex.isdn.net [207.65.4.2]) by perki.connect.com.au with ESMTP id LAA12723
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 11:38:59 +1000 (EST)
Received: from rex.isdn.net (rex.isdn.net [207.65.4.2]) by perki.connect.com.au with ESMTP id LAA12723
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 11:38:59 +1000 (EST)
Received: from isdnnt02.office.isdn.net (isdnnt02.office.isdn.net [207.65.7.12])
by rex.isdn.net (8.11.3/8.11.3) with ESMTP id f3I1cuL03099;
Tue, 17 Apr 2001 20:38:57 -0500
Received: by isdnnt02.office.isdn.net with Internet Mail Service (5.5.2653.19)
id <J1A6FQPH>; Tue, 17 Apr 2001 20:50:29 -0500
Message-ID: <01B712429915D511803600A0C99AB3A7057D8C at isdnnt02.office.isdn.net>
From: Eric Lackey <eric at isdn.net>
To: "'Jeffrey Wheat'" <jeff at cetlink.net>
Cc: "'radiator at open.com.au'" <radiator at open.com.au>
Subject: RE: (RADIATOR) RewriteUsername help
Date: Tue, 17 Apr 2001 20:50:27 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Jeffrey,
Here are some possible values you could use for that. You would probably
want to use the %u which is the full username before any Rewrites are
applied. So I think your AcctColumnDef for USERNAME would look like this
AcctColumnDef USERNAME,%u
---------------------------------------------
%n
The User-Name (i.e. the full user name, including the realm) currently
being authenticated, after any RewriteUsername was applied.
%U
The User-Name currently being authenticated with the realm (if any)
stripped off, after any RewriteUsername was applied.
%u
The full original User-Name that was received, before any RewriteUsername
were applied.
-----Original Message-----
From: Jeffrey Wheat [mailto:jeff at cetlink.net]
Sent: Tuesday, April 17, 2001 4:01 PM
To: radiator at open.com.au
Subject: (RADIATOR) RewriteUsername help
Hello all!
I have a special need for stripping the domain name from my
proxy customers prior to authenication but need the domain
to be included when writing the accounting records to a file
and to the sql database. Any suggestions?
MTIA,
Jeff
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27388 invoked by uid 0); 18 Apr 2001 03:33:25 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 03:33:25 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA00709
for radiator-zzlist; Wed, 18 Apr 2001 12:40:13 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA00704
for radiator at open.com.au; Wed, 18 Apr 2001 12:40:09 +1000 (EST)
>Received: from cirrus.netspace.net.au (cirrus.netspace.net.au [203.10.110.75]) by perki.connect.com.au with ESMTP id MAA14307
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 12:11:17 +1000 (EST)
Received: from cirrus.netspace.net.au (cirrus.netspace.net.au [203.10.110.75]) by perki.connect.com.au with ESMTP id MAA14307
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 12:11:17 +1000 (EST)
Received: from wave.office.netspace.net.au (root at wave.Office.netspace.net.au [210.15.210.19])
by cirrus.netspace.net.au (8.11.3/8.11.3) with ESMTP id f3I2BHT12970
for <radiator at open.com.au>; Wed, 18 Apr 2001 12:11:17 +1000 (EST)
Received: (from jpburton at localhost)
by wave.office.netspace.net.au (8.11.0/8.11.0/Debian 8.11.0-6) id f3I2BH806800
for radiator at open.com.au; Wed, 18 Apr 2001 12:11:17 +1000
Date: Wed, 18 Apr 2001 12:11:16 +1000
From: Jeremy Burton <jpburton at netspace.net.au>
To: radiator at open.com.au
Subject: Re: (RADIATOR) Session Database Curly..
Message-ID: <20010418121116.A5480 at netspace.net.au>
References: <20010418112254.B3630 at netspace.net.au>
Mime-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010418112254.B3630 at netspace.net.au>; from jpburton at netspace.net.au on Wed, Apr 18, 2001 at 11:22:54AM +1000
Content-Type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
Argh.. this is where everyone should yell at me to RTFM! Just stumbled
over the Identifier parameter for SessionDatabase clauses... just shoot
me :)
Jeremy
On Wed, Apr 18, 2001 at 11:22:54AM +1000, Jeremy Burton wrote:
> Hi All,
> I have a question 'bout session databases... We have a setup where we
> provide dialup access for a subsidiary (but separate) company - ie they
> have their own customers but use our dialup equipment. To do this, we give
> them their own dialin number on our NAS and use
> <Handler Client-Port-DNIS=9xxxxxxx> as the way of telling radiator to
> forward the requests onto their radius server. That way, a user of their
> service doesn't need to append @theirname.com.au to the end of their
> usernames to get authenticated properly. This is all working fine except
> for one problem: we use an SQL session database to keep track of
> simultaneous use for our own customers. If a user called user1 logs into
> their service, and then a user called user1 with simultaneous use=1 logs
> into our service, they are denied. Why? Because the session database
> already has an entry for user user1. In theory, a nice way around it would
> be to have in the session database username at realm, however that is just
> the problem: we don't have differenct realms here. Is there some way of
> indicating within an AuthBy that we don't want the session database used
> for the present AuthBy. This way, if we have an AuthBy purely for
> forwarding, we can bypass the session database.
>
> Thanks,
>
> Jeremy
>
>
> --
> Jeremy Burton
> Database Administrator, Netspace Online Systems
> jpburton at netspace.net.au
> jpburton at thedonkeys.org
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Jeremy Burton
Database Administrator, Netspace Online Systems
jpburton at netspace.net.au
jpburton at thedonkeys.org
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27955 invoked by uid 0); 18 Apr 2001 10:11:18 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 10:11:18 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id TAA01463
for radiator-zzlist; Wed, 18 Apr 2001 19:10:14 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id TAA01458;
Wed, 18 Apr 2001 19:10:10 +1000 (EST)
>Received: from bareed105.riyadh.zajil.com ([212.26.73.241]) by perki.connect.com.au with ESMTP id SAA03571
(8.8.8/IDA-1.7); Wed, 18 Apr 2001 18:51:39 +1000 (EST)
Received: from bareed105.riyadh.zajil.com ([212.26.73.241]) by perki.connect.com.au with ESMTP id SAA03571
(8.8.8/IDA-1.7); Wed, 18 Apr 2001 18:51:39 +1000 (EST)
Received: from msx101.riyadh.zajil.com (msx101.riyadh.zajil.com [208.162.203.10])
by bareed105.riyadh.zajil.com (8.9.3/8.9.3) with ESMTP id LAA11732;
Wed, 18 Apr 2001 11:51:37 +0300 (AST)
Received: from GNriyadhHD.gulfnetksa.com (ws103.riyadh.zajil.com [208.162.203.52])
by msx101.riyadh.zajil.com (8.9.3/8.9.3) with ESMTP id LAA21760;
Wed, 18 Apr 2001 11:36:31 +0300 (AST)
Received: from abdussami ([172.16.2.60])
by GNriyadhHD.gulfnetksa.com (8.8.5/8.8.5) with SMTP id PAA01352;
Wed, 18 Apr 2001 15:22:36 +0300 (AST)
From: "Mohammed AbdusSami" <abdussami at gulfnetksa.com>
To: <radiator at open.com.au>
Cc: <owner-radiator at open.com.au>
Subject: (RADIATOR) Access Denied ... 691 error....(Urgent)...
Date: Wed, 18 Apr 2001 11:58:16 +0300
Message-ID: <NEBBJOPJMLBGFKDGNJABGEFEDCAA.abdussami at gulfnetksa.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <20010418112254.B3630 at netspace.net.au>
Disposition-Notification-To: "Mohammed AbdusSami" <abdussami at gulfnetksa.com>
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi...
My config is as follows...I am
can anybody tell why I am getting 691 error ( check password) when I am able
to authenticate with same password using radpwtst.
Your immediate help will be highly appreciated.....
Best Regards,
Mohammed AbdusSami
# configuration....
<Client 212.26.73.101>
Secret abcdefgh09876
DupInterval 0
</Client>
<Client DEFAULT>
Secret radiator567
DupInterval 0
</Client>
<AuthBy SQL>
Identifier Check_Logins
DBSource dbi:ODBC:radius
DBUsername radiator
DBAuth rad123456
AuthSelect select password from logins \
Where username='%n' and status=0
AccountingTable UsageOnlinehours
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AddToReply PoolHint = login, \
Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Session-Timeout = 18000, \
Idle-Timeout = 18000, \
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
# configure AuthBy SQL to check emails (Identifier Check_Emails)
<AuthBy SQL>
Identifier Check_Emails
DBSource dbi:ODBC:radius
DBUsername radiator
DBAuth rad123456
AuthSelect select password from Emails \
Where popname='%n' and status=0
AccountingTable EmailOnlinehours
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctFailedLogFileName %D/missedaccounting
AddToReply PoolHint = email, \
Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Session-Timeout = 18000, \
Idle-Timeout = 18000, \
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
# configure Realms (usernames will be of the form user at r1, or user at r2)
<Realm zajil.com>
AuthBy Check_Logins
</Realm>
<Realm zajil.net>
AuthBy Check_Emails
</Realm>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 27993 invoked by uid 0); 18 Apr 2001 11:04:19 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 11:04:19 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id UAA01550
for radiator-zzlist; Wed, 18 Apr 2001 20:40:26 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id UAA01522;
Wed, 18 Apr 2001 20:40:16 +1000 (EST)
>Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id UAA06269
(8.8.8/IDA-1.7); Wed, 18 Apr 2001 20:04:59 +1000 (EST)
Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id UAA06269
(8.8.8/IDA-1.7); Wed, 18 Apr 2001 20:04:59 +1000 (EST)
Received: from warp-core.skynet.be ([195.238.2.25] helo=Sarabi)
by mail.krameria.net with asmtp (Exim 3.20 #1)
id 14popV-00060C-00; Wed, 18 Apr 2001 12:04:57 +0200
From: "Andy De Petter" <adepette at krameria.net>
To: <hugh at open.com.au>, <radiator at open.com.au>
Subject: RE: (RADIATOR) performance issue
Date: Wed, 18 Apr 2001 12:06:30 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOOEABFGAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Importance: Normal
In-Reply-To: <0104180945080S.00901 at hugo>
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
That I don't understand.
How can the authentication radiusd access the session database, when it's
not configured -at all- in its configuration file? Please mind, that I'm
running 1 radiusd for authentication, and 1 for accounting .. and I don't
have any <SessionDatabase> clause, in the authentication one..
-Andy
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: woensdag 18 april 2001 1:45
> To: Andy De Petter; julio.prada at bt.es; radiator at open.com.au
> Subject: Re: (RADIATOR) performance issue
>
>
>
> Hello Andy -
>
> The session database will be accessed by both authentication (to
> delete and
> to check limits) and accounting (to insert and delete).
>
> cheers
>
> Hugh
>
> On Wednesday 18 April 2001 00:19, Andy De Petter wrote:
> > > Your problem sounds familiar to us because at the beginning,
> we launched
> > > tests of 1000 authentication requests and the 40% were dropped.
> >
> > Were those 40% authentication or accounting?
> >
> > I'm running accounting & authentication on different daemons.. and the
> > session db is configured on the accounting daemon, so
> authentication here
> > is not affected, by any slowdown of the accounting daemon.
> >
> > -Andy
> >
> > --
> > "For nothing can seem foul to those that win."
> > - Henry IV, Pt1, Act 5, Sc 1
> >
> > *** DISCLAIMER ***
> > This e-mail and any attachments thereto may contain information, which
> > is confidential and/or protected by intellectual property rights and
> > are intended for the sole use of the recipient(s) named above. Any use
> > of the information contained herein (including, but not limited to,
> > total or partial reproduction, communication or distribution in any
> > form) by persons other than the designated recipient(s) is prohibited.
> > If you have received this e-mail in error, please notify the sender
> > either by telephone or by e-mail and delete the material from any
> > computer. Thank you for your cooperation.
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28006 invoked by uid 0); 18 Apr 2001 11:08:47 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 11:08:47 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id UAA01551
for radiator-zzlist; Wed, 18 Apr 2001 20:40:29 +1000 (EST)
Received: by oscar.open.com.au (8.9.0/8.9.0) id UAA01545
for radiator at open.com.au; Wed, 18 Apr 2001 20:40:22 +1000 (EST)
>Received: from smtp2.arnet.com.ar (host191005.arnet.net.ar [200.45.191.5] (may be forged)) by perki.connect.com.au with SMTP id UAA06940
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 20:17:37 +1000 (EST)
Received: from smtp2.arnet.com.ar (host191005.arnet.net.ar [200.45.191.5] (may be forged)) by perki.connect.com.au with SMTP id UAA06940
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 20:17:37 +1000 (EST)
Received: (qmail 17404 invoked from network); 18 Apr 2001 10:17:20 -0000
Received: from unknown (HELO smtpmcis1.arnet.com.ar) (200.45.0.20)
by host191005.arnet.net.ar with SMTP; 18 Apr 2001 10:17:20 -0000
Received: from mail pickup service by smtpmcis1.arnet.com.ar with Microsoft SMTPSVC;
Wed, 18 Apr 2001 07:16:14 -0300
Received: from recife.arnet.com.ar ([192.168.202.70]) by smtpmcis1.arnet.com.ar with Microsoft SMTPSVC(5.5.1877.677.67);
Tue, 17 Apr 2001 16:52:36 -0300
Received: (qmail 10320 invoked from network); 17 Apr 2001 19:53:27 -0000
Received: from oscar.open.com.au (203.63.154.1)
by recife.arnet.com.ar with SMTP; 17 Apr 2001 19:53:27 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id EAA29819
for radiator-zzlist; Wed, 18 Apr 2001 04:10:16 +1000 (EST)
Received: by oscar.open.com.au (8.9.0/8.9.0) id EAA29814
for radiator at open.com.au; Wed, 18 Apr 2001 04:10:08 +1000 (EST)
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 03:44:42 +1000 (EST)
Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id DAA22578
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 03:44:42 +1000 (EST)
Received: (qmail 53065 invoked by uid 1003); 17 Apr 2001 17:43:45 -0000
Received: from lnt4exch.netcarrier.com (216.178.72.30)
by rerun.netcarrier.net with SMTP; 17 Apr 2001 17:43:45 -0000
Received: by lnt4exch.netcarrier.net with Internet Mail Service (5.5.2653.19)
id <JBLQ566S>; Tue, 17 Apr 2001 13:43:50 -0400
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
>Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id DAA22578
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 03:44:42 +1000 (EST)
Message-ID: <F55475F2CB7AD411BA9700D0B747AFDE24D789 at lnt4exch.netcarrier.net>
From: "Kitabjian, Dave" <dave at netcarrier.com>
To: "'Feite Brekeveld'" <brekeveld at aucs-europe.net>, radiator at open.com.au
Subject: RE: (RADIATOR) processing Acct-Session-Id field before it gets in
to the database
Date: Tue, 17 Apr 2001 13:43:49 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Note this from the docs
(http://www.open.com.au/radiator/ref.html#pgfId=319543):
Hooks are executed at fixed times during request processing:
Server started
StartupHook called
Request received from NAS
Global RewriteUsernames applied
PreClientHook called
Client clause selected
Client RewriteUsernames applied
Duplicate detection done
PreHandlerHook called
Handler selected
PreProcessingHook called
Handler's RewriteUsername and RewriteFunction applied
Session database updated (accounting requests only)
Accounting log files (AcctLogFileName and WtmpFileName) written
PreAuthHook called
AuthBy clauses invoked
PostAuthHook called
Reply sent to NAS (unless request was proxied)
(if the request was proxied to another Radius server...) Reply received from
proxy server
ReplyHook called
Reply sent to NAS
If no reply was received from a proxy server by AuthBy RADIUS, even after
multiple retransmissions and timeouts, NoReplyHook is called.
Perhaps you're not looking in the right place at the right time?
Dave
> -----Original Message-----
> From: Feite Brekeveld [mailto:brekeveld at aucs-europe.net]
> Sent: Tuesday, April 17, 2001 12:32 PM
> To: radiator at open.com.au
> Subject: (RADIATOR) processing Acct-Session-Id field before
> it gets into
> the database
>
>
> Hi,
>
> I would like to do some modification to the Acct-Session-Id
> field before
> it gets logged into the database (Postgresql).
>
> I did some experimenting with the PreProcessingHandler but
> it seems not
> to be run when a request comes in.
>
> Please some tips on this one .
>
> Thanks,
>
>
> Feite Brekeveld
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28159 invoked by uid 0); 18 Apr 2001 13:41:40 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 13:41:40 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA01890
for radiator-zzlist; Wed, 18 Apr 2001 23:10:19 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA01878
for radiator at open.com.au; Wed, 18 Apr 2001 23:10:14 +1000 (EST)
>Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id WAA13268
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 22:50:11 +1000 (EST)
Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id WAA13268
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 22:50:11 +1000 (EST)
Received: (qmail 57780 invoked by uid 1003); 18 Apr 2001 12:49:09 -0000
Received: from lnt4exch.netcarrier.com (216.178.72.30)
by rerun.netcarrier.net with SMTP; 18 Apr 2001 12:49:09 -0000
Received: by lnt4exch.netcarrier.net with Internet Mail Service (5.5.2653.19)
id <JBLQ58B6>; Wed, 18 Apr 2001 08:49:15 -0400
Message-ID: <F55475F2CB7AD411BA9700D0B747AFDE24D78D at lnt4exch.netcarrier.net>
From: "Kitabjian, Dave" <dave at netcarrier.com>
To: "'Mohammed AbdusSami'" <abdussami at gulfnetksa.com>, radiator at open.com.au
Subject: RE: (RADIATOR) Access Denied ... 691 error....(Urgent)...
Date: Wed, 18 Apr 2001 08:49:09 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Compare the secret you're using with radpwtst against the one you're using
in your config file...
Dave
> -----Original Message-----
> From: Mohammed AbdusSami [mailto:abdussami at gulfnetksa.com]
> Sent: Wednesday, April 18, 2001 4:58 AM
> To: radiator at open.com.au
> Cc: owner-radiator at open.com.au
> Subject: (RADIATOR) Access Denied ... 691 error....(Urgent)...
>
>
> Hi...
>
> My config is as follows...I am
>
> can anybody tell why I am getting 691 error ( check password)
> when I am able
> to authenticate with same password using radpwtst.
>
> Your immediate help will be highly appreciated.....
>
> Best Regards,
>
> Mohammed AbdusSami
>
> # configuration....
>
> <Client 212.26.73.101>
> Secret abcdefgh09876
> DupInterval 0
> </Client>
>
>
> <Client DEFAULT>
> Secret radiator567
> DupInterval 0
> </Client>
>
>
> <AuthBy SQL>
> Identifier Check_Logins
> DBSource dbi:ODBC:radius
> DBUsername radiator
> DBAuth rad123456
> AuthSelect select password from logins \
> Where username='%n' and status=0
>
> AccountingTable UsageOnlinehours
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>
> AddToReply PoolHint = login, \
> Service-Type = Framed-User, \
> Framed-Protocol = PPP, \
> Session-Timeout = 18000, \
> Idle-Timeout = 18000, \
> Framed-Compression = Van-Jacobson-TCP-IP
>
> </AuthBy>
>
> # configure AuthBy SQL to check emails (Identifier Check_Emails)
> <AuthBy SQL>
> Identifier Check_Emails
> DBSource dbi:ODBC:radius
> DBUsername radiator
> DBAuth rad123456
> AuthSelect select password from Emails \
> Where popname='%n' and status=0
>
> AccountingTable EmailOnlinehours
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>
> AcctFailedLogFileName %D/missedaccounting
>
> AddToReply PoolHint = email, \
> Service-Type = Framed-User, \
> Framed-Protocol = PPP, \
> Session-Timeout = 18000, \
> Idle-Timeout = 18000, \
> Framed-Compression = Van-Jacobson-TCP-IP
>
> </AuthBy>
>
> # configure Realms (usernames will be of the form user at r1, or user at r2)
>
> <Realm zajil.com>
> AuthBy Check_Logins
> </Realm>
>
> <Realm zajil.net>
> AuthBy Check_Emails
> </Realm>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28210 invoked by uid 0); 18 Apr 2001 14:58:14 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 14:58:14 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id AAA02024
for radiator-zzlist; Thu, 19 Apr 2001 00:10:16 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id AAA02016
for radiator at open.com.au; Thu, 19 Apr 2001 00:10:11 +1000 (EST)
>Received: from manaslu.mos.com.np (manaslu.mos.com.np [202.52.255.3]) by perki.connect.com.au with ESMTP id XAA15899
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 23:53:19 +1000 (EST)
Received: from manaslu.mos.com.np (manaslu.mos.com.np [202.52.255.3]) by perki.connect.com.au with ESMTP id XAA15899
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 18 Apr 2001 23:53:19 +1000 (EST)
Received: from chulu.mos.com.np (root at chulu.mos.com.np [202.52.255.6])
by manaslu.mos.com.np (8.11.3/8.11.2) with ESMTP id f3IDrHY17661
for <radiator at open.com.au>; Wed, 18 Apr 2001 19:38:17 +0545 (NPT)
Received: from domino (domino.mos.com.np [202.52.255.218])
by chulu.mos.com.np (8.11.3/8.11.2) with SMTP id f3IDrFk06965
for <radiator at open.com.au>; Wed, 18 Apr 2001 19:38:15 +0545 (NPT)
Message-ID: <001101c0c80e$eae41f50$daff34ca at mos.com.np>
From: "Ujwol" <ujwol at mos.com.np>
To: <radiator at open.com.au>
Subject: (RADIATOR) About AuthBy Sql
Date: Wed, 18 Apr 2001 19:38:16 +0545
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000E_01C0C83F.1D044D90"
Sender: owner-radiator at open.com.au
Precedence: bulk
This is a multi-part message in MIME format.
------=_NextPart_000_000E_01C0C83F.1D044D90
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi,
We're trying to impliment AuthBy Sql with MSSql 6.5. Is there any =
way that we can authenticate the users whose passwords are encrypted in =
sql encryption format? We could work it out fine with plain text =
password and the MD5 password which we exported to sql table with =
buildsql command. Thanks in advance.
Regds,
Ujwol Manandhar
Mercantile Communications
P.O.Box 876
DurbarMarg Kathmandu, Nepal
Tel : +977-1-240920
Fax :+977-1-225407
------=_NextPart_000_000E_01C0C83F.1D044D90
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000080 face=3D"Comic Sans MS" =
size=3D2>Hi,</FONT></DIV>
<DIV><FONT color=3D#000080 face=3D"Comic Sans MS" =
size=3D2> We're=20
trying to impliment AuthBy Sql with MSSql 6.5. Is there any way that we =
can=20
authenticate the users whose passwords are encrypted in sql encryption =
format?=20
We could work it out fine with plain text password and the MD5 password =
which we=20
exported to sql table with buildsql command. Thanks in =
advance.</FONT></DIV>
<DIV><FONT color=3D#000080 face=3D"Comic Sans MS" =
size=3D2>Regds,<BR>Ujwol=20
Manandhar<BR>Mercantile Communications<BR>P.O.Box 876<BR>DurbarMarg =
Kathmandu,=20
Nepal<BR>Tel : +977-1-240920<BR>Fax =
:+977-1-225407</FONT></DIV></BODY></HTML>
------=_NextPart_000_000E_01C0C83F.1D044D90--
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28226 invoked by uid 0); 18 Apr 2001 15:14:39 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 15:14:39 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id AAA02065
for radiator-zzlist; Thu, 19 Apr 2001 00:40:34 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id AAA02051
for radiator at open.com.au; Thu, 19 Apr 2001 00:40:28 +1000 (EST)
>Received: from hamish.internode.com.au (hamish.internode.com.au [192.83.231.113]) by perki.connect.com.au with ESMTP id AAA17132
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 00:22:33 +1000 (EST)
Received: from hamish.internode.com.au (hamish.internode.com.au [192.83.231.113]) by perki.connect.com.au with ESMTP id AAA17132
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 00:22:33 +1000 (EST)
Received: from [150.101.232.218] (adsl218.adelaide.on.net.au [150.101.232.218])
by hamish.internode.com.au (8.11.3/8.11.3) with ESMTP id f3IEMWO31625
for <radiator at open.com.au>; Wed, 18 Apr 2001 23:52:32 +0930 (CST)
Mime-Version: 1.0
X-Sender: simon at mail.internode.on.net
Message-Id: <v04220801b7035323691a@[150.101.232.218]>
Date: Wed, 18 Apr 2001 23:52:34 +0930
To: radiator at open.com.au
From: Simon Hackett <simon at internode.com.au>
Subject: (RADIATOR) Returning avpairs with a an Access-Reject?
X-Virus-Scanned: by AMaViSperl10-milter (http://amavis.org/)
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi folks,
Is it possible to get Radiator to return some attributes back with an
Access-Reject?
Looking at the code and the docs it seems to me that attributes one
puts in - using explicitly AddToReply style operations or sticking
them in a 'users' file under AuthFILE or whatever all works fine with
an Access-Accept, but none of the attributes get tacked on during an
Access-Reject.
I have a situation where I really want to drop attributes out with a
reject. Can I do it?
[I'm writing a back end to talk to a Cisco voice IVR system, which
uses Radius as its interaction mechanism, and which needs an
Access-Reject with explicit cisco-h232-return-code also part of the
response packet, in order to reject things properly]
Cheers,
Simon
---
Simon Hackett, Technical Director, Internode Systems Pty Ltd
31 York St [PO Box 284, Rundle Mall], Adelaide, SA 5000 Australia
Email: simon at internode.com.au Web: http://www.on.net
Phone: +61-8-8223-2999 Fax: +61-8-8223-1777
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28265 invoked by uid 0); 18 Apr 2001 16:04:03 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 16:04:03 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA02158
for radiator-zzlist; Thu, 19 Apr 2001 01:40:18 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA02135
for radiator at open.com.au; Thu, 19 Apr 2001 01:40:11 +1000 (EST)
>Received: from hamish.internode.com.au (hamish.internode.com.au [192.83.231.113]) by perki.connect.com.au with ESMTP id BAA19208
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:11:56 +1000 (EST)
Received: from hamish.internode.com.au (hamish.internode.com.au [192.83.231.113]) by perki.connect.com.au with ESMTP id BAA19208
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:11:56 +1000 (EST)
Received: from [150.101.232.218] (adsl218.adelaide.on.net.au [150.101.232.218])
by hamish.internode.com.au (8.11.3/8.11.3) with ESMTP id f3IFBhO35348
for <radiator at open.com.au>; Thu, 19 Apr 2001 00:41:43 +0930 (CST)
Mime-Version: 1.0
X-Sender: simon at mail.internode.on.net
Message-Id: <v04220803b7035e9e1bac@[150.101.232.218]>
Date: Thu, 19 Apr 2001 00:41:41 +0930
To: radiator at open.com.au
From: Simon Hackett <simon at internode.com.au>
Subject: (RADIATOR) Re: Returning avpairs with a an Access-Reject?
X-Virus-Scanned: by AMaViSperl10-milter (http://amavis.org/)
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-radiator at open.com.au
Precedence: bulk
To follow up my own posting... I found one way that works, a PostAuthHook:
# drop an h323 return code of 1 (auth failed) into the reply if it is
# an access reject or reject_immediate - SWH hack for debitcard script
PostAuthHook sub { ${$_[1]}->add_attr('cisco-h323-return-code', \
'h323-return-code=1') \
if (${$_[2]} == $main::REJECT) \
|| (${$_[2]} ==
$main::REJECT_IMMEDIATE)}
Which gets the job done, but I don't see why attributes generated as
part of a reject shouldn't wind up in the return packet. Maybe it's
how I'm rejecting the user (a DEFAULT entry in a users file which
says 'Auth-Type = Reject')?
Also, as a comment about the docs (Hi Mike), the example PostAuthHook
in the manual (which the above is a shameless copy/adaptation of)
doesn't mention that the REJECT code might be REJECT_IMMEDIATE, not
just plain old REJECT. That had me fooled for a while! :)
Perhaps the docs could make a reference in that section to a complete
list of possible values of x for $main::x ...
Cheers,
Simon
---
Simon Hackett, Technical Director, Internode Systems Pty Ltd
31 York St [PO Box 284, Rundle Mall], Adelaide, SA 5000 Australia
Email: simon at internode.com.au Web: http://www.on.net
Phone: +61-8-8223-2999 Fax: +61-8-8223-1777
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28281 invoked by uid 0); 18 Apr 2001 16:12:19 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 16:12:19 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA02163
for radiator-zzlist; Thu, 19 Apr 2001 01:40:22 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA02157
for radiator at open.com.au; Thu, 19 Apr 2001 01:40:17 +1000 (EST)
>Received: from pop.centurytel.net (pop.centurytel.net [209.142.136.253]) by perki.connect.com.au with ESMTP id BAA19806
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:29:13 +1000 (EST)
Received: from pop.centurytel.net (pop.centurytel.net [209.142.136.253]) by perki.connect.com.au with ESMTP id BAA19806
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:29:13 +1000 (EST)
Received: from opie (opie.centurytel.net [209.142.136.48])
by pop.centurytel.net (8.11.0/8.11.0) with ESMTP id f3IFTB615829
for <radiator at open.com.au>; Wed, 18 Apr 2001 10:29:12 -0500 (CDT)
Message-Id: <4.2.0.58.20010418101807.00adfd58 at pop.centurytel.net>
X-Sender: kolmstea at pop.centurytel.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Wed, 18 Apr 2001 10:27:43 -0500
To: radiator at open.com.au
From: Keith Olmstead <kolmstea at centurytel.net>
Subject: (RADIATOR) Static Groups
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-radiator at open.com.au
Precedence: bulk
Ok,
Please bare with me if I don't make this clear..
I am needing to create a group in the users file for a static user. Here
is a simple Default group for a dialup users:
# Default Dial-Up PPP User System Profile
DEFAULT Auth-Type = System, NAS-Port-Type = Async
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Reply-Message="choice: ",
Port-Limit = 1,
Idle-Timeout = 1200,
Session-Timeout = 28800,
Class = default
My understanding is that to have a static user, the Framed-IP-Address is
going to be different. Is there a way to have a Static group entry?
If I did not make this clear just let me know,
Keith Olmstead
CenturyTel Network
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28314 invoked by uid 0); 18 Apr 2001 16:52:27 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 16:52:27 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA02217
for radiator-zzlist; Thu, 19 Apr 2001 02:10:21 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA02204
for radiator at open.com.au; Thu, 19 Apr 2001 02:10:14 +1000 (EST)
>Received: from titanic.medinet.si (titanic.medinet.si [212.18.32.66]) by perki.connect.com.au with ESMTP id BAA20054
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:36:14 +1000 (EST)
Received: from titanic.medinet.si (titanic.medinet.si [212.18.32.66]) by perki.connect.com.au with ESMTP id BAA20054
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:36:14 +1000 (EST)
Received: by titanic.medinet.si (Postfix, from userid 1000)
id 6D46255411; Wed, 18 Apr 2001 17:36:10 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by titanic.medinet.si (Postfix) with ESMTP
id 5B02055405; Wed, 18 Apr 2001 17:36:10 +0200 (CEST)
Date: Wed, 18 Apr 2001 17:36:10 +0200 (CEST)
From: Blaz Zupan <blaz at amis.net>
To: Simon Hackett <simon at internode.com.au>
Cc: <radiator at open.com.au>
Subject: Re: (RADIATOR) Returning avpairs with a an Access-Reject?
In-Reply-To: <v04220801b7035323691a@[150.101.232.218]>
Message-ID: <Pine.BSF.4.33.0104181733570.48922-100000 at titanic.medinet.si>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-radiator at open.com.au
Precedence: bulk
> I have a situation where I really want to drop attributes out with a
> reject. Can I do it?
PostAuthHook sub { \
if (${$_[2]} == $main::ACCEPT && ${$_[0]}->code eq 'Access-Request') { \
if (${$_[1]}->get_attr('cisco-h323-return-code') ne 'h323-return-code=0') { \
${$_[2]} = $main::REJECT; \
} \
} \
}
Now don't Access-Reject, but Access-Accept and one of the attributes should be
cisco-h323-return-code set to h323-return-code=0 or the return code you want.
Blaz Zupan, Medinet d.o.o, Linhartova 21, 2000 Maribor, Slovenia
E-mail: blaz at amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28333 invoked by uid 0); 18 Apr 2001 17:19:41 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 17:19:41 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA02308
for radiator-zzlist; Thu, 19 Apr 2001 02:40:59 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA02272
for radiator at open.com.au; Thu, 19 Apr 2001 02:40:48 +1000 (EST)
>Received: from exhsto1.se.dataphone.com (exhsto1.se.dataphone.com [212.37.6.239]) by perki.connect.com.au with ESMTP id CAA21546
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 02:12:23 +1000 (EST)
content-class: urn:content-classes:message
Subject: (RADIATOR) Double @ signs at login
MIME-Version: 1.0
Date: Wed, 18 Apr 2001 18:12:20 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.4418.65
Message-ID: <8F69143C0B1A9F4D95AFC58CF69877E50498B0 at exhsto1.se.dataphone.com>
Thread-Topic: Double @ signs at login
Thread-Index: AcDIIliUpErehfFMQQyp+rmUpO4hEw==
From: "Patrik Forsberg" <patrik.forsberg at dataphone.net>
To: <radiator at open.com.au>
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by oscar.open.com.au id CAB02272
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi.
I've got a bit of a problem.
I get in users that login by entering user at domain1@domain2.
I'd like to use the second domain (domain2) as Realm.. but for some
reson I can't use that. The only way to make this work is ether via the
DEFAULT Realm or by using the first domain (domain1).
domain1 is changing from time to time but domain2 is static and wont
change.
Any ideas how I can solve this ?
Best Regards,
Patrik Forsberg
Dataphone Sweden AB
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28341 invoked by uid 0); 18 Apr 2001 17:19:44 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 17:19:44 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA02281
for radiator-zzlist; Thu, 19 Apr 2001 02:40:50 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA02250
for radiator at open.com.au; Thu, 19 Apr 2001 02:40:42 +1000 (EST)
>Received: from mailgate.Ferguson.com (mailgate.ferguson.com [205.139.23.72]) by perki.connect.com.au with ESMTP id CAA21132
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 02:05:22 +1000 (EST)
Received: from mailgate.Ferguson.com (mailgate.ferguson.com [205.139.23.72]) by perki.connect.com.au with ESMTP id CAA21132
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 02:05:22 +1000 (EST)
Received: by mailgate.Ferguson.com (Postfix, from userid 66)
id E0B839B9F; Wed, 18 Apr 2001 12:04:20 -0400 (EDT)
Received: from thorin.ferguson.com(205.139.23.77)
via SMTP by mailgate.ferguson.com, id smtpdBW2279; Wed Apr 18 12:04:15 2001
Date: Wed, 18 Apr 2001 12:03:01 -0400 (EDT)
From: Earl Dunston <wed at ferguson.com>
To: radiator at open.com.au
Subject: (RADIATOR) radiator-2.18 install MD5 problem.
Message-ID: <Pine.BSF.4.21.0104181133010.70110-100000 at thorin.ferguson.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-radiator at open.com.au
Precedence: bulk
Can/will anyone help me with this problem? I've checked starport.net and
found similar problems with solutions, but doesn't quite fit what's happening
to me. I've RTFM-ed and don't see the solution.
I gunzip and untar Digest-MD5-2.13.tar.gz and cd to the new directory.
I then "perl Makefile.PL"
then "make"
then "make test"
then "make install"
(this goes cleanly.)
I then gunzip and untar Radiator-2.18.tgz.
Next, I gunzip and untar the patches-2.18.tar.gz and load.
I then "perl Makefile.PL"
then "make test"
the make part appears to go cleanly, but when the test servers are
started, I get the following messages.
Starting tests...
Starting 2 test servers. Please wait...
ok 1a
Can't locate object method "hash" via package "MD5" (perhaps you forgot to load
"MD5"?) at Radius/Radius.pm line 378.
not ok 1b
Can't locate object method "hash" via package "MD5" (perhaps you forgot to load
"MD5"?) at Radius/Radius.pm line 378.
not ok 1c
Can't locate object method "hash" via package "MD5" (perhaps you forgot to load
"MD5"?) at Radius/Radius.pm line 682.
not ok 1d
not ok 1e
Can't locate object method "hash" via package "MD5" (perhaps you forgot to load
"MD5"?) at Radius/Radius.pm line 378.
not ok 2a
Can't locate object method "hash" via package "MD5" (perhaps you forgot to load
"MD5"?) at Radius/Radius.pm line 378.
ok 2b
Can't locate object method "hash" via package "MD5" (perhaps you forgot to load
"MD5"?) at Radius/Radius.pm line 378.
not ok 2c
.
.
.
system: HP PC 733MHZ
OS: FreeBSD 4.2 Stable
PERL: version 5.6.1
Earl Dunston, UNIX System Administrator
Ferguson Enterprises, HQ
Newport News, VA 23602
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28355 invoked by uid 0); 18 Apr 2001 17:23:59 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 17:23:59 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA02336
for radiator-zzlist; Thu, 19 Apr 2001 02:41:14 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA02310
for radiator at open.com.au; Thu, 19 Apr 2001 02:40:59 +1000 (EST)
>Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id CAA22033
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 02:21:22 +1000 (EST)
Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id CAA22033
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 02:21:22 +1000 (EST)
Received: (qmail 59171 invoked by uid 1003); 18 Apr 2001 16:20:24 -0000
Received: from lnt4exch.netcarrier.com (216.178.72.30)
by rerun.netcarrier.net with SMTP; 18 Apr 2001 16:20:24 -0000
Received: by lnt4exch.netcarrier.net with Internet Mail Service (5.5.2653.19)
id <JBLQ5834>; Wed, 18 Apr 2001 12:20:31 -0400
Message-ID: <F55475F2CB7AD411BA9700D0B747AFDE24D790 at lnt4exch.netcarrier.net>
From: "Kitabjian, Dave" <dave at netcarrier.com>
To: "'Simon Hackett'" <simon at internode.com.au>, radiator at open.com.au
Subject: RE: (RADIATOR) Re: Returning avpairs with a an Access-Reject?
Date: Wed, 18 Apr 2001 12:20:16 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Actually, I'd love to see the whole(?) API which is available to us in Hooks
documented in an appendix to the venerable "manual" :) A few are mentioned
throughout already, like get_attr(). But for most you have to look through
the source.
Dave
:O
> -----Original Message-----
> From: Simon Hackett [mailto:simon at internode.com.au]
> Sent: Wednesday, April 18, 2001 11:12 AM
> To: radiator at open.com.au
> Subject: (RADIATOR) Re: Returning avpairs with a an Access-Reject?
>
>
> To follow up my own posting... I found one way that works, a
> PostAuthHook:
>
> # drop an h323 return code of 1 (auth failed) into the reply if it is
> # an access reject or reject_immediate - SWH hack for debitcard script
>
> PostAuthHook sub { ${$_[1]}->add_attr('cisco-h323-return-code', \
> 'h323-return-code=1') \
> if (${$_[2]}
> == $main::REJECT) \
> || (${$_[2]} ==
> $main::REJECT_IMMEDIATE)}
>
> Which gets the job done, but I don't see why attributes generated as
> part of a reject shouldn't wind up in the return packet. Maybe it's
> how I'm rejecting the user (a DEFAULT entry in a users file which
> says 'Auth-Type = Reject')?
>
> Also, as a comment about the docs (Hi Mike), the example PostAuthHook
> in the manual (which the above is a shameless copy/adaptation of)
> doesn't mention that the REJECT code might be REJECT_IMMEDIATE, not
> just plain old REJECT. That had me fooled for a while! :)
>
> Perhaps the docs could make a reference in that section to a complete
> list of possible values of x for $main::x ...
>
> Cheers,
> Simon
>
> ---
> Simon Hackett, Technical Director, Internode Systems Pty Ltd
> 31 York St [PO Box 284, Rundle Mall], Adelaide, SA 5000 Australia
> Email: simon at internode.com.au Web: http://www.on.net
> Phone: +61-8-8223-2999 Fax: +61-8-8223-1777
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 28835 invoked by uid 0); 18 Apr 2001 22:24:13 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 18 Apr 2001 22:24:13 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA02875
for radiator-zzlist; Thu, 19 Apr 2001 07:40:15 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA02870
for radiator at open.com.au; Thu, 19 Apr 2001 07:40:10 +1000 (EST)
>Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id HAA02640
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 07:09:42 +1000 (EST)
Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id HAA02640
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 07:09:42 +1000 (EST)
Received: from cosa.intranet.pert.com.ar ([192.168.1.10]:45573 "EHLO COSA"
whoson: "popbaby") by dedos.pert.com.ar with ESMTP
id <S34834AbRDRVI6> convert rfc822-to-8bit; Wed, 18 Apr 2001 18:08:58 -0300
From: "Mariano Absatz" <lradius at pert.com.ar>
To: Radiator List <radiator at open.com.au>
Date: Wed, 18 Apr 2001 18:09:17 -0300
MIME-Version: 1.0
Content-transfer-encoding: 8BIT
Subject: Re: (RADIATOR) kill -1 radiator / logfile name
Message-ID: <3ADDD84D.24288.6788350 at localhost>
In-reply-to: <3ADC9D63.29795.1AA4C96 at localhost>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-radiator at open.com.au
Precedence: bulk
El 17 Apr 2001, a las 19:45, Mariano Absatz escribió:
> Hi all,
>
> I had this problem a couple of times but not sistematically... I'm
> starting a new installation and trying startup scripts (in fact before
> preparing the config files) and now it is sistematic.
>
> Every time I kill -1 Radiator, to re-read the configuration file, it
> fails...
>
> What I remember from my other installation was that if I made a minor
> change to the config file (e.g. the trace level), it worked OK, but if I
> edited something bigger, sometimes, it didn't liked it and it died... I
> thought it had to do with the way Radiator generates perl code on the fly
> while reading the config files.
>
> Now I made a couple of almost empty config files and every time I kill -1
> radiator it yields the following error:
>
> > Can't locate object method "new" via package "Radius::SNMPAgent"
> > (perhaps you forgot to load "Radius::SNMPAgent"?) at
> > /usr/local/lib/perl5/site_perl/5.6.1/Radius/ServerConfig.pm line 133,
> > <FILE> line 17.
Alright, alright... so I SHOULD have RTFM... I had not installed the
SNMP_Session package and that generated this particular error... anyway,
read below...
>
> As I keep cheking it... it's not generating the correct filenames for the
> logfiles.
>
> There is only one logfile generated in /logs/radius and its name is
> "logfile"... that is, it kinda processed the LogDir statement, but it
> didn't process the LogFile nor the <Log File>...
It seems that sometimes, somehow, it starts generating messages before
processing LogFile and <Log FILE>, but AFTER processing LogDir... it's
alright, I prefer to have the logs someplace else rather than not having
them at all...
>
> I'm including the contens of the /app/Radiator/etc/radius-acct.cfg (which
> is invoked from the command line) and the contents of
> /app/Radiator/etc/radius-common.cfg (which is included from the former).
I'll change them now... keep reading :-)
>
> For completeness... I also include the startup/shutdown/reload script
> (/etc/init.d/radius-acct). It's running on a Netra T1 AC200, 1CPU 360MHz,
> 512Mb RAM, 2x18Gb HD, Solaris 8, Perl v5.6.1, Radiator 2.18 with all the
> patches up to 10-Apr-2001.
>
So, I installed SNMP_Session, cleaned up things a bit, but still, when I
kill -1, I get strange results...
I started one instance of Radiator (accounting only) and I can stop it
and start it again with no problem, however, if I kill -1 it I get the
following message on screen (and on the logfile too)... anyway, now it
keeps running...
> # /etc/init.d/radius-acct reload
> Reloading Radiator (acct) configuration:
> DBD::Oracle::db prepare failed: ORA-03113: end-of-file on communication
> channel (DBD ERROR: OCIStmtExecute/Describe) {SELECT
> NAS_IDENTIFIER, NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL,
> NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS,
> NAS_LIVINGSTONHOLE, NAS_FRAMEDGROUPBASEADDRESS,
> NAS_FRAMEDGROUPMAXPORTSPERCLAS, NAS_REWRITEUSERNAME,
> NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM NAS_SERVICIO_CALIDAD}
> at /usr/local/lib/perl5/site_perl/5.6.1/Radius/SqlDb.pm line 201,
> <FILE> line 22.
> -done
Stranger, still, is that the message appears on the <Log FILE> and on the
%L/logfile (default name), but NOT in the LogFile...
I use <Log FILE> for standard logging (trace level 2 or 3) and have a
commented global LogFile with Trace 4 for debugging, however, this file
only gets the "Radiator starting / Radiator stopping" (I'm not receiving
packets, just testing start/stop/reload).
Anyway, I put the trace level 4 in the <Log FILE> clause and got this
result: (keep reading after the trace 4)
==========================================================================
Wed Apr 18 17:47:09 2001: NOTICE: SIGTERM received: stopping
Wed Apr 18 17:47:15 2001: DEBUG: Adding Clients from SQL database
Wed Apr 18 17:47:15 2001: DEBUG: Query is: SELECT NAS_IDENTIFIER,
NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, NAS_DEFAULTREALM,
NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE,
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS,
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM
NAS_SERVICIO_CALIDAD
Wed Apr 18 17:47:16 2001: INFO: Server started: Radiator 2.18 on mr-radius
Wed Apr 18 17:47:23 2001: NOTICE: SIGHUP received: restarting
Wed Apr 18 17:47:23 2001: DEBUG: Adding Clients from SQL database
Wed Apr 18 17:47:23 2001: DEBUG: Query is: SELECT NAS_IDENTIFIER,
NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, NAS_DEFAULTREALM,
NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE,
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS,
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM
NAS_SERVICIO_CALIDAD
Wed Apr 18 17:47:23 2001: ERR: Execute failed for 'SELECT
NAS_IDENTIFIER, NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL,
NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS,
NAS_LIVINGSTONHOLE, NAS_FRAMEDGROUPBASEADDRESS,
NAS_FRAMEDGROUPMAXPORTSPERCLAS, NAS_REWRITEUSERNAME,
NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM NAS_SERVICIO_CALIDAD':
ORA-03113: end-of-file on communication channel (DBD ERROR:
OCIStmtExecute/Describe)
Wed Apr 18 17:47:23 2001: INFO: Server started: Radiator 2.18 on mr-radius
==========================================================================
The question is why these kind of things happen when I reload the config
file (kill -1)?... in fact, I didn't even edit the config files...
I usually reload the config file after changing the trace level... but it
seems I'll have to stop and restart the server every time I do so...
I attach the following files which have changed since my message of
yesterday:
/etc/init.d/radius-acct (the start/stop/reload script)
/app/Radiator/etc/radius-acct.cfg (the configuration file)
/app/Radiator/etc/radius-common.cfg (which is included from
radius-acct.cfg)
/app/Radiator/etc/clients.cfg (which is included from radius-common.cfg)
==================== /etc/init.d/radius-acct =======================
==================== /etc/init.d/radius-acct =======================
==================== /etc/init.d/radius-acct =======================
#!/bin/sh
#
# Radiator This shell script takes care of starting and stopping
# Radiator (Radius server).
#
ARGV0LEN=`/usr/ucb/expr length $0`
POS=`/usr/ucb/expr $ARGV0LEN - 3`
RADTYPE=`/usr/ucb/expr substr $0 $POS 4`
# RADTYPE= "auth" o "acct" o "test" tomado de los ultimos 4 caracteres del
# comando invocado
RADVAR="rad_instance=$RADTYPE"
RADIATOR=/app/Radiator/bin/radiusd
RADCONFIG=/app/Radiator/etc/radius-$RADTYPE.cfg
MATCHSTRING=".*$RADIATOR.*$RADVAR.*"
# RADPID=/app/Radiator/tmp/rad-$RADTYPE.pid
ORACLE_SID=radius; export ORACLE_SID
ORACLE_BASE=/app/oracle; export ORACLE_BASE
ORACLE_SID=radius; export ORACLE_SID
ORACLE_HOME=/app/oracle/product/8.1.6; export ORACLE_HOME
ORACLE_PATH=/app/oracle/product/8.1.6/bin; export ORACLE_PATH
PATH=$PATH:$ORACLE_HOME/bin; export PATH
RADCMDLINE="$RADIATOR $RADVAR -config_file $RADCONFIG"
[ -f $RADIATOR ] || exit 0
[ -f $RADCONFIG ] || exit 0
# See how we were called.
case "$1" in
start)
# Start daemons.
echo "Starting Radiator ($RADTYPE): "
$RADCMDLINE
echo " -done"
;;
stop)
# Stop daemons.
echo "Shutting down Radiator ($RADTYPE): "
# kill `cat $RADPID`
/usr/bin/pkill -u0 -x -f $MATCHSTRING
echo " -done"
;;
restart)
# Stop daemons.
echo "Shutting down Radiator ($RADTYPE): "
# kill `cat $RADPID`
/usr/bin/pkill -u0 -x -f $MATCHSTRING
echo " -done"
# Give time for the port to be actually released
echo "Waiting... :-/"
sleep 1
# Start daemons.
echo "Starting Radiator ($RADTYPE): "
$RADCMDLINE
echo " -done"
;;
reload)
# reloading configuration
echo "Reloading Radiator ($RADTYPE) configuration: "
# kill -1 `cat $RADPID`
/usr/bin/pkill -1 -u0 -x -f $MATCHSTRING
echo " -done"
;;
status)
# checking status
if /usr/bin/pgrep -u0 -x -f $MATCHSTRING ;
then
echo "Radiator ($RADTYPE) running" ;
else
echo "Radiator ($RADTYPE) NOT running" ;
fi
;;
*)
echo "Usage: $0 {start|stop|status|restart|reload}"
exit 1
esac
exit 0
=========================================================================
=========================================================================
=========================================================================
================= /app/Radiator/etc/radius-acct.cfg =====================
================= /app/Radiator/etc/radius-acct.cfg =====================
================= /app/Radiator/etc/radius-acct.cfg =====================
##################################################################
# ACCOUNTING CONFIGURATION #
##################################################################
# For debugging, uncomment the 2 following lines
#Trace 4
#LogFile %L/%Y-%m/%{GlobalVar:rad_instance}/debugLog_%d-%q
#Trace:
#0 ERR. Error conditions. Serious and unexpected failures
#1 WARNING. Warning conditions. Unexpected failures
#2 NOTICE. Normal but significant conditions.
#3 INFO. Informational messages.
#4 DEBUG. Debugging messages.
#5 Incoming raw packet dumps in hexadecimal.
# include common configuration and global definitions
include /app/Radiator/etc/radius-common.cfg
##################################################################
# PROTOCOL SECTION #
##################################################################
#
# We only do accounting in this instance of Radiator
#
AuthPort
AcctPort 1813
<SNMPAgent>
Port 16113
Community CONFIGURAR-COMUNIDAD
</SNMPAgent>
=========================================================================
=========================================================================
=========================================================================
================= /app/Radiator/etc/radius-common.cfg ====================
================= /app/Radiator/etc/radius-common.cfg ====================
================= /app/Radiator/etc/radius-common.cfg ====================
##################################################################
# COMMON CONFIGURATION #
##################################################################
##################################################################
# FILES AND DIRECTORIES SECTION #
##################################################################
LogDir /logs/radius
DbDir /app/Radiator/db
DefineGlobalVar ScriptDir /app/Radiator/scripts
DefineGlobalVar ConfigDir /app/Radiator/etc
DefineGlobalVar TempDir /app/Radiator/tmp
DictionaryFile %{GlobalVar:ConfigDir}/dictionary
PidFile %{GlobalVar:TempDir}/rad-%{GlobalVar:rad_instance}.pid
##################################################################
# DATABASE DEFINITIONS SECTION #
##################################################################
DefineGlobalVar OracleHost localhost
DefineGlobalVar OracleSID radius
DefineGlobalVar MR_DBSource
dbi:Oracle:host=localhost;sid=radius
DefineGlobalVar MR_DBUsername radmin
DefineGlobalVar MR_DBAuth radius
##################################################################
# LOGGING SECTION #
##################################################################
<Log FILE>
Identifier fileLoggerMetroAuth
Filename %L/%Y-%m/%{GlobalVar:rad_instance}/stdLog_%d-%q
Trace 4
</Log>
##################################################################
# REWRITE SECTION #
##################################################################
# REWRITE USER NAME BEFORE ANYTHING ELSE
# Rewrite any Name without realm to our realm
# because defaultrealm does not match on HANDLER
RewriteUsername s/^([^@]+)$/$1\@metrored/
# change everything in the username to lowercase
RewriteUsername tr/[A-Z]/[a-z]/
##################################################################
# INCLUDES SECTION #
##################################################################
# include clients section
include %{GlobalVar:ConfigDir}/clients.cfg
=========================================================================
=========================================================================
=========================================================================
==================== /app/Radiator/etc/clients.cfg =======================
==================== /app/Radiator/etc/clients.cfg =======================
==================== /app/Radiator/etc/clients.cfg =======================
##################################################################
# CLIENTS SECTION #
##################################################################
<ClientListSQL>
# Client (NAS) info is in the database
DBSource %{GlobalVar:MR_DBSource}
DBUsername %{GlobalVar:MR_DBUsername}
DBAuth %{GlobalVar:MR_DBAuth}
GetClientQuery SELECT \
NAS_IDENTIFIER, NAS_SECRET, \
NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
NAS_PREHANDLERHOOK \
FROM NAS_SERVICIO_CALIDAD
</ClientListSQL>
=========================================================================
=========================================================================
=========================================================================
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29014 invoked by uid 0); 19 Apr 2001 00:38:58 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 00:38:58 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03121
for radiator-zzlist; Thu, 19 Apr 2001 09:40:59 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03065
for radiator at open.com.au; Thu, 19 Apr 2001 09:40:33 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08999
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:30 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08999
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:30 +1000 (EST)
Received: from hugo (acc17-ppp187.mel.dialup.connect.net.au [210.10.136.187])
by entoo.connect.com.au (Postfix) with SMTP
id 59AF4DD531; Thu, 19 Apr 2001 09:24:04 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Keith Olmstead <kolmstea at centurytel.net>, radiator at open.com.au
Subject: Re: (RADIATOR) Static Groups
Date: Thu, 19 Apr 2001 08:04:49 +1000
X-Mailer: KMail [version 1.1.99]
References: <4.2.0.58.20010418101807.00adfd58 at pop.centurytel.net>
In-Reply-To: <4.2.0.58.20010418101807.00adfd58 at pop.centurytel.net>
MIME-Version: 1.0
Message-Id: <01041908044910.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Keith -
I'm afraid I don't understand the question.
thanks
Hugh
On Thursday 19 April 2001 01:27, Keith Olmstead wrote:
> Ok,
>
> Please bare with me if I don't make this clear..
>
> I am needing to create a group in the users file for a static user. Here
> is a simple Default group for a dialup users:
>
> # Default Dial-Up PPP User System Profile
> DEFAULT Auth-Type = System, NAS-Port-Type = Async
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Reply-Message="choice: ",
> Port-Limit = 1,
> Idle-Timeout = 1200,
> Session-Timeout = 28800,
> Class = default
>
> My understanding is that to have a static user, the Framed-IP-Address is
> going to be different. Is there a way to have a Static group entry?
>
> If I did not make this clear just let me know,
>
>
> Keith Olmstead
> CenturyTel Network
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29024 invoked by uid 0); 19 Apr 2001 00:42:59 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 00:42:59 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03118
for radiator-zzlist; Thu, 19 Apr 2001 09:40:55 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03056
for radiator at open.com.au; Thu, 19 Apr 2001 09:40:31 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08992
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:16 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08992
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:16 +1000 (EST)
Received: from hugo (acc17-ppp187.mel.dialup.connect.net.au [210.10.136.187])
by entoo.connect.com.au (Postfix) with SMTP
id 6BE32DDA25; Thu, 19 Apr 2001 09:23:45 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Earl Dunston <wed at ferguson.com>, radiator at open.com.au
Subject: Re: (RADIATOR) radiator-2.18 install MD5 problem.
Date: Thu, 19 Apr 2001 08:01:22 +1000
X-Mailer: KMail [version 1.1.99]
References: <Pine.BSF.4.21.0104181133010.70110-100000 at thorin.ferguson.com>
In-Reply-To: <Pine.BSF.4.21.0104181133010.70110-100000 at thorin.ferguson.com>
MIME-Version: 1.0
Message-Id: <0104190801220Y.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="US-ASCII"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Earl -
I always use the MD5 distribution:
MD5-1.7.tgz
I've included a copy in a seperate mail.
hth
Hugh
On Thursday 19 April 2001 02:03, Earl Dunston wrote:
> Can/will anyone help me with this problem? I've checked starport.net and
> found similar problems with solutions, but doesn't quite fit what's
> happening to me. I've RTFM-ed and don't see the solution.
>
> I gunzip and untar Digest-MD5-2.13.tar.gz and cd to the new directory.
> I then "perl Makefile.PL"
> then "make"
> then "make test"
> then "make install"
> (this goes cleanly.)
>
> I then gunzip and untar Radiator-2.18.tgz.
> Next, I gunzip and untar the patches-2.18.tar.gz and load.
> I then "perl Makefile.PL"
> then "make test"
>
> the make part appears to go cleanly, but when the test servers are
> started, I get the following messages.
>
>
> Starting tests...
> Starting 2 test servers. Please wait...
> ok 1a
> Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> load "MD5"?) at Radius/Radius.pm line 378.
> not ok 1b
> Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> load "MD5"?) at Radius/Radius.pm line 378.
> not ok 1c
> Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> load "MD5"?) at Radius/Radius.pm line 682.
> not ok 1d
> not ok 1e
> Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> load "MD5"?) at Radius/Radius.pm line 378.
> not ok 2a
> Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> load "MD5"?) at Radius/Radius.pm line 378.
> ok 2b
> Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> load "MD5"?) at Radius/Radius.pm line 378.
> not ok 2c
> ..
> ..
> ..
>
> system: HP PC 733MHZ
> OS: FreeBSD 4.2 Stable
> PERL: version 5.6.1
>
>
> Earl Dunston, UNIX System Administrator
> Ferguson Enterprises, HQ
> Newport News, VA 23602
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29033 invoked by uid 0); 19 Apr 2001 00:43:08 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 00:43:08 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03115
for radiator-zzlist; Thu, 19 Apr 2001 09:40:52 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03049
for radiator at open.com.au; Thu, 19 Apr 2001 09:40:28 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08982
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:09 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08982
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:09 +1000 (EST)
Received: from hugo (acc17-ppp187.mel.dialup.connect.net.au [210.10.136.187])
by entoo.connect.com.au (Postfix) with SMTP
id D9C38DD99A; Thu, 19 Apr 2001 09:23:43 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Patrik Forsberg" <patrik.forsberg at dataphone.net>, <radiator at open.com.au>
Subject: Re: (RADIATOR) Double @ signs at login
Date: Thu, 19 Apr 2001 07:58:21 +1000
X-Mailer: KMail [version 1.1.99]
References: <8F69143C0B1A9F4D95AFC58CF69877E50498B0 at exhsto1.se.dataphone.com>
In-Reply-To: <8F69143C0B1A9F4D95AFC58CF69877E50498B0 at exhsto1.se.dataphone.com>
MIME-Version: 1.0
Message-Id: <0104190758210X.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Patrick -
I would suggest you use Handlers instead of Realms with a regexp to do what
you require:
<Handler User-Name = /....../>
hth
Hugh
On Thursday 19 April 2001 02:12, Patrik Forsberg wrote:
> Hi.
>
> I've got a bit of a problem.
>
> I get in users that login by entering user at domain1@domain2.
>
> I'd like to use the second domain (domain2) as Realm.. but for some
> reson I can't use that. The only way to make this work is ether via the
> DEFAULT Realm or by using the first domain (domain1).
>
> domain1 is changing from time to time but domain2 is static and wont
> change.
>
> Any ideas how I can solve this ?
>
>
> Best Regards,
> Patrik Forsberg
> Dataphone Sweden AB
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29042 invoked by uid 0); 19 Apr 2001 00:43:10 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 00:43:10 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03128
for radiator-zzlist; Thu, 19 Apr 2001 09:41:14 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03114
for radiator at open.com.au; Thu, 19 Apr 2001 09:40:50 +1000 (EST)
>Received: from nara.off.connect.com.au (nara.off.connect.com.au [192.94.41.40]) by perki.connect.com.au with ESMTP id JAA09307
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:32:35 +1000 (EST)
Received: from nara.off.connect.com.au (nara.off.connect.com.au [192.94.41.40]) by perki.connect.com.au with ESMTP id JAA09307
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:32:35 +1000 (EST)
Received: (from harryr at localhost) by nara.off.connect.com.au id JAA20924
(8.8.8/IDA-1.7); Thu, 19 Apr 2001 09:32:27 +1000 (EST)
Message-ID: <20010419093227.A3691 at nara.off.connect.com.au>
Date: Thu, 19 Apr 2001 09:32:27 +1000
From: Harry Raaymakers <harryr at connect.com.au>
To: Simon Hackett <simon at internode.com.au>, radiator at open.com.au
Subject: Re: (RADIATOR) Returning avpairs with a an Access-Reject?
References: <v04220801b7035323691a@[150.101.232.218]>
Mime-Version: 1.0
X-Mailer: Mutt 0.93.2i
In-Reply-To: <v04220801b7035323691a@[150.101.232.218]>; from Simon Hackett on Wed, Apr 18, 2001 at 11:52:34PM +0930
Content-Type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
On Wed, Apr 18, 2001 at 11:52:34PM +0930, Simon Hackett wrote:
> Hi folks,
>
> Is it possible to get Radiator to return some attributes back with an
> Access-Reject?
I ended up adding an extra config keyword "AddToRejectReply" and some
extra code, enabling us to add whatever attributes to an Access-Reject.
harry
>
> Looking at the code and the docs it seems to me that attributes one
> puts in - using explicitly AddToReply style operations or sticking
> them in a 'users' file under AuthFILE or whatever all works fine with
> an Access-Accept, but none of the attributes get tacked on during an
> Access-Reject.
>
> I have a situation where I really want to drop attributes out with a
> reject. Can I do it?
>
> [I'm writing a back end to talk to a Cisco voice IVR system, which
> uses Radius as its interaction mechanism, and which needs an
> Access-Reject with explicit cisco-h232-return-code also part of the
> response packet, in order to reject things properly]
>
> Cheers,
> Simon
>
> ---
> Simon Hackett, Technical Director, Internode Systems Pty Ltd
> 31 York St [PO Box 284, Rundle Mall], Adelaide, SA 5000 Australia
> Email: simon at internode.com.au Web: http://www.on.net
> Phone: +61-8-8223-2999 Fax: +61-8-8223-1777
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29041 invoked by uid 0); 19 Apr 2001 00:43:10 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 00:43:10 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03081
for radiator-zzlist; Thu, 19 Apr 2001 09:40:39 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03041;
Thu, 19 Apr 2001 09:40:27 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08980
(8.8.8/IDA-1.7); Thu, 19 Apr 2001 09:26:08 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08980
(8.8.8/IDA-1.7); Thu, 19 Apr 2001 09:26:08 +1000 (EST)
Received: from hugo (acc17-ppp187.mel.dialup.connect.net.au [210.10.136.187])
by entoo.connect.com.au (Postfix) with SMTP
id D74DCDDA12; Thu, 19 Apr 2001 09:23:40 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Kitabjian, Dave" <dave at netcarrier.com>,
"'Simon Hackett'" <simon at internode.com.au>, radiator at open.com.au
Subject: Re: (RADIATOR) Re: Returning avpairs with a an Access-Reject?
Date: Thu, 19 Apr 2001 07:56:58 +1000
X-Mailer: KMail [version 1.1.99]
References: <F55475F2CB7AD411BA9700D0B747AFDE24D790 at lnt4exch.netcarrier.net>
In-Reply-To: <F55475F2CB7AD411BA9700D0B747AFDE24D790 at lnt4exch.netcarrier.net>
Cc: mikem at open.com.au
MIME-Version: 1.0
Message-Id: <0104190756580W.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Dave, Hello Simon -
I have copied this to Mike for his comments, however from my own experience
you are far better off reading the source in any case. Mike's programming
style and copious comments make this a real pleasure.
Simon -
My suggestion would also be to use a PostAuthHook, and I see you have done
that. I put together some sample hooks that illustrate some of the things you
can do in hooks in the file "goodies/hooks.txt" in the distribution. Note
that there have been some additional hooks added recently in Radiator 2.18
(and also a couple in the patches).
BTW - AddToReply will add attributes to a reject in an AuthBy clause.
May the source be with you!
regards
Hugh
On Thursday 19 April 2001 02:20, Kitabjian, Dave wrote:
> Actually, I'd love to see the whole(?) API which is available to us in
> Hooks documented in an appendix to the venerable "manual" :) A few are
> mentioned throughout already, like get_attr(). But for most you have to
> look through the source.
>
> Dave
>
> :O
> :
> > -----Original Message-----
> > From: Simon Hackett [mailto:simon at internode.com.au]
> > Sent: Wednesday, April 18, 2001 11:12 AM
> > To: radiator at open.com.au
> > Subject: (RADIATOR) Re: Returning avpairs with a an Access-Reject?
> >
> >
> > To follow up my own posting... I found one way that works, a
> > PostAuthHook:
> >
> > # drop an h323 return code of 1 (auth failed) into the reply if it is
> > # an access reject or reject_immediate - SWH hack for debitcard script
> >
> > PostAuthHook sub { ${$_[1]}->add_attr('cisco-h323-return-code', \
> > 'h323-return-code=1') \
> > if (${$_[2]}
> > == $main::REJECT) \
> >
> > || (${$_[2]} ==
> >
> > $main::REJECT_IMMEDIATE)}
> >
> > Which gets the job done, but I don't see why attributes generated as
> > part of a reject shouldn't wind up in the return packet. Maybe it's
> > how I'm rejecting the user (a DEFAULT entry in a users file which
> > says 'Auth-Type = Reject')?
> >
> > Also, as a comment about the docs (Hi Mike), the example PostAuthHook
> > in the manual (which the above is a shameless copy/adaptation of)
> > doesn't mention that the REJECT code might be REJECT_IMMEDIATE, not
> > just plain old REJECT. That had me fooled for a while! :)
> >
> > Perhaps the docs could make a reference in that section to a complete
> > list of possible values of x for $main::x ...
> >
> > Cheers,
> > Simon
> >
> > ---
> > Simon Hackett, Technical Director, Internode Systems Pty Ltd
> > 31 York St [PO Box 284, Rundle Mall], Adelaide, SA 5000 Australia
> > Email: simon at internode.com.au Web: http://www.on.net
> > Phone: +61-8-8223-2999 Fax: +61-8-8223-1777
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29056 invoked by uid 0); 19 Apr 2001 00:43:15 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 00:43:15 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03127
for radiator-zzlist; Thu, 19 Apr 2001 09:41:04 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03079
for radiator at open.com.au; Thu, 19 Apr 2001 09:40:37 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA09014
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:36 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA09014
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:36 +1000 (EST)
Received: from hugo (acc17-ppp187.mel.dialup.connect.net.au [210.10.136.187])
by entoo.connect.com.au (Postfix) with SMTP
id 11C49DDA0F; Thu, 19 Apr 2001 09:24:09 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Mariano Absatz" <lradius at pert.com.ar>,
Radiator List <radiator at open.com.au>
Subject: Re: (RADIATOR) kill -1 radiator / logfile name
Date: Thu, 19 Apr 2001 08:15:51 +1000
X-Mailer: KMail [version 1.1.99]
References: <3ADC9D63.29795.1AA4C96 at localhost>
In-Reply-To: <3ADC9D63.29795.1AA4C96 at localhost>
MIME-Version: 1.0
Message-Id: <01041908155113.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="US-ASCII"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Mariano -
Mike is travelling this week, but he will take a look at this when he returns.
thanks for reporting the problem
regards
Hugh
On Wednesday 18 April 2001 08:45, Mariano Absatz wrote:
> Hi all,
>
> I had this problem a couple of times but not sistematically... I'm
> starting a new installation and trying startup scripts (in fact before
> preparing the config files) and now it is sistematic.
>
> Every time I kill -1 Radiator, to re-read the configuration file, it
> fails...
>
> What I remember from my other installation was that if I made a minor
> change to the config file (e.g. the trace level), it worked OK, but if I
> edited something bigger, sometimes, it didn't liked it and it died... I
> thought it had to do with the way Radiator generates perl code on the fly
> while reading the config files.
>
> Now I made a couple of almost empty config files and every time I kill -1
>
> radiator it yields the following error:
> > Can't locate object method "new" via package "Radius::SNMPAgent"
> > (perhaps you forgot to load "Radius::SNMPAgent"?) at
> > /usr/local/lib/perl5/site_perl/5.6.1/Radius/ServerConfig.pm line 133,
> > <FILE> line 17.
>
> As I keep cheking it... it's not generating the correct filenames for the
> logfiles.
>
> There is only one logfile generated in /logs/radius and its name is
> "logfile"... that is, it kinda processed the LogDir statement, but it
> didn't process the LogFile nor the <Log File>...
>
> I'm including the contens of the /app/Radiator/etc/radius-acct.cfg (which
> is invoked from the command line) and the contents of
> /app/Radiator/etc/radius-common.cfg (which is included from the former).
>
> For completeness... I also include the startup/shutdown/reload script
> (/etc/init.d/radius-acct). It's running on a Netra T1 AC200, 1CPU 360MHz,
> 512Mb RAM, 2x18Gb HD, Solaris 8, Perl v5.6.1, Radiator 2.18 with all the
> patches up to 10-Apr-2001.
>
> What is wrong?
>
> ================= /app/Radiator/etc/radius-acct.cfg =====================
> ================= /app/Radiator/etc/radius-acct.cfg =====================
> ================= /app/Radiator/etc/radius-acct.cfg =====================
> ##################################################################
> # ACCOUNTING CONFIGURATION #
> ##################################################################
>
> #
> # include common configuration and global definitions
> include /app/Radiator/etc/radius-common.cfg
>
>
> PidFile %{GlobalVar:TempDir}/rad-acct.pid
> #
> # We only do accounting in this instance of Radiator
> #
> AuthPort
> AcctPort 1813
>
> <SNMPAgent>
> Port 16113
> Community CONFIGURAR-COMUNIDAD
> </SNMPAgent>
>
>
> ##################################################################
> # LOGGING SECTION #
> ##################################################################
>
> # For debugging, uncomment the 2 following lines
> Trace 4
> LogFile %L/%Y-%m/debugAcctLog_%d-%q
>
> #Trace:
> #0 ERR. Error conditions. Serious and unexpected failures
> #1 WARNING. Warning conditions. Unexpected failures
> #2 NOTICE. Normal but significant conditions.
> #3 INFO. Informational messages.
> #4 DEBUG. Debugging messages.
> #5 Incoming raw packet dumps in hexadecimal.
>
> <Log FILE>
> Identifier fileLoggerMetroAcct
> Filename %L/%Y-%m/stdAcctLog_%d-%q
> Trace 3
> </Log>
>
>
> #
> #Log authentication success and failure to a file
> #<AuthLog FILE>
> # Identifier acctLoggerMetroRED
> # Filename %L/%Y-%m/acct_%d-%q
> # LogSuccess 1
> # LogFailure 1
> # SuccessFormat %l:%n:<****>:OK:-
> # FailureFormat %l:%n:%P:FAIL:%1
> #</AuthLog>
>
>
>
>
>
>
> ================= /app/Radiator/etc/radius-common.cfg ====================
> ================= /app/Radiator/etc/radius-common.cfg ====================
> ================= /app/Radiator/etc/radius-common.cfg ====================
> ##################################################################
> # COMMON CONFIGURATION #
> ##################################################################
>
> ##################################################################
> # FILES AND DIRECTORIES SECTION #
> ##################################################################
>
> LogDir /logs/radius
> DbDir /app/Radiator/db
> DefineGlobalVar ScriptDir /app/Radiator/scripts
> DefineGlobalVar ConfigDir /app/Radiator/etc
> DefineGlobalVar TempDir /app/Radiator/tmp
>
>
> DictionaryFile %{GlobalVar:ConfigDir}/dictionary
>
> ##################################################################
> # REWRITE SECTION #
> ##################################################################
>
> # REWRITE USER NAME BEFORE ANYTHING ELSE
> # Rewrite any Name without realm to our realm
> # because defaultrealm does not match on HANDLER
> RewriteUsername s/^([^@]+)$/$1\@metrored/
>
> # change everything in the username to lowercase
> RewriteUsername tr/[A-Z]/[a-z]/
>
>
> ##################################################################
> # CLIENTS SECTION #
> ##################################################################
>
> #<ClientListSQL>
> # Client (NAS) info is in the database
>
> # DBSource dbi:Oracle:localhost
> # DBUsername <USER>
> # DBAuth <PASSWORD>
>
> # GetClientQuery SELECT \
> # NAS_IDENTIFIER, NAS_SECRET, \
> # NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
> # NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
> # NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
> # NAS_FRAMEDGROUPBASEADDRESS,
> NAS_FRAMEDGROUPMAXPORTSPERCLASSC, \
> # NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
> # NAS_PREHANDLERHOOK \
> # FROM NAS_SERVICIO_CALIDAD
>
> #</ClientListSQL>
>
>
>
>
>
> ==================== /etc/init.d/radius-acct =======================
> ==================== /etc/init.d/radius-acct =======================
> ==================== /etc/init.d/radius-acct =======================
> #!/bin/sh
> #
> # Radiator This shell script takes care of starting and stopping
> # Radiator (Radius server).
> #
>
> RADTYPE=acct
> RADVAR="rad_instance=$RADTYPE"
> RADIATOR=/app/Radiator/bin/radiusd
> RADCONFIG=/app/Radiator/etc/radius-$RADTYPE.cfg
> MATCHSTRING=".*$RADIATOR.*$RADVAR.*"
> # RADPID=/app/Radiator/tmp/rad-$RADTYPE.pid
> RADCMDLINE="$RADIATOR $RADVAR -config_file $RADCONFIG"
>
> ORACLE_SID=radius; export ORACLE_SID
> ORACLE_BASE=/app/oracle; export ORACLE_BASE
> ORACLE_SID=radius; export ORACLE_SID
> ORACLE_HOME=/app/oracle/product/8.1.6; export ORACLE_HOME
> ORACLE_PATH=/app/oracle/product/8.1.6/bin; export ORACLE_PATH
> PATH=/usr/sbin:/usr/bin:$ORACLE_HOME/bin; export PATH
>
> [ -f $RADIATOR ] || exit 0
>
> [ -f $RADCONFIG ] || exit 0
>
> # See how we were called.
> case "$1" in
> start)
> # Start daemons.
> echo "Starting Radiator ($RADTYPE): "
> $RADCMDLINE
> echo " -done"
> ;;
> stop)
> # Stop daemons.
> echo "Shutting down Radiator ($RADTYPE): "
> # kill `cat $RADPID`
> /usr/bin/pkill -u0 -x -f $MATCHSTRING
> echo " -done"
> ;;
> restart)
> # Stop daemons.
> echo "Shutting down Radiator ($RADTYPE): "
> # kill `cat $RADPID`
> /usr/bin/pkill -u0 -x -f $MATCHSTRING
> echo " -done"
> # Give time for the port to be actually released
> echo "Waiting... :-/"
> sleep 1
> # Start daemons.
> echo "Starting Radiator ($RADTYPE): "
> $RADCMDLINE
> echo " -done"
> ;;
> reload)
> # reloading configuration
> echo "Reloading Radiator ($RADTYPE) configuration: "
> # kill -1 `cat $RADPID`
> /usr/bin/pkill -1 -u0 -x -f $MATCHSTRING
> echo " -done"
> ;;
> status)
> # checking status
> if /usr/bin/pgrep -u0 -x -f $MATCHSTRING ;
> then
> echo "Radiator ($RADTYPE) running" ;
> else
> echo "Radiator ($RADTYPE) NOT running" ;
> fi
> ;;
> *)
> echo "Usage: $0 {start|stop|status|restart|reload}"
> exit 1
> esac
>
> exit 0
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29070 invoked by uid 0); 19 Apr 2001 00:48:19 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 00:48:19 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03122
for radiator-zzlist; Thu, 19 Apr 2001 09:41:02 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA03073
for radiator at open.com.au; Thu, 19 Apr 2001 09:40:35 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA09007
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:33 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA09007
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 09:26:33 +1000 (EST)
Received: from hugo (acc17-ppp187.mel.dialup.connect.net.au [210.10.136.187])
by entoo.connect.com.au (Postfix) with SMTP
id 7F113DD52C; Thu, 19 Apr 2001 09:24:07 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Ujwol" <ujwol at mos.com.np>, <radiator at open.com.au>
Subject: Re: (RADIATOR) About AuthBy Sql
Date: Thu, 19 Apr 2001 08:14:06 +1000
X-Mailer: KMail [version 1.1.99]
References: <001101c0c80e$eae41f50$daff34ca at mos.com.np>
In-Reply-To: <001101c0c80e$eae41f50$daff34ca at mos.com.np>
MIME-Version: 1.0
Message-Id: <01041908140612.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Ujwol -
If the encryption is one of the standard types recognised by Radiator it
should work fine (as long as you are using PAP authentication). Radiator
understands certain prefixes to understand the type of encryption in use and
will do the right thing automatically.
You can find the prefixes and the encryption types in section 13.1.1 in the
Radiator 2.18 reference manual.
hth
Hugh
On Wednesday 18 April 2001 23:53, Ujwol wrote:
> > Hi,
> We're trying to impliment AuthBy Sql with MSSql 6.5. Is there any way
> that we can authenticate the users whose passwords are encrypted in sql
> encryption format? We could work it out fine with plain text password and
> the MD5 password which we exported to sql table with buildsql command.
> Thanks in advance. Regds,
> Ujwol Manandhar
> Mercantile Communications
> P.O.Box 876
> DurbarMarg Kathmandu, Nepal
> Tel : +977-1-240920
> Fax :+977-1-225407
----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29080 invoked by uid 0); 19 Apr 2001 00:56:54 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 00:56:54 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA03215
for radiator-zzlist; Thu, 19 Apr 2001 10:10:29 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA03170
for radiator at open.com.au; Thu, 19 Apr 2001 10:10:18 +1000 (EST)
>Received: from dnscache.cbr.au.asiaonline.net (dnscache.cbr.au.asiaonline.net [210.215.8.100]) by perki.connect.com.au with ESMTP id KAA10670
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 10:00:53 +1000 (EST)
Received: from dnscache.cbr.au.asiaonline.net (dnscache.cbr.au.asiaonline.net [210.215.8.100]) by perki.connect.com.au with ESMTP id KAA10670
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 10:00:53 +1000 (EST)
Received: from andrewpollock (dev.abc.asiaonline.net [210.215.7.252])
by dnscache.cbr.au.asiaonline.net (8.10.2/8.10.2) with SMTP id f3INx0W08077
for <radiator at open.com.au>; Thu, 19 Apr 2001 09:59:00 +1000 (EST)
From: "Andrew Pollock" <apollock at bit.net.au>
To: <radiator at open.com.au>
Subject: RE: (RADIATOR) Re: Returning avpairs with a an Access-Reject?
Date: Thu, 19 Apr 2001 09:59:35 +1000
Message-ID: <MEEJJONDEDOCPGABDOENCENBCCAA.apollock at bit.net.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <F55475F2CB7AD411BA9700D0B747AFDE24D790 at lnt4exch.netcarrier.net>
Importance: Normal
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Yeah, an "API" reference would make hook writing a lot easier.
Andrew
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
Behalf Of Kitabjian, Dave
Sent: Thursday, 19 April 2001 2:20 AM
To: 'Simon Hackett'; radiator at open.com.au
Subject: RE: (RADIATOR) Re: Returning avpairs with a an Access-Reject?
Actually, I'd love to see the whole(?) API which is available to us in Hooks
documented in an appendix to the venerable "manual" :) A few are mentioned
throughout already, like get_attr(). But for most you have to look through
the source.
Dave
:O
> -----Original Message-----
> From: Simon Hackett [mailto:simon at internode.com.au]
> Sent: Wednesday, April 18, 2001 11:12 AM
> To: radiator at open.com.au
> Subject: (RADIATOR) Re: Returning avpairs with a an Access-Reject?
>
>
> To follow up my own posting... I found one way that works, a
> PostAuthHook:
>
> # drop an h323 return code of 1 (auth failed) into the reply if it is
> # an access reject or reject_immediate - SWH hack for debitcard script
>
> PostAuthHook sub { ${$_[1]}->add_attr('cisco-h323-return-code', \
> 'h323-return-code=1') \
> if (${$_[2]}
> == $main::REJECT) \
> || (${$_[2]} ==
> $main::REJECT_IMMEDIATE)}
>
> Which gets the job done, but I don't see why attributes generated as
> part of a reject shouldn't wind up in the return packet. Maybe it's
> how I'm rejecting the user (a DEFAULT entry in a users file which
> says 'Auth-Type = Reject')?
>
> Also, as a comment about the docs (Hi Mike), the example PostAuthHook
> in the manual (which the above is a shameless copy/adaptation of)
> doesn't mention that the REJECT code might be REJECT_IMMEDIATE, not
> just plain old REJECT. That had me fooled for a while! :)
>
> Perhaps the docs could make a reference in that section to a complete
> list of possible values of x for $main::x ...
>
> Cheers,
> Simon
>
> ---
> Simon Hackett, Technical Director, Internode Systems Pty Ltd
> 31 York St [PO Box 284, Rundle Mall], Adelaide, SA 5000 Australia
> Email: simon at internode.com.au Web: http://www.on.net
> Phone: +61-8-8223-2999 Fax: +61-8-8223-1777
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 29119 invoked by uid 0); 19 Apr 2001 01:01:55 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 01:01:55 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA03220
for radiator-zzlist; Thu, 19 Apr 2001 10:10:35 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA03198;
Thu, 19 Apr 2001 10:10:23 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA09397
(8.8.8/IDA-1.7); Thu, 19 Apr 2001 09:36:34 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA09397
(8.8.8/IDA-1.7); Thu, 19 Apr 2001 09:36:34 +1000 (EST)
Received: from hugo (acc17-ppp187.mel.dialup.connect.net.au [210.10.136.187])
by entoo.connect.com.au (Postfix) with SMTP
id 39121DD9F2; Thu, 19 Apr 2001 09:34:05 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Mariano Absatz" <lradius at pert.com.ar>,
Radiator List <radiator at open.com.au>
Subject: Re: (RADIATOR) kill -1 radiator / logfile name
Date: Thu, 19 Apr 2001 09:34:26 +1000
X-Mailer: KMail [version 1.1.99]
References: <3ADDD84D.24288.6788350 at localhost>
In-Reply-To: <3ADDD84D.24288.6788350 at localhost>
Cc: mikem at open.com.au
MIME-Version: 1.0
Message-Id: <01041909342618.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="ISO-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello again Mariano -
Thanks for the detailed investigation.
Mike will take a look when he returns next week.
regards
Hugh
On Thursday 19 April 2001 07:09, Mariano Absatz wrote:
> El 17 Apr 2001, a las 19:45, Mariano Absatz escribió:
> > Hi all,
> >
> > I had this problem a couple of times but not sistematically... I'm
> > starting a new installation and trying startup scripts (in fact before
> > preparing the config files) and now it is sistematic.
> >
> > Every time I kill -1 Radiator, to re-read the configuration file, it
> > fails...
> >
> > What I remember from my other installation was that if I made a minor
> > change to the config file (e.g. the trace level), it worked OK, but if I
> > edited something bigger, sometimes, it didn't liked it and it died... I
> > thought it had to do with the way Radiator generates perl code on the fly
> > while reading the config files.
> >
> > Now I made a couple of almost empty config files and every time I kill -1
> >
> > radiator it yields the following error:
> > > Can't locate object method "new" via package "Radius::SNMPAgent"
> > > (perhaps you forgot to load "Radius::SNMPAgent"?) at
> > > /usr/local/lib/perl5/site_perl/5.6.1/Radius/ServerConfig.pm line 133,
> > > <FILE> line 17.
>
> Alright, alright... so I SHOULD have RTFM... I had not installed the
> SNMP_Session package and that generated this particular error... anyway,
> read below...
>
> > As I keep cheking it... it's not generating the correct filenames for the
> > logfiles.
> >
> > There is only one logfile generated in /logs/radius and its name is
> > "logfile"... that is, it kinda processed the LogDir statement, but it
> > didn't process the LogFile nor the <Log File>...
>
> It seems that sometimes, somehow, it starts generating messages before
> processing LogFile and <Log FILE>, but AFTER processing LogDir... it's
> alright, I prefer to have the logs someplace else rather than not having
> them at all...
>
> > I'm including the contens of the /app/Radiator/etc/radius-acct.cfg (which
> > is invoked from the command line) and the contents of
> > /app/Radiator/etc/radius-common.cfg (which is included from the former).
>
> I'll change them now... keep reading :-)
>
> > For completeness... I also include the startup/shutdown/reload script
> > (/etc/init.d/radius-acct). It's running on a Netra T1 AC200, 1CPU 360MHz,
> > 512Mb RAM, 2x18Gb HD, Solaris 8, Perl v5.6.1, Radiator 2.18 with all the
> > patches up to 10-Apr-2001.
>
> So, I installed SNMP_Session, cleaned up things a bit, but still, when I
> kill -1, I get strange results...
>
> I started one instance of Radiator (accounting only) and I can stop it
> and start it again with no problem, however, if I kill -1 it I get the
> following message on screen (and on the logfile too)... anyway, now it
> keeps running...
>
> > # /etc/init.d/radius-acct reload
> > Reloading Radiator (acct) configuration:
> > DBD::Oracle::db prepare failed: ORA-03113: end-of-file on communication
> > channel (DBD ERROR: OCIStmtExecute/Describe) {SELECT
> > NAS_IDENTIFIER, NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL,
> > NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS,
> > NAS_LIVINGSTONHOLE, NAS_FRAMEDGROUPBASEADDRESS,
> > NAS_FRAMEDGROUPMAXPORTSPERCLAS, NAS_REWRITEUSERNAME,
> > NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM NAS_SERVICIO_CALIDAD}
> > at /usr/local/lib/perl5/site_perl/5.6.1/Radius/SqlDb.pm line 201,
> > <FILE> line 22.
> > -done
>
> Stranger, still, is that the message appears on the <Log FILE> and on the
> %L/logfile (default name), but NOT in the LogFile...
>
> I use <Log FILE> for standard logging (trace level 2 or 3) and have a
> commented global LogFile with Trace 4 for debugging, however, this file
> only gets the "Radiator starting / Radiator stopping" (I'm not receiving
> packets, just testing start/stop/reload).
>
> Anyway, I put the trace level 4 in the <Log FILE> clause and got this
> result: (keep reading after the trace 4)
>
> ==========================================================================
> Wed Apr 18 17:47:09 2001: NOTICE: SIGTERM received: stopping
> Wed Apr 18 17:47:15 2001: DEBUG: Adding Clients from SQL database
> Wed Apr 18 17:47:15 2001: DEBUG: Query is: SELECT NAS_IDENTIFIER,
> NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, NAS_DEFAULTREALM,
> NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE,
> NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS,
> NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM
> NAS_SERVICIO_CALIDAD
>
> Wed Apr 18 17:47:16 2001: INFO: Server started: Radiator 2.18 on mr-radius
> Wed Apr 18 17:47:23 2001: NOTICE: SIGHUP received: restarting
> Wed Apr 18 17:47:23 2001: DEBUG: Adding Clients from SQL database
> Wed Apr 18 17:47:23 2001: DEBUG: Query is: SELECT NAS_IDENTIFIER,
> NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, NAS_DEFAULTREALM,
> NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE,
> NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS,
> NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM
> NAS_SERVICIO_CALIDAD
>
> Wed Apr 18 17:47:23 2001: ERR: Execute failed for 'SELECT
> NAS_IDENTIFIER, NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL,
> NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS,
> NAS_LIVINGSTONHOLE, NAS_FRAMEDGROUPBASEADDRESS,
> NAS_FRAMEDGROUPMAXPORTSPERCLAS, NAS_REWRITEUSERNAME,
> NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM NAS_SERVICIO_CALIDAD':
> ORA-03113: end-of-file on communication channel (DBD ERROR:
> OCIStmtExecute/Describe)
> Wed Apr 18 17:47:23 2001: INFO: Server started: Radiator 2.18 on mr-radius
> ==========================================================================
>
> The question is why these kind of things happen when I reload the config
> file (kill -1)?... in fact, I didn't even edit the config files...
>
> I usually reload the config file after changing the trace level... but it
> seems I'll have to stop and restart the server every time I do so...
>
> I attach the following files which have changed since my message of
> yesterday:
>
> /etc/init.d/radius-acct (the start/stop/reload script)
> /app/Radiator/etc/radius-acct.cfg (the configuration file)
> /app/Radiator/etc/radius-common.cfg (which is included from
> radius-acct.cfg)
> /app/Radiator/etc/clients.cfg (which is included from radius-common.cfg)
>
>
> ==================== /etc/init.d/radius-acct =======================
> ==================== /etc/init.d/radius-acct =======================
> ==================== /etc/init.d/radius-acct =======================
> #!/bin/sh
> #
> # Radiator This shell script takes care of starting and stopping
> # Radiator (Radius server).
> #
>
> ARGV0LEN=`/usr/ucb/expr length $0`
> POS=`/usr/ucb/expr $ARGV0LEN - 3`
> RADTYPE=`/usr/ucb/expr substr $0 $POS 4`
> # RADTYPE= "auth" o "acct" o "test" tomado de los ultimos 4 caracteres del
> # comando invocado
> RADVAR="rad_instance=$RADTYPE"
> RADIATOR=/app/Radiator/bin/radiusd
> RADCONFIG=/app/Radiator/etc/radius-$RADTYPE.cfg
> MATCHSTRING=".*$RADIATOR.*$RADVAR.*"
> # RADPID=/app/Radiator/tmp/rad-$RADTYPE.pid
>
> ORACLE_SID=radius; export ORACLE_SID
> ORACLE_BASE=/app/oracle; export ORACLE_BASE
> ORACLE_SID=radius; export ORACLE_SID
> ORACLE_HOME=/app/oracle/product/8.1.6; export ORACLE_HOME
> ORACLE_PATH=/app/oracle/product/8.1.6/bin; export ORACLE_PATH
> PATH=$PATH:$ORACLE_HOME/bin; export PATH
>
>
>
> RADCMDLINE="$RADIATOR $RADVAR -config_file $RADCONFIG"
>
>
> [ -f $RADIATOR ] || exit 0
>
> [ -f $RADCONFIG ] || exit 0
>
> # See how we were called.
> case "$1" in
> start)
> # Start daemons.
> echo "Starting Radiator ($RADTYPE): "
> $RADCMDLINE
> echo " -done"
> ;;
> stop)
> # Stop daemons.
> echo "Shutting down Radiator ($RADTYPE): "
> # kill `cat $RADPID`
> /usr/bin/pkill -u0 -x -f $MATCHSTRING
> echo " -done"
> ;;
> restart)
> # Stop daemons.
> echo "Shutting down Radiator ($RADTYPE): "
> # kill `cat $RADPID`
> /usr/bin/pkill -u0 -x -f $MATCHSTRING
> echo " -done"
> # Give time for the port to be actually released
> echo "Waiting... :-/"
> sleep 1
> # Start daemons.
> echo "Starting Radiator ($RADTYPE): "
> $RADCMDLINE
> echo " -done"
> ;;
> reload)
> # reloading configuration
> echo "Reloading Radiator ($RADTYPE) configuration: "
> # kill -1 `cat $RADPID`
> /usr/bin/pkill -1 -u0 -x -f $MATCHSTRING
> echo " -done"
> ;;
> status)
> # checking status
> if /usr/bin/pgrep -u0 -x -f $MATCHSTRING ;
> then
> echo "Radiator ($RADTYPE) running" ;
> else
> echo "Radiator ($RADTYPE) NOT running" ;
> fi
> ;;
> *)
> echo "Usage: $0 {start|stop|status|restart|reload}"
> exit 1
> esac
>
> exit 0
> =========================================================================
> =========================================================================
> =========================================================================
>
>
>
> ================= /app/Radiator/etc/radius-acct.cfg =====================
> ================= /app/Radiator/etc/radius-acct.cfg =====================
> ================= /app/Radiator/etc/radius-acct.cfg =====================
> ##################################################################
> # ACCOUNTING CONFIGURATION #
> ##################################################################
>
> # For debugging, uncomment the 2 following lines
> #Trace 4
> #LogFile %L/%Y-%m/%{GlobalVar:rad_instance}/debugLog_%d-%q
>
> #Trace:
> #0 ERR. Error conditions. Serious and unexpected failures
> #1 WARNING. Warning conditions. Unexpected failures
> #2 NOTICE. Normal but significant conditions.
> #3 INFO. Informational messages.
> #4 DEBUG. Debugging messages.
> #5 Incoming raw packet dumps in hexadecimal.
>
> # include common configuration and global definitions
> include /app/Radiator/etc/radius-common.cfg
>
> ##################################################################
> # PROTOCOL SECTION #
> ##################################################################
>
> #
> # We only do accounting in this instance of Radiator
> #
> AuthPort
> AcctPort 1813
>
> <SNMPAgent>
> Port 16113
> Community CONFIGURAR-COMUNIDAD
> </SNMPAgent>
>
> =========================================================================
> =========================================================================
> =========================================================================
>
>
> ================= /app/Radiator/etc/radius-common.cfg ====================
> ================= /app/Radiator/etc/radius-common.cfg ====================
> ================= /app/Radiator/etc/radius-common.cfg ====================
> ##################################################################
> # COMMON CONFIGURATION #
> ##################################################################
>
> ##################################################################
> # FILES AND DIRECTORIES SECTION #
> ##################################################################
>
> LogDir /logs/radius
> DbDir /app/Radiator/db
> DefineGlobalVar ScriptDir /app/Radiator/scripts
> DefineGlobalVar ConfigDir /app/Radiator/etc
> DefineGlobalVar TempDir /app/Radiator/tmp
>
> DictionaryFile %{GlobalVar:ConfigDir}/dictionary
> PidFile %{GlobalVar:TempDir}/rad-%{GlobalVar:rad_instance}.pid
>
> ##################################################################
> # DATABASE DEFINITIONS SECTION #
> ##################################################################
>
> DefineGlobalVar OracleHost localhost
> DefineGlobalVar OracleSID radius
>
> DefineGlobalVar MR_DBSource
> dbi:Oracle:host=localhost;sid=radius
> DefineGlobalVar MR_DBUsername radmin
> DefineGlobalVar MR_DBAuth radius
>
>
> ##################################################################
> # LOGGING SECTION #
> ##################################################################
> <Log FILE>
> Identifier fileLoggerMetroAuth
> Filename %L/%Y-%m/%{GlobalVar:rad_instance}/stdLog_%d-%q
> Trace 4
> </Log>
>
>
>
> ##################################################################
> # REWRITE SECTION #
> ##################################################################
>
> # REWRITE USER NAME BEFORE ANYTHING ELSE
> # Rewrite any Name without realm to our realm
> # because defaultrealm does not match on HANDLER
> RewriteUsername s/^([^@]+)$/$1\@metrored/
>
> # change everything in the username to lowercase
> RewriteUsername tr/[A-Z]/[a-z]/
>
>
> ##################################################################
> # INCLUDES SECTION #
> ##################################################################
>
> # include clients section
> include %{GlobalVar:ConfigDir}/clients.cfg
> =========================================================================
> =========================================================================
> =========================================================================
>
> ==================== /app/Radiator/etc/clients.cfg =======================
> ==================== /app/Radiator/etc/clients.cfg =======================
> ==================== /app/Radiator/etc/clients.cfg =======================
> ##################################################################
> # CLIENTS SECTION #
> ##################################################################
>
> <ClientListSQL>
> # Client (NAS) info is in the database
>
> DBSource %{GlobalVar:MR_DBSource}
> DBUsername %{GlobalVar:MR_DBUsername}
> DBAuth %{GlobalVar:MR_DBAuth}
>
> GetClientQuery SELECT \
> NAS_IDENTIFIER, NAS_SECRET, \
> NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
> NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
> NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
> NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \
> NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
> NAS_PREHANDLERHOOK \
> FROM NAS_SERVICIO_CALIDAD
>
> </ClientListSQL>
>
> =========================================================================
> =========================================================================
> =========================================================================
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 941 invoked by uid 0); 19 Apr 2001 08:40:08 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 08:40:08 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA04617
for radiator-zzlist; Thu, 19 Apr 2001 17:40:19 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA04597
for radiator at open.com.au; Thu, 19 Apr 2001 17:40:10 +1000 (EST)
>Received: from pop.sat.net.pk ([202.133.64.2]) by perki.connect.com.au with ESMTP id RAA03617
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 17:19:15 +1000 (EST)
Received: from pop.sat.net.pk ([202.133.64.2]) by perki.connect.com.au with ESMTP id RAA03617
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 17:19:15 +1000 (EST)
Received: from sat.net.pk (wizard@[202.133.64.66])
by pop.sat.net.pk (8.11.2/8.11.1) with ESMTP id f3JHHNX23355
for <radiator at open.com.au>; Thu, 19 Apr 2001 12:17:24 -0500 (GMT)
Message-ID: <3ADE9199.36364FD8 at sat.net.pk>
Date: Thu, 19 Apr 2001 12:19:53 +0500
From: Faez Itrat <faez at sat.net.pk>
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: "radiator at open.com.au" <radiator at open.com.au>
Subject: (RADIATOR) Port Limit...
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi,
Can i implement Port Limit per realm basis ? i.e. i want to restrict
specific realms to specific number of ports but at the same time i wanna
implement simultaneous use check for every user, i m using Radiator 2.18
with Oracle as my database and My NAS is ACC-Tigris.
thanx in advance
Faez
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 951 invoked by uid 0); 19 Apr 2001 08:49:42 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 08:49:42 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA04618
for radiator-zzlist; Thu, 19 Apr 2001 17:40:20 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA04612
for radiator at open.com.au; Thu, 19 Apr 2001 17:40:13 +1000 (EST)
>Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [194.237.142.116]) by perki.connect.com.au with ESMTP id RAA03429
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 17:13:44 +1000 (EST)
Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [194.237.142.116]) by perki.connect.com.au with ESMTP id RAA03429
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 17:13:44 +1000 (EST)
Received: from esealnt461 (esealnt461.al.sw.ericsson.se [153.88.251.61])
by albatross.wise.edt.ericsson.se (8.11.0/8.11.0/WIREfire-1.3) with SMTP id f3J7DgN12407
for <radiator at open.com.au>; Thu, 19 Apr 2001 09:13:42 +0200 (MEST)
Received: FROM esealnt400.al.sw.ericsson.se BY esealnt461 ; Thu Apr 19 09:13:41 2001 +0200
Received: by esealnt400 with Internet Mail Service (5.5.2653.19)
id <G9WJ5FD4>; Thu, 19 Apr 2001 09:13:41 +0200
Message-ID: <8DE93563AC71D311B30400508B5D5D8B017D24BA at ESELINT201>
From: "Ingvar Berg (EIP)" <Ingvar.Berg at eip.ericsson.se>
To: "'radiator at open.com.au'" <radiator at open.com.au>
Subject: RE: (RADIATOR) Enforcing Time Abuse
Date: Thu, 19 Apr 2001 09:13:39 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="ISO-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Dave,
One way to handle the "almost-idle" user might be to have the NAS send Alive (or Update) accounting packets. Then you have to apply some arithmetic on those data to try to decide who you should kick out (an operation that is only possible with some NAS).
/Ingvar
-----Original Message-----
From: Kitabjian, Dave [mailto:dave at netcarrier.com]
Sent: den 16 april 2001 21:31
To: 'radiator at open.com.au'
Subject: (RADIATOR) Enforcing Time Abuse
We seem to have a constant chunk of ports hogged up by users who aren't
using the Internet "interactively". This kills our dialup resources (and
violates our Terms and Conditions).
We already have an Idle-Timeout set, but that doesn't catch people who have
AIM running, or who set Eudora to automatically check their mail every 10
minutes, since they pass data. And we don't want to use Session-Timeout
since that will kick them off even if they're "active" at the time of the
Timeout.
So...
What we'd really like is a "parametrized Idle-Timeout": an Idle-Timeout that
will kick you off if your recent usage falls BELOW AN ADJUSTABLE THRESHOLD
of bytes/minute. Is there such a thing?
Another option might be a "conditional Session-Timeout": after
Session-Timeout is exceeded, prompt the user if he needs to remain
connected, and if there is no reply after X minutes, disconnect them. Is
this possible?
Or, what other solutions are out there for attacking this problem?
Thanks in advance!
Dave
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1069 invoked by uid 0); 19 Apr 2001 10:02:14 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 10:02:14 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id SAA04703
for radiator-zzlist; Thu, 19 Apr 2001 18:41:07 +1000 (EST)
Received: by oscar.open.com.au (8.9.0/8.9.0) id SAA04691
for radiator at open.com.au; Thu, 19 Apr 2001 18:41:01 +1000 (EST)
>Received: from smtp1.arnet.com.ar (host191006.arnet.net.ar [200.45.191.6] (may be forged)) by perki.connect.com.au with SMTP id SAA06765
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 18:28:50 +1000 (EST)
Received: from smtp1.arnet.com.ar (host191006.arnet.net.ar [200.45.191.6] (may be forged)) by perki.connect.com.au with SMTP id SAA06765
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 18:28:50 +1000 (EST)
Received: (qmail 16128 invoked from network); 19 Apr 2001 08:08:45 -0000
Received: from host000004.arnet.net.ar (HELO mail1.arnet.com.ar) (200.45.0.4)
by host191006.arnet.net.ar with SMTP; 19 Apr 2001 08:08:45 -0000
Received: from mail pickup service by mail1.arnet.com.ar with Microsoft SMTPSVC;
Thu, 19 Apr 2001 04:51:00 -0300
Received: from recife.arnet.com.ar ([192.168.202.70]) by mail1.arnet.com.ar with Microsoft SMTPSVC(5.5.1877.677.67);
Wed, 18 Apr 2001 13:56:48 -0300
Received: (qmail 17309 invoked from network); 18 Apr 2001 16:56:46 -0000
Received: from oscar.open.com.au (203.63.154.1)
by recife.arnet.com.ar with SMTP; 18 Apr 2001 16:56:46 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA02163
for radiator-zzlist; Thu, 19 Apr 2001 01:40:22 +1000 (EST)
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA02157
for radiator at open.com.au; Thu, 19 Apr 2001 01:40:17 +1000 (EST)
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:29:13 +1000 (EST)
Received: from pop.centurytel.net (pop.centurytel.net [209.142.136.253]) by perki.connect.com.au with ESMTP id BAA19806
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:29:13 +1000 (EST)
Received: from opie (opie.centurytel.net [209.142.136.48])
by pop.centurytel.net (8.11.0/8.11.0) with ESMTP id f3IFTB615829
for <radiator at open.com.au>; Wed, 18 Apr 2001 10:29:12 -0500 (CDT)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
>Received: from pop.centurytel.net (pop.centurytel.net [209.142.136.253]) by perki.connect.com.au with ESMTP id BAA19806
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 01:29:13 +1000 (EST)
Message-Id: <4.2.0.58.20010418101807.00adfd58 at pop.centurytel.net>
X-Sender: kolmstea at pop.centurytel.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Wed, 18 Apr 2001 10:27:43 -0500
To: radiator at open.com.au
From: Keith Olmstead <kolmstea at centurytel.net>
Subject: (RADIATOR) Static Groups
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-radiator at open.com.au
Precedence: bulk
Ok,
Please bare with me if I don't make this clear..
I am needing to create a group in the users file for a static user. Here
is a simple Default group for a dialup users:
# Default Dial-Up PPP User System Profile
DEFAULT Auth-Type = System, NAS-Port-Type = Async
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Reply-Message="choice: ",
Port-Limit = 1,
Idle-Timeout = 1200,
Session-Timeout = 28800,
Class = default
My understanding is that to have a static user, the Framed-IP-Address is
going to be different. Is there a way to have a Static group entry?
If I did not make this clear just let me know,
Keith Olmstead
CenturyTel Network
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1226 invoked by uid 0); 19 Apr 2001 12:26:41 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 12:26:41 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id VAA04935
for radiator-zzlist; Thu, 19 Apr 2001 21:10:14 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id VAA04930
for radiator at open.com.au; Thu, 19 Apr 2001 21:10:09 +1000 (EST)
>Received: from publica.ub.mng.net (publica.ub.mng.net [202.179.0.80]) by perki.connect.com.au with ESMTP id UAA12121
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 20:38:42 +1000 (EST)
Received: from publica.ub.mng.net (publica.ub.mng.net [202.179.0.80]) by perki.connect.com.au with ESMTP id UAA12121
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 19 Apr 2001 20:38:42 +1000 (EST)
Received: from turbat (proxy.micom.mng.net [202.179.0.164])
by publica.ub.mng.net (8.11.1/8.11.1) with SMTP id f3K2bco11473;
Thu, 19 Apr 2001 18:37:38 -0800 (GMT)
Message-ID: <007601c0c8bd$02a66f90$0900a8c0 at turbat>
From: "ganbold" <ganbold at micom.mng.net>
To: <radiator at open.com.au>
Cc: <vadiko at te.net.ua>
Subject: (RADIATOR) AuthSelect problem
Date: Thu, 19 Apr 2001 18:38:26 +0800
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0073_01C0C8FF.EC0ACB80"
Sender: owner-radiator at open.com.au
Precedence: bulk
This is a multi-part message in MIME format.
------=_NextPart_000_0073_01C0C8FF.EC0ACB80
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi!
I'm asking previously posted question.
Is it possible conditional parsing of radius.cfg?
Another words - if it's possible to realise following algorithm:
AuthSelect select SERVICE from .....
if SERVICE =3D=3D 1 then
AuthColumnDef 0, Framed-Protocol, reply
else
AuthColumnDef 0, Login-Service, reply
end
thanks in advance,
Ganbold
------=_NextPart_000_0073_01C0C8FF.EC0ACB80
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi!<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I'm asking previously posted =
question.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>Is it possible conditional parsing =
of=20
radius.cfg?<BR>Another words - if it's possible to realise following=20
algorithm:<BR><BR>AuthSelect select SERVICE from .....<BR>if SERVICE =
=3D=3D 1=20
then<BR> AuthColumnDef 0, Framed-Protocol,=20
reply<BR>else<BR> AuthColumnDef 0, Login-Service,=20
reply<BR>end<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>thanks in advance,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Ganbold<BR></DIV></FONT></BODY></HTML>
------=_NextPart_000_0073_01C0C8FF.EC0ACB80--
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1341 invoked by uid 0); 19 Apr 2001 14:17:00 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 14:17:00 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id WAA05027
for radiator-zzlist; Thu, 19 Apr 2001 22:40:22 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id WAA05022;
Thu, 19 Apr 2001 22:40:18 +1000 (EST)
>Received: from mailgate.Ferguson.com (mailgate.ferguson.com [205.139.23.72]) by perki.connect.com.au with ESMTP id WAA16628
(8.8.8/IDA-1.7); Thu, 19 Apr 2001 22:32:26 +1000 (EST)
Received: from mailgate.Ferguson.com (mailgate.ferguson.com [205.139.23.72]) by perki.connect.com.au with ESMTP id WAA16628
(8.8.8/IDA-1.7); Thu, 19 Apr 2001 22:32:26 +1000 (EST)
Received: by mailgate.Ferguson.com (Postfix, from userid 66)
id 044029BB7; Thu, 19 Apr 2001 08:31:56 -0400 (EDT)
Received: from thorin.ferguson.com(205.139.23.77)
via SMTP by mailgate.ferguson.com, id smtpdd78046; Thu Apr 19 08:31:53 2001
Date: Thu, 19 Apr 2001 08:30:38 -0400 (EDT)
From: Earl Dunston <wed at ferguson.com>
To: Hugh Irvine <hugh at open.com.au>
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) radiator-2.18 install MD5 problem.
In-Reply-To: <0104190801220Y.00901 at hugo>
Message-ID: <Pine.BSF.4.21.0104190829560.70110-100000 at thorin.ferguson.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-radiator at open.com.au
Precedence: bulk
Thanks Hugh,
that fixed my problem!!
Earl
>
> Hello Earl -
>
> I always use the MD5 distribution:
>
> MD5-1.7.tgz
>
> I've included a copy in a seperate mail.
>
> hth
>
> Hugh
>
>
> On Thursday 19 April 2001 02:03, Earl Dunston wrote:
> > Can/will anyone help me with this problem? I've checked starport.net and
> > found similar problems with solutions, but doesn't quite fit what's
> > happening to me. I've RTFM-ed and don't see the solution.
> >
> > I gunzip and untar Digest-MD5-2.13.tar.gz and cd to the new directory.
> > I then "perl Makefile.PL"
> > then "make"
> > then "make test"
> > then "make install"
> > (this goes cleanly.)
> >
> > I then gunzip and untar Radiator-2.18.tgz.
> > Next, I gunzip and untar the patches-2.18.tar.gz and load.
> > I then "perl Makefile.PL"
> > then "make test"
> >
> > the make part appears to go cleanly, but when the test servers are
> > started, I get the following messages.
> >
> >
> > Starting tests...
> > Starting 2 test servers. Please wait...
> > ok 1a
> > Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> > load "MD5"?) at Radius/Radius.pm line 378.
> > not ok 1b
> > Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> > load "MD5"?) at Radius/Radius.pm line 378.
> > not ok 1c
> > Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> > load "MD5"?) at Radius/Radius.pm line 682.
> > not ok 1d
> > not ok 1e
> > Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> > load "MD5"?) at Radius/Radius.pm line 378.
> > not ok 2a
> > Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> > load "MD5"?) at Radius/Radius.pm line 378.
> > ok 2b
> > Can't locate object method "hash" via package "MD5" (perhaps you forgot to
> > load "MD5"?) at Radius/Radius.pm line 378.
> > not ok 2c
> > ..
> > ..
> > ..
> >
> > system: HP PC 733MHZ
> > OS: FreeBSD 4.2 Stable
> > PERL: version 5.6.1
> >
> >
> > Earl Dunston, UNIX System Administrator
> > Ferguson Enterprises, HQ
> > Newport News, VA 23602
> >
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>
Earl Dunston, UNIX System Administrator
Ferguson Enterprises, HQ
Newport News, VA 23602
e-mail: wed at ferguson.com
earl.dunston at ferguson.com
phone : 757-989-2665
fax : 757-989-2505
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1481 invoked by uid 0); 19 Apr 2001 17:16:21 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 17:16:21 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA05358
for radiator-zzlist; Fri, 20 Apr 2001 02:10:37 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA05339
for radiator at open.com.au; Fri, 20 Apr 2001 02:10:30 +1000 (EST)
>Received: from pop.centurytel.net (pop.centurytel.net [209.142.136.253]) by perki.connect.com.au with ESMTP id BAA24117
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 01:35:28 +1000 (EST)
Received: from pop.centurytel.net (pop.centurytel.net [209.142.136.253]) by perki.connect.com.au with ESMTP id BAA24117
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 01:35:28 +1000 (EST)
Received: from opie (opie.centurytel.net [209.142.136.48])
by pop.centurytel.net (8.11.0/8.11.0) with ESMTP id f3JFZQf13342
for <radiator at open.com.au>; Thu, 19 Apr 2001 10:35:27 -0500 (CDT)
Message-Id: <4.2.0.58.20010419102246.0195c1e8 at pop.centurytel.net>
X-Sender: kolmstea at pop.centurytel.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Thu, 19 Apr 2001 10:34:02 -0500
To: radiator at open.com.au
From: Keith Olmstead <kolmstea at centurytel.net>
Subject: (RADIATOR) Static groups (take 2)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-radiator at open.com.au
Precedence: bulk
Well...
I don't even know if this can be done or not but I thought the place to
find out would be this list-serv. What I am trying to do is create groups
in the users file for different types of internet customers. Some being
regular dialup, ISDN, 512k ADSL and so on. I know how to setup a group
entry in the users file for a dynamic internet user, ie.. one that has a
framed IP of 255.255.255.254.
My problem is how do I setup a group entry in the users file that has a
Static IP. Static IP users don't have a framed IP of 255.255.255.254, they
have there IP address there and each customer is has a different one. I
need to setup a group entry for example static dialup, Static ISDN, Static
ADSL. Static meaning they get the same IP address every time they log on.
I guess if you could, give me an example of what the group entry would
look like for a Static Dialup customer.
If this is unclear just let me know, I will try to explain better.
--Keith
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1507 invoked by uid 0); 19 Apr 2001 17:31:10 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 17:31:10 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA05363
for radiator-zzlist; Fri, 20 Apr 2001 02:10:42 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA05357
for radiator at open.com.au; Fri, 20 Apr 2001 02:10:37 +1000 (EST)
>Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id BAA24802
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 01:49:50 +1000 (EST)
Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id BAA24802
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 01:49:50 +1000 (EST)
Received: (qmail 66234 invoked by uid 1003); 19 Apr 2001 15:48:50 -0000
Received: from lnt4exch.netcarrier.com (216.178.72.30)
by rerun.netcarrier.net with SMTP; 19 Apr 2001 15:48:50 -0000
Received: by lnt4exch.netcarrier.net with Internet Mail Service (5.5.2653.19)
id <JBLQ502K>; Thu, 19 Apr 2001 11:48:59 -0400
Message-ID: <F55475F2CB7AD411BA9700D0B747AFDE24D794 at lnt4exch.netcarrier.net>
From: "Kitabjian, Dave" <dave at netcarrier.com>
To: radiator at open.com.au
Subject: (RADIATOR) bug?: AuthLog not picked up by HUP
Date: Thu, 19 Apr 2001 11:48:54 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
I have 2.18 + all patches running. Config section attached.
I added the AuthLog parameter and the <AuthLog FILE> section, and they
weren't picked up until after restarting radiusd (completely).
I know folks mentioned this earlier, but I thought that the reloading of
Handlers was fixed with 2.18, so I thought I would mention this.
Dave
p.s. Installing 2.18 "on top of" the pre-existing 2.16 shouldn't have been a
problem, should it?
#----------------------------------------
<AuthLog FILE>
Identifier davesauthlogger
Filename %L/authlog
LogSuccess 1
LogFailure 1
FailureFormat %l:%U:%P:%0:%1
</AuthLog>
#----------------------------------------
#----------------------------------------
<Handler User-Name = daveppp>
AuthLog davesauthlogger
SessionDatabase SDB1
AuthBy FLATFILE_AUTH
AcctLogFileName %D/Accounting/daveppp-%h
</Handler>
#----------------------------------------
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1578 invoked by uid 0); 19 Apr 2001 18:14:06 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 18:14:06 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id DAA05433
for radiator-zzlist; Fri, 20 Apr 2001 03:10:35 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id DAA05414
for radiator at open.com.au; Fri, 20 Apr 2001 03:10:29 +1000 (EST)
>Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id CAA27279
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 02:50:15 +1000 (EST)
Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id CAA27279
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 02:50:15 +1000 (EST)
Received: from cosa.intranet.pert.com.ar ([192.168.1.10]:47114 "EHLO COSA"
whoson: "popbaby") by dedos.pert.com.ar with ESMTP
id <S34528AbRDSQtb> convert rfc822-to-8bit; Thu, 19 Apr 2001 13:49:31 -0300
From: "Mariano Absatz" <lradius at pert.com.ar>
To: Neale Banks <neale at lowendale.com.au>
Date: Thu, 19 Apr 2001 13:49:51 -0300
MIME-Version: 1.0
Content-transfer-encoding: 8BIT
Subject: Re: (RADIATOR) accounting flat file to CSV ?
CC: Radiator List <radiator at open.com.au>
Message-ID: <3ADEECFF.14288.AB16BE5 at localhost>
In-reply-to: <a04320405b6f7337f853f@[203.96.146.137]>
References: <Pine.LNX.4.05.10104091340250.19565-100000 at marina.lowendale.com.au>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi Neale,
It's an awful thing to do since the CSV "column names" are "embedded" in
the original file and fields are non positional, and some records have
more fields than others...
I'm answering (late, since I haven't read the list for quite a few days),
cause I made a perl script some time ago to handle something quite
similar.
I had to convert an LDIFF (LDAP Interchange File Format) file (with all
objects of the same objectclass) to a table with the attribute names as
column headings.
I made a "quick and VERY dirty" perl script to handle it. It does a
couple of very nasty things but gets the job done.
It will need modifications to handle the radius accounting format... It
doesn't handle the timestamp line, I don't think it handles whitespace
before the attribute name and (this is the worst part) it builds the
table in memory as an array of hashes...
I had only 10,000 records so it wasn't a problem, but radius accounting
logs can get really large...
I did it this way to be able to construct the heading line on top, since
I couldn't know all of the attribute names until I process all of the
records... however it shouldn't be very hard to modify it to generate the
records to a file on the fly while generating the column headings array,
close that file, write that array to another file and append the first
file to the second one.
If you are interested, I can send you the script... with ABSOLUTELY NO
GUARANTEES (other than it worked once for LDIF :-)...
El 9 Apr 2001, a las 19:39, Hugh Irvine escribió:
>
> Hello Neale -
>
> Have you had a look in the goodies directory to see if there is anything there?
>
> Otherwise I am sure someone on the list has done this at lease once.
>
> regards
>
> Hugh
>
>
> At 13:45 +1000 01/4/9, Neale Banks wrote:
> >G'day Hugh,
> >
> >On Fri, 6 Apr 2001, Hugh Irvine wrote:
> >
> >> Hello Neale -
> >>
> >> On Thursday 05 April 2001 10:15, Neale Banks wrote:
> >> > Greetings all,
> >> >
> >> > Not exclusively Radiator-relevant, but probably RADIUS+Perl relevant...
> >> >
> >> > Does anyone have any pointer to anything to convert flat-file accounting
> >> > records to comma-separated format?
> >>
> >> You can use the AcctLogFileName and AcctLogFileFormat to specify any format
> >> you wish. Sections 6.15.4 and 6.15.5 in the Radiator 2.18 reference manual.
> >>
> >> > Alternatively, any other solutions to the need to tabulate a user's STOP
> >> > records to run some elementary stats over their sessions times and
> >> > disconnect reasons?
> >>
> >> It would probably be simpler to write the data to an SQL database directly
> >> and use an SQL report externally.
> >
> >Whilst these would both be good solutions for new records, unfortunately
> >my current "challenge" is to extract some statistics from historical data
> >which is in traditional flat-file accounting records.
> >
> >I'd be grateful of any suggestions anyone has regarding this.
> >
> >Thanks,
> >Neale.
>
> --
>
> NB: I am travelling this week, so there may be delays in our correspondence.
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1797 invoked by uid 0); 19 Apr 2001 22:45:17 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 22:45:17 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05878
for radiator-zzlist; Fri, 20 Apr 2001 07:40:55 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05820
for radiator at open.com.au; Fri, 20 Apr 2001 07:40:40 +1000 (EST)
>Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id HAA07325
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:21:37 +1000 (EST)
Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id HAA07325
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:21:37 +1000 (EST)
Received: (qmail 68365 invoked by uid 1003); 19 Apr 2001 21:20:34 -0000
Received: from lnt4exch.netcarrier.com (216.178.72.30)
by rerun.netcarrier.net with SMTP; 19 Apr 2001 21:20:34 -0000
Received: by lnt4exch.netcarrier.net with Internet Mail Service (5.5.2653.19)
id <JBLQ506V>; Thu, 19 Apr 2001 17:20:43 -0400
Message-ID: <F55475F2CB7AD411BA9700D0B747AFDE24D798 at lnt4exch.netcarrier.net>
From: "Kitabjian, Dave" <dave at netcarrier.com>
To: radiator at open.com.au
Subject: (RADIATOR) Tip: AuthBy GROUP with 2 RADIUS auths
Date: Thu, 19 Apr 2001 17:20:40 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
This tip is just for the archive and fyi, in the hopes that it might help
someone out.
You can get confusing results when using a configuration similar to the
following:
<AuthBy GROUP>
AuthByPolicy ContinueWhileReject
<AuthBy RADIUS>
...
</AuthBy>
<AuthBy RADIUS>
...
</AuthBy>
</AuthBy>
The AuthByPolicy docs say that each Auth will be tried in turn, according to
the Policy specified. The problem is that Radiator handles AuthBy RADIUS
differently than it does other AuthBys: it doesn't wait for the reply from
the proxy before moving on.
What we wanted was to proxy to one provider, and if they are rejected there,
try the other provider (we just acquired another ISP with a separate
authentication pool, etc). So what happened to us was that we got crazy,
intermingled results, like:
Code: Access-Accept
Identifier: 136
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Service-Type = Framed-User
Framed-Protocol = PPP
Idle-Timeout = 1200
Crazy!
So anyway, the solution is to put to Synchronous flag in the first AuthBy
RADIUS, such as:
<AuthBy GROUP>
AuthByPolicy ContinueWhileReject
<AuthBy RADIUS>
Synchronous
...
</AuthBy>
<AuthBy RADIUS>
...
</AuthBy>
</AuthBy>
That does wonders.
Dave
:)
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1805 invoked by uid 0); 19 Apr 2001 22:45:30 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 22:45:30 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05899
for radiator-zzlist; Fri, 20 Apr 2001 07:41:08 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05865
for radiator at open.com.au; Fri, 20 Apr 2001 07:40:49 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id HAA07591
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:29:18 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id HAA07591
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:29:18 +1000 (EST)
Received: from hugo (acc17-ppp193.mel.dialup.connect.net.au [210.10.136.193])
by entoo.connect.com.au (Postfix) with SMTP
id E9856DD799; Fri, 20 Apr 2001 07:26:51 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Kitabjian, Dave" <dave at netcarrier.com>, radiator at open.com.au
Subject: Re: (RADIATOR) bug?: AuthLog not picked up by HUP
Date: Fri, 20 Apr 2001 07:15:09 +1000
X-Mailer: KMail [version 1.1.99]
References: <F55475F2CB7AD411BA9700D0B747AFDE24D794 at lnt4exch.netcarrier.net>
In-Reply-To: <F55475F2CB7AD411BA9700D0B747AFDE24D794 at lnt4exch.netcarrier.net>
MIME-Version: 1.0
Message-Id: <0104200715091Q.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi Dave -
As posted yesterday, Mike will check this next week when he gets back.
thanks
Hugh
On Friday 20 April 2001 01:48, Kitabjian, Dave wrote:
> I have 2.18 + all patches running. Config section attached.
>
> I added the AuthLog parameter and the <AuthLog FILE> section, and they
> weren't picked up until after restarting radiusd (completely).
>
> I know folks mentioned this earlier, but I thought that the reloading of
> Handlers was fixed with 2.18, so I thought I would mention this.
>
> Dave
>
> p.s. Installing 2.18 "on top of" the pre-existing 2.16 shouldn't have been
> a problem, should it?
>
> #----------------------------------------
> <AuthLog FILE>
>
> Identifier davesauthlogger
> Filename %L/authlog
> LogSuccess 1
> LogFailure 1
> FailureFormat %l:%U:%P:%0:%1
>
> </AuthLog>
> #----------------------------------------
> #----------------------------------------
> <Handler User-Name = daveppp>
>
> AuthLog davesauthlogger
> SessionDatabase SDB1
> AuthBy FLATFILE_AUTH
> AcctLogFileName %D/Accounting/daveppp-%h
>
> </Handler>
> #----------------------------------------
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1813 invoked by uid 0); 19 Apr 2001 22:46:38 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 22:46:38 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05890
for radiator-zzlist; Fri, 20 Apr 2001 07:41:02 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05850
for radiator at open.com.au; Fri, 20 Apr 2001 07:40:45 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id HAA07577
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:29:10 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id HAA07577
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:29:10 +1000 (EST)
Received: from hugo (acc17-ppp193.mel.dialup.connect.net.au [210.10.136.193])
by entoo.connect.com.au (Postfix) with SMTP
id 653BFDD3A4; Fri, 20 Apr 2001 07:26:42 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Faez Itrat <faez at sat.net.pk>,
"radiator at open.com.au" <radiator at open.com.au>
Subject: Re: (RADIATOR) Port Limit...
Date: Fri, 20 Apr 2001 06:48:36 +1000
X-Mailer: KMail [version 1.1.99]
References: <3ADE9199.36364FD8 at sat.net.pk>
In-Reply-To: <3ADE9199.36364FD8 at sat.net.pk>
MIME-Version: 1.0
Message-Id: <0104200648361J.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Faez -
This is very easy to do with an AuthBy PORTLIMITCHECK together with a
SessionDatabase SQL. Check section 6.39 in the reference manual.
regards
Hugh
On Thursday 19 April 2001 17:19, Faez Itrat wrote:
> Hi,
> Can i implement Port Limit per realm basis ? i.e. i want to restrict
> specific realms to specific number of ports but at the same time i wanna
> implement simultaneous use check for every user, i m using Radiator 2.18
> with Oracle as my database and My NAS is ACC-Tigris.
> thanx in advance
>
>
> Faez
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1823 invoked by uid 0); 19 Apr 2001 22:55:50 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 22:55:50 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05891
for radiator-zzlist; Fri, 20 Apr 2001 07:41:02 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05842
for radiator at open.com.au; Fri, 20 Apr 2001 07:40:43 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id HAA07598
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:29:23 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id HAA07598
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:29:23 +1000 (EST)
Received: from hugo (acc17-ppp193.mel.dialup.connect.net.au [210.10.136.193])
by entoo.connect.com.au (Postfix) with SMTP
id 93DECDD7E3; Fri, 20 Apr 2001 07:26:53 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Keith Olmstead <kolmstea at centurytel.net>, radiator at open.com.au
Subject: Re: (RADIATOR) Static groups (take 2)
Date: Fri, 20 Apr 2001 07:19:05 +1000
X-Mailer: KMail [version 1.1.99]
References: <4.2.0.58.20010419102246.0195c1e8 at pop.centurytel.net>
In-Reply-To: <4.2.0.58.20010419102246.0195c1e8 at pop.centurytel.net>
MIME-Version: 1.0
Message-Id: <0104200719051R.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Keith -
By definition an individual user is not a group, so you would specify your
static customers as seperate entries (one each) with the assigned IP address
in each corresponding entry.
Ie:
DEFAULT .....
DEFAULT .....
user1 .....
Framed-IP-Address = 1.1.1.1,
.....
user2 .....
Framed-IP-Address = 1.1.1.2,
.....
user3 .....
Framed-IP-Address = 1.1.1.3,
.....
etc.
hth
Hugh
On Friday 20 April 2001 01:34, Keith Olmstead wrote:
> Well...
>
> I don't even know if this can be done or not but I thought the place to
> find out would be this list-serv. What I am trying to do is create groups
> in the users file for different types of internet customers. Some being
> regular dialup, ISDN, 512k ADSL and so on. I know how to setup a group
> entry in the users file for a dynamic internet user, ie.. one that has a
> framed IP of 255.255.255.254.
>
> My problem is how do I setup a group entry in the users file that has a
> Static IP. Static IP users don't have a framed IP of 255.255.255.254, they
> have there IP address there and each customer is has a different one. I
> need to setup a group entry for example static dialup, Static ISDN, Static
> ADSL. Static meaning they get the same IP address every time they log on.
>
> I guess if you could, give me an example of what the group entry would
> look like for a Static Dialup customer.
>
> If this is unclear just let me know, I will try to explain better.
>
> --Keith
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1831 invoked by uid 0); 19 Apr 2001 22:56:03 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 22:56:03 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05900
for radiator-zzlist; Fri, 20 Apr 2001 07:41:09 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA05871
for radiator at open.com.au; Fri, 20 Apr 2001 07:40:51 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id HAA07582
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:29:14 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id HAA07582
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 07:29:14 +1000 (EST)
Received: from hugo (acc17-ppp193.mel.dialup.connect.net.au [210.10.136.193])
by entoo.connect.com.au (Postfix) with SMTP
id 2184CDD3B7; Fri, 20 Apr 2001 07:26:47 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "ganbold" <ganbold at micom.mng.net>, <radiator at open.com.au>
Subject: Re: (RADIATOR) AuthSelect problem
Date: Fri, 20 Apr 2001 07:00:47 +1000
X-Mailer: KMail [version 1.1.99]
Cc: <vadiko at te.net.ua>
References: <007601c0c8bd$02a66f90$0900a8c0 at turbat>
In-Reply-To: <007601c0c8bd$02a66f90$0900a8c0 at turbat>
MIME-Version: 1.0
Message-Id: <0104200700471M.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Ganbold -
You can't do this directly, however you can write a Hook to do it. There are
some example hooks in the file "goodies/hooks.txt" in the distribution.
hth
Hugh
On Thursday 19 April 2001 20:38, ganbold wrote:
> > Hi!
>
> I'm asking previously posted question.
>
> Is it possible conditional parsing of radius.cfg?
> Another words - if it's possible to realise following algorithm:
>
> AuthSelect select SERVICE from .....
> if SERVICE == 1 then
> AuthColumnDef 0, Framed-Protocol, reply
> else
> AuthColumnDef 0, Login-Service, reply
> end
>
>
> thanks in advance,
>
> Ganbold
----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1880 invoked by uid 0); 19 Apr 2001 23:20:17 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 19 Apr 2001 23:20:17 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id IAA05972
for radiator-zzlist; Fri, 20 Apr 2001 08:10:33 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id IAA05946;
Fri, 20 Apr 2001 08:10:26 +1000 (EST)
>Received: from pop.centurytel.net (pop.centurytel.net [209.142.136.253]) by perki.connect.com.au with ESMTP id HAA08444
(8.8.8/IDA-1.7); Fri, 20 Apr 2001 07:46:32 +1000 (EST)
Received: from pop.centurytel.net (pop.centurytel.net [209.142.136.253]) by perki.connect.com.au with ESMTP id HAA08444
(8.8.8/IDA-1.7); Fri, 20 Apr 2001 07:46:32 +1000 (EST)
Received: from opie (opie.centurytel.net [209.142.136.48])
by pop.centurytel.net (8.11.0/8.11.0) with ESMTP id f3JLkPP13999;
Thu, 19 Apr 2001 16:46:25 -0500 (CDT)
Message-Id: <4.2.0.58.20010419164016.0195a848 at pop.centurytel.net>
X-Sender: kolmstea at pop.centurytel.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Thu, 19 Apr 2001 16:45:00 -0500
To: hugh at open.com.au, radiator at open.com.au
From: Keith Olmstead <kolmstea at centurytel.net>
Subject: Re: (RADIATOR) Static groups (take 2)
In-Reply-To: <0104200719051R.00901 at hugo>
References: <4.2.0.58.20010419102246.0195c1e8 at pop.centurytel.net>
<4.2.0.58.20010419102246.0195c1e8 at pop.centurytel.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-radiator at open.com.au
Precedence: bulk
That is what I thought. Other groups beside mine are wanting something
that can't be done and just wanted something to back that up.
--Keith
At 07:19 AM 4/20/01 +1000, Hugh Irvine wrote:
>Hello Keith -
>
>By definition an individual user is not a group, so you would specify your
>static customers as seperate entries (one each) with the assigned IP address
>in each corresponding entry.
>
>Ie:
>
>DEFAULT .....
>
>DEFAULT .....
>
>user1 .....
> Framed-IP-Address = 1.1.1.1,
> .....
>
>user2 .....
> Framed-IP-Address = 1.1.1.2,
> .....
>
>user3 .....
> Framed-IP-Address = 1.1.1.3,
> .....
>
>etc.
>
>
>hth
>
>Hugh
>
>
>On Friday 20 April 2001 01:34, Keith Olmstead wrote:
> > Well...
> >
> > I don't even know if this can be done or not but I thought the place to
> > find out would be this list-serv. What I am trying to do is create groups
> > in the users file for different types of internet customers. Some being
> > regular dialup, ISDN, 512k ADSL and so on. I know how to setup a group
> > entry in the users file for a dynamic internet user, ie.. one that has a
> > framed IP of 255.255.255.254.
> >
> > My problem is how do I setup a group entry in the users file that has a
> > Static IP. Static IP users don't have a framed IP of 255.255.255.254, they
> > have there IP address there and each customer is has a different one. I
> > need to setup a group entry for example static dialup, Static ISDN, Static
> > ADSL. Static meaning they get the same IP address every time they log on.
> >
> > I guess if you could, give me an example of what the group entry would
> > look like for a Static Dialup customer.
> >
> > If this is unclear just let me know, I will try to explain better.
> >
> > --Keith
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2544 invoked by uid 0); 20 Apr 2001 08:24:00 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 20 Apr 2001 08:24:00 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA06684
for radiator-zzlist; Fri, 20 Apr 2001 17:10:22 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA06672
for radiator at open.com.au; Fri, 20 Apr 2001 17:10:18 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA05678
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 16:58:50 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA05678
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 16:58:50 +1000 (EST)
Received: from hugo (acc23-ppp97.mel.dialup.connect.net.au [210.10.142.97])
by entoo.connect.com.au (Postfix) with SMTP
id 93C70DDB81; Fri, 20 Apr 2001 16:56:23 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Kitabjian, Dave" <dave at netcarrier.com>, radiator at open.com.au
Subject: Re: (RADIATOR) Tip: AuthBy GROUP with 2 RADIUS auths
Date: Fri, 20 Apr 2001 16:15:23 +1000
X-Mailer: KMail [version 1.1.99]
References: <F55475F2CB7AD411BA9700D0B747AFDE24D798 at lnt4exch.netcarrier.net>
In-Reply-To: <F55475F2CB7AD411BA9700D0B747AFDE24D798 at lnt4exch.netcarrier.net>
MIME-Version: 1.0
Message-Id: <0104201615231U.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Dave -
In some cases the Synchronous flag will cause serious delays, so the other
way to do this is with a "ReplyHook" to check the return code and call the
second AuthBy RADIUS if required.
regards
Hugh
On Friday 20 April 2001 07:20, Kitabjian, Dave wrote:
> This tip is just for the archive and fyi, in the hopes that it might help
> someone out.
>
> You can get confusing results when using a configuration similar to the
> following:
>
> <AuthBy GROUP>
>
> AuthByPolicy ContinueWhileReject
>
> <AuthBy RADIUS>
> ...
> </AuthBy>
> <AuthBy RADIUS>
> ...
> </AuthBy>
>
> </AuthBy>
>
> The AuthByPolicy docs say that each Auth will be tried in turn, according
> to the Policy specified. The problem is that Radiator handles AuthBy RADIUS
> differently than it does other AuthBys: it doesn't wait for the reply from
> the proxy before moving on.
>
> What we wanted was to proxy to one provider, and if they are rejected
> there, try the other provider (we just acquired another ISP with a separate
> authentication pool, etc). So what happened to us was that we got crazy,
> intermingled results, like:
>
> Code: Access-Accept
> Identifier: 136
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Idle-Timeout = 1200
>
> Crazy!
>
> So anyway, the solution is to put to Synchronous flag in the first AuthBy
> RADIUS, such as:
>
> <AuthBy GROUP>
>
> AuthByPolicy ContinueWhileReject
>
> <AuthBy RADIUS>
> Synchronous
> ...
> </AuthBy>
> <AuthBy RADIUS>
> ...
> </AuthBy>
>
> </AuthBy>
>
> That does wonders.
>
> Dave
>
> :)
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2879 invoked by uid 0); 20 Apr 2001 14:25:33 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 20 Apr 2001 14:25:33 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA07318
for radiator-zzlist; Fri, 20 Apr 2001 23:10:28 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA07288
for radiator at open.com.au; Fri, 20 Apr 2001 23:10:20 +1000 (EST)
>Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id WAA18171
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 22:34:32 +1000 (EST)
Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id WAA18171
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 22:34:32 +1000 (EST)
Received: from warp-core.skynet.be ([195.238.2.25] helo=Sarabi)
by mail.krameria.net with asmtp (Exim 3.20 #1)
id 14qaD6-0000Rs-00
for radiator at open.com.au; Fri, 20 Apr 2001 14:40:28 +0200
From: "Andy De Petter" <adepette at krameria.net>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: (RADIATOR) logfile question
Date: Fri, 20 Apr 2001 14:36:03 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOOEEOFGAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello,
I have something like:
SuccessFormat %l:%n:%P:%a:PASS:%N:%c
as my logformat ...
Now, in this case, I'm only logging cleartext passwords, for users, who are
not connecting via CHAP (User-Password). Is there a way to do some kind of
"if" statement, in the log format tool, so I can do something like:
if %{CHAP-Password}SuccessFormat %l:%n:%{CHAP-Password}:%a:PASS:%N:%c
else SuccessFormat %l:%n:%P:%a:PASS:%N:%c
tia,
-a
--
"For nothing can seem foul to those that win."
- Henry IV, Pt1, Act 5, Sc 1
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2888 invoked by uid 0); 20 Apr 2001 14:25:45 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 20 Apr 2001 14:25:45 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA07330
for radiator-zzlist; Fri, 20 Apr 2001 23:10:33 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA07309
for radiator at open.com.au; Fri, 20 Apr 2001 23:10:25 +1000 (EST)
>Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id WAA19040
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 22:55:17 +1000 (EST)
Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id WAA19040
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 22:55:17 +1000 (EST)
Received: from warp-core.skynet.be ([195.238.2.25] helo=Sarabi)
by mail.krameria.net with asmtp (Exim 3.20 #1)
id 14qaXD-0000VR-00
for radiator at open.com.au; Fri, 20 Apr 2001 15:01:15 +0200
From: "Andy De Petter" <adepette at krameria.net>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: (RADIATOR) RejectEmptyPassword problem
Date: Fri, 20 Apr 2001 14:56:54 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOMEEPFGAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello,
When I enable RejectEmptyPassword option, in my radiator configuration, all
users, that are authentifying through CHAP, are being rejected, because of
an empty "User-Password".
Anyone has experience this same problem?
This problem occurs, after upgrading to 2.18 (same config works okay on
2.17.1).
-Andy
--
Andy De Petter _,'| _.-''``-...___..--';
Skynet Operations /, \'. _..-' , ,--...--'''
< \ .`--''' ` /|
Tel +32 (0)2 7061311 `-,;' ; ; ;
Fax +32 (0)2 7061312 __...--'' __...--_..' .;.'
(,__....----''' (,..--''
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2988 invoked by uid 0); 20 Apr 2001 16:44:24 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 20 Apr 2001 16:44:24 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA07565
for radiator-zzlist; Sat, 21 Apr 2001 01:40:21 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA07553
for radiator at open.com.au; Sat, 21 Apr 2001 01:40:16 +1000 (EST)
>Received: from dnscache.cbr.au.asiaonline.net (dnscache.cbr.au.asiaonline.net [210.215.8.100]) by perki.connect.com.au with ESMTP id BAA25089
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 01:16:27 +1000 (EST)
Received: from dnscache.cbr.au.asiaonline.net (dnscache.cbr.au.asiaonline.net [210.215.8.100]) by perki.connect.com.au with ESMTP id BAA25089
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 01:16:27 +1000 (EST)
Received: from andrewpollock (dev.abc.asiaonline.net [210.215.7.252])
by dnscache.cbr.au.asiaonline.net (8.10.2/8.10.2) with SMTP id f3KFEVW26568
for <radiator at open.com.au>; Sat, 21 Apr 2001 01:14:31 +1000 (EST)
From: "Andrew Pollock" <apollock at bit.net.au>
To: <radiator at open.com.au>
Subject: (RADIATOR) Feature suggestion
Date: Sat, 21 Apr 2001 01:15:28 +1000
Message-ID: <MEEJJONDEDOCPGABDOENKENNCCAA.apollock at bit.net.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi,
I don't know how sought after this would be, but I'll raise it anyway...
We run Radiator as a front end to Portal's Infranet Terminal Server Manager
(crappy) RADIUS server. It doesn't support things like Alive records, and
(on a side issue) we have a number of issues with false duplicate sessions
due to temporary outages and lost accounting records in general.
What would be cool, would be if Radiator could maintain an internal active
session table, based on Alive records, and if it didn't receive one within a
configurable time period, it could mock up a Stop record and send that
through to the RADIUS server that it's configured to proxy everything
through to.
Did that make sense to anyone other than me?
Thoughts?
Andrew
------------------------------------------------------------
Andrew Pollock Systems Group Team Leader
andrew at asiaonline.net http://www.asiaonline.net/
Phone: +61 2 6243 0213
Fax: +61 2 6247 3316
Asia Online
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3525 invoked by uid 0); 21 Apr 2001 01:28:52 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 21 Apr 2001 01:28:52 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA08184
for radiator-zzlist; Sat, 21 Apr 2001 10:10:29 +1000 (EST)
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA08172
for radiator at open.com.au; Sat, 21 Apr 2001 10:10:24 +1000 (EST)
>Received: from smtp1.arnet.com.ar (host191006.arnet.net.ar [200.45.191.6] (may be forged)) by perki.connect.com.au with SMTP id JAA13566
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 09:57:45 +1000 (EST)
Received: from smtp1.arnet.com.ar (host191006.arnet.net.ar [200.45.191.6] (may be forged)) by perki.connect.com.au with SMTP id JAA13566
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 09:57:45 +1000 (EST)
Received: (qmail 6748 invoked from network); 20 Apr 2001 23:57:28 -0000
Received: from host000004.arnet.net.ar (HELO mail1.arnet.com.ar) (200.45.0.4)
by host191006.arnet.net.ar with SMTP; 20 Apr 2001 23:57:28 -0000
Received: from mail pickup service by mail1.arnet.com.ar with Microsoft SMTPSVC;
Fri, 20 Apr 2001 20:56:58 -0300
Received: from recife.arnet.com.ar ([192.168.202.70]) by mail2.arnet.com.ar with Microsoft SMTPSVC(5.5.1877.677.67);
Fri, 20 Apr 2001 11:26:57 -0300
Received: (qmail 4473 invoked from network); 20 Apr 2001 14:26:56 -0000
Received: from oscar.open.com.au (203.63.154.1)
by recife.arnet.com.ar with SMTP; 20 Apr 2001 14:26:56 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA07318
for radiator-zzlist; Fri, 20 Apr 2001 23:10:28 +1000 (EST)
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA07288
for radiator at open.com.au; Fri, 20 Apr 2001 23:10:20 +1000 (EST)
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 22:34:32 +1000 (EST)
Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id WAA18171
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 22:34:32 +1000 (EST)
Received: from warp-core.skynet.be ([195.238.2.25] helo=Sarabi)
by mail.krameria.net with asmtp (Exim 3.20 #1)
id 14qaD6-0000Rs-00
for radiator at open.com.au; Fri, 20 Apr 2001 14:40:28 +0200
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
>Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id WAA18171
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 20 Apr 2001 22:34:32 +1000 (EST)
From: "Andy De Petter" <adepette at krameria.net>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: (RADIATOR) logfile question
Date: Fri, 20 Apr 2001 14:36:03 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOOEEOFGAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello,
I have something like:
SuccessFormat %l:%n:%P:%a:PASS:%N:%c
as my logformat ...
Now, in this case, I'm only logging cleartext passwords, for users, who are
not connecting via CHAP (User-Password). Is there a way to do some kind of
"if" statement, in the log format tool, so I can do something like:
if %{CHAP-Password}SuccessFormat %l:%n:%{CHAP-Password}:%a:PASS:%N:%c
else SuccessFormat %l:%n:%P:%a:PASS:%N:%c
tia,
-a
--
"For nothing can seem foul to those that win."
- Henry IV, Pt1, Act 5, Sc 1
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3585 invoked by uid 0); 21 Apr 2001 02:47:23 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 21 Apr 2001 02:47:23 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08735
for radiator-zzlist; Sat, 21 Apr 2001 11:41:18 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08680
for radiator at open.com.au; Sat, 21 Apr 2001 11:40:57 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id LAA16840
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 11:22:10 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id LAA16840
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 11:22:10 +1000 (EST)
Received: from hugo (acc21-ppp179.mel.dialup.connect.net.au [210.10.140.179])
by entoo.connect.com.au (Postfix) with SMTP
id E4D05DDC41; Sat, 21 Apr 2001 11:19:42 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Andy De Petter" <adepette at krameria.net>,
"Radiator Mailing" <radiator at open.com.au>
Subject: Re: (RADIATOR) logfile question
Date: Sat, 21 Apr 2001 10:39:06 +1000
X-Mailer: KMail [version 1.1.99]
References: <NMEIJMCFCECINGDHLNMOOEEOFGAA.adepette at krameria.net>
In-Reply-To: <NMEIJMCFCECINGDHLNMOOEEOFGAA.adepette at krameria.net>
MIME-Version: 1.0
Message-Id: <01042110390622.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Andy -
As has been said on this list many times before, advanced logging facilities
are planned for a future release of Radiator (no dates yet set).
However, you can easily do this sort of thing with a hook, so have a look at
the examples in "goodies/hooks.txt".
regards
Hugh
On Friday 20 April 2001 22:36, Andy De Petter wrote:
> Hello,
>
> I have something like:
>
> SuccessFormat %l:%n:%P:%a:PASS:%N:%c
>
> as my logformat ...
>
> Now, in this case, I'm only logging cleartext passwords, for users, who are
> not connecting via CHAP (User-Password). Is there a way to do some kind of
> "if" statement, in the log format tool, so I can do something like:
>
> if %{CHAP-Password}SuccessFormat %l:%n:%{CHAP-Password}:%a:PASS:%N:%c
> else SuccessFormat %l:%n:%P:%a:PASS:%N:%c
>
> tia,
>
> -a
>
>
> --
> "For nothing can seem foul to those that win."
> - Henry IV, Pt1, Act 5, Sc 1
>
> *** DISCLAIMER ***
> This e-mail and any attachments thereto may contain information, which
> is confidential and/or protected by intellectual property rights and
> are intended for the sole use of the recipient(s) named above. Any use
> of the information contained herein (including, but not limited to,
> total or partial reproduction, communication or distribution in any
> form) by persons other than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender
> either by telephone or by e-mail and delete the material from any
> computer. Thank you for your cooperation.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3595 invoked by uid 0); 21 Apr 2001 02:51:07 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 21 Apr 2001 02:51:07 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08734
for radiator-zzlist; Sat, 21 Apr 2001 11:41:17 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08699;
Sat, 21 Apr 2001 11:41:02 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id LAA16850
(8.8.8/IDA-1.7); Sat, 21 Apr 2001 11:22:12 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id LAA16850
(8.8.8/IDA-1.7); Sat, 21 Apr 2001 11:22:12 +1000 (EST)
Received: from hugo (acc21-ppp179.mel.dialup.connect.net.au [210.10.140.179])
by entoo.connect.com.au (Postfix) with SMTP
id E0709DDC42; Sat, 21 Apr 2001 11:19:40 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Andy De Petter" <adepette at krameria.net>,
"Radiator Mailing" <radiator at open.com.au>
Subject: Re: (RADIATOR) RejectEmptyPassword problem
Date: Sat, 21 Apr 2001 10:36:26 +1000
X-Mailer: KMail [version 1.1.99]
References: <NMEIJMCFCECINGDHLNMOMEEPFGAA.adepette at krameria.net>
In-Reply-To: <NMEIJMCFCECINGDHLNMOMEEPFGAA.adepette at krameria.net>
Cc: mikem at open.com.au
MIME-Version: 1.0
Message-Id: <01042110362621.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Andy -
I have copied this to Mike and he will look at it when he returns next week.
Thanks for reporting the problem.
regards
Hugh
On Friday 20 April 2001 22:56, Andy De Petter wrote:
> Hello,
>
> When I enable RejectEmptyPassword option, in my radiator configuration, all
> users, that are authentifying through CHAP, are being rejected, because of
> an empty "User-Password".
>
> Anyone has experience this same problem?
>
> This problem occurs, after upgrading to 2.18 (same config works okay on
> 2.17.1).
>
> -Andy
>
> --
>
> Andy De Petter _,'| _.-''``-...___..--';
> Skynet Operations /, \'. _..-' , ,--...--'''
> < \ .`--''' ` /|
> Tel +32 (0)2 7061311 `-,;' ; ; ;
> Fax +32 (0)2 7061312 __...--'' __...--_..' .;.'
> (,__....----''' (,..--''
> *** DISCLAIMER ***
> This e-mail and any attachments thereto may contain information, which
> is confidential and/or protected by intellectual property rights and
> are intended for the sole use of the recipient(s) named above. Any use
> of the information contained herein (including, but not limited to,
> total or partial reproduction, communication or distribution in any
> form) by persons other than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender
> either by telephone or by e-mail and delete the material from any
> computer. Thank you for your cooperation.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3603 invoked by uid 0); 21 Apr 2001 02:52:10 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 21 Apr 2001 02:52:10 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08730
for radiator-zzlist; Sat, 21 Apr 2001 11:41:12 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08672
for radiator at open.com.au; Sat, 21 Apr 2001 11:40:55 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id LAA16832
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 11:22:01 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id LAA16832
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 11:22:01 +1000 (EST)
Received: from hugo (acc21-ppp179.mel.dialup.connect.net.au [210.10.140.179])
by entoo.connect.com.au (Postfix) with SMTP
id 388C8DDC38; Sat, 21 Apr 2001 11:19:31 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Andrew Pollock" <apollock at bit.net.au>, <radiator at open.com.au>
Subject: Re: (RADIATOR) Feature suggestion
Date: Sat, 21 Apr 2001 10:11:14 +1000
X-Mailer: KMail [version 1.1.99]
References: <MEEJJONDEDOCPGABDOENKENNCCAA.apollock at bit.net.au>
In-Reply-To: <MEEJJONDEDOCPGABDOENKENNCCAA.apollock at bit.net.au>
MIME-Version: 1.0
Message-Id: <0104211011141Y.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Andrew -
I have had to do something similar for one of our customers in Europe,
however the mocking up of stop records and so on was done in a couple of
hooks. A StartupHook was used to initialise a number of GlobalVar's, and
PreAuthHook's and NoReplyHook's were used to dummy up the records.
One thing you need to be very careful of with this sort of thing is not to
overload Radiator with lots of extraneous processing overhead, so another
approach is to have an external cron job or similar do the checking and
processing. Database triggers and stored procedures are also very useful.
The reason we include support for hooks in Radiator is because there are
*lots* of very specific requirements that it is hard to code generically, so
we take the 90/10 approach by doing 90% of the job really well, and we give
you the tools to do the other 10% as easily as possible.
regards
Hugh
On Saturday 21 April 2001 01:15, Andrew Pollock wrote:
> Hi,
>
> I don't know how sought after this would be, but I'll raise it anyway...
>
> We run Radiator as a front end to Portal's Infranet Terminal Server Manager
> (crappy) RADIUS server. It doesn't support things like Alive records, and
> (on a side issue) we have a number of issues with false duplicate sessions
> due to temporary outages and lost accounting records in general.
>
> What would be cool, would be if Radiator could maintain an internal active
> session table, based on Alive records, and if it didn't receive one within
> a configurable time period, it could mock up a Stop record and send that
> through to the RADIUS server that it's configured to proxy everything
> through to.
>
> Did that make sense to anyone other than me?
>
> Thoughts?
>
> Andrew
>
> ------------------------------------------------------------
> Andrew Pollock Systems Group Team Leader
> andrew at asiaonline.net http://www.asiaonline.net/
> Phone: +61 2 6243 0213
> Fax: +61 2 6247 3316
>
> Asia Online
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3613 invoked by uid 0); 21 Apr 2001 03:00:13 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 21 Apr 2001 03:00:13 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08700
for radiator-zzlist; Sat, 21 Apr 2001 11:41:03 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08664
for radiator at open.com.au; Sat, 21 Apr 2001 11:40:53 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id LAA16831
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 11:22:01 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id LAA16831
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 21 Apr 2001 11:22:01 +1000 (EST)
Received: from hugo (acc21-ppp179.mel.dialup.connect.net.au [210.10.140.179])
by entoo.connect.com.au (Postfix) with SMTP
id 5F580DD2F8; Sat, 21 Apr 2001 11:19:29 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Kitabjian, Dave" <dave at netcarrier.com>
Subject: (RADIATOR) Re: <Hook> ?
Date: Sat, 21 Apr 2001 09:52:44 +1000
X-Mailer: KMail [version 1.1.99]
References: <F55475F2CB7AD411BA9700D0B747AFDE24D79E at lnt4exch.netcarrier.net>
In-Reply-To: <F55475F2CB7AD411BA9700D0B747AFDE24D79E at lnt4exch.netcarrier.net>
Cc: radiator at open.com.au
MIME-Version: 1.0
Message-Id: <0104210952441X.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Dave -
I approach this problem in a slightly different way, by using an Identifier
in the Realm or Handler, and checking for it in the hook itself. That way I
can call the same hook from different places and have it do "the right thing".
Have a look at the examples in "goodies/hooks.txt" to see how its done.
BTW - I always use the "file:..." construct as I can then keep my hooks in
RCS as seperate items.
thanks
Hugh
On Saturday 21 April 2001 07:54, Kitabjian, Dave wrote:
> Hey, here's an idea.
>
> I have a PreProcessingHook that I'm calling from a bunch of handlers. So in
> order to avoid duplicating code, I used the "file:..." trick. But, if
> Radiator had a
>
> <Hook>
>
> Identifier HOOK_SPLIT_OFF_REALM
>
> sub { \
> ...
> }
>
> </Hook>
>
> clause, then I could call this code right from within my config file as
>
> PreProcessingHook HOOK_SPLIT_OFF_REALM
>
> Pretty slick, eh?
>
> Dave
>
> :)
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 8305 invoked by uid 0); 22 Apr 2001 07:44:55 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 22 Apr 2001 07:44:55 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA14079
for radiator-zzlist; Sun, 22 Apr 2001 16:10:36 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA14056;
Sun, 22 Apr 2001 16:10:30 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id PAA21191
(8.8.8/IDA-1.7); Sun, 22 Apr 2001 15:54:55 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id PAA21191
(8.8.8/IDA-1.7); Sun, 22 Apr 2001 15:54:55 +1000 (EST)
Received: from hugo (acc21-ppp147.mel.dialup.connect.net.au [210.10.140.147])
by entoo.connect.com.au (Postfix) with SMTP
id 0E85BDD501; Sun, 22 Apr 2001 15:52:24 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: radiator at open.com.au
Subject: (RADIATOR) IMPORTANT - spam/virus attacks
Date: Sun, 22 Apr 2001 15:19:24 +1000
X-Mailer: KMail [version 1.1.99]
Cc: mikem at open.com.au
MIME-Version: 1.0
Message-Id: <01042215192426.00901 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Everyone -
Please be aware that there are malicious emails being circulated to list
members of various lists (looks like the addresses are being taken from
archive sites). The messages invide the addressee to look at an attachment,
which of course you should not do.
I have received a couple of these today on the Radiator list and I got a
couple last week on the Nanog list.
As always, do not open attachments from unknown sources and just delete any
suspicious messages.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 8426 invoked by uid 0); 22 Apr 2001 10:38:51 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 22 Apr 2001 10:38:51 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id TAA14738
for radiator-zzlist; Sun, 22 Apr 2001 19:40:46 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id TAA14708
for radiator at open.com.au; Sun, 22 Apr 2001 19:40:38 +1000 (EST)
>Received: from bareed105.riyadh.zajil.com ([212.26.73.242]) by perki.connect.com.au with ESMTP id TAA28342
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sun, 22 Apr 2001 19:05:33 +1000 (EST)
Received: from bareed105.riyadh.zajil.com ([212.26.73.242]) by perki.connect.com.au with ESMTP id TAA28342
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sun, 22 Apr 2001 19:05:33 +1000 (EST)
Received: from msx101.riyadh.zajil.com (msx101.riyadh.zajil.com [208.162.203.10])
by bareed105.riyadh.zajil.com (8.9.3/8.9.3) with ESMTP id MAA17463
for <radiator at open.com.au>; Sun, 22 Apr 2001 12:05:31 +0300 (AST)
Received: from GNriyadhHD.gulfnetksa.com (ws103.riyadh.zajil.com [208.162.203.52])
by msx101.riyadh.zajil.com (8.9.3/8.9.3) with ESMTP id LAA29731
for <radiator at open.com.au>; Sun, 22 Apr 2001 11:50:16 +0300 (AST)
Received: from abdussami ([172.16.2.60])
by GNriyadhHD.gulfnetksa.com (8.8.5/8.8.5) with SMTP id PAA06744
for <radiator at open.com.au>; Sun, 22 Apr 2001 15:36:51 +0300 (AST)
From: "Mohammed AbdusSami" <abdussami at gulfnetksa.com>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: (RADIATOR) Hw can I pass ....
Date: Sun, 22 Apr 2001 12:12:15 +0300
Message-ID: <NEBBJOPJMLBGFKDGNJABCEJGDCAA.abdussami at gulfnetksa.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
In-Reply-To: <01042110362621.00901 at hugo>
Disposition-Notification-To: "Mohammed AbdusSami" <abdussami at gulfnetksa.com>
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi...
I am having following attributes. I want to assign IP address & netmask to
user.
Code: Access-Accept
Identifier: 8
Authentic: <177><232>"\<152><29>6<216>O<241>j<231><1>~<133>Q
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Session-Timeout = 18000
Idle-Timeout = 18000
Framed-Compression = Van-Jacobson-TCP-IP
Framed-IP-Netmask = 255.255.255.0
Framed-IP-Address = 172.16.2.78
Can anybody show me how can I do that.
Regards,
AbdusSami
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 10146 invoked by uid 0); 23 Apr 2001 10:57:42 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 23 Apr 2001 10:57:42 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id TAA19113
for radiator-zzlist; Mon, 23 Apr 2001 19:40:54 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id TAA19081
for radiator at open.com.au; Mon, 23 Apr 2001 19:40:47 +1000 (EST)
>Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id TAA02541
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 23 Apr 2001 19:15:47 +1000 (EST)
Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id TAA02541
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 23 Apr 2001 19:15:47 +1000 (EST)
Received: from warp-core.skynet.be ([195.238.2.25] helo=Sarabi)
by mail.krameria.net with asmtp (Exim 3.20 #1)
id 14rcRa-0003od-00
for radiator at open.com.au; Mon, 23 Apr 2001 11:15:42 +0200
From: "Andy De Petter" <adepette at krameria.net>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: (RADIATOR) howto (CHAP-Password)
Date: Mon, 23 Apr 2001 11:17:31 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOAEJEFGAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Importance: Normal
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Is there a variable, that contains the plaintext (decrypted) CHAP-Password,
for authentication packets? I want to log the username and cleartext
password, for all users that are authenticating.. also the ones, with
CHAP-Password..
thx,
-a
--
"For nothing can seem foul to those that win."
- Henry IV, Pt1, Act 5, Sc 1
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 11102 invoked by uid 0); 24 Apr 2001 01:26:38 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 24 Apr 2001 01:26:38 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA22100
for radiator-zzlist; Tue, 24 Apr 2001 10:10:34 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA22088
for radiator at open.com.au; Tue, 24 Apr 2001 10:10:29 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08357
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 24 Apr 2001 09:56:25 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id JAA08357
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 24 Apr 2001 09:56:25 +1000 (EST)
Received: from [210.10.197.162] (acc9-ppp162.bri.dialup.connect.net.au [210.10.197.162])
by entoo.connect.com.au (Postfix) with ESMTP
id 80AC4DD5A9; Tue, 24 Apr 2001 09:53:53 +1000 (EST)
Mime-Version: 1.0
X-Sender: hugh at oscar.open.com.au
Message-Id: <a04320403b70a6e3ba98a@[10.1.1.30]>
In-Reply-To: <NMEIJMCFCECINGDHLNMOAEJEFGAA.adepette at krameria.net>
References: <NMEIJMCFCECINGDHLNMOAEJEFGAA.adepette at krameria.net>
Date: Tue, 24 Apr 2001 09:43:25 +1000
To: "Andy De Petter" <adepette at krameria.net>,
"Radiator Mailing" <radiator at open.com.au>
From: Hugh Irvine <hugh at open.com.au>
Subject: Re: (RADIATOR) howto (CHAP-Password)
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Andy -
You are out of luck I am afraid - when CHAP is used, you must have
the plaintext password in your database, because only the encryptions
are compared.
hth
Hugh
At 11:17 +0200 01/4/23, Andy De Petter wrote:
>Is there a variable, that contains the plaintext (decrypted) CHAP-Password,
>for authentication packets? I want to log the username and cleartext
>password, for all users that are authenticating.. also the ones, with
>CHAP-Password..
>
>thx,
>
>-a
>
>
>--
>"For nothing can seem foul to those that win."
> - Henry IV, Pt1, Act 5, Sc 1
>
>*** DISCLAIMER ***
>This e-mail and any attachments thereto may contain information, which
>is confidential and/or protected by intellectual property rights and
>are intended for the sole use of the recipient(s) named above. Any use
>of the information contained herein (including, but not limited to,
>total or partial reproduction, communication or distribution in any
>form) by persons other than the designated recipient(s) is prohibited.
>If you have received this e-mail in error, please notify the sender
>either by telephone or by e-mail and delete the material from any
>computer. Thank you for your cooperation.
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 11154 invoked by uid 0); 24 Apr 2001 02:08:08 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 24 Apr 2001 02:08:08 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA22140
for radiator-zzlist; Tue, 24 Apr 2001 10:30:48 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: from dell.open.com.au (IDENT:mikem at dell.open.com.au [203.63.154.11])
by oscar.open.com.au (8.9.0/8.9.0) with SMTP id KAA22134;
Tue, 24 Apr 2001 10:30:30 +1000 (EST)
Content-Type: text/plain;
charset="iso-8859-1"
From: Mike McCauley <mikem at open.com.au>
Organization: open System Consultants
To: Hugh Irvine <hugh at open.com.au>, "Mariano Absatz" <lradius at pert.com.ar>,
Radiator List <radiator at open.com.au>
Subject: Re: (RADIATOR) kill -1 radiator / logfile name
Date: Tue, 24 Apr 2001 10:25:51 +1000
X-Mailer: KMail [version 1.2]
Cc: mikem at open.com.au
References: <3ADDD84D.24288.6788350 at localhost> <01041909342618.00901 at hugo>
In-Reply-To: <01041909342618.00901 at hugo>
MIME-Version: 1.0
Message-Id: <01042410255100.01038 at dell.open.com.au>
Content-Transfer-Encoding: 8bit
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Mariano,
Looks like the main problem left is that when you do a kill -1, some of the
loggers stop?
This problem was fixed recently. You need to ge the new Log.pm from the 2.18
patches area.
Hope that helps.
Cheers.
On Thursday 19 April 2001 09:34, Hugh Irvine wrote:
> Hello again Mariano -
>
> Thanks for the detailed investigation.
>
> Mike will take a look when he returns next week.
>
> regards
>
> Hugh
>
> On Thursday 19 April 2001 07:09, Mariano Absatz wrote:
> > El 17 Apr 2001, a las 19:45, Mariano Absatz escribió:
> > > Hi all,
> > >
> > > I had this problem a couple of times but not sistematically... I'm
> > > starting a new installation and trying startup scripts (in fact before
> > > preparing the config files) and now it is sistematic.
> > >
> > > Every time I kill -1 Radiator, to re-read the configuration file, it
> > > fails...
> > >
> > > What I remember from my other installation was that if I made a minor
> > > change to the config file (e.g. the trace level), it worked OK, but if
> > > I edited something bigger, sometimes, it didn't liked it and it died...
> > > I thought it had to do with the way Radiator generates perl code on the
> > > fly while reading the config files.
> > >
> > > Now I made a couple of almost empty config files and every time I kill
> > > -1
> > >
> > > radiator it yields the following error:
> > > > Can't locate object method "new" via package "Radius::SNMPAgent"
> > > > (perhaps you forgot to load "Radius::SNMPAgent"?) at
> > > > /usr/local/lib/perl5/site_perl/5.6.1/Radius/ServerConfig.pm line 133,
> > > > <FILE> line 17.
> >
> > Alright, alright... so I SHOULD have RTFM... I had not installed the
> > SNMP_Session package and that generated this particular error... anyway,
> > read below...
> >
> > > As I keep cheking it... it's not generating the correct filenames for
> > > the logfiles.
> > >
> > > There is only one logfile generated in /logs/radius and its name is
> > > "logfile"... that is, it kinda processed the LogDir statement, but it
> > > didn't process the LogFile nor the <Log File>...
> >
> > It seems that sometimes, somehow, it starts generating messages before
> > processing LogFile and <Log FILE>, but AFTER processing LogDir... it's
> > alright, I prefer to have the logs someplace else rather than not having
> > them at all...
> >
> > > I'm including the contens of the /app/Radiator/etc/radius-acct.cfg
> > > (which is invoked from the command line) and the contents of
> > > /app/Radiator/etc/radius-common.cfg (which is included from the
> > > former).
> >
> > I'll change them now... keep reading :-)
> >
> > > For completeness... I also include the startup/shutdown/reload script
> > > (/etc/init.d/radius-acct). It's running on a Netra T1 AC200, 1CPU
> > > 360MHz, 512Mb RAM, 2x18Gb HD, Solaris 8, Perl v5.6.1, Radiator 2.18
> > > with all the patches up to 10-Apr-2001.
> >
> > So, I installed SNMP_Session, cleaned up things a bit, but still, when I
> > kill -1, I get strange results...
> >
> > I started one instance of Radiator (accounting only) and I can stop it
> > and start it again with no problem, however, if I kill -1 it I get the
> > following message on screen (and on the logfile too)... anyway, now it
> > keeps running...
> >
> > > # /etc/init.d/radius-acct reload
> > > Reloading Radiator (acct) configuration:
> > > DBD::Oracle::db prepare failed: ORA-03113: end-of-file on communication
> > > channel (DBD ERROR: OCIStmtExecute/Describe) {SELECT
> > > NAS_IDENTIFIER, NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL,
> > > NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS,
> > > NAS_LIVINGSTONHOLE, NAS_FRAMEDGROUPBASEADDRESS,
> > > NAS_FRAMEDGROUPMAXPORTSPERCLAS, NAS_REWRITEUSERNAME,
> > > NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM NAS_SERVICIO_CALIDAD}
> > > at /usr/local/lib/perl5/site_perl/5.6.1/Radius/SqlDb.pm line 201,
> > > <FILE> line 22.
> > > -done
> >
> > Stranger, still, is that the message appears on the <Log FILE> and on the
> > %L/logfile (default name), but NOT in the LogFile...
> >
> > I use <Log FILE> for standard logging (trace level 2 or 3) and have a
> > commented global LogFile with Trace 4 for debugging, however, this file
> > only gets the "Radiator starting / Radiator stopping" (I'm not receiving
> > packets, just testing start/stop/reload).
> >
> > Anyway, I put the trace level 4 in the <Log FILE> clause and got this
> > result: (keep reading after the trace 4)
> >
> > =========================================================================
> >= Wed Apr 18 17:47:09 2001: NOTICE: SIGTERM received: stopping
> > Wed Apr 18 17:47:15 2001: DEBUG: Adding Clients from SQL database
> > Wed Apr 18 17:47:15 2001: DEBUG: Query is: SELECT NAS_IDENTIFIER,
> > NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, NAS_DEFAULTREALM,
> > NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE,
> > NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS,
> > NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM
> > NAS_SERVICIO_CALIDAD
> >
> > Wed Apr 18 17:47:16 2001: INFO: Server started: Radiator 2.18 on
> > mr-radius Wed Apr 18 17:47:23 2001: NOTICE: SIGHUP received: restarting
> > Wed Apr 18 17:47:23 2001: DEBUG: Adding Clients from SQL database
> > Wed Apr 18 17:47:23 2001: DEBUG: Query is: SELECT NAS_IDENTIFIER,
> > NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, NAS_DEFAULTREALM,
> > NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE,
> > NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS,
> > NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM
> > NAS_SERVICIO_CALIDAD
> >
> > Wed Apr 18 17:47:23 2001: ERR: Execute failed for 'SELECT
> > NAS_IDENTIFIER, NAS_SECRET, NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL,
> > NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, NAS_LIVINGSTONOFFS,
> > NAS_LIVINGSTONHOLE, NAS_FRAMEDGROUPBASEADDRESS,
> > NAS_FRAMEDGROUPMAXPORTSPERCLAS, NAS_REWRITEUSERNAME,
> > NAS_NOIGNOREDUPLICATES, NAS_PREHANDLERHOOK FROM NAS_SERVICIO_CALIDAD':
> > ORA-03113: end-of-file on communication channel (DBD ERROR:
> > OCIStmtExecute/Describe)
> > Wed Apr 18 17:47:23 2001: INFO: Server started: Radiator 2.18 on
> > mr-radius
> > =========================================================================
> >=
> >
> > The question is why these kind of things happen when I reload the config
> > file (kill -1)?... in fact, I didn't even edit the config files...
> >
> > I usually reload the config file after changing the trace level... but it
> > seems I'll have to stop and restart the server every time I do so...
> >
> > I attach the following files which have changed since my message of
> > yesterday:
> >
> > /etc/init.d/radius-acct (the start/stop/reload script)
> > /app/Radiator/etc/radius-acct.cfg (the configuration file)
> > /app/Radiator/etc/radius-common.cfg (which is included from
> > radius-acct.cfg)
> > /app/Radiator/etc/clients.cfg (which is included from radius-common.cfg)
> >
> >
> > ==================== /etc/init.d/radius-acct =======================
> > ==================== /etc/init.d/radius-acct =======================
> > ==================== /etc/init.d/radius-acct =======================
> > #!/bin/sh
> > #
> > # Radiator This shell script takes care of starting and stopping
> > # Radiator (Radius server).
> > #
> >
> > ARGV0LEN=`/usr/ucb/expr length $0`
> > POS=`/usr/ucb/expr $ARGV0LEN - 3`
> > RADTYPE=`/usr/ucb/expr substr $0 $POS 4`
> > # RADTYPE= "auth" o "acct" o "test" tomado de los ultimos 4 caracteres
> > del # comando invocado
> > RADVAR="rad_instance=$RADTYPE"
> > RADIATOR=/app/Radiator/bin/radiusd
> > RADCONFIG=/app/Radiator/etc/radius-$RADTYPE.cfg
> > MATCHSTRING=".*$RADIATOR.*$RADVAR.*"
> > # RADPID=/app/Radiator/tmp/rad-$RADTYPE.pid
> >
> > ORACLE_SID=radius; export ORACLE_SID
> > ORACLE_BASE=/app/oracle; export ORACLE_BASE
> > ORACLE_SID=radius; export ORACLE_SID
> > ORACLE_HOME=/app/oracle/product/8.1.6; export ORACLE_HOME
> > ORACLE_PATH=/app/oracle/product/8.1.6/bin; export ORACLE_PATH
> > PATH=$PATH:$ORACLE_HOME/bin; export PATH
> >
> >
> >
> > RADCMDLINE="$RADIATOR $RADVAR -config_file $RADCONFIG"
> >
> >
> > [ -f $RADIATOR ] || exit 0
> >
> > [ -f $RADCONFIG ] || exit 0
> >
> > # See how we were called.
> > case "$1" in
> > start)
> > # Start daemons.
> > echo "Starting Radiator ($RADTYPE): "
> > $RADCMDLINE
> > echo " -done"
> > ;;
> > stop)
> > # Stop daemons.
> > echo "Shutting down Radiator ($RADTYPE): "
> > # kill `cat $RADPID`
> > /usr/bin/pkill -u0 -x -f $MATCHSTRING
> > echo " -done"
> > ;;
> > restart)
> > # Stop daemons.
> > echo "Shutting down Radiator ($RADTYPE): "
> > # kill `cat $RADPID`
> > /usr/bin/pkill -u0 -x -f $MATCHSTRING
> > echo " -done"
> > # Give time for the port to be actually released
> > echo "Waiting... :-/"
> > sleep 1
> > # Start daemons.
> > echo "Starting Radiator ($RADTYPE): "
> > $RADCMDLINE
> > echo " -done"
> > ;;
> > reload)
> > # reloading configuration
> > echo "Reloading Radiator ($RADTYPE) configuration: "
> > # kill -1 `cat $RADPID`
> > /usr/bin/pkill -1 -u0 -x -f $MATCHSTRING
> > echo " -done"
> > ;;
> > status)
> > # checking status
> > if /usr/bin/pgrep -u0 -x -f $MATCHSTRING ;
> > then
> > echo "Radiator ($RADTYPE) running" ;
> > else
> > echo "Radiator ($RADTYPE) NOT running" ;
> > fi
> > ;;
> > *)
> > echo "Usage: $0 {start|stop|status|restart|reload}"
> > exit 1
> > esac
> >
> > exit 0
> > =========================================================================
> > =========================================================================
> > =========================================================================
> >
> >
> >
> > ================= /app/Radiator/etc/radius-acct.cfg =====================
> > ================= /app/Radiator/etc/radius-acct.cfg =====================
> > ================= /app/Radiator/etc/radius-acct.cfg =====================
> > ##################################################################
> > # ACCOUNTING CONFIGURATION #
> > ##################################################################
> >
> > # For debugging, uncomment the 2 following lines
> > #Trace 4
> > #LogFile %L/%Y-%m/%{GlobalVar:rad_instance}/debugLog_%d-%q
> >
> > #Trace:
> > #0 ERR. Error conditions. Serious and unexpected failures
> > #1 WARNING. Warning conditions. Unexpected failures
> > #2 NOTICE. Normal but significant conditions.
> > #3 INFO. Informational messages.
> > #4 DEBUG. Debugging messages.
> > #5 Incoming raw packet dumps in hexadecimal.
> >
> > # include common configuration and global definitions
> > include /app/Radiator/etc/radius-common.cfg
> >
> > ##################################################################
> > # PROTOCOL SECTION #
> > ##################################################################
> >
> > #
> > # We only do accounting in this instance of Radiator
> > #
> > AuthPort
> > AcctPort 1813
> >
> > <SNMPAgent>
> > Port 16113
> > Community CONFIGURAR-COMUNIDAD
> > </SNMPAgent>
> >
> > =========================================================================
> > =========================================================================
> > =========================================================================
> >
> >
> > ================= /app/Radiator/etc/radius-common.cfg
> > ==================== =================
> > /app/Radiator/etc/radius-common.cfg ====================
> > ================= /app/Radiator/etc/radius-common.cfg
> > ====================
> > ################################################################## #
> > COMMON CONFIGURATION #
> > ##################################################################
> >
> > ##################################################################
> > # FILES AND DIRECTORIES SECTION #
> > ##################################################################
> >
> > LogDir /logs/radius
> > DbDir /app/Radiator/db
> > DefineGlobalVar ScriptDir /app/Radiator/scripts
> > DefineGlobalVar ConfigDir /app/Radiator/etc
> > DefineGlobalVar TempDir /app/Radiator/tmp
> >
> > DictionaryFile %{GlobalVar:ConfigDir}/dictionary
> > PidFile %{GlobalVar:TempDir}/rad-%{GlobalVar:rad_instance}.pid
> >
> > ##################################################################
> > # DATABASE DEFINITIONS SECTION #
> > ##################################################################
> >
> > DefineGlobalVar OracleHost localhost
> > DefineGlobalVar OracleSID radius
> >
> > DefineGlobalVar MR_DBSource
> > dbi:Oracle:host=localhost;sid=radius
> > DefineGlobalVar MR_DBUsername radmin
> > DefineGlobalVar MR_DBAuth radius
> >
> >
> > ##################################################################
> > # LOGGING SECTION #
> > ##################################################################
> > <Log FILE>
> > Identifier fileLoggerMetroAuth
> > Filename %L/%Y-%m/%{GlobalVar:rad_instance}/stdLog_%d-%q
> > Trace 4
> > </Log>
> >
> >
> >
> > ##################################################################
> > # REWRITE SECTION #
> > ##################################################################
> >
> > # REWRITE USER NAME BEFORE ANYTHING ELSE
> > # Rewrite any Name without realm to our realm
> > # because defaultrealm does not match on HANDLER
> > RewriteUsername s/^([^@]+)$/$1\@metrored/
> >
> > # change everything in the username to lowercase
> > RewriteUsername tr/[A-Z]/[a-z]/
> >
> >
> > ##################################################################
> > # INCLUDES SECTION #
> > ##################################################################
> >
> > # include clients section
> > include %{GlobalVar:ConfigDir}/clients.cfg
> > =========================================================================
> > =========================================================================
> > =========================================================================
> >
> > ==================== /app/Radiator/etc/clients.cfg
> > ======================= ====================
> > /app/Radiator/etc/clients.cfg =======================
> > ==================== /app/Radiator/etc/clients.cfg
> > =======================
> > ################################################################## #
> > CLIENTS SECTION #
> > ##################################################################
> >
> > <ClientListSQL>
> > # Client (NAS) info is in the database
> >
> > DBSource %{GlobalVar:MR_DBSource}
> > DBUsername %{GlobalVar:MR_DBUsername}
> > DBAuth %{GlobalVar:MR_DBAuth}
> >
> > GetClientQuery SELECT \
> > NAS_IDENTIFIER, NAS_SECRET, \
> > NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
> > NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
> > NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
> > NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS,
> > \ NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \ NAS_PREHANDLERHOOK \
> > FROM NAS_SERVICIO_CALIDAD
> >
> > </ClientListSQL>
> >
> > =========================================================================
> > =========================================================================
> > =========================================================================
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
--
Mike McCauley, Open System Consultants
Im travelling at the moment, and our correspondence may be delayed.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 11262 invoked by uid 0); 24 Apr 2001 03:46:26 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 24 Apr 2001 03:46:26 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA22697
for radiator-zzlist; Tue, 24 Apr 2001 12:10:56 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA22684
for radiator at open.com.au; Tue, 24 Apr 2001 12:10:51 +1000 (EST)
>Received: from mx-1.psinet.com.br (mx-1.psinet.com.br [200.188.80.72]) by perki.connect.com.au with ESMTP id LAA14746
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 24 Apr 2001 11:56:09 +1000 (EST)
Received: from mx-1.psinet.com.br (mx-1.psinet.com.br [200.188.80.72]) by perki.connect.com.au with ESMTP id LAA14746
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 24 Apr 2001 11:56:09 +1000 (EST)
Received: from oxumare (fw1.ba.psinet.com.br [200.188.16.38])
by mx-1.psinet.com.br (8.11.2/8.11.2) with SMTP id f3O1uB637147
for <radiator at open.com.au>; Mon, 23 Apr 2001 22:56:11 -0300 (EST)
Message-ID: <060b01c0cc62$6707f550$8303a8c0 at oxumare>
From: "Hugo Dias" <diash at psi.com>
To: "Radiator Mailing" <radiator at open.com.au>
References: <NMEIJMCFCECINGDHLNMOAEJEFGAA.adepette at krameria.net> <a04320403b70a6e3ba98a@[10.1.1.30]>
Subject: (RADIATOR) Controlling session: DBM file
Date: Mon, 23 Apr 2001 23:00:56 -0300
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hugh,
I am trying to use MaxSession and SessionDatabase together but the
radiator seens to be very low and stop to answer. I think its happening
because the radiator has to check the DBM all the time. Could you help on
this? I am seending a part of my configuration:
<Handler NAS-Identifier = /200.188.0.*|200.188.7.*/, Class =
DBFILE-psinet.com.br >
AuthBy CheckDBpsinet
AcctLogFileName %L/../acct/psinet.com.br-%Y%m%d%H
SessionDatabase psinet.1
#MaxSessions 1
</Handler>
<Handler NAS-Identifier = /200.188.0.*|200.188.7.*/, Class =
DBFILE-horizontes.com.br >
AuthBy CheckDBhorizontes
AcctLogFileName %L/../acct/horizontes.com.br-%Y%m%d%H
SessionDatabase inter.net.1
#MaxSessions 1
</Handler>
<Handler NAS-Identifier = /200.188.0.*|200.188.7.*/>
<AuthBy GROUP>
AuthByPolicy ContinueUntilAccept
AuthBy CheckDBpsinet
<AuthBy GROUP>
AuthBy CheckDBhorizontes
</AuthBy>
</AuthBy>
PostAuthHook file:"%D/scripts/post-auth.pl"
</Handler>
Thanks
Hugo José C.C. Dias
PSINet - Salvador
System Administrator Manager - Latam
55 71 340-3301
diash at psi.com
Visite www.psinet.com.br - PSINet "The Internet Super Carrier"
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Andy De Petter" <adepette at krameria.net>; "Radiator Mailing"
<radiator at open.com.au>
Sent: Monday, April 23, 2001 8:43 PM
Subject: Re: (RADIATOR) howto (CHAP-Password)
>
> Hello Andy -
>
> You are out of luck I am afraid - when CHAP is used, you must have
> the plaintext password in your database, because only the encryptions
> are compared.
>
> hth
>
> Hugh
>
>
> At 11:17 +0200 01/4/23, Andy De Petter wrote:
> >Is there a variable, that contains the plaintext (decrypted)
CHAP-Password,
> >for authentication packets? I want to log the username and cleartext
> >password, for all users that are authenticating.. also the ones, with
> >CHAP-Password..
> >
> >thx,
> >
> >-a
> >
> >
> >--
> >"For nothing can seem foul to those that win."
> > - Henry IV, Pt1, Act 5, Sc 1
> >
> >*** DISCLAIMER ***
> >This e-mail and any attachments thereto may contain information, which
> >is confidential and/or protected by intellectual property rights and
> >are intended for the sole use of the recipient(s) named above. Any use
> >of the information contained herein (including, but not limited to,
> >total or partial reproduction, communication or distribution in any
> >form) by persons other than the designated recipient(s) is prohibited.
> >If you have received this e-mail in error, please notify the sender
> >either by telephone or by e-mail and delete the material from any
> >computer. Thank you for your cooperation.
> >
> >
> >===
> >Archive at http://www.starport.net/~radiator/
> >Announcements on radiator-announce at open.com.au
> >To unsubscribe, email 'majordomo at open.com.au' with
> >'unsubscribe radiator' in the body of the message.
>
> --
>
> NB: I am travelling this week, so there may be delays in our
correspondence.
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 12105 invoked by uid 0); 24 Apr 2001 14:06:21 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 24 Apr 2001 14:06:21 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id WAA26247
for radiator-zzlist; Tue, 24 Apr 2001 22:40:59 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id WAA26234
for radiator at open.com.au; Tue, 24 Apr 2001 22:40:54 +1000 (EST)
>Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id WAA15418
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 24 Apr 2001 22:32:01 +1000 (EST)
Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id WAA15418
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 24 Apr 2001 22:32:01 +1000 (EST)
Received: (qmail 95315 invoked by uid 1003); 24 Apr 2001 12:30:54 -0000
Received: from lnt4exch.netcarrier.com (216.178.72.30)
by rerun.netcarrier.net with SMTP; 24 Apr 2001 12:30:54 -0000
Received: by lnt4exch.netcarrier.net with Internet Mail Service (5.5.2653.19)
id <JBLQ6GGF>; Tue, 24 Apr 2001 08:31:11 -0400
Message-ID: <F55475F2CB7AD411BA9700D0B747AFDE24D7AA at lnt4exch.netcarrier.net>
From: "Kitabjian, Dave" <dave at netcarrier.com>
To: "'Hugo Dias'" <diash at psi.com>, Radiator Mailing <radiator at open.com.au>
Subject: RE: (RADIATOR) Controlling session: DBM file
Date: Tue, 24 Apr 2001 08:31:10 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by oscar.open.com.au id WAB26234
Sender: owner-radiator at open.com.au
Precedence: bulk
I'm not an expert, but based on my experience I don't think checking the DBM
is your problem. I'm more inclined to think that, after it checks the DBM,
it's doing an snmpget and that's what's taking the time.
Do you have a NasType specified in any of your <Client> clauses? Also, after
you see the delay, grep your (DEBUG 4) logfile for "snmpget"...
Dave
> -----Original Message-----
> From: Hugo Dias [mailto:diash at psi.com]
> Sent: Monday, April 23, 2001 10:01 PM
> To: Radiator Mailing
> Subject: (RADIATOR) Controlling session: DBM file
>
>
> Hugh,
>
> I am trying to use MaxSession and SessionDatabase together but the
> radiator seens to be very low and stop to answer. I think its
> happening
> because the radiator has to check the DBM all the time.
> Could you help on
> this? I am seending a part of my configuration:
>
> <Handler NAS-Identifier = /200.188.0.*|200.188.7.*/, Class =
> DBFILE-psinet.com.br >
> AuthBy CheckDBpsinet
> AcctLogFileName %L/../acct/psinet.com.br-%Y%m%d%H
> SessionDatabase psinet.1
> #MaxSessions 1
> </Handler>
>
> <Handler NAS-Identifier = /200.188.0.*|200.188.7.*/, Class =
> DBFILE-horizontes.com.br >
> AuthBy CheckDBhorizontes
> AcctLogFileName %L/../acct/horizontes.com.br-%Y%m%d%H
> SessionDatabase inter.net.1
> #MaxSessions 1
> </Handler>
>
> <Handler NAS-Identifier = /200.188.0.*|200.188.7.*/>
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilAccept
> AuthBy CheckDBpsinet
> <AuthBy GROUP>
> AuthBy CheckDBhorizontes
> </AuthBy>
> </AuthBy>
> PostAuthHook file:"%D/scripts/post-auth.pl"
> </Handler>
>
> Thanks
> Hugo José C.C. Dias
> PSINet - Salvador
> System Administrator Manager - Latam
> 55 71 340-3301
> diash at psi.com
> Visite www.psinet.com.br - PSINet "The Internet Super Carrier"
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Andy De Petter" <adepette at krameria.net>; "Radiator Mailing"
> <radiator at open.com.au>
> Sent: Monday, April 23, 2001 8:43 PM
> Subject: Re: (RADIATOR) howto (CHAP-Password)
>
>
> >
> > Hello Andy -
> >
> > You are out of luck I am afraid - when CHAP is used, you must have
> > the plaintext password in your database, because only the
> encryptions
> > are compared.
> >
> > hth
> >
> > Hugh
> >
> >
> > At 11:17 +0200 01/4/23, Andy De Petter wrote:
> > >Is there a variable, that contains the plaintext (decrypted)
> CHAP-Password,
> > >for authentication packets? I want to log the username
> and cleartext
> > >password, for all users that are authenticating.. also the
> ones, with
> > >CHAP-Password..
> > >
> > >thx,
> > >
> > >-a
> > >
> > >
> > >--
> > >"For nothing can seem foul to those that win."
> > > - Henry IV, Pt1, Act 5, Sc 1
> > >
> > >*** DISCLAIMER ***
> > >This e-mail and any attachments thereto may contain
> information, which
> > >is confidential and/or protected by intellectual property
> rights and
> > >are intended for the sole use of the recipient(s) named
> above. Any use
> > >of the information contained herein (including, but not limited to,
> > >total or partial reproduction, communication or distribution in any
> > >form) by persons other than the designated recipient(s) is
> prohibited.
> > >If you have received this e-mail in error, please notify the sender
> > >either by telephone or by e-mail and delete the material from any
> > >computer. Thank you for your cooperation.
> > >
> > >
> > >===
> > >Archive at http://www.starport.net/~radiator/
> > >Announcements on radiator-announce at open.com.au
> > >To unsubscribe, email 'majordomo at open.com.au' with
> > >'unsubscribe radiator' in the body of the message.
> >
> > --
> >
> > NB: I am travelling this week, so there may be delays in our
> correspondence.
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 12181 invoked by uid 0); 24 Apr 2001 14:49:16 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 24 Apr 2001 14:49:16 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA26441
for radiator-zzlist; Tue, 24 Apr 2001 23:40:43 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA26411
for radiator at open.com.au; Tue, 24 Apr 2001 23:40:36 +1000 (EST)
>Received: from smtp.ca.inter.net ([38.210.35.210]) by perki.connect.com.au with ESMTP id XAA17709
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 24 Apr 2001 23:16:12 +1000 (EST)
Received: from smtp.ca.inter.net ([38.210.35.210]) by perki.connect.com.au with ESMTP id XAA17709
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Tue, 24 Apr 2001 23:16:12 +1000 (EST)
Received: from elvisg3.total.net ([204.191.95.226])
by smtp.ca.inter.net with esmtp (Exim 3.22 #1)
id 14s2fq-0005DS-00
for radiator at open.com.au; Tue, 24 Apr 2001 09:16:10 -0400
User-Agent: Microsoft-Entourage/9.0.1.3108
Date: Tue, 24 Apr 2001 09:16:10 -0400
Subject: (RADIATOR) DefaultReply and AddToReply
From: Pascal Robert <pascal at team.inter.net>
To: <radiator at open.com.au>
Message-ID: <B70AF4DA.2734%pascal at team.inter.net>
Mime-version: 1.0
Content-transfer-encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi,
I'm working with a demo with Radiator and I have a "small" problem.
One of our wholesalers want some more attributes in the reply. So I used
AddToReply to add them to the Accept-Request answer, but I also need to send
some generic attributes if the request has failed (bad username or password,
etc.).
I tried with a DefaultReply but when the request is rejected, the attributes
are not sending back to the proxy server.
Realm config:
<Realm ca.inter.net>
RewriteUsername s/^([^@]+).*/$1/
RejectHasReason
<AuthBy FILE>
Filename ./users
AddToReplyIfNotExist User-Name = 1, User-Password = 1,
User-Service = Framed-User, Ascend-Assign-IP-Pool= 0, Ascend-Idle-Limit =
1200, Proxy-State = 1
DefaultReply User-Name = 0, User-Password = 0, User-Service
= Framed-User, Ascend-Assign-IP-Pool= 0, Ascend-Idle-Limit = 1200,
Proxy-State = 1
NoDefault
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName ./detail
</Realm>
The only attribute that is sent back is:
*** Sending to 127.0.0.1 port 49259 ....
Code: Access-Reject
Identifier: 221
Authentic: 1234567890123456
Attributes:
Reply-Message = "Bad Password"
--
+--------------------------------------------------------------+
| Pascal Robert Inter.net Canada |
| |
| Gestionnaire technique de projets /Technical Project Manager |
| |
| <http://www.ca.inter.net/> pascal at team.inter.net |
+--------------------------------------------------------------+
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 12596 invoked by uid 0); 24 Apr 2001 21:36:14 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 24 Apr 2001 21:36:14 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id GAA27853
for radiator-zzlist; Wed, 25 Apr 2001 06:40:51 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id GAA27834
for radiator at open.com.au; Wed, 25 Apr 2001 06:40:45 +1000 (EST)
>Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id GAA05678
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 06:28:05 +1000 (EST)
Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id GAA05678
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 06:28:05 +1000 (EST)
Received: (qmail 98643 invoked by uid 1003); 24 Apr 2001 20:26:53 -0000
Received: from lnt4exch.netcarrier.com (216.178.72.30)
by rerun.netcarrier.net with SMTP; 24 Apr 2001 20:26:53 -0000
Received: by lnt4exch.netcarrier.net with Internet Mail Service (5.5.2653.19)
id <JBLQ6HFA>; Tue, 24 Apr 2001 16:27:11 -0400
Message-ID: <F55475F2CB7AD411BA9700D0B747AFDE24D7AD at lnt4exch.netcarrier.net>
From: "Kitabjian, Dave" <dave at netcarrier.com>
To: "'Pascal Robert'" <pascal at team.inter.net>, radiator at open.com.au
Subject: RE: (RADIATOR) DefaultReply and AddToReply
Date: Tue, 24 Apr 2001 16:27:10 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Try:
<Handler ...>
...
AuthBy CATCHALL_REJECT
RejectHasReason
</Handler>
#----------------------------------------
<AuthBy FILE>
Identifier CATCHALL_REJECT
Filename %D/users.reject
</AuthBy>
#----------------------------------------
In users.reject:
DEFAULT Auth-Type = "Reject:Your Username is completely garbled; you may
have a
noisy phone line."
Does that help?
Dave
> -----Original Message-----
> From: Pascal Robert [mailto:pascal at team.inter.net]
> Sent: Tuesday, April 24, 2001 9:16 AM
> To: radiator at open.com.au
> Subject: (RADIATOR) DefaultReply and AddToReply
>
>
> Hi,
>
> I'm working with a demo with Radiator and I have a "small" problem.
>
> One of our wholesalers want some more attributes in the
> reply. So I used
> AddToReply to add them to the Accept-Request answer, but I
> also need to send
> some generic attributes if the request has failed (bad
> username or password,
> etc.).
>
> I tried with a DefaultReply but when the request is rejected,
> the attributes
> are not sending back to the proxy server.
>
> Realm config:
>
> <Realm ca.inter.net>
> RewriteUsername s/^([^@]+).*/$1/
> RejectHasReason
> <AuthBy FILE>
> Filename ./users
> AddToReplyIfNotExist User-Name = 1, User-Password = 1,
> User-Service = Framed-User, Ascend-Assign-IP-Pool= 0,
> Ascend-Idle-Limit =
> 1200, Proxy-State = 1
> DefaultReply User-Name = 0, User-Password =
> 0, User-Service
> = Framed-User, Ascend-Assign-IP-Pool= 0, Ascend-Idle-Limit = 1200,
> Proxy-State = 1
> NoDefault
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AcctLogFileName ./detail
> </Realm>
>
> The only attribute that is sent back is:
>
> *** Sending to 127.0.0.1 port 49259 ....
> Code: Access-Reject
> Identifier: 221
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Bad Password"
>
> --
> +--------------------------------------------------------------+
> | Pascal Robert Inter.net Canada |
> | |
> | Gestionnaire technique de projets /Technical Project Manager |
> | |
> | <http://www.ca.inter.net/> pascal at team.inter.net |
> +--------------------------------------------------------------+
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 12840 invoked by uid 0); 25 Apr 2001 02:56:16 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 02:56:16 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA29064
for radiator-zzlist; Wed, 25 Apr 2001 11:40:38 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA29027
for radiator at open.com.au; Wed, 25 Apr 2001 11:40:30 +1000 (EST)
>Received: from dns2.corp.netpci.com (dns2.corp.netpci.com [202.128.70.2]) by perki.connect.com.au with ESMTP id LAA18225
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 11:14:13 +1000 (EST)
Received: from dns2.corp.netpci.com (dns2.corp.netpci.com [202.128.70.2]) by perki.connect.com.au with ESMTP id LAA18225
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 11:14:13 +1000 (EST)
Received: from corp.netpci.com ([202.128.70.43])
by dns2.corp.netpci.com (8.8.8/8.8.8) with ESMTP id LAA10409
for <radiator at open.com.au>; Wed, 25 Apr 2001 11:12:33 +1000 (GST)
Message-ID: <3AE624D3.29EA764 at corp.netpci.com>
Date: Wed, 25 Apr 2001 11:13:55 +1000
From: Janet N del Mundo <jdelmundo at corp.netpci.com>
Organization: Startec Global Communications
X-Mailer: Mozilla 4.72 [en] (Win98; U)
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: radiator at open.com.au
Subject: Re: (RADIATOR) snmpget fro TotalControlSNMP
Content-Type: multipart/mixed;
boundary="------------D1460149E0E7F4267AB8F525"
Sender: owner-radiator at open.com.au
Precedence: bulk
This is a multi-part message in MIME format.
--------------D1460149E0E7F4267AB8F525
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Did anyone ever get the MIB mentioned in this particular article? I'm
getting the same error messages for snmpget (TotalControlSNMP).
The STDERR output was Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
This name doesn't exist:
enterprises.429.4.2.1.140.1.2.8.51.52.54.48.51.50.52.49
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
This name doesn't exist:
enterprises.429.4.2.1.140.1.2.8.51.51.56.56.50.51.51.49
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
This name doesn't exist:
enterprises.429.4.2.1.140.1.2.8.51.52.48.55.56.57.53.48
TIA!
Janet
http://www.starport.net/~radiator/2000-09/msg00155.html
--
_____________________________________________________
Janet del Mundo
Internet Administrator, Startec Global Communications
135 Chalan Santo Papa Agana, Guam 96910
Email: jdelmundo at corp.netpci.com
--------------D1460149E0E7F4267AB8F525
Content-Type: text/html; charset=iso-8859-1;
name="msg00155.html"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline;
filename="msg00155.html"
Content-Base: "http://www.starport.net/~radiator/2000
-09/msg00155.html"
Content-Location: "http://www.starport.net/~radiator/2000
-09/msg00155.html"
<!-- MHonArc v2.3.3 -->
<!--X-Subject: Re: (RADIATOR) snmpget fro TotalControlSNMP -->
<!--X-From: Hugh Irvine <hugh at open.com.au> -->
<!--X-Date: 28 Sep 2000 00:48:51 -0000 -->
<!--X-Message-Id: 0009281023110L.01036 at hugo -->
<!--X-Content-Type: text/plain -->
<!--X-Reference: 200009270820.IAA22093 at mx1.office.telia-iberia.com -->
<!--X-Reference: 200009270820.IAA22093 at mx1.office.telia-iberia.com -->
<!--X-Head-End-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML//EN">
<HTML>
<HEAD>
<TITLE>Re: (RADIATOR) snmpget fro TotalControlSNMP</TITLE>
<LINK REV="made" HREF="mailto:hugh at open.com.au">
</HEAD>
<BODY>
<!--X-Body-Begin-->
<!--X-User-Header-->
<!--X-User-Header-End-->
<!--X-TopPNI-->
<HR>
[<A HREF="msg00154.html">Date Prev</A>][<A HREF="msg00156.html">Date Next</A>][<A HREF="msg00152.html">Thread Prev</A>][<A HREF="msg00150.html">Thread Next</A>][<A HREF="maillist.html#00155">Date Index</A>][<A HREF="threads.html#00155">Thread Index</A>]
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<H1>Re: (RADIATOR) snmpget fro TotalControlSNMP</H1>
<HR>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<UL>
<LI><em>To</em>: "Jesús M Díaz" <<A HREF="mailto:jesus.diaz at telia.es">jesus.diaz at telia.es</A>>, "Jesús M Díaz" <<A HREF="mailto:jesus.diaz at telia.es">jesus.diaz at telia.es</A>>, "SaJaRi" <<A HREF="mailto:sajari at singnet.com.sg">sajari at singnet.com.sg</A>></LI>
<LI><em>Subject</em>: Re: (RADIATOR) snmpget fro TotalControlSNMP</LI>
<LI><em>From</em>: Hugh Irvine <<A HREF="mailto:hugh at open.com.au">hugh at open.com.au</A>></LI>
<LI><em>Date</em>: Thu, 28 Sep 2000 10:22:09 +1100</LI>
<LI><em>>Received</em>: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id KAA27620 (8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 28 Sep 2000 10:25:02 +1100 (EST)</LI>
<LI><em>Cc</em>: "<A HREF="mailto:radiator at open.com.au">radiator at open.com.au</A>" <<A HREF="mailto:radiator at open.com.au">radiator at open.com.au</A>></LI>
<LI><em>In-Reply-To</em>: <<A HREF="msg00149.html">200009270820.IAA22093 at mx1.office.telia-iberia.com</A>></LI>
<LI><em>Organization</em>: Open System Consultants</LI>
<LI><em>References</em>: <<A HREF="msg00149.html">200009270820.IAA22093 at mx1.office.telia-iberia.com</A>></LI>
<LI><em>Reply-To</em>: <A HREF="mailto:hugh at open.com.au">hugh at open.com.au</A></LI>
<LI><em>Sender</em>: <A HREF="mailto:owner-radiator at open.com.au">owner-radiator at open.com.au</A></LI>
</UL>
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<HR>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<PRE>
Hello Jesús -
On Wed, 27 Sep 2000, Jesús M Díaz wrote:
> we have 3Com H.ARC, and when i try the snmp command you are talking
> about, i get:
>
> root at herbert # snmpget nas *****
> .iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.8.49.56.50
> ..56.52.53.52.54
> EError in packet
> Reason: (noSuchName) There is no such variable name in this MIB.
> This name doesn't exist:
> enterprises.429.4.2.1.140.1.2.8.49.56.50.56.52.53.52.54
>
If someone can send us the correct MIB for this device, we will fix the problem.
many thanks
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at <A HREF="http://www.starport.net/~radiator/">http://www.starport.net/~radiator/</A>
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
</PRE>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<HR>
<!--X-Follow-Ups-End-->
<!--X-References-->
<UL><LI><STRONG>References</STRONG>:
<UL>
<LI><STRONG><A NAME="00149" HREF="msg00149.html">Re: (RADIATOR) snmpget fro TotalControlSNMP</A></STRONG>
<UL><LI><EM>From:</EM> "Jesús M Díaz" <jesus.diaz at telia.es></LI></UL></LI>
<LI><STRONG><A NAME="00149" HREF="msg00149.html">Re: (RADIATOR) snmpget fro TotalControlSNMP</A></STRONG>
<UL><LI><EM>From:</EM> "Jesús M Díaz" <jesus.diaz at telia.es></LI></UL></LI>
</UL></LI></UL>
<!--X-References-End-->
<!--X-BotPNI-->
<UL>
<LI>Prev by Date:
<STRONG><A HREF="msg00154.html">(RADIATOR) aaa what am I missing</A></STRONG>
</LI>
<LI>Next by Date:
<STRONG><A HREF="msg00156.html">Re: (RADIATOR) aaa what am I missing</A></STRONG>
</LI>
<LI>Prev by thread:
<STRONG><A HREF="msg00152.html">Re: (RADIATOR) snmpget fro TotalControlSNMP</A></STRONG>
</LI>
<LI>Next by thread:
<STRONG><A HREF="msg00150.html">Re: (RADIATOR) snmpget fro TotalControlSNMP</A></STRONG>
</LI>
<LI>Index(es):
<UL>
<LI><A HREF="maillist.html#00155"><STRONG>Date</STRONG></A></LI>
<LI><A HREF="threads.html#00155"><STRONG>Thread</STRONG></A></LI>
</UL>
</LI>
</UL>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</BODY>
</HTML>
--------------D1460149E0E7F4267AB8F525--
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 12904 invoked by uid 0); 25 Apr 2001 03:56:07 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 03:56:07 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA29276
for radiator-zzlist; Wed, 25 Apr 2001 12:41:14 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA29246
for radiator at open.com.au; Wed, 25 Apr 2001 12:41:07 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA21033
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 12:20:23 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA21033
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 12:20:23 +1000 (EST)
Received: from [210.10.197.162] (acc7-ppp247.bri.dialup.connect.net.au [210.10.195.247])
by entoo.connect.com.au (Postfix) with ESMTP
id 1B1C8DD2E2; Wed, 25 Apr 2001 12:17:50 +1000 (EST)
<a04320403b70a6e3ba98a@[10.1.1.30]>
<060b01c0cc62$6707f550$8303a8c0 at oxumare>
Mime-Version: 1.0
X-Sender: hugh at oscar.open.com.au
Message-Id: <a04320407b70b61fc5bb1@[210.10.197.162]>
In-Reply-To: <060b01c0cc62$6707f550$8303a8c0 at oxumare>
References: <NMEIJMCFCECINGDHLNMOAEJEFGAA.adepette at krameria.net>
<a04320403b70a6e3ba98a@[10.1.1.30]>
<060b01c0cc62$6707f550$8303a8c0 at oxumare>
Date: Wed, 25 Apr 2001 03:02:57 +1000
To: "Hugo Dias" <diash at psi.com>, "Radiator Mailing" <radiator at open.com.au>
From: Hugh Irvine <hugh at open.com.au>
Subject: Re: (RADIATOR) Controlling session: DBM file
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by oscar.open.com.au id MAB29246
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Hugo -
I will need to see the complete configuration file and a trace 4
debug from Radiator showing what is happening.
thanks
Hugh
At 23:00 -0300 01/4/23, Hugo Dias wrote:
>Hugh,
>
> I am trying to use MaxSession and SessionDatabase together but the
>radiator seens to be very low and stop to answer. I think its happening
>because the radiator has to check the DBM all the time. Could you help on
>this? I am seending a part of my configuration:
>
><Handler NAS-Identifier = /200.188.0.*|200.188.7.*/, Class =
>DBFILE-psinet.com.br >
>AuthBy CheckDBpsinet
>AcctLogFileName %L/../acct/psinet.com.br-%Y%m%d%H
>SessionDatabase psinet.1
>#MaxSessions 1
></Handler>
>
><Handler NAS-Identifier = /200.188.0.*|200.188.7.*/, Class =
>DBFILE-horizontes.com.br >
>AuthBy CheckDBhorizontes
>AcctLogFileName %L/../acct/horizontes.com.br-%Y%m%d%H
>SessionDatabase inter.net.1
>#MaxSessions 1
></Handler>
>
><Handler NAS-Identifier = /200.188.0.*|200.188.7.*/>
><AuthBy GROUP>
> AuthByPolicy ContinueUntilAccept
> AuthBy CheckDBpsinet
> <AuthBy GROUP>
> AuthBy CheckDBhorizontes
> </AuthBy>
></AuthBy>
>PostAuthHook file:"%D/scripts/post-auth.pl"
></Handler>
>
>Thanks
>Hugo José C.C. Dias
>PSINet - Salvador
>System Administrator Manager - Latam
>55 71 340-3301
>diash at psi.com
>Visite www.psinet.com.br - PSINet "The Internet Super Carrier"
>
>----- Original Message -----
>From: "Hugh Irvine" <hugh at open.com.au>
>To: "Andy De Petter" <adepette at krameria.net>; "Radiator Mailing"
><radiator at open.com.au>
>Sent: Monday, April 23, 2001 8:43 PM
>Subject: Re: (RADIATOR) howto (CHAP-Password)
>
>
>>
>> Hello Andy -
>>
>> You are out of luck I am afraid - when CHAP is used, you must have
>> the plaintext password in your database, because only the encryptions
>> are compared.
>>
>> hth
>>
>> Hugh
>>
>>
>> At 11:17 +0200 01/4/23, Andy De Petter wrote:
>> >Is there a variable, that contains the plaintext (decrypted)
>CHAP-Password,
>> >for authentication packets? I want to log the username and cleartext
>> >password, for all users that are authenticating.. also the ones, with
>> >CHAP-Password..
>> >
>> >thx,
>> >
>> >-a
>> >
>> >
>> >--
>> >"For nothing can seem foul to those that win."
>> > - Henry IV, Pt1, Act 5, Sc 1
>> >
>> >*** DISCLAIMER ***
>> >This e-mail and any attachments thereto may contain information, which
>> >is confidential and/or protected by intellectual property rights and
>> >are intended for the sole use of the recipient(s) named above. Any use
>> >of the information contained herein (including, but not limited to,
>> >total or partial reproduction, communication or distribution in any
>> >form) by persons other than the designated recipient(s) is prohibited.
>> >If you have received this e-mail in error, please notify the sender
>> >either by telephone or by e-mail and delete the material from any
>> >computer. Thank you for your cooperation.
>> >
>> >
>> >===
>> >Archive at http://www.starport.net/~radiator/
>> >Announcements on radiator-announce at open.com.au
>> >To unsubscribe, email 'majordomo at open.com.au' with
>> >'unsubscribe radiator' in the body of the message.
>>
>> --
>>
>> NB: I am travelling this week, so there may be delays in our
>correspondence.
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
>> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>>
>> ===
>> Archive at http://www.starport.net/~radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13004 invoked by uid 0); 25 Apr 2001 05:20:06 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 05:20:06 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA29837
for radiator-zzlist; Wed, 25 Apr 2001 14:10:39 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA29807
for radiator at open.com.au; Wed, 25 Apr 2001 14:10:32 +1000 (EST)
>Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id NAA24459
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 13:34:32 +1000 (EST)
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id NAA24459
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 13:34:32 +1000 (EST)
Received: from noc ([216.152.29.146])
by starship.anc.net (8.9.3+blt/8.9.3) with SMTP id WAA06717
for <radiator at open.com.au>; Tue, 24 Apr 2001 22:34:27 -0500 (CDT)
Message-Id: <4.1.20010424223644.0098d390 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Tue, 24 Apr 2001 22:36:46 -0500
To: radiator at open.com.au
From: John Coy <jcoy at anc.net>
Subject: (RADIATOR) Ascend-Multicast-Client
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Greetings all!
It's been a long time since I've posted to this list -- probably
a good sign because my RADIUS server has been authenticating nicely
for several years now. I'm preparing to upgrade from 2.13 to 2.18
which is exciting, and a testimony to the rock-solid software these
guys at Open System Consultants produce.
In any case, I'm trying to figure out a few attributes that appear
in the large dictionary file that ships with the 2.18 server. I'm
particularly curious about the Ascend-Multicast-Client and
the Ascend-Multicast-Rate-Limit attributes. In my *old* dictionary
file (which seems to match the dictionary.ascend file which ships
with 2.18) these attributes are defined as:
ATTRIBUTE Ascend-Multicast-Client 155 integer
VALUE Ascend-Multicast-Client Multicast-No 0
VALUE Ascend-Multicast-Client Multicast-Yes 1
ATTRIBUTE Ascend-Multicast-Rate-Limit 152 integer
However, in the new 2.18 dictionary file:
VENDORATTR 2637 CVX-Ascend-Multicast-Client 155 integer
VALUE CVX-Ascend-Multicast-Client No 0
VALUE CVX-Ascend-Multicast-Client Yes 1
VENDORATTR 2637 CVX-Ascend-Multicast-Rate-Limit 152 integer
Now, the integer value of these attributes is the same (155 and 152) --
however, the VENDORATTR is definately different -- seems to reference the
Nortel CVX's even though the Ascend-* attributes are Ascend
"non-standard" attributes.
In any case, I'm curious about this discrepancy and what steps I
need to do to address it? I considered changing the reply attribute
in my users file to CVX-Ascend-Multicast-Client, but was concerned
that it wouldn't be recognized by my Ascend boxes due to the VENDORATTR
tag...
In any case, guidance would be greatly appreciated!
John Coy
Arkansas.Net
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13033 invoked by uid 0); 25 Apr 2001 05:44:57 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 05:44:57 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA29961
for radiator-zzlist; Wed, 25 Apr 2001 14:40:45 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA29923
for radiator at open.com.au; Wed, 25 Apr 2001 14:40:36 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id OAA25889
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 14:06:25 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id OAA25889
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 14:06:25 +1000 (EST)
Received: from [210.10.197.162] (acc9-ppp221.bri.dialup.connect.net.au [210.10.197.221])
by entoo.connect.com.au (Postfix) with ESMTP
id 667FDDD792; Wed, 25 Apr 2001 14:03:43 +1000 (EST)
Mime-Version: 1.0
X-Sender: hugh at oscar.open.com.au
Message-Id: <a0432040db70be90a3a5c@[210.10.197.162]>
In-Reply-To: <B70AF4DA.2734%pascal at team.inter.net>
References: <B70AF4DA.2734%pascal at team.inter.net>
Date: Wed, 25 Apr 2001 12:41:01 +1000
To: Pascal Robert <pascal at team.inter.net>, <radiator at open.com.au>
From: Hugh Irvine <hugh at open.com.au>
Subject: Re: (RADIATOR) DefaultReply and AddToReply
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-radiator at open.com.au
Precedence: bulk
Salut Pascal -
I think I need a bit more detail - do you want to add attributes to
Access-Accept messages, or to Access-Reject messages? Or both?
I must confess I don't understand your example below.
thanks
Hugh
At 9:16 -0400 01/4/24, Pascal Robert wrote:
>Hi,
>
>I'm working with a demo with Radiator and I have a "small" problem.
>
>One of our wholesalers want some more attributes in the reply. So I used
>AddToReply to add them to the Accept-Request answer, but I also need to send
>some generic attributes if the request has failed (bad username or password,
>etc.).
>
>I tried with a DefaultReply but when the request is rejected, the attributes
>are not sending back to the proxy server.
>
>Realm config:
>
><Realm ca.inter.net>
> RewriteUsername s/^([^@]+).*/$1/
> RejectHasReason
> <AuthBy FILE>
> Filename ./users
> AddToReplyIfNotExist User-Name = 1, User-Password = 1,
>User-Service = Framed-User, Ascend-Assign-IP-Pool= 0, Ascend-Idle-Limit =
>1200, Proxy-State = 1
> DefaultReply User-Name = 0, User-Password = 0, User-Service
>= Framed-User, Ascend-Assign-IP-Pool= 0, Ascend-Idle-Limit = 1200,
>Proxy-State = 1
> NoDefault
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AcctLogFileName ./detail
></Realm>
>
>The only attribute that is sent back is:
>
>*** Sending to 127.0.0.1 port 49259 ....
>Code: Access-Reject
>Identifier: 221
>Authentic: 1234567890123456
>Attributes:
> Reply-Message = "Bad Password"
>
>--
>+--------------------------------------------------------------+
>| Pascal Robert Inter.net Canada |
>| |
>| Gestionnaire technique de projets /Technical Project Manager |
>| |
>| <http://www.ca.inter.net/> pascal at team.inter.net |
>+--------------------------------------------------------------+
>
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13051 invoked by uid 0); 25 Apr 2001 06:04:50 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 06:04:50 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA00069
for radiator-zzlist; Wed, 25 Apr 2001 14:58:26 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA00064
for radiator at open.com.au; Wed, 25 Apr 2001 14:58:22 +1000 (EST)
From: "Mike McCauley" <mikem at open.com.au>
Message-Id: <1010425145821.ZM62 at oscar.open.com.au>
Date: Wed, 25 Apr 2001 14:58:20 -0500
X-Mailer: Z-Mail (4.0.1 13Jan97)
To: radiator at open.com.au
Subject: (RADIATOR) Ascend-Multicast-Client
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
--- Forwarded mail from owner-radiator at open.com.au
Date: Wed, 25 Apr 2001 12:42:06 +1000 (EST)
From: owner-radiator at open.com.au
To: owner-radiator at open.com.au
Subject: BOUNCE radiator at open.com.au: Non-member submission from [John Coy
<jcoy at anc.net>]
>From mikem Wed Apr 25 12:41:59 2001
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA29567
for radiator at open.com.au; Wed, 25 Apr 2001 12:41:59 +1000 (EST)
>Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by
perki.connect.com.au with ESMTP id MAA21602
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 12:32:18 +1000
(EST)
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by
perki.connect.com.au with ESMTP id MAA21602
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 12:32:18 +1000
(EST)
Received: from noc ([216.152.29.146])
by starship.anc.net (8.9.3+blt/8.9.3) with SMTP id VAA26196
for <radiator at open.com.au>; Tue, 24 Apr 2001 21:31:44 -0500 (CDT)
Message-Id: <4.1.20010424212618.00982360 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Tue, 24 Apr 2001 21:33:57 -0500
To: radiator at open.com.au
From: John Coy <jcoy at anc.net>
Subject: Ascend-Multicast-Client
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Greetings all!
It's been a long time since I've posted to this list -- probably
a good sign because my RADIUS server has been authenticating nicely
for several years now. I'm preparing to upgrade from 2.13 to 2.18
which is exciting, and a testimony to the rock-solid software these
guys at Open System Consultants produce.
In any case, I'm trying to figure out a few attributes that appear
in the large dictionary file that ships with the 2.18 server. I'm
particularly curious about the Ascend-Multicast-Client and
the Ascend-Multicast-Rate-Limit attributes. In my *old* dictionary
file (which seems to match the dictionary.ascend file which ships
with 2.18) these attributes are defined as:
ATTRIBUTE Ascend-Multicast-Client 155 integer
VALUE Ascend-Multicast-Client Multicast-No 0
VALUE Ascend-Multicast-Client Multicast-Yes 1
ATTRIBUTE Ascend-Multicast-Rate-Limit 152 integer
However, in the new 2.18 dictionary file:
VENDORATTR 2637 CVX-Ascend-Multicast-Client 155 integer
VALUE CVX-Ascend-Multicast-Client No 0
VALUE CVX-Ascend-Multicast-Client Yes 1
VENDORATTR 2637 CVX-Ascend-Multicast-Rate-Limit 152 integer
Now, the integer value of these attributes is the same (155 and 152) --
however, the VENDORATTR is definately different -- seems to reference the
Nortel CVX's even though the Ascend-* attributes are Ascend
"non-standard" attributes.
In any case, I'm curious about this discrepancy and what steps I
need to do to address it? I considered changing the reply attribute
in my users file to CVX-Ascend-Multicast-Client, but was concerned
that it wouldn't be recognized by my Ascend boxes due to the VENDORATTR
tag...
In any case, guidance would be greatly appreciated!
John Coy
Arkansas.Net
---End of forwarded mail from owner-radiator at open.com.au
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13071 invoked by uid 0); 25 Apr 2001 06:17:42 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 06:17:42 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA00217
for radiator-zzlist; Wed, 25 Apr 2001 15:10:46 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA00175
for radiator at open.com.au; Wed, 25 Apr 2001 15:10:35 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id OAA27915
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 14:49:36 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id OAA27915
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 14:49:36 +1000 (EST)
Received: from [210.10.197.162] (acc7-ppp83.bri.dialup.connect.net.au [210.10.195.83])
by entoo.connect.com.au (Postfix) with ESMTP
id BEB52DD5E4; Wed, 25 Apr 2001 14:47:01 +1000 (EST)
Mime-Version: 1.0
X-Sender: hugh at oscar.open.com.au
Message-Id: <a0432040fb70c055f3bc7@[210.10.197.162]>
In-Reply-To: <4.1.20010424223644.0098d390 at pop3.anc.net>
References: <4.1.20010424223644.0098d390 at pop3.anc.net>
Date: Wed, 25 Apr 2001 14:48:54 +1000
To: John Coy <jcoy at anc.net>, radiator at open.com.au
From: Hugh Irvine <hugh at open.com.au>
Subject: Re: (RADIATOR) Ascend-Multicast-Client
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello John -
Thanks for your positive comments - I hope you are telling everyone
you know to buy and use Radiator! :-)
In answer to your question, you should *not* use CVX attributes on
your Ascend gear - they will not work.
The real answer to your question depends on whether you are running
old Ascend software on your NAS(s) or new Ascend software. If you are
running old software that uses "illegal" attribute numbers, you
should copy the definitions from the file "dictionary.ascend" to the
file "dictionary". Otherwise, if you are using new Ascend software
that supports the new Ascend vendor-specifics, you should copy the
definitions from "dictionary.ascend2" to "dictionary".
hth
Hugh
At 22:36 -0500 01/4/24, John Coy wrote:
>Greetings all!
>
>It's been a long time since I've posted to this list -- probably
>a good sign because my RADIUS server has been authenticating nicely
>for several years now. I'm preparing to upgrade from 2.13 to 2.18
>which is exciting, and a testimony to the rock-solid software these
>guys at Open System Consultants produce.
>
>In any case, I'm trying to figure out a few attributes that appear
>in the large dictionary file that ships with the 2.18 server. I'm
>particularly curious about the Ascend-Multicast-Client and
>the Ascend-Multicast-Rate-Limit attributes. In my *old* dictionary
>file (which seems to match the dictionary.ascend file which ships
>with 2.18) these attributes are defined as:
>
>ATTRIBUTE Ascend-Multicast-Client 155 integer
>VALUE Ascend-Multicast-Client Multicast-No 0
>VALUE Ascend-Multicast-Client Multicast-Yes 1
>
>ATTRIBUTE Ascend-Multicast-Rate-Limit 152 integer
>
>However, in the new 2.18 dictionary file:
>
>VENDORATTR 2637 CVX-Ascend-Multicast-Client 155 integer
>VALUE CVX-Ascend-Multicast-Client No 0
>VALUE CVX-Ascend-Multicast-Client Yes 1
>
>VENDORATTR 2637 CVX-Ascend-Multicast-Rate-Limit 152 integer
>
>
>Now, the integer value of these attributes is the same (155 and 152) --
>however, the VENDORATTR is definately different -- seems to reference the
>Nortel CVX's even though the Ascend-* attributes are Ascend
>"non-standard" attributes.
>
>In any case, I'm curious about this discrepancy and what steps I
>need to do to address it? I considered changing the reply attribute
>in my users file to CVX-Ascend-Multicast-Client, but was concerned
>that it wouldn't be recognized by my Ascend boxes due to the VENDORATTR
>tag...
>
>In any case, guidance would be greatly appreciated!
>
>John Coy
>Arkansas.Net
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13079 invoked by uid 0); 25 Apr 2001 06:18:41 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 06:18:41 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA00229
for radiator-zzlist; Wed, 25 Apr 2001 15:10:48 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA00183
for radiator at open.com.au; Wed, 25 Apr 2001 15:10:37 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id OAA27945
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 14:51:21 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id OAA27945
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 14:51:21 +1000 (EST)
Received: from [210.10.197.162] (acc7-ppp83.bri.dialup.connect.net.au [210.10.195.83])
by entoo.connect.com.au (Postfix) with ESMTP
id 8C992DD7DD; Wed, 25 Apr 2001 14:48:47 +1000 (EST)
Mime-Version: 1.0
X-Sender: hugh at oscar.open.com.au
Message-Id: <a04320410b70c0830e531@[210.10.197.162]>
In-Reply-To: <4.1.20010424223644.0098d390 at pop3.anc.net>
References: <4.1.20010424223644.0098d390 at pop3.anc.net>
Date: Wed, 25 Apr 2001 14:52:00 +1000
To: John Coy <jcoy at anc.net>, radiator at open.com.au
From: Hugh Irvine <hugh at open.com.au>
Subject: Re: (RADIATOR) Ascend-Multicast-Client
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi John -
BTW - please make sure you pick up all the patches for Radiator 2.18,
as there have been quite a few fixes posted.
cheers
Hugh
At 22:36 -0500 01/4/24, John Coy wrote:
>Greetings all!
>
>It's been a long time since I've posted to this list -- probably
>a good sign because my RADIUS server has been authenticating nicely
>for several years now. I'm preparing to upgrade from 2.13 to 2.18
>which is exciting, and a testimony to the rock-solid software these
>guys at Open System Consultants produce.
>
>In any case, I'm trying to figure out a few attributes that appear
>in the large dictionary file that ships with the 2.18 server. I'm
>particularly curious about the Ascend-Multicast-Client and
>the Ascend-Multicast-Rate-Limit attributes. In my *old* dictionary
>file (which seems to match the dictionary.ascend file which ships
>with 2.18) these attributes are defined as:
>
>ATTRIBUTE Ascend-Multicast-Client 155 integer
>VALUE Ascend-Multicast-Client Multicast-No 0
>VALUE Ascend-Multicast-Client Multicast-Yes 1
>
>ATTRIBUTE Ascend-Multicast-Rate-Limit 152 integer
>
>However, in the new 2.18 dictionary file:
>
>VENDORATTR 2637 CVX-Ascend-Multicast-Client 155 integer
>VALUE CVX-Ascend-Multicast-Client No 0
>VALUE CVX-Ascend-Multicast-Client Yes 1
>
>VENDORATTR 2637 CVX-Ascend-Multicast-Rate-Limit 152 integer
>
>
>Now, the integer value of these attributes is the same (155 and 152) --
>however, the VENDORATTR is definately different -- seems to reference the
>Nortel CVX's even though the Ascend-* attributes are Ascend
>"non-standard" attributes.
>
>In any case, I'm curious about this discrepancy and what steps I
>need to do to address it? I considered changing the reply attribute
>in my users file to CVX-Ascend-Multicast-Client, but was concerned
>that it wouldn't be recognized by my Ascend boxes due to the VENDORATTR
>tag...
>
>In any case, guidance would be greatly appreciated!
>
>John Coy
>Arkansas.Net
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13144 invoked by uid 0); 25 Apr 2001 06:51:42 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 06:51:42 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA00414
for radiator-zzlist; Wed, 25 Apr 2001 15:41:01 +1000 (EST)
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA00356
for radiator at open.com.au; Wed, 25 Apr 2001 15:40:52 +1000 (EST)
>Received: from office.ales.kraft-s.net (office.ales.kraft-s.net [213.156.193.4]) by perki.connect.com.au with ESMTP id PAA29450
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 15:23:27 +1000 (EST)
Received: from office.ales.kraft-s.net (office.ales.kraft-s.net [213.156.193.4]) by perki.connect.com.au with ESMTP id PAA29450
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 15:23:27 +1000 (EST)
Received: (from ales at localhost)
by office.ales.kraft-s.net (8.11.3/8.11.3) id f3P5NNl01280
for radiator at open.com.au.AVP; Wed, 25 Apr 2001 10:23:23 +0500
Received: from localhost (localhost [[UNIX: localhost]])
by office.ales.kraft-s.net (8.11.3/8.11.3) id f3P5NM201264;
Wed, 25 Apr 2001 10:23:22 +0500
X-Authentication-Warning: office.ales.kraft-s.net: ales set sender to ales at office.ales.kraft-s.net using -f
From: "Alexey A. Shavaldin" <ales at office.ales.kraft-s.net>
Organization: Kraft-S, JSC
To: Janet N del Mundo <jdelmundo at corp.netpci.com>
Subject: Re: (RADIATOR) snmpget fro TotalControlSNMP
Date: Wed, 25 Apr 2001 10:23:22 +0500
X-Mailer: KMail [version 1.2]
References: <3AE624D3.29EA764 at corp.netpci.com>
In-Reply-To: <3AE624D3.29EA764 at corp.netpci.com>
Cc: radiator at open.com.au
MIME-Version: 1.0
Message-Id: <01042510232200.01224 at office.ales.kraft-s.net>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="koi8-r"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello !
On Wednesday 25 April 2001 06:13 am, you wrote:
> Did anyone ever get the MIB mentioned in this particular article? I'm
> getting the same error messages for snmpget (TotalControlSNMP).
My Nas.pm modification:
Find subfunction isOnlineTotalControlSNMP in Nas.pm. Try to replace the
corresponding code there with the following:
$nas_port=$nas_port+1256;
my $result = &Radius::SNMP::snmpget($nas_id,
$client->{SNMPCommunity}, "$Radius::Nas::TCMIB.4.10.1.1.18.$nas_port");
> The STDERR output was Error in packet
> Reason: (noSuchName) There is no such variable name in this MIB.
> This name doesn't exist:
> enterprises.429.4.2.1.140.1.2.8.51.52.54.48.51.50.52.49
Hope this helps.
--
With regards,
Alexey A. Shavaldin ales at kraft-s.ru
--------------------
System Administrator
of Kraft-S, JSC
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13202 invoked by uid 0); 25 Apr 2001 07:44:06 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 07:44:06 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA00615
for radiator-zzlist; Wed, 25 Apr 2001 16:40:58 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA00592
for radiator at open.com.au; Wed, 25 Apr 2001 16:40:51 +1000 (EST)
>Received: from dns2.corp.netpci.com (dns2.corp.netpci.com [202.128.70.2]) by perki.connect.com.au with ESMTP id QAA01921
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 16:15:53 +1000 (EST)
Received: from dns2.corp.netpci.com (dns2.corp.netpci.com [202.128.70.2]) by perki.connect.com.au with ESMTP id QAA01921
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Wed, 25 Apr 2001 16:15:53 +1000 (EST)
Received: from corp.netpci.com ([202.128.70.43])
by dns2.corp.netpci.com (8.8.8/8.8.8) with ESMTP id QAA17204;
Wed, 25 Apr 2001 16:14:08 +1000 (GST)
Message-ID: <3AE66B66.A8FC0C8B at corp.netpci.com>
Date: Wed, 25 Apr 2001 16:15:02 +1000
From: Janet N del Mundo <jdelmundo at corp.netpci.com>
Organization: Startec Global Communications
X-Mailer: Mozilla 4.72 [en] (Win98; U)
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: "Alexey A. Shavaldin" <ales at office.ales.kraft-s.net>
CC: radiator at open.com.au
Subject: Re: (RADIATOR) snmpget fro TotalControlSNMP
References: <3AE624D3.29EA764 at corp.netpci.com> <01042510232200.01224 at office.ales.kraft-s.net>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
This looks like the old code from version 2.15... That version worked
fine with me too. I guess I'll change the subfunction back to 2.15.
Thank you!
Janet
"Alexey A. Shavaldin" wrote:
>
> Hello !
>
> On Wednesday 25 April 2001 06:13 am, you wrote:
> > Did anyone ever get the MIB mentioned in this particular article? I'm
> > getting the same error messages for snmpget (TotalControlSNMP).
>
> My Nas.pm modification:
>
> Find subfunction isOnlineTotalControlSNMP in Nas.pm. Try to replace the
> corresponding code there with the following:
>
> $nas_port=$nas_port+1256;
> my $result = &Radius::SNMP::snmpget($nas_id,
> $client->{SNMPCommunity}, "$Radius::Nas::TCMIB.4.10.1.1.18.$nas_port");
>
> > The STDERR output was Error in packet
> > Reason: (noSuchName) There is no such variable name in this MIB.
> > This name doesn't exist:
> > enterprises.429.4.2.1.140.1.2.8.51.52.54.48.51.50.52.49
>
> Hope this helps.
>
> --
> With regards,
> Alexey A. Shavaldin ales at kraft-s.ru
> --------------------
> System Administrator
> of Kraft-S, JSC
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
_____________________________________________________
Janet del Mundo
Internet Administrator, Startec Global Communications
135 Chalan Santo Papa Agana, Guam 96910
Email: jdelmundo at corp.netpci.com
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13312 invoked by uid 0); 25 Apr 2001 09:18:47 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 09:18:47 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id SAA01147
for radiator-zzlist; Wed, 25 Apr 2001 18:11:02 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id SAA01131;
Wed, 25 Apr 2001 18:10:56 +1000 (EST)
From: joy at jadephil.net
>Received: from pop.jadephil.net ([203.177.38.6]) by perki.connect.com.au with ESMTP id RAA06169
(8.8.8/IDA-1.7); Wed, 25 Apr 2001 17:59:51 +1000 (EST)
Received: from pop.jadephil.net ([203.177.38.6]) by perki.connect.com.au with ESMTP id RAA06169
(8.8.8/IDA-1.7); Wed, 25 Apr 2001 17:59:51 +1000 (EST)
Received: from Perl SendMail Module 2.03 (www2 [203.177.38.8])
by pop.jadephil.net (Postfix) with SMTP
id 8933C3AE; Wed, 25 Apr 2001 16:05:56 +0800 (PHT)
To: "posthook" <hugh at open.com.au>, radiator at open.com.au
Subject: (RADIATOR) posthook
Reply-To: joy at jadephil.net
Url: http://www.tneoh.zoneit.com/perl/SendMail/
X-Mailer: Perl SendMail Module 2.03
Message-Id: <20010425080556.8933C3AE at pop.jadephil.net>
Date: Wed, 25 Apr 2001 16:05:56 +0800 (PHT)
Content-Type: text
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi Hugh,
i want to write a hook to find out if the user is already in the RADUSAGE table or not. if not the username will be added to the USEDCARDS table.
Can you give me a hint or can say me what i must write to the config file?
Joy
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13778 invoked by uid 0); 25 Apr 2001 17:06:01 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 17:06:01 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA02827
for radiator-zzlist; Thu, 26 Apr 2001 01:40:38 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA02800
for radiator at open.com.au; Thu, 26 Apr 2001 01:40:30 +1000 (EST)
>Received: from imgate.prw.net (imgate.prw.net [208.249.78.40]) by perki.connect.com.au with ESMTP id BAA25850
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 01:25:26 +1000 (EST)
Received: from imgate.prw.net (imgate.prw.net [208.249.78.40]) by perki.connect.com.au with ESMTP id BAA25850
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 01:25:26 +1000 (EST)
Received: from mail.prw.net (mail.prw.net [208.249.78.4])
by imgate.prw.net (Postfix) with ESMTP id 607275E607
for <radiator at open.com.au>; Wed, 25 Apr 2001 11:25:24 -0400 (AST)
Received: from whr [208.249.78.227] by mail.prw.net
(SMTPD32-6.05) id AC61318202A4; Wed, 25 Apr 2001 11:25:21 -0400
From: "William Hernandez" <whr at essnet.com>
To: "Radiator" <radiator at open.com.au>
Subject: RE: (RADIATOR) Important - How to do Block Time users
Date: Wed, 25 Apr 2001 11:25:20 -0400
Message-ID: <HPEDIKHEOLINCJCFFGMHOEKHCHAA.whr at essnet.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello everyone,
I'm trying to follow Hugh's tips, but I'm doing something wrong.
In my radius.cfg I have:
<AuthBy SQL>
Identifier TimeBlock-SQL
DBSource *
DBUsername *
DBAuth *
AuthSelect select TIMEBLOCK from XSTOP where
USERNAME='%n'
AuthColumnDef 0, Time, check
</AuthBy>
<Realm DEFAULT>
AuthBy Check-FILE
AuthBy System
# This AuthBy will check the Time check-item
AuthBy TimeBlock-SQL
# This hook calculates the session-timeout
PostAuthHook file:"/etc/raddb/setSessionTimeout"
AcctLogFileName /var/log/radacct/detail
PasswordLogFileName /var/log/radius.log
ExcludeFromPasswordLog root
</Realm>
In my PostAuthHook I have:
my $timeblock=$p->get_attr('Time');
The problem is $timeblock is coming back an empty string. I can't
get the value to the PostAuthHook.
The "ERR: Invalid timeblock for user whr" in the radius.log comes
from the PostAuthHook.
A Trace 4 radius.log shows:
Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
*** Received from 208.249.78.6 port 4319 ....
Code: Access-Request
Identifier: 196
Authentic: 1234567890123456
Attributes:
User-Name = "whr"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"<146><208><238><158><247><22><144><5><164><133><228><17
4><1>H<30>x"
Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
203.63.154.1, 1234
Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
RADONLINE where NASIDE
NTIFIER='203.63.154.1' and NASPORT=01234
Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for match
with whr
Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for match
with DEFAULT
Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX looks for match
with whr
Wed Apr 25 11:05:31 2001: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSE
SSIONID from RADONLINE where USERNAME='whr'
Wed Apr 25 11:05:31 2001: Login OK: [whr] (home)
Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX ACCEPT:
Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
Wed Apr 25 11:05:31 2001: ERR: Invalid timeblock for user whr
Wed Apr 25 11:05:31 2001: DEBUG: Access accepted for whr
Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
*** Sending to 208.249.78.6 port 4319 ....
Code: Access-Accept
Identifier: 196
Authentic: 1234567890123456
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Compression = Van-Jacobson-TCP-IP
Ascend-Idle-Limit = 900
Any help would be appreciated.
Thanks in advance,
William
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 666 invoked by uid 0); 25 Apr 2001 23:21:31 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 25 Apr 2001 23:21:31 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id IAA04087
for radiator-zzlist; Thu, 26 Apr 2001 08:10:40 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id IAA04064
for radiator at open.com.au; Thu, 26 Apr 2001 08:10:32 +1000 (EST)
>Received: from www.merca.net.co (host-216-226-228-3.interpacket.net [216.226.228.3]) by perki.connect.com.au with ESMTP id HAA11845
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 07:56:01 +1000 (EST)
Received: from www.merca.net.co (host-216-226-228-3.interpacket.net [216.226.228.3]) by perki.connect.com.au with ESMTP id HAA11845
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 07:56:01 +1000 (EST)
Received: from ns1 ([216.226.228.21])
by www.merca.net.co (8.9.3/8.9.3) with SMTP id RAA24100
for <radiator at open.com.au>; Wed, 25 Apr 2001 17:46:35 -0400
Message-ID: <01ca01c0cdd2$44e5a1e0$15e4e2d8 at merca.net.co>
From: "RAFAEL BERNAL" <rb at merca.net.co>
To: "Radiator" <radiator at open.com.au>
References: <HPEDIKHEOLINCJCFFGMHOEKHCHAA.whr at essnet.com>
Subject: (RADIATOR) connection with ISDN
Date: Wed, 25 Apr 2001 16:54:14 -0500
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello People of the List
I greet you...
and I have a question for you.
When an user connects through a normal phone line, the radius keeps track of
the connection in the database. That doesn`t happen when an user connects
through an ISDN line. How can I keep track of those users?
Thanks,
Rafael Bernal B.
Coordinador de Operaciones
Mercanet Ltda
www.merca.net.co
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 961 invoked by uid 0); 26 Apr 2001 02:54:09 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 02:54:09 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA05590
for radiator-zzlist; Thu, 26 Apr 2001 11:40:25 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA05585
for radiator at open.com.au; Thu, 26 Apr 2001 11:40:19 +1000 (EST)
>Received: from publica.ub.mng.net (publica.ub.mng.net [202.179.0.80]) by perki.connect.com.au with ESMTP id LAA23230
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 11:23:59 +1000 (EST)
Received: from publica.ub.mng.net (publica.ub.mng.net [202.179.0.80]) by perki.connect.com.au with ESMTP id LAA23230
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 11:23:59 +1000 (EST)
Received: from turbat (proxy.micom.mng.net [202.179.0.164])
by publica.ub.mng.net (8.11.1/8.11.1) with SMTP id f3QHNPa17063;
Thu, 26 Apr 2001 09:23:28 -0800 (GMT)
Message-ID: <003801c0cdef$ad9fc220$0900a8c0 at turbat>
From: "ganbold" <ganbold at micom.mng.net>
To: "William Hernandez" <whr at essnet.com>
Cc: <radiator at open.com.au>
References: <HPEDIKHEOLINCJCFFGMHOEKHCHAA.whr at essnet.com>
Subject: Re: (RADIATOR) Important - How to do Block Time users
Date: Thu, 26 Apr 2001 09:24:42 +0800
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi,
I solved it in following way. Below is PostAuthHook script.
# CheckBlockTimeLeft
#
# PostAuthHook to check time left for a block user
# by verifying the Session-Timeout attribute
#
sub
{
my $p = ${$_[0]};
my $rp = ${$_[1]};
my $result = ${$_[2]};
my $name = $p->get_attr('User-Name');
my $timeoutxx = 0;
use DBI;
my ($dsn)="DBI:mysql:radius:localhost";
my ($namex)="xxx";
#my ($password11)="xxx";
my ($dbh,$sth);
my (@ary);
$dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
my ($sth)=$dbh->prepare (qq{
SELECT USERNAME,TIMELEFT FROM SUBSCRIBERS
WHERE USERNAME='$name'
});
$sth->execute();
while(my $hash_ref=$sth->fetchrow_hashref())
{
print join ("\t",$hash_ref->{USERNAME},$hash_ref->{TIMELEFT}). "\n";
$timeoutxx = $hash_ref->{TIMELEFT};
}
$sth->finish();
$dbh->disconnect();
if (($result == $main::ACCEPT) && ($timeoutxx <= 0))
{
&main::log($main::LOG_DEBUG, "User $name has no time left");
if($timeoutxx<0){
$dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
my ($sth)=$dbh->prepare (qq{
UPDATE SUBSCRIBERS SET TIMELEFT=0 WHERE USERNAME='$name'
});
$sth->execute();
$sth->finish();
$dbh->disconnect();
}
# ${$_[2]} = $main::REJECT;
if($p->code eq 'Access-Request'){
$rp->delete_attr('Filter-Id');
$rp->delete_attr('Session-Timeout');
$rp->delete_attr('Framed-Protocol');
$rp->delete_attr('Service-Type');
$rp->delete_attr('Framed-MTU');
$rp->delete_attr('Framed-Compression');
$rp->set_code('Access-Reject');
$rp->change_attr('Reply-Message','Prepaid time limit reached!');
$p->{Client}->replyTo($rp,$p);
}
if($p->code eq 'Accounting-Request'){
$rp->set_code('Accounting-Response');
$p->{Client}->replyTo($rp,$p);
}
}
return;
}
#####################################################
HTH,
Ganbold Ts.
----- Original Message -----
From: "William Hernandez" <whr at essnet.com>
To: "Radiator" <radiator at open.com.au>
Sent: Wednesday, April 25, 2001 11:25 PM
Subject: RE: (RADIATOR) Important - How to do Block Time users
> Hello everyone,
>
> I'm trying to follow Hugh's tips, but I'm doing something wrong.
>
> In my radius.cfg I have:
>
> <AuthBy SQL>
> Identifier TimeBlock-SQL
> DBSource *
> DBUsername *
> DBAuth *
> AuthSelect select TIMEBLOCK from XSTOP where
> USERNAME='%n'
> AuthColumnDef 0, Time, check
> </AuthBy>
> <Realm DEFAULT>
> AuthBy Check-FILE
> AuthBy System
> # This AuthBy will check the Time check-item
> AuthBy TimeBlock-SQL
> # This hook calculates the session-timeout
> PostAuthHook file:"/etc/raddb/setSessionTimeout"
> AcctLogFileName /var/log/radacct/detail
> PasswordLogFileName /var/log/radius.log
> ExcludeFromPasswordLog root
> </Realm>
>
> In my PostAuthHook I have:
> my $timeblock=$p->get_attr('Time');
>
> The problem is $timeblock is coming back an empty string. I can't
> get the value to the PostAuthHook.
> The "ERR: Invalid timeblock for user whr" in the radius.log comes
> from the PostAuthHook.
>
> A Trace 4 radius.log shows:
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Received from 208.249.78.6 port 4319 ....
> Code: Access-Request
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> User-Name = "whr"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<146><208><238><158><247><22><144><5><164><133><228><17
> 4><1>H<30>x"
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
> 203.63.154.1, 1234
> Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
> RADONLINE where NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX looks for match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT, ACCTSE
> SSIONID from RADONLINE where USERNAME='whr'
>
> Wed Apr 25 11:05:31 2001: Login OK: [whr] (home)
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Apr 25 11:05:31 2001: ERR: Invalid timeblock for user whr
> Wed Apr 25 11:05:31 2001: DEBUG: Access accepted for whr
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Sending to 208.249.78.6 port 4319 ....
> Code: Access-Accept
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Compression = Van-Jacobson-TCP-IP
> Ascend-Idle-Limit = 900
>
>
> Any help would be appreciated.
> Thanks in advance,
> William
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1438 invoked by uid 0); 26 Apr 2001 07:54:26 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 07:54:26 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA06755
for radiator-zzlist; Thu, 26 Apr 2001 16:40:38 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA06710
for radiator at open.com.au; Thu, 26 Apr 2001 16:40:23 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA09242
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:21:15 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA09242
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:21:15 +1000 (EST)
Received: from hugo (acc16-ppp219.mel.dialup.connect.net.au [210.10.135.219])
by entoo.connect.com.au (Postfix) with SMTP
id 9251CDD8CA; Thu, 26 Apr 2001 16:18:44 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "William Hernandez" <whr at essnet.com>, "Radiator" <radiator at open.com.au>
Subject: Re: (RADIATOR) Important - How to do Block Time users
Date: Thu, 26 Apr 2001 15:48:54 +1000
X-Mailer: KMail [version 1.1.99]
References: <HPEDIKHEOLINCJCFFGMHOEKHCHAA.whr at essnet.com>
In-Reply-To: <HPEDIKHEOLINCJCFFGMHOEKHCHAA.whr at essnet.com>
MIME-Version: 1.0
Message-Id: <01042615485401.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello William -
On Thursday 26 April 2001 01:25, William Hernandez wrote:
> Hello everyone,
>
> I'm trying to follow Hugh's tips, but I'm doing something wrong.
>
> In my radius.cfg I have:
>
> <AuthBy SQL>
> Identifier TimeBlock-SQL
> DBSource *
> DBUsername *
> DBAuth *
> AuthSelect select TIMEBLOCK from XSTOP where
> USERNAME='%n'
> AuthColumnDef 0, Time, check
This is the problem, as you are trying to do a check with this query. If you
want to store the value as an attribute called "Time" in the request packet,
you would do this:
AuthColumnDef 0, Time, request
> </AuthBy>
> <Realm DEFAULT>
> AuthBy Check-FILE
> AuthBy System
> # This AuthBy will check the Time check-item
> AuthBy TimeBlock-SQL
> # This hook calculates the session-timeout
> PostAuthHook file:"/etc/raddb/setSessionTimeout"
> AcctLogFileName /var/log/radacct/detail
> PasswordLogFileName /var/log/radius.log
> ExcludeFromPasswordLog root
> </Realm>
>
> In my PostAuthHook I have:
> my $timeblock=$p->get_attr('Time');
>
See above, until you store the value from the database in the request packet,
this won't work ($p is a pointer to the current request packet).
> The problem is $timeblock is coming back an empty string. I can't
> get the value to the PostAuthHook.
> The "ERR: Invalid timeblock for user whr" in the radius.log comes
> from the PostAuthHook.
>
> A Trace 4 radius.log shows:
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Received from 208.249.78.6 port 4319 ....
> Code: Access-Request
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> User-Name = "whr"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<146><208><238><158><247><22><144><5><164><133><228><17
> 4><1>H<30>x"
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
> 203.63.154.1, 1234
> Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
> RADONLINE where NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX looks for match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT, ACCTSE
> SSIONID from RADONLINE where USERNAME='whr'
>
> Wed Apr 25 11:05:31 2001: Login OK: [whr] (home)
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Apr 25 11:05:31 2001: ERR: Invalid timeblock for user whr
> Wed Apr 25 11:05:31 2001: DEBUG: Access accepted for whr
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Sending to 208.249.78.6 port 4319 ....
> Code: Access-Accept
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Compression = Van-Jacobson-TCP-IP
> Ascend-Idle-Limit = 900
>
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1446 invoked by uid 0); 26 Apr 2001 07:54:30 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 07:54:30 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA06756
for radiator-zzlist; Thu, 26 Apr 2001 16:40:40 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA06717
for radiator at open.com.au; Thu, 26 Apr 2001 16:40:25 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA09247
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:21:16 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA09247
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:21:16 +1000 (EST)
Received: from hugo (acc16-ppp219.mel.dialup.connect.net.au [210.10.135.219])
by entoo.connect.com.au (Postfix) with SMTP
id AA139DD7A3; Thu, 26 Apr 2001 16:18:46 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: joy at jadephil.net, radiator at open.com.au
Subject: (RADIATOR) Re: posthook
Date: Thu, 26 Apr 2001 15:55:22 +1000
X-Mailer: KMail [version 1.1.99]
References: <20010425080556.8933C3AE at pop.jadephil.net>
In-Reply-To: <20010425080556.8933C3AE at pop.jadephil.net>
MIME-Version: 1.0
Message-Id: <01042615552202.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Joy -
On Wednesday 25 April 2001 18:05, joy at jadephil.net wrote:
> Hi Hugh,
>
> i want to write a hook to find out if the user is already in the RADUSAGE
> table or not. if not the username will be added to the USEDCARDS table.
>
> Can you give me a hint or can say me what i must write to the config file?
>
Basically, you will need to reference the SQL session database object and an
AuthBy SQL object that references the USEDCARDS table in your hook. Then you
can use the low-level routines inside Radiator to do the neccessary queries.
There are some example hooks in the file "goodies/hooks.txt" that will give
you the basics and you will need to read the Radiator source to find out how
to buiild and issue the SQL queries.
Which hook to use will depend on when during packet processing you want the
hook to be called.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1454 invoked by uid 0); 26 Apr 2001 07:58:53 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 07:58:53 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA06758
for radiator-zzlist; Thu, 26 Apr 2001 16:40:46 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA06749
for radiator at open.com.au; Thu, 26 Apr 2001 16:40:32 +1000 (EST)
>Received: from wookie.ruralnet.net.au (wookie.ruralnet.net.au [203.13.169.4]) by perki.connect.com.au with ESMTP id QAA09798
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:32:54 +1000 (EST)
Received: from wookie.ruralnet.net.au (wookie.ruralnet.net.au [203.13.169.4]) by perki.connect.com.au with ESMTP id QAA09798
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:32:54 +1000 (EST)
Received: from alex.swanhill.net.au (qlgbnw at sh-sat-gw.ruralnet.net.au [203.13.169.6])
by wookie.ruralnet.net.au (8.9.3/8.9.3) with ESMTP id PAA27626
for <radiator at open.com.au>; Thu, 26 Apr 2001 15:28:49 +1000
Message-Id: <5.0.2.1.2.20010426163008.00a3f660 at mail.swanhill.net.au>
X-Sender: alex at mail.swanhill.net.au
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Thu, 26 Apr 2001 16:33:57 +1000
To: radiator at open.com.au
From: Alex Green <alex at swanhill.net.au>
Subject: (RADIATOR) Radiator V 2.17 Could not bind authentication socket
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi All,
If I try to restart the server it returns with the following error:
Could not bind to authentication socket: Unknown > error at radiusd line 339
does anyone have a solution for this or a config file for NT which will
authenticate off the NT Groups
Thanks,
Alex Green
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1467 invoked by uid 0); 26 Apr 2001 07:59:30 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 07:59:30 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA06757
for radiator-zzlist; Thu, 26 Apr 2001 16:40:44 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA06735;
Thu, 26 Apr 2001 16:40:29 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA09259
(8.8.8/IDA-1.7); Thu, 26 Apr 2001 16:21:23 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA09259
(8.8.8/IDA-1.7); Thu, 26 Apr 2001 16:21:23 +1000 (EST)
Received: from hugo (acc16-ppp219.mel.dialup.connect.net.au [210.10.135.219])
by entoo.connect.com.au (Postfix) with SMTP
id 48CB3DD653; Thu, 26 Apr 2001 16:18:48 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "RAFAEL BERNAL" <rb at merca.net.co>, "Radiator" <radiator at open.com.au>
Subject: Re: (RADIATOR) connection with ISDN
Date: Thu, 26 Apr 2001 16:03:29 +1000
X-Mailer: KMail [version 1.1.99]
References: <HPEDIKHEOLINCJCFFGMHOEKHCHAA.whr at essnet.com> <01ca01c0cdd2$44e5a1e0$15e4e2d8 at merca.net.co>
In-Reply-To: <01ca01c0cdd2$44e5a1e0$15e4e2d8 at merca.net.co>
Cc: joanne at open.com.au
MIME-Version: 1.0
Message-Id: <01042616032903.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Rafael -
Could you please send me (directly not to the list) the registered name of
the company that purchased this copy of Radiator? I do not see any record of
merca.net.co in our database.
thanks
Hugh
On Thursday 26 April 2001 07:54, RAFAEL BERNAL wrote:
> Hello People of the List
>
> I greet you...
>
> and I have a question for you.
> When an user connects through a normal phone line, the radius keeps track
> of the connection in the database. That doesn`t happen when an user
> connects through an ISDN line. How can I keep track of those users?
> Thanks,
>
>
>
> Rafael Bernal B.
> Coordinador de Operaciones
> Mercanet Ltda
> www.merca.net.co
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1488 invoked by uid 0); 26 Apr 2001 08:16:01 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 08:16:01 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA06960
for radiator-zzlist; Thu, 26 Apr 2001 17:10:32 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA06939
for radiator at open.com.au; Thu, 26 Apr 2001 17:10:22 +1000 (EST)
>Received: from guru2.netspeed.com.au (mail.netspeed.com.au [203.37.54.4]) by perki.connect.com.au with ESMTP id QAA11014
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:53:29 +1000 (EST)
Received: from guru2.netspeed.com.au (mail.netspeed.com.au [203.37.54.4]) by perki.connect.com.au with ESMTP id QAA11014
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:53:29 +1000 (EST)
Received: from [203.173.176.33] by guru2.netspeed.com.au (NTMail 5.06.0016/NU0474.00.03e479e3) with ESMTP id obkzpaaa for radiator at open.com.au; Thu, 26 Apr 2001 16:53:22 +1000
Message-ID: <011801c0ce1c$e0f48020$9d00000a at netspeed.com.au>
From: "Brian Morris" <brian at netspeed.com.au>
To: "Alex Green" <alex at swanhill.net.au>
Cc: <radiator at open.com.au>
References: <5.0.2.1.2.20010426163008.00a3f660 at mail.swanhill.net.au>
Subject: Re: (RADIATOR) Radiator V 2.17 Could not bind authentication socket
Date: Thu, 26 Apr 2001 16:48:09 +1000
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi Alex,
This happened to me on Nt 2000 - it was because I was running one of the
Internet security / authentication services which used the same ports as
radius.
You need to remove or stop the service and (possibly) restart Windows for
radiator to work properly.
Regards,
Brian Morris
----- Original Message -----
From: Alex Green <alex at swanhill.net.au>
To: <radiator at open.com.au>
Sent: Thursday, April 26, 2001 4:33 PM
Subject: (RADIATOR) Radiator V 2.17 Could not bind authentication socket
> Hi All,
>
> If I try to restart the server it returns with the following error:
>
> Could not bind to authentication socket: Unknown > error at radiusd line
339
>
> does anyone have a solution for this or a config file for NT which will
> authenticate off the NT Groups
>
> Thanks,
> Alex Green
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1519 invoked by uid 0); 26 Apr 2001 08:32:22 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 08:32:22 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA06959
for radiator-zzlist; Thu, 26 Apr 2001 17:10:32 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA06953
for radiator at open.com.au; Thu, 26 Apr 2001 17:10:25 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA11376
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:59:24 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA11376
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Thu, 26 Apr 2001 16:59:24 +1000 (EST)
Received: from hugo (acc16-ppp219.mel.dialup.connect.net.au [210.10.135.219])
by entoo.connect.com.au (Postfix) with SMTP
id C6D54DD9CE; Thu, 26 Apr 2001 16:56:54 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Alex Green <alex at swanhill.net.au>, radiator at open.com.au
Subject: Re: (RADIATOR) Radiator V 2.17 Could not bind authentication socket
Date: Thu, 26 Apr 2001 16:57:31 +1000
X-Mailer: KMail [version 1.1.99]
References: <5.0.2.1.2.20010426163008.00a3f660 at mail.swanhill.net.au>
In-Reply-To: <5.0.2.1.2.20010426163008.00a3f660 at mail.swanhill.net.au>
MIME-Version: 1.0
Message-Id: <0104261657310A.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Alex -
On Thursday 26 April 2001 16:33, Alex Green wrote:
> Hi All,
>
> If I try to restart the server it returns with the following error:
>
> Could not bind to authentication socket: Unknown > error at radiusd line
> 339
>
> does anyone have a solution for this or a config file for NT which will
> authenticate off the NT Groups
>
It sounds like you already have a copy of Radiator running (or something else
has the radius socket in use).
Have a look at section 6.25 in the manual ("doc/ref.html") and have a look at
the example in the file "radius.cfg" in the main distribution directory.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 1643 invoked by uid 0); 26 Apr 2001 09:29:34 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 09:29:34 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id SAA07374
for radiator-zzlist; Thu, 26 Apr 2001 18:15:28 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id SAA07362;
Thu, 26 Apr 2001 18:14:44 +1000 (EST)
From: "Mike McCauley" <mikem at open.com.au>
Message-Id: <1010426181443.ZM7360 at oscar.open.com.au>
Date: Thu, 26 Apr 2001 18:14:43 -0500
X-Mailer: Z-Mail (4.0.1 13Jan97)
To: radiator-announce at open.com.au, radiator at open.com.au
Subject: (RADIATOR) Radiator 2.18.1 Released
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
We are pleased to announce the release of Radiator version 2.18.1
Version provides a number of bug fixes and some new features.
As usual, the new version is available free of charge to current
licensees from
http://www.open.com.au/radiator/downloads/Radiator-2.18.1.tgz
and to current evaluators from
http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-2.18.1.tgz
An extract from the history file is attached
--------------------------
Revision 2.18.1 (26/4/01) Bug fixes, some new features
In AuthBy PORTLIMITCHECK, the type of the SessionLimit parameter was
incorrectly set to integer instead of string, preventing special
formatting characters being used. Reported by Valentin Tumarkin
(tv at xpert.com).
Added AcctFailedLogFileName and AcctLogFileFormat parameters to AuthBy
RADIUS and subclasses, which work in the same way as for AuthBy SQL.
Testing with Hawk-i ISP Billing and customer management
system. Required slight changes to AuthSQL.pm, because MS-SQL and ODBC
can return strings of NULs for nullable nvarchar columns. Empty
strings and all-NULL strings are now ignored by AuthColumnDef. Sample
config file in hawki.cfg.
Fixed typos in ServerConfig .pm and Nas.pm that broke Livingston SNMP
sim-use checking.
Added IgnoreAccountingResponse and OutPort parameters to AuthBy
RADIUS. Contributed by "Arjan Waardenburg"
(arjanw at gv-nmc.unisource.nl). Thanks Arjan. OutPort allows you to
control the origin port number for forwarding packets, which can be
helpful for implementing strict firewall rules.
Fixed a problem with Handlers where a MaxSessions denial would still
permit AuthBys to run and perhaps 2 replies to be returned. Reported
by Frederic Gargula (frederic.gargula at easynet.fr).
Added PostSearchHook to AuthBy LDAP, LDAP2 and LDAPSDK, which allows
you to do things with the LDAP search results after the AuthBy has
finished with them.
Fixed a problem with logging that would cause the default file logger
to stop working after a SIGHUP.
Fixed a problem where a Synchronous AuthBy RADIUS that was chained
after another AuthBy RADIUS would not actually wait for the reply.
Added CacheReplyHook which runs when a cached reply is about to be
sent back to the NAS. Useful for removing previously allocated IP
addresses from the cached reply.
Fixed a problem with Session-Timeout 'until Time' where you could get
a negative Session-Timeout in the one minute following the end of a
permitted time interval.
Fixed some problems that prevented Log SYSLOG actually doing any
logging.
Altered AuthBy NT so that on windows it checks passwords without
changing them. It now uses Win32::AuthenticateUser and also has much
better performance. Built and tested with the kind assistance of Kent,
Ashley (akent at ue.com.au). Thanks Ash.
Added support for Redback 64 bit integers with new dictionary data
type of integer8. Used for RB-Acct-Input-Octets-64,
RB-Acct-Output-Octets-64, RB-Acct-Input-Packets-64 and
RB-Acct-Output-Packets-64 in dictionary.redback. Such values are
decoded in hex format only, with a leading 0x. Values can be encoded
as hex (with leading 0x) or decimal.
Added support for new AuthBy parameter AllowInReply, which lists the
attributes that are permitted in the reply. Useful for applying strict
limits to attributes in replies from proxy servers.
Finished code and documentation for NasType of Hiper for Hiper Arcs,
using algorithms contributed by jesus.diaz at telia-iberia.com.
Fixed a typo in goodies/emerald.cfg
Added new parameters to AuthBy EMERALD to optionally enable Emerald
Servers, Server Port Access, DNIS Groups Roam Servers and Roam
Domains. Works with Emerald 2.5 and RadiusNT 2.5 and 3. New version of
goodies/emerald.cfg shows how to use them.
All findUser functions now get the reply packet passed which means
that you can use the %{Reply:xxx} macros in more places than before.
Extensive patches to SNMPAgent contributed by Charly Gaissmaier add
ROCommunity, RWCommunity and Managers parameters for more selective
access control. Thanks Charly!
Testing SNMP Agent with SNMP_Session-0.83. OK. Functions
receive_request and decode_request that have been subsumed into
SNMP_Session have now been removed which means SNMP Agent now requires
at least SNMP_Session-0.68.
Added AuthBy OPIE for one-time password authentication via OPIE (one
time passwords in everything) from Craig Metz, www.inner.net/opie
Fixed a problem in AuthBy ADSI where new AD users with a default logon
times setup would not be able to login and get the message Outside
allowed login hours.
Removed a forgotten print statement from AddressAllocator SQL that
would cause a message like "deallocate 203.10.203.193" for each
deallocation.
Fixed a typo in Log SQL that caused an SQL syntax error.
Added the reason string as the fourth argument to
PostAuthHook. Contributed by Robert Kiessling
(Robert.Kiessling at de.easynet.net). Thanks Robert.
Added PostProcessingHook to Handler, contributed by Robert Kiessling
(Robert.Kiessling at de.easynet.net). Thanks Robert.
Added a number of experimental attributes from RFC 2869 to dictionary.
Implemented timeout around the search in AuthBy LDAP2 to work around
broken LDAP servers that just hang in the search.
More testing with Active Directory. Updates to AuthBy ADSI so it will
work under a wider variety of conditions, allowing distinct control
over how to authenticate and where to get account details from, also
added more docs and examples on using with Windows 2000 AD
server. Also new example goodies/ad-ldap.cfg shows how to access AD
via LDAP from Unix or Windows.
Fixed a problem where AccountingHandled had no effect if the result
was a REJECT.
Found a problem with SNMPAgent where a BindAddress had no
effect. There is a bug in SNMP_Session 0.83 that prevents the fix
being deployed.
Added new check item MS-Login-Hours, which is exactly compatible with
the LoginHours user attribute in Microsoft Active Directory, and can
therefore be used when accessing Active Directory via LDAP.
New special character %r for literal newlines.
Fixed a problem with RejectEmptyPassword where a CHAP login could
incorrectly trigger rejection. Reported by "Andy De Petter"
(adepette at krameria.net).
Reinstated NoForwardAuthentication and NoForwardAccounting to AuthBy
RADIUS, as the old behaviour was not exactly equivalent to
IgnoreAuthentication and IgnoreAccounting.
Minor improvements to error reporting in AuthBy NT.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2003 invoked by uid 0); 26 Apr 2001 17:36:28 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 17:36:28 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA08629
for radiator-zzlist; Fri, 27 Apr 2001 02:10:40 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA08603
for radiator at open.com.au; Fri, 27 Apr 2001 02:10:33 +1000 (EST)
>Received: from imgate.prw.net (sju-208-249-78-40.prw.net [208.249.78.40] (may be forged)) by perki.connect.com.au with ESMTP id BAA02859
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 01:35:55 +1000 (EST)
Received: from imgate.prw.net (sju-208-249-78-40.prw.net [208.249.78.40] (may be forged)) by perki.connect.com.au with ESMTP id BAA02859
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 01:35:55 +1000 (EST)
Received: from mail.prw.net (mail.prw.net [208.249.78.4])
by imgate.prw.net (Postfix) with ESMTP id AB9885E54F
for <radiator at open.com.au>; Thu, 26 Apr 2001 11:35:49 -0400 (AST)
Received: from whr [208.249.78.227] by mail.prw.net
(SMTPD32-6.05) id A052140358; Thu, 26 Apr 2001 11:35:46 -0400
From: "William Hernandez" <whr at essnet.com>
To: "Radiator" <radiator at open.com.au>
Subject: RE: (RADIATOR) Important - How to do Block Time users
Date: Thu, 26 Apr 2001 11:35:45 -0400
Message-ID: <HPEDIKHEOLINCJCFFGMHIEKOCHAA.whr at essnet.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
In-Reply-To: <01042615485401.14904 at hugo>
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Thanks Hugh,
I changed to:
AuthColumnDef 0, Time, request
But I'm still not getting anything in my PostAuthHook with:
my $p=${$_[0]};
my $timeblock=$p->get_attr('Time');
Thanks in advance,
William
Thu Apr 26 10:18:17 2001: DEBUG: Packet dump:
*** Received from 208.249.78.6 port 4346 ....
Code: Access-Request
Identifier: 122
Authentic: 1234567890123456
Attributes:
User-Name = "whr"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"<146><208><238><158><247><22><144><5><164><133><228><17
4><1>H<30>x"
Thu Apr 26 10:18:17 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Apr 26 10:18:17 2001: DEBUG: Deleting session for whr,
203.63.154.1, 1234
Thu Apr 26 10:18:17 2001: DEBUG: do query is: delete from
RADONLINE where NASIDE
NTIFIER='203.63.154.1' and NASPORT=01234
Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthFILE
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthFILE looks for match
with whr
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthFILE looks for match
with DEFAULT
Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthUNIX
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthUNIX looks for match
with whr
Thu Apr 26 10:18:17 2001: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSE
SSIONID from RADONLINE where USERNAME='whr'
Thu Apr 26 10:18:17 2001: Login OK: [whr] (home)
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthUNIX ACCEPT:
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthFILE ACCEPT:
Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthUNIX
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthUNIX looks for match
with whr
Thu Apr 26 10:18:17 2001: Login OK: [whr] (home)
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthUNIX ACCEPT:
Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthSQL
Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthSQL
Thu Apr 26 10:18:17 2001: DEBUG: Query is: select TIMEBLOCK from
XSTOP where USE
RNAME='whr'
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthSQL looks for match
with whr
Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthSQL ACCEPT:
Thu Apr 26 10:18:17 2001: ERR: Invalid timeblock for user whr
Thu Apr 26 10:18:17 2001: DEBUG: Access accepted for whr
Thu Apr 26 10:18:17 2001: DEBUG: Packet dump:
*** Sending to 208.249.78.6 port 4346 ....
Code: Access-Accept
Identifier: 122
Authentic: 1234567890123456
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Compression = Van-Jacobson-TCP-IP
Ascend-Idle-Limit = 900
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Thursday, April 26, 2001 1:49 AM
To: William Hernandez; Radiator
Subject: Re: (RADIATOR) Important - How to do Block Time users
Hello William -
On Thursday 26 April 2001 01:25, William Hernandez wrote:
> Hello everyone,
>
> I'm trying to follow Hugh's tips, but I'm doing something
wrong.
>
> In my radius.cfg I have:
>
> <AuthBy SQL>
> Identifier TimeBlock-SQL
> DBSource *
> DBUsername *
> DBAuth *
> AuthSelect select TIMEBLOCK from XSTOP where
> USERNAME='%n'
> AuthColumnDef 0, Time, check
This is the problem, as you are trying to do a check with this
query. If you
want to store the value as an attribute called "Time" in the
request packet,
you would do this:
AuthColumnDef 0, Time, request
> </AuthBy>
> <Realm DEFAULT>
> AuthBy Check-FILE
> AuthBy System
> # This AuthBy will check the Time check-item
> AuthBy TimeBlock-SQL
> # This hook calculates the session-timeout
> PostAuthHook file:"/etc/raddb/setSessionTimeout"
> AcctLogFileName /var/log/radacct/detail
> PasswordLogFileName /var/log/radius.log
> ExcludeFromPasswordLog root
> </Realm>
>
> In my PostAuthHook I have:
> my $timeblock=$p->get_attr('Time');
>
See above, until you store the value from the database in the
request packet,
this won't work ($p is a pointer to the current request packet).
> The problem is $timeblock is coming back an empty string. I
can't
> get the value to the PostAuthHook.
> The "ERR: Invalid timeblock for user whr" in the radius.log
comes
> from the PostAuthHook.
>
> A Trace 4 radius.log shows:
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Received from 208.249.78.6 port 4319 ....
> Code: Access-Request
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> User-Name = "whr"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<146><208><238><158><247><22><144><5><164><133><228><17
> 4><1>H<30>x"
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
> 203.63.154.1, 1234
> Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
> RADONLINE where NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
match
> with DEFAULT
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX looks for
match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Query is: select
NASIDENTIFIER,
> NASPORT, ACCTSE
> SSIONID from RADONLINE where USERNAME='whr'
>
> Wed Apr 25 11:05:31 2001: Login OK: [whr] (home)
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Apr 25 11:05:31 2001: ERR: Invalid timeblock for user whr
> Wed Apr 25 11:05:31 2001: DEBUG: Access accepted for whr
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Sending to 208.249.78.6 port 4319 ....
> Code: Access-Accept
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Compression = Van-Jacobson-TCP-IP
> Ascend-Idle-Limit = 900
>
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS
server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS
X.
-
Nets: internetwork inventory and management - graphical,
extensible,
flexible with hardware, software, platform and database
independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2215 invoked by uid 0); 26 Apr 2001 20:19:32 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 20:19:32 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id FAA08793
for radiator-zzlist; Fri, 27 Apr 2001 05:10:24 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id FAA08774
for radiator at open.com.au; Fri, 27 Apr 2001 05:10:17 +1000 (EST)
>Received: from c001.snv.cp.net (c001-h007.c001.snv.cp.net [209.228.32.121]) by perki.connect.com.au with SMTP id EAA09667
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 04:41:31 +1000 (EST)
Received: from c001.snv.cp.net (c001-h007.c001.snv.cp.net [209.228.32.121]) by perki.connect.com.au with SMTP id EAA09667
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 04:41:31 +1000 (EST)
Received: (cpmta 3122 invoked from network); 26 Apr 2001 11:41:25 -0700
Received: from dnvr-dsl-gw21-poolc79.dnvr.uswest.net (HELO carlos-apm93q88) (65.100.166.79)
by smtp.register-admin.com (209.228.32.121) with SMTP; 26 Apr 2001 11:41:25 -0700
Received: by localhost with Microsoft MAPI; Thu, 26 Apr 2001 12:42:51 -0600
X-Sent: 26 Apr 2001 18:41:25 GMT
Message-ID: <01C0CE4E.67FED9E0.carlos at pipelinebroadband.com>
From: "Carlos P. Martinez" <carlos at pipelinebroadband.com>
Reply-To: "carlos at pipelinebroadband.com" <carlos at pipelinebroadband.com>
To: "'Radiator Tech Support'" <radiator at open.com.au>
Subject: (RADIATOR) Clarification On Installing V.2.18.1 To V.2.18
Date: Thu, 26 Apr 2001 12:42:47 -0600
Importance: high
X-Priority: 1 (Highest)
Organization: Pipeline BROADBAND
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Dear Radiator Community,
I just saw the announcement from Open Systems and downloaded the new version of
Radiator. However, being that I just start with Radiator about two weeks ago, I
am very concern about what procedure to use in the upgrading from v2.18 to
v2.18.1. I don't want to overwrite any files that I have already setup and
configured to work on my system.
I looked on Open System's web site for instructions on this process and I also
looked for a readme file in the downloaded package, but I was not able to find
one. On my test machine, I unzipped the v.2.18.1 file onto my v2.18 directory
and found that it only made a Radiator-2.18.1 sub-folder under my Radiator-2.18
folder. Likewise results when I unzipped the file to my root drive F:\.
I then renamed my Radiator-2.18 folder to Radiator-2.18.1 and unzipped
Radiator-2.18.1.tgz file to root of my F:\ drive. I checked the folders and
found that the updated files were now in place.
Question: Using this procedure to upgrade to Radiator -2.18.1, will any of my
already configured files, such as radius.cfg be overwritten? Am I on target
here with this procedure?
I am very sorry for the long e-mail, but I feel that others in user community
may the same problem(s) and questions.
I thank the community in advance for its the kind attention and cooperation.
Sincerely,
Carlos
Carlos P. Martinez | Microsoft Certified Professional
Network/Systems Manager @
PipeLine BROADBAND
Office: 303-346-2885 | Cell: 720-291-9793
E-mail Address: carlos at pipelinebroadband.com
"Only those who risk going too far can
possibly find out how far one can go."
-T.S. Eliot
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2232 invoked by uid 0); 26 Apr 2001 20:54:22 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 20:54:22 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id FAA08844
for radiator-zzlist; Fri, 27 Apr 2001 05:40:40 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id FAA08818
for radiator at open.com.au; Fri, 27 Apr 2001 05:40:33 +1000 (EST)
>Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id FAA10742
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 05:11:22 +1000 (EST)
Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id FAA10742
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 05:11:22 +1000 (EST)
Received: from cosa.intranet.pert.com.ar ([192.168.1.10]:40456 "EHLO COSA"
whoson: "popbaby") by dedos.pert.com.ar with ESMTP
id <S33822AbRDZTKh> convert rfc822-to-8bit; Thu, 26 Apr 2001 16:10:37 -0300
From: "Mariano Absatz" <lradius at pert.com.ar>
To: Radiator List <radiator at open.com.au>
Date: Thu, 26 Apr 2001 16:10:57 -0300
MIME-Version: 1.0
Content-transfer-encoding: 8BIT
Subject: Re: (RADIATOR) Radiator 2.18.1 Released
Message-ID: <3AE84891.9172.12B7F89 at localhost>
In-reply-to: <1010426181443.ZM7360 at oscar.open.com.au>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-radiator at open.com.au
Precedence: bulk
El 26 Apr 2001, a las 18:14, Mike McCauley escribió:
> We are pleased to announce the release of Radiator version 2.18.1
> Version provides a number of bug fixes and some new features.
Hi... it run ok in our test installation... the "reload" problems are
aparently gone away (as Mike said, it must have been the logger bug).
Found a typo in the manual (there might be more, I just happened to be
reading this precise section):
> 6.40 <AuthBy DYNADDRESS>
> AuthBy DYNADDRESS can be used to dynamically allocate IP addresses for
> dilaup users, in conjunction with <AddressAllocator xxx> clauses. It
> is implemented in AuthDYNADDRESS.pm. At present, only one Address
There are two address allocators now... :-)
> Allocation engine is provided. <AddressAllocator SQL> (See Section )
It's missing the Section number and the link is wrong (it points to
#34248 which goes to "a couple of lines below the start of Section 6.45-
AuthLog SQL, and it should point to #412546)
> can allocate addresses out of an SQL database. Other address
> allocation engines will be available for Radiator soon.
or are, in fact, available now :-D
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2275 invoked by uid 0); 26 Apr 2001 21:31:33 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 26 Apr 2001 21:31:33 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id GAA08905
for radiator-zzlist; Fri, 27 Apr 2001 06:11:01 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id GAA08889
for radiator at open.com.au; Fri, 27 Apr 2001 06:10:52 +1000 (EST)
>Received: from imgate.prw.net (sju-208-249-78-40.prw.net [208.249.78.40] (may be forged)) by perki.connect.com.au with ESMTP id FAA12051
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 05:59:16 +1000 (EST)
Received: from imgate.prw.net (sju-208-249-78-40.prw.net [208.249.78.40] (may be forged)) by perki.connect.com.au with ESMTP id FAA12051
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 05:59:16 +1000 (EST)
Received: from mail.prw.net (mail.prw.net [208.249.78.4])
by imgate.prw.net (Postfix) with ESMTP id 6DCCB5E5E6
for <radiator at open.com.au>; Thu, 26 Apr 2001 15:59:12 -0400 (AST)
Received: from whr [208.249.78.227] by mail.prw.net
(SMTPD32-6.05) id AE0DFF040250; Thu, 26 Apr 2001 15:59:09 -0400
From: "William Hernandez" <whr at essnet.com>
To: "Radiator" <radiator at open.com.au>
Subject: RE: (RADIATOR) Important - How to do Block Time users
Date: Thu, 26 Apr 2001 15:59:09 -0400
Message-ID: <HPEDIKHEOLINCJCFFGMHKELACHAA.whr at essnet.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
In-Reply-To: <003801c0cdef$ad9fc220$0900a8c0 at turbat>
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Interesting. Basically, you included the AuthBy SQL logic right
into the hook.
Did you decide on this solution because the AuthBy SQL clause in
radius.cfg didn't work as expected?
Thanks for your help,
William
-----Original Message-----
From: ganbold [mailto:ganbold at micom.mng.net]
Sent: Wednesday, April 25, 2001 9:25 PM
To: William Hernandez
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Important - How to do Block Time users
Hi,
I solved it in following way. Below is PostAuthHook script.
# CheckBlockTimeLeft
#
# PostAuthHook to check time left for a block user
# by verifying the Session-Timeout attribute
#
sub
{
my $p = ${$_[0]};
my $rp = ${$_[1]};
my $result = ${$_[2]};
my $name = $p->get_attr('User-Name');
my $timeoutxx = 0;
use DBI;
my ($dsn)="DBI:mysql:radius:localhost";
my ($namex)="xxx";
#my ($password11)="xxx";
my ($dbh,$sth);
my (@ary);
$dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
my ($sth)=$dbh->prepare (qq{
SELECT USERNAME,TIMELEFT FROM SUBSCRIBERS
WHERE USERNAME='$name'
});
$sth->execute();
while(my $hash_ref=$sth->fetchrow_hashref())
{
print join ("\t",$hash_ref->{USERNAME},$hash_ref->{TIMELEFT}).
"\n";
$timeoutxx = $hash_ref->{TIMELEFT};
}
$sth->finish();
$dbh->disconnect();
if (($result == $main::ACCEPT) && ($timeoutxx <= 0))
{
&main::log($main::LOG_DEBUG, "User $name has no time
left");
if($timeoutxx<0){
$dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
my ($sth)=$dbh->prepare (qq{
UPDATE SUBSCRIBERS SET TIMELEFT=0 WHERE USERNAME='$name'
});
$sth->execute();
$sth->finish();
$dbh->disconnect();
}
# ${$_[2]} = $main::REJECT;
if($p->code eq 'Access-Request'){
$rp->delete_attr('Filter-Id');
$rp->delete_attr('Session-Timeout');
$rp->delete_attr('Framed-Protocol');
$rp->delete_attr('Service-Type');
$rp->delete_attr('Framed-MTU');
$rp->delete_attr('Framed-Compression');
$rp->set_code('Access-Reject');
$rp->change_attr('Reply-Message','Prepaid time limit
reached!');
$p->{Client}->replyTo($rp,$p);
}
if($p->code eq 'Accounting-Request'){
$rp->set_code('Accounting-Response');
$p->{Client}->replyTo($rp,$p);
}
}
return;
}
#####################################################
HTH,
Ganbold Ts.
----- Original Message -----
From: "William Hernandez" <whr at essnet.com>
To: "Radiator" <radiator at open.com.au>
Sent: Wednesday, April 25, 2001 11:25 PM
Subject: RE: (RADIATOR) Important - How to do Block Time users
> Hello everyone,
>
> I'm trying to follow Hugh's tips, but I'm doing something
wrong.
>
> In my radius.cfg I have:
>
> <AuthBy SQL>
> Identifier TimeBlock-SQL
> DBSource *
> DBUsername *
> DBAuth *
> AuthSelect select TIMEBLOCK from XSTOP where
> USERNAME='%n'
> AuthColumnDef 0, Time, check
> </AuthBy>
> <Realm DEFAULT>
> AuthBy Check-FILE
> AuthBy System
> # This AuthBy will check the Time check-item
> AuthBy TimeBlock-SQL
> # This hook calculates the session-timeout
> PostAuthHook file:"/etc/raddb/setSessionTimeout"
> AcctLogFileName /var/log/radacct/detail
> PasswordLogFileName /var/log/radius.log
> ExcludeFromPasswordLog root
> </Realm>
>
> In my PostAuthHook I have:
> my $timeblock=$p->get_attr('Time');
>
> The problem is $timeblock is coming back an empty string. I
can't
> get the value to the PostAuthHook.
> The "ERR: Invalid timeblock for user whr" in the radius.log
comes
> from the PostAuthHook.
>
> A Trace 4 radius.log shows:
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Received from 208.249.78.6 port 4319 ....
> Code: Access-Request
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> User-Name = "whr"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<146><208><238><158><247><22><144><5><164><133><228><17
> 4><1>H<30>x"
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
> 203.63.154.1, 1234
> Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
> RADONLINE where NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
match
> with DEFAULT
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX looks for
match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Query is: select
NASIDENTIFIER,
> NASPORT, ACCTSE
> SSIONID from RADONLINE where USERNAME='whr'
>
> Wed Apr 25 11:05:31 2001: Login OK: [whr] (home)
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Apr 25 11:05:31 2001: ERR: Invalid timeblock for user whr
> Wed Apr 25 11:05:31 2001: DEBUG: Access accepted for whr
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Sending to 208.249.78.6 port 4319 ....
> Code: Access-Accept
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Compression = Van-Jacobson-TCP-IP
> Ascend-Idle-Limit = 900
>
>
> Any help would be appreciated.
> Thanks in advance,
> William
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 2817 invoked by uid 0); 27 Apr 2001 01:27:05 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 01:27:05 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA09514
for radiator-zzlist; Fri, 27 Apr 2001 10:10:28 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA09509
for radiator at open.com.au; Fri, 27 Apr 2001 10:10:24 +1000 (EST)
>Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id JAA22214
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 09:57:47 +1000 (EST)
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id JAA22214
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 09:57:47 +1000 (EST)
Received: from noc ([216.152.29.146])
by starship.anc.net (8.9.3+blt/8.9.3) with SMTP id SAA09579
for <radiator at open.com.au>; Thu, 26 Apr 2001 18:57:42 -0500 (CDT)
Message-Id: <4.1.20010426185757.00a5ebe0 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Thu, 26 Apr 2001 18:59:57 -0500
To: radiator at open.com.au
From: John Coy <jcoy at anc.net>
Subject: (RADIATOR) dictionary for CVX boxes? (dictionary.cvx)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Is there a separate data dictionary for the CVX boxes?
I know that the CVX attributes appear in the standard
"large" dictionary, but I want to build a custom dictionary
which only contains dictionary.ascend, dictionary.redback
and the CVX attributes. I noticed someone posted a CVX
dictionary to the mailing list a bit ago, but it seemed
to be in some kind of macro language and not a dictionary
file per-se.
If someone can tell me where to find a stand-alone CVX
dictionary I'd be grateful.
John
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3452 invoked by uid 0); 27 Apr 2001 03:26:42 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 03:26:42 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA09835
for radiator-zzlist; Fri, 27 Apr 2001 12:10:24 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA09811
for radiator at open.com.au; Fri, 27 Apr 2001 12:10:17 +1000 (EST)
>Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id MAA28515
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 12:00:48 +1000 (EST)
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id MAA28515
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 12:00:48 +1000 (EST)
Received: from noc ([216.152.29.146])
by starship.anc.net (8.9.3+blt/8.9.3) with SMTP id VAA04978
for <radiator at open.com.au>; Thu, 26 Apr 2001 21:00:41 -0500 (CDT)
Message-Id: <4.1.20010426210115.0091d470 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Thu, 26 Apr 2001 21:02:55 -0500
To: radiator at open.com.au
From: John Coy <jcoy at anc.net>
Subject: (RADIATOR) best technique to fallback to flat file if DB server not
available
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
What's the best technique to have Radiator fall back to authentication
via flat file (UNIX-style auth for example) instead of SQL database if the
SQL database isn't available.
I tried using two DEFAULT entries in my users file, one which did SQL
auth, the other which did UNIX auth but that didn't work. Instead, it
fails to connect to the DB server and won't move on to the flat file.
Hints, tips welcome.
John
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3463 invoked by uid 0); 27 Apr 2001 03:28:03 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 03:28:03 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA09839
for radiator-zzlist; Fri, 27 Apr 2001 12:10:29 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA09826
for radiator at open.com.au; Fri, 27 Apr 2001 12:10:21 +1000 (EST)
>Received: from publica.ub.mng.net (publica.ub.mng.net [202.179.0.80]) by perki.connect.com.au with ESMTP id LAA27402
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 11:41:15 +1000 (EST)
Received: from publica.ub.mng.net (publica.ub.mng.net [202.179.0.80]) by perki.connect.com.au with ESMTP id LAA27402
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 11:41:15 +1000 (EST)
Received: from turbat (proxy.micom.mng.net [202.179.0.164])
by publica.ub.mng.net (8.11.1/8.11.1) with SMTP id f3RHf8a18255
for <radiator at open.com.au>; Fri, 27 Apr 2001 09:41:08 -0800 (GMT)
Message-ID: <004a01c0cebb$4beb6c60$0900a8c0 at turbat>
From: "ganbold" <ganbold at micom.mng.net>
To: <radiator at open.com.au>
Subject: RE: (RADIATOR) Important - How to do Block Time users
Date: Fri, 27 Apr 2001 09:42:19 +0800
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0047_01C0CEFE.59F61B50"
Sender: owner-radiator at open.com.au
Precedence: bulk
This is a multi-part message in MIME format.
------=_NextPart_000_0047_01C0CEFE.59F61B50
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Yes, I tried CheckBlockTIme script from goodies directory. First time it
worked when I had 2.17.1 version and Cisco IOS 11.0. But when I upgraded
Cisco IOS to latest version it didn't worked. So I solved it in that =
way.
Ganbold
------=_NextPart_000_0047_01C0CEFE.59F61B50
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Yes, I tried CheckBlockTIme script from =
goodies=20
directory. First time it<BR>worked when I had 2.17.1 version and Cisco =
IOS 11.0.=20
But when I upgraded<BR>Cisco IOS to latest version it didn't worked. So =
I solved=20
it in that way.<BR><BR>Ganbold<BR><BR><BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_0047_01C0CEFE.59F61B50--
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3896 invoked by uid 0); 27 Apr 2001 04:54:00 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 04:54:00 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA10084
for radiator-zzlist; Fri, 27 Apr 2001 13:40:59 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA10052
for radiator at open.com.au; Fri, 27 Apr 2001 13:40:45 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id NAA02306
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 13:14:44 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id NAA02306
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 13:14:44 +1000 (EST)
Received: from hugo (acc22-ppp168.mel.dialup.connect.net.au [210.10.141.168])
by entoo.connect.com.au (Postfix) with SMTP
id 29C28DDAAA; Fri, 27 Apr 2001 13:12:10 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: John Coy <jcoy at anc.net>, radiator at open.com.au
Subject: Re: (RADIATOR) dictionary for CVX boxes? (dictionary.cvx)
Date: Fri, 27 Apr 2001 13:12:26 +1000
X-Mailer: KMail [version 1.1.99]
References: <4.1.20010426185757.00a5ebe0 at pop3.anc.net>
In-Reply-To: <4.1.20010426185757.00a5ebe0 at pop3.anc.net>
MIME-Version: 1.0
Message-Id: <0104271312260I.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello John -
On Friday 27 April 2001 09:59, John Coy wrote:
> Is there a separate data dictionary for the CVX boxes?
> I know that the CVX attributes appear in the standard
> "large" dictionary, but I want to build a custom dictionary
> which only contains dictionary.ascend, dictionary.redback
> and the CVX attributes. I noticed someone posted a CVX
> dictionary to the mailing list a bit ago, but it seemed
> to be in some kind of macro language and not a dictionary
> file per-se.
>
> If someone can tell me where to find a stand-alone CVX
> dictionary I'd be grateful.
>
You would be better off starting with the standard "dictionary" file, and
removing the unwanted VSA's and adding the Redback VSA's from
"dictionary.redback" to the result. Should take about 3 minutes with your
favourite text editor.
The reason you should start with the standard dictionary is because there are
lots of things in it that Radiator uses.
BTW - Radiator 2.18.1 was released yesterday with support for the extended
CVX attributes.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3939 invoked by uid 0); 27 Apr 2001 04:59:30 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 04:59:30 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA10082
for radiator-zzlist; Fri, 27 Apr 2001 13:40:58 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA10040
for radiator at open.com.au; Fri, 27 Apr 2001 13:40:43 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id NAA02286
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 13:14:33 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id NAA02286
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 13:14:33 +1000 (EST)
Received: from hugo (acc22-ppp168.mel.dialup.connect.net.au [210.10.141.168])
by entoo.connect.com.au (Postfix) with SMTP
id 3BC42DD914; Fri, 27 Apr 2001 13:12:02 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Carlos P. Martinez" <carlos at pipelinebroadband.com>,
"'Radiator Tech Support'" <radiator at open.com.au>
Subject: Re: (RADIATOR) Clarification On Installing V.2.18.1 To V.2.18
Date: Fri, 27 Apr 2001 12:57:17 +1000
X-Mailer: KMail [version 1.1.99]
References: <01C0CE4E.67FED9E0.carlos at pipelinebroadband.com>
In-Reply-To: <01C0CE4E.67FED9E0.carlos at pipelinebroadband.com>
MIME-Version: 1.0
Message-Id: <0104271257170E.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Carlos -
I have discussed this issue several times on the mailing list
(www.starport.net/~radiator). My suggestion is always to create a new
directory for every version of Radiator.
In your situation I would do this:
create a top-level directory for Radiator
mkdir F:\Radiator
cd to that directory
cd F:\Radiator
download the distributions to this directory
unzip each distribution in this directory
This way you will keep the versions seperate and you can change from one to
another much more easily.
cd F:\Radiator\Radiator-2.18
cd F:\Radiator\Radiator-2.18.1
etc..
hth
Hugh
On Friday 27 April 2001 04:42, Carlos P. Martinez wrote:
> Dear Radiator Community,
>
> I just saw the announcement from Open Systems and downloaded the new
> version of Radiator. However, being that I just start with Radiator about
> two weeks ago, I am very concern about what procedure to use in the
> upgrading from v2.18 to v2.18.1. I don't want to overwrite any files that I
> have already setup and configured to work on my system.
>
> I looked on Open System's web site for instructions on this process and I
> also looked for a readme file in the downloaded package, but I was not able
> to find one. On my test machine, I unzipped the v.2.18.1 file onto my v2.18
> directory and found that it only made a Radiator-2.18.1 sub-folder under my
> Radiator-2.18 folder. Likewise results when I unzipped the file to my root
> drive F:\.
>
> I then renamed my Radiator-2.18 folder to Radiator-2.18.1 and unzipped
> Radiator-2.18.1.tgz file to root of my F:\ drive. I checked the folders and
> found that the updated files were now in place.
>
> Question: Using this procedure to upgrade to Radiator -2.18.1, will any of
> my already configured files, such as radius.cfg be overwritten? Am I on
> target here with this procedure?
>
> I am very sorry for the long e-mail, but I feel that others in user
> community may the same problem(s) and questions.
>
> I thank the community in advance for its the kind attention and
> cooperation.
>
> Sincerely,
>
> Carlos
>
>
> Carlos P. Martinez | Microsoft Certified Professional
> Network/Systems Manager @
> PipeLine BROADBAND
> Office: 303-346-2885 | Cell: 720-291-9793
> E-mail Address: carlos at pipelinebroadband.com
>
> "Only those who risk going too far can
> possibly find out how far one can go."
>
> -T.S. Eliot
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3947 invoked by uid 0); 27 Apr 2001 04:59:56 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 04:59:56 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA10089
for radiator-zzlist; Fri, 27 Apr 2001 13:41:03 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA10060
for radiator at open.com.au; Fri, 27 Apr 2001 13:40:47 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id NAA02296
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 13:14:37 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id NAA02296
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 13:14:37 +1000 (EST)
Received: from hugo (acc22-ppp168.mel.dialup.connect.net.au [210.10.141.168])
by entoo.connect.com.au (Postfix) with SMTP
id C6D77DD309; Fri, 27 Apr 2001 13:12:05 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "William Hernandez" <whr at essnet.com>, "Radiator" <radiator at open.com.au>
Subject: Re: (RADIATOR) Important - How to do Block Time users
Date: Fri, 27 Apr 2001 12:59:29 +1000
X-Mailer: KMail [version 1.1.99]
References: <HPEDIKHEOLINCJCFFGMHKELACHAA.whr at essnet.com>
In-Reply-To: <HPEDIKHEOLINCJCFFGMHKELACHAA.whr at essnet.com>
MIME-Version: 1.0
Message-Id: <0104271259290G.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello William -
You can do it either way - I just try to do as much as possible with the
configuration file rather than writing code.
cheers
Hugh
On Friday 27 April 2001 05:59, William Hernandez wrote:
> Interesting. Basically, you included the AuthBy SQL logic right
> into the hook.
>
> Did you decide on this solution because the AuthBy SQL clause in
> radius.cfg didn't work as expected?
>
> Thanks for your help,
> William
>
> -----Original Message-----
> From: ganbold [mailto:ganbold at micom.mng.net]
> Sent: Wednesday, April 25, 2001 9:25 PM
> To: William Hernandez
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Important - How to do Block Time users
>
>
> Hi,
>
> I solved it in following way. Below is PostAuthHook script.
>
> # CheckBlockTimeLeft
> #
> # PostAuthHook to check time left for a block user
> # by verifying the Session-Timeout attribute
> #
>
> sub
> {
>
> my $p = ${$_[0]};
> my $rp = ${$_[1]};
> my $result = ${$_[2]};
>
> my $name = $p->get_attr('User-Name');
> my $timeoutxx = 0;
>
> use DBI;
>
> my ($dsn)="DBI:mysql:radius:localhost";
> my ($namex)="xxx";
> #my ($password11)="xxx";
> my ($dbh,$sth);
> my (@ary);
>
> $dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
>
> my ($sth)=$dbh->prepare (qq{
>
> SELECT USERNAME,TIMELEFT FROM SUBSCRIBERS
> WHERE USERNAME='$name'
> });
> $sth->execute();
>
> while(my $hash_ref=$sth->fetchrow_hashref())
> {
> print join ("\t",$hash_ref->{USERNAME},$hash_ref->{TIMELEFT}).
> "\n";
> $timeoutxx = $hash_ref->{TIMELEFT};
> }
> $sth->finish();
>
> $dbh->disconnect();
>
>
> if (($result == $main::ACCEPT) && ($timeoutxx <= 0))
> {
> &main::log($main::LOG_DEBUG, "User $name has no time
> left");
>
> if($timeoutxx<0){
> $dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
> my ($sth)=$dbh->prepare (qq{
>
> UPDATE SUBSCRIBERS SET TIMELEFT=0 WHERE USERNAME='$name'
> });
> $sth->execute();
> $sth->finish();
>
> $dbh->disconnect();
> }
>
> # ${$_[2]} = $main::REJECT;
> if($p->code eq 'Access-Request'){
> $rp->delete_attr('Filter-Id');
> $rp->delete_attr('Session-Timeout');
> $rp->delete_attr('Framed-Protocol');
> $rp->delete_attr('Service-Type');
> $rp->delete_attr('Framed-MTU');
> $rp->delete_attr('Framed-Compression');
> $rp->set_code('Access-Reject');
> $rp->change_attr('Reply-Message','Prepaid time limit
> reached!');
> $p->{Client}->replyTo($rp,$p);
> }
> if($p->code eq 'Accounting-Request'){
> $rp->set_code('Accounting-Response');
> $p->{Client}->replyTo($rp,$p);
> }
> }
> return;
> }
> #####################################################
>
> HTH,
>
> Ganbold Ts.
>
> ----- Original Message -----
> From: "William Hernandez" <whr at essnet.com>
> To: "Radiator" <radiator at open.com.au>
> Sent: Wednesday, April 25, 2001 11:25 PM
> Subject: RE: (RADIATOR) Important - How to do Block Time users
>
> > Hello everyone,
> >
> > I'm trying to follow Hugh's tips, but I'm doing something
>
> wrong.
>
> > In my radius.cfg I have:
> >
> > <AuthBy SQL>
> > Identifier TimeBlock-SQL
> > DBSource *
> > DBUsername *
> > DBAuth *
> > AuthSelect select TIMEBLOCK from XSTOP where
> > USERNAME='%n'
> > AuthColumnDef 0, Time, check
> > </AuthBy>
> > <Realm DEFAULT>
> > AuthBy Check-FILE
> > AuthBy System
> > # This AuthBy will check the Time check-item
> > AuthBy TimeBlock-SQL
> > # This hook calculates the session-timeout
> > PostAuthHook file:"/etc/raddb/setSessionTimeout"
> > AcctLogFileName /var/log/radacct/detail
> > PasswordLogFileName /var/log/radius.log
> > ExcludeFromPasswordLog root
> > </Realm>
> >
> > In my PostAuthHook I have:
> > my $timeblock=$p->get_attr('Time');
> >
> > The problem is $timeblock is coming back an empty string. I
>
> can't
>
> > get the value to the PostAuthHook.
> > The "ERR: Invalid timeblock for user whr" in the radius.log
>
> comes
>
> > from the PostAuthHook.
> >
> > A Trace 4 radius.log shows:
> > Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> > *** Received from 208.249.78.6 port 4319 ....
> > Code: Access-Request
> > Identifier: 196
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "whr"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > NAS-Port-Type = Async
> > User-Password =
> > "<146><208><238><158><247><22><144><5><164><133><228><17
> > 4><1>H<30>x"
> >
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
> > 203.63.154.1, 1234
> > Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
> > RADONLINE where NASIDE
> > NTIFIER='203.63.154.1' and NASPORT=01234
> >
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
>
> match
>
> > with whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
>
> match
>
> > with DEFAULT
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX looks for
>
> match
>
> > with whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Query is: select
>
> NASIDENTIFIER,
>
> > NASPORT, ACCTSE
> > SSIONID from RADONLINE where USERNAME='whr'
> >
> > Wed Apr 25 11:05:31 2001: Login OK: [whr] (home)
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > Wed Apr 25 11:05:31 2001: ERR: Invalid timeblock for user whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Access accepted for whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> > *** Sending to 208.249.78.6 port 4319 ....
> > Code: Access-Accept
> > Identifier: 196
> > Authentic: 1234567890123456
> > Attributes:
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-IP-Netmask = 255.255.255.255
> > Framed-Compression = Van-Jacobson-TCP-IP
> > Ascend-Idle-Limit = 900
> >
> >
> > Any help would be appreciated.
> > Thanks in advance,
> > William
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 3982 invoked by uid 0); 27 Apr 2001 05:06:38 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 05:06:38 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA10061
for radiator-zzlist; Fri, 27 Apr 2001 13:40:50 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA10025
for radiator at open.com.au; Fri, 27 Apr 2001 13:40:39 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id NAA02283
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 13:14:31 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id NAA02283
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 13:14:31 +1000 (EST)
Received: from hugo (acc22-ppp168.mel.dialup.connect.net.au [210.10.141.168])
by entoo.connect.com.au (Postfix) with SMTP
id 72984DD6BF; Fri, 27 Apr 2001 13:11:59 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "William Hernandez" <whr at essnet.com>, "Radiator" <radiator at open.com.au>
Subject: Re: (RADIATOR) Important - How to do Block Time users
Date: Fri, 27 Apr 2001 12:50:25 +1000
X-Mailer: KMail [version 1.1.99]
References: <HPEDIKHEOLINCJCFFGMHIEKOCHAA.whr at essnet.com>
In-Reply-To: <HPEDIKHEOLINCJCFFGMHIEKOCHAA.whr at essnet.com>
MIME-Version: 1.0
Message-Id: <0104271250250D.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello William -
What version of Radiator are you running? The "request" type is only
supported in Radiator 2.18 and later.
BTW - Radiator-2.18.1 was released yesterday.
hth
Hugh
On Friday 27 April 2001 01:35, William Hernandez wrote:
> Thanks Hugh,
>
> I changed to:
> AuthColumnDef 0, Time, request
>
> But I'm still not getting anything in my PostAuthHook with:
> my $p=${$_[0]};
> my $timeblock=$p->get_attr('Time');
>
> Thanks in advance,
> William
>
>
> Thu Apr 26 10:18:17 2001: DEBUG: Packet dump:
> *** Received from 208.249.78.6 port 4346 ....
> Code: Access-Request
> Identifier: 122
> Authentic: 1234567890123456
> Attributes:
> User-Name = "whr"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<146><208><238><158><247><22><144><5><164><133><228><17
> 4><1>H<30>x"
>
> Thu Apr 26 10:18:17 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu Apr 26 10:18:17 2001: DEBUG: Deleting session for whr,
> 203.63.154.1, 1234
> Thu Apr 26 10:18:17 2001: DEBUG: do query is: delete from
> RADONLINE where NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
>
> Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthFILE
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthFILE looks for match
> with whr
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT
> Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthUNIX
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthUNIX looks for match
> with whr
> Thu Apr 26 10:18:17 2001: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT, ACCTSE
> SSIONID from RADONLINE where USERNAME='whr'
>
> Thu Apr 26 10:18:17 2001: Login OK: [whr] (home)
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthUNIX
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthUNIX looks for match
> with whr
> Thu Apr 26 10:18:17 2001: Login OK: [whr] (home)
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthSQL
> Thu Apr 26 10:18:17 2001: DEBUG: Handling with Radius::AuthSQL
> Thu Apr 26 10:18:17 2001: DEBUG: Query is: select TIMEBLOCK from
> XSTOP where USE
> RNAME='whr'
>
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthSQL looks for match
> with whr
> Thu Apr 26 10:18:17 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Thu Apr 26 10:18:17 2001: ERR: Invalid timeblock for user whr
> Thu Apr 26 10:18:17 2001: DEBUG: Access accepted for whr
> Thu Apr 26 10:18:17 2001: DEBUG: Packet dump:
> *** Sending to 208.249.78.6 port 4346 ....
> Code: Access-Accept
> Identifier: 122
> Authentic: 1234567890123456
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Compression = Van-Jacobson-TCP-IP
> Ascend-Idle-Limit = 900
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, April 26, 2001 1:49 AM
> To: William Hernandez; Radiator
> Subject: Re: (RADIATOR) Important - How to do Block Time users
>
>
>
> Hello William -
>
> On Thursday 26 April 2001 01:25, William Hernandez wrote:
> > Hello everyone,
> >
> > I'm trying to follow Hugh's tips, but I'm doing something
>
> wrong.
>
> > In my radius.cfg I have:
> >
> > <AuthBy SQL>
> > Identifier TimeBlock-SQL
> > DBSource *
> > DBUsername *
> > DBAuth *
> > AuthSelect select TIMEBLOCK from XSTOP where
> > USERNAME='%n'
> > AuthColumnDef 0, Time, check
>
> This is the problem, as you are trying to do a check with this
> query. If you
> want to store the value as an attribute called "Time" in the
> request packet,
> you would do this:
>
> AuthColumnDef 0, Time, request
>
> > </AuthBy>
> > <Realm DEFAULT>
> > AuthBy Check-FILE
> > AuthBy System
> > # This AuthBy will check the Time check-item
> > AuthBy TimeBlock-SQL
> > # This hook calculates the session-timeout
> > PostAuthHook file:"/etc/raddb/setSessionTimeout"
> > AcctLogFileName /var/log/radacct/detail
> > PasswordLogFileName /var/log/radius.log
> > ExcludeFromPasswordLog root
> > </Realm>
> >
> > In my PostAuthHook I have:
> > my $timeblock=$p->get_attr('Time');
>
> See above, until you store the value from the database in the
> request packet,
> this won't work ($p is a pointer to the current request packet).
>
> > The problem is $timeblock is coming back an empty string. I
>
> can't
>
> > get the value to the PostAuthHook.
> > The "ERR: Invalid timeblock for user whr" in the radius.log
>
> comes
>
> > from the PostAuthHook.
> >
> > A Trace 4 radius.log shows:
> > Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> > *** Received from 208.249.78.6 port 4319 ....
> > Code: Access-Request
> > Identifier: 196
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "whr"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > NAS-Port-Type = Async
> > User-Password =
> > "<146><208><238><158><247><22><144><5><164><133><228><17
> > 4><1>H<30>x"
> >
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
> > 203.63.154.1, 1234
> > Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
> > RADONLINE where NASIDE
> > NTIFIER='203.63.154.1' and NASPORT=01234
> >
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
>
> match
>
> > with whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
>
> match
>
> > with DEFAULT
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX looks for
>
> match
>
> > with whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Query is: select
>
> NASIDENTIFIER,
>
> > NASPORT, ACCTSE
> > SSIONID from RADONLINE where USERNAME='whr'
> >
> > Wed Apr 25 11:05:31 2001: Login OK: [whr] (home)
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > Wed Apr 25 11:05:31 2001: ERR: Invalid timeblock for user whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Access accepted for whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> > *** Sending to 208.249.78.6 port 4319 ....
> > Code: Access-Accept
> > Identifier: 196
> > Authentic: 1234567890123456
> > Attributes:
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-IP-Netmask = 255.255.255.255
> > Framed-Compression = Van-Jacobson-TCP-IP
> > Ascend-Idle-Limit = 900
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS
> server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS
> X.
> -
> Nets: internetwork inventory and management - graphical,
> extensible,
> flexible with hardware, software, platform and database
> independence.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 4157 invoked by uid 0); 27 Apr 2001 05:49:37 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 05:49:37 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA10273
for radiator-zzlist; Fri, 27 Apr 2001 14:40:47 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA10254;
Fri, 27 Apr 2001 14:40:40 +1000 (EST)
>Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id OAA05979
(8.8.8/IDA-1.7); Fri, 27 Apr 2001 14:24:34 +1000 (EST)
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id OAA05979
(8.8.8/IDA-1.7); Fri, 27 Apr 2001 14:24:34 +1000 (EST)
Received: from noc ([216.152.29.146])
by starship.anc.net (8.9.3+blt/8.9.3) with SMTP id XAA06269;
Thu, 26 Apr 2001 23:24:30 -0500 (CDT)
Message-Id: <4.1.20010426232404.00a459b0 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Thu, 26 Apr 2001 23:26:44 -0500
To: hugh at open.com.au, radiator at open.com.au
From: John Coy <jcoy at anc.net>
Subject: Re: (RADIATOR) dictionary for CVX boxes? (dictionary.cvx)
In-Reply-To: <0104271312260I.14904 at hugo>
References: <4.1.20010426185757.00a5ebe0 at pop3.anc.net>
<4.1.20010426185757.00a5ebe0 at pop3.anc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hugh,
Thanks for the feedback. I did upgrade to 2.18.1, appreciate the
hint about the dictionary file. I did end up doing basically
what you suggested -- started with the dictionary file and removed
the VSA's I didn't need and added the redback ones. All in all
I should be set.
Thanks,
John
At 01:12 PM 4/27/01 +1000, Hugh Irvine wrote:
>
>Hello John -
>
>On Friday 27 April 2001 09:59, John Coy wrote:
>> Is there a separate data dictionary for the CVX boxes?
>> I know that the CVX attributes appear in the standard
>> "large" dictionary, but I want to build a custom dictionary
>> which only contains dictionary.ascend, dictionary.redback
>> and the CVX attributes. I noticed someone posted a CVX
>> dictionary to the mailing list a bit ago, but it seemed
>> to be in some kind of macro language and not a dictionary
>> file per-se.
>>
>> If someone can tell me where to find a stand-alone CVX
>> dictionary I'd be grateful.
>>
>
>You would be better off starting with the standard "dictionary" file, and
>removing the unwanted VSA's and adding the Redback VSA's from
>"dictionary.redback" to the result. Should take about 3 minutes with your
>favourite text editor.
>
>The reason you should start with the standard dictionary is because there are
>lots of things in it that Radiator uses.
>
>BTW - Radiator 2.18.1 was released yesterday with support for the extended
>CVX attributes.
>
>hth
>
>Hugh
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 4808 invoked by uid 0); 27 Apr 2001 07:56:46 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 07:56:46 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA10610
for radiator-zzlist; Fri, 27 Apr 2001 16:40:49 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id QAA10588
for radiator at open.com.au; Fri, 27 Apr 2001 16:40:42 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA11805
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 16:25:11 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA11805
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 27 Apr 2001 16:25:11 +1000 (EST)
Received: from hugo (acc22-ppp168.mel.dialup.connect.net.au [210.10.141.168])
by entoo.connect.com.au (Postfix) with SMTP
id BABC2DDAA0; Fri, 27 Apr 2001 16:22:34 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Mariano Absatz" <lradius at pert.com.ar>,
Radiator List <radiator at open.com.au>
Subject: Re: (RADIATOR) Radiator 2.18.1 Released
Date: Fri, 27 Apr 2001 16:05:33 +1000
X-Mailer: KMail [version 1.1.99]
References: <3AE84891.9172.12B7F89 at localhost>
In-Reply-To: <3AE84891.9172.12B7F89 at localhost>
MIME-Version: 1.0
Message-Id: <0104271605330J.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="ISO-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Mariano -
Thanks for the feedback - Mike has fixed the manual for the next release.
cheers
Hugh
On Friday 27 April 2001 05:10, Mariano Absatz wrote:
> El 26 Apr 2001, a las 18:14, Mike McCauley escribió:
> > We are pleased to announce the release of Radiator version 2.18.1
> > Version provides a number of bug fixes and some new features.
>
> Hi... it run ok in our test installation... the "reload" problems are
> aparently gone away (as Mike said, it must have been the logger bug).
>
> Found a typo in the manual (there might be more, I just happened to be
>
> reading this precise section):
> > 6.40 <AuthBy DYNADDRESS>
> >
> > AuthBy DYNADDRESS can be used to dynamically allocate IP addresses for
> > dilaup users, in conjunction with <AddressAllocator xxx> clauses. It
> > is implemented in AuthDYNADDRESS.pm. At present, only one Address
>
> There are two address allocators now... :-)
>
> > Allocation engine is provided. <AddressAllocator SQL> (See Section )
>
> It's missing the Section number and the link is wrong (it points to
> #34248 which goes to "a couple of lines below the start of Section 6.45-
> AuthLog SQL, and it should point to #412546)
>
> > can allocate addresses out of an SQL database. Other address
> > allocation engines will be available for Radiator soon.
>
> or are, in fact, available now :-D
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 5860 invoked by uid 0); 27 Apr 2001 17:27:11 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 17:27:11 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA11428
for radiator-zzlist; Sat, 28 Apr 2001 02:10:20 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA11415
for radiator at open.com.au; Sat, 28 Apr 2001 02:10:15 +1000 (EST)
>Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id BAA05164
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 01:36:32 +1000 (EST)
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id BAA05164
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 01:36:32 +1000 (EST)
Received: from host.anc.net (dhcp-01.fwti.anc.net [216.152.25.2])
by starship.anc.net (8.9.3+blt/8.9.3) with ESMTP id KAA07019
for <radiator at open.com.au>; Fri, 27 Apr 2001 10:36:29 -0500 (CDT)
Message-Id: <4.3.1.2.20010427102905.00ab46b0 at pop3.arkansas.net>
X-Sender: noc at pop3.arkansas.net
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Fri, 27 Apr 2001 10:31:07 -0500
To: radiator at open.com.au
From: John Coy <jcoy at anc.net>
Subject: Re: (RADIATOR) best technique to fallback to flat file if DB
server not available
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-radiator at open.com.au
Precedence: bulk
I know it's wierd to reply to my own message, but I found
something in the RADIATOR archives:
[ From Mike McCauley ]
2. Chain a second authentication method after SQL, so that if SQL fails (and
says IGNORE), it will then auth from (say) a local flat file:
<Realm whatever>
AuthByPolicy ContinueWhileIgnore
<AuthBy SQL>
# whatever
</AuthBy>
# If SQL fails, auth from flat file:
<AuthBy FILE>
Filename whatever
</AuthBy>
</Realm>
However, this technique doesn't work if you have an arrangement
similar to this one -- here, my default realm is authenticated
using <Authby FILE>. Inside that file, I make references to
several authentication methods, including <AuthBy SQL> and
<AuthBy UNIX>. However, since the <AuthBy SQL> fails, it
never gets to move on to the second DEFAULT. Not sure if this
is intended to be this way, or if my config is just so messed
up... anyhow, if there's a way to get it to move on to the next
DEFAULT entry that's what I'd like to do....
My radiusd.cfg (excerpts):
-- radiusd.cfg --
<Realm DEFAULT>
RewriteUsername tr/A-Z/a-z/
AuthByPolicy ContinueWhileIgnore
AuthBy AuthANCIUsers
</Realm>
<AuthBy FILE>
Identifier AuthANCIUsers
Filename %D/users
</AuthBy>
<AuthBy SQL>
Identifier AuthSQLPasswd
DBSource dbi:Oracle:starship
DBUsername uname
DBAuth password
AuthSelect SELECT password, checkattr, replyattr \
FROM passwd \
WHERE username = LOWER('%n')
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AddToReplyIfNotExist Ascend-Maximum-Channels = 1
AccountingTable
</AuthBy>
<AuthBy UNIX>
Identifier UNIX
Filename /usr/local/etc/shadow
GroupFilename /usr/local/etc/group
AddToReplyIfNotExist Ascend-Maximum-Channels = 1
</Authby>
-- end radiusd.cfg --
Then, inside the "users" file, you have a DEFAULT entry:
-- users --
DEFAULT Auth-Type = AuthSQLPasswd
Ascend-Idle-Limit = 1800,
Ascend-Assign-IP-Pool = 0,
User-Service = Framed-User,
Framed-Protocol = PPP,
Ascend-Maximum-Call-Duration = 480,
Ascend-Client-Primary-DNS = 208.133.27.10,
Ascend-Client-Secondary-DNS = 216.152.26.168,
Ascend-Client-Assign-DNS = DNS-Assign-Yes,
Ascend-Shared-Profile-Enable = 0,
Ascend-Multicast-Client = 1,
Ascend-Multicast-Rate-Limit = 5
DEFAULT Auth-Type = UNIX
Ascend-Idle-Limit = 1800,
Ascend-Assign-IP-Pool = 0,
User-Service = Framed-User,
Framed-Protocol = PPP,
Ascend-Maximum-Call-Duration = 480,
Ascend-Client-Primary-DNS = 208.133.27.10,
Ascend-Client-Secondary-DNS = 216.152.26.168,
Ascend-Client-Assign-DNS = DNS-Assign-Yes,
Ascend-Shared-Profile-Enable = 0,
Ascend-Multicast-Client = 1,
Ascend-Multicast-Rate-Limit = 5
-- end users --
At 09:02 PM 4/26/01 -0500, you wrote:
>What's the best technique to have Radiator fall back to authentication
>via flat file (UNIX-style auth for example) instead of SQL database if the
>SQL database isn't available.
>
>I tried using two DEFAULT entries in my users file, one which did SQL
>auth, the other which did UNIX auth but that didn't work. Instead, it
>fails to connect to the DB server and won't move on to the flat file.
>
>Hints, tips welcome.
>
>John
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 6176 invoked by uid 0); 27 Apr 2001 19:16:45 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 19:16:45 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id DAA11571
for radiator-zzlist; Sat, 28 Apr 2001 03:40:31 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id DAA11542
for radiator at open.com.au; Sat, 28 Apr 2001 03:40:21 +1000 (EST)
>Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id DAA08454
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 03:03:50 +1000 (EST)
Received: from rerun.netcarrier.net (mail.corp.netcarrier.com [216.178.72.30]) by perki.connect.com.au with SMTP id DAA08454
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 03:03:50 +1000 (EST)
Received: (qmail 17659 invoked by uid 1003); 27 Apr 2001 17:02:38 -0000
Received: from lnt4exch.netcarrier.com (216.178.72.30)
by rerun.netcarrier.net with SMTP; 27 Apr 2001 17:02:38 -0000
Received: by lnt4exch.netcarrier.net with Internet Mail Service (5.5.2653.19)
id <JBLQ6M2B>; Fri, 27 Apr 2001 13:03:01 -0400
Message-ID: <F55475F2CB7AD411BA9700D0B747AFDE24D7C8 at lnt4exch.netcarrier.net>
From: "Kitabjian, Dave" <dave at netcarrier.com>
To: "'John Coy'" <jcoy at anc.net>, radiator at open.com.au
Subject: RE: (RADIATOR) best technique to fallback to flat file if DB serv
er not available
Date: Fri, 27 Apr 2001 13:02:52 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
I'm not a whiz at using DEFAULT, but you might benefit from:
13.2.6 Fall-Through
This attribute is not actually returned to the NAS. Its presence causes
Radiator to continue looking for a match with the next DEFAULT user name.
Fall-Through = yes
http://www.open.com.au/radiator/ref.html#pgfId=330995
Dave
> -----Original Message-----
> From: John Coy [mailto:jcoy at anc.net]
> Sent: Friday, April 27, 2001 11:31 AM
> To: radiator at open.com.au
> Subject: Re: (RADIATOR) best technique to fallback to flat file if DB
> server not available
>
>
> I know it's wierd to reply to my own message, but I found
> something in the RADIATOR archives:
>
> [ From Mike McCauley ]
> 2. Chain a second authentication method after SQL, so that if
> SQL fails (and
> says IGNORE), it will then auth from (say) a local flat file:
>
> <Realm whatever>
> AuthByPolicy ContinueWhileIgnore
> <AuthBy SQL>
> # whatever
> </AuthBy>
> # If SQL fails, auth from flat file:
> <AuthBy FILE>
> Filename whatever
> </AuthBy>
> </Realm>
>
> However, this technique doesn't work if you have an arrangement
> similar to this one -- here, my default realm is authenticated
> using <Authby FILE>. Inside that file, I make references to
> several authentication methods, including <AuthBy SQL> and
> <AuthBy UNIX>. However, since the <AuthBy SQL> fails, it
> never gets to move on to the second DEFAULT. Not sure if this
> is intended to be this way, or if my config is just so messed
> up... anyhow, if there's a way to get it to move on to the next
> DEFAULT entry that's what I'd like to do....
>
> My radiusd.cfg (excerpts):
>
> -- radiusd.cfg --
> <Realm DEFAULT>
> RewriteUsername tr/A-Z/a-z/
> AuthByPolicy ContinueWhileIgnore
>
> AuthBy AuthANCIUsers
> </Realm>
>
> <AuthBy FILE>
> Identifier AuthANCIUsers
> Filename %D/users
> </AuthBy>
>
> <AuthBy SQL>
> Identifier AuthSQLPasswd
>
> DBSource dbi:Oracle:starship
> DBUsername uname
> DBAuth password
>
> AuthSelect SELECT password, checkattr, replyattr \
> FROM passwd \
> WHERE username = LOWER('%n')
>
> AuthColumnDef 0, Encrypted-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
>
> AddToReplyIfNotExist Ascend-Maximum-Channels = 1
>
> AccountingTable
> </AuthBy>
>
> <AuthBy UNIX>
> Identifier UNIX
> Filename /usr/local/etc/shadow
> GroupFilename /usr/local/etc/group
>
> AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> </Authby>
> -- end radiusd.cfg --
>
> Then, inside the "users" file, you have a DEFAULT entry:
>
> -- users --
> DEFAULT Auth-Type = AuthSQLPasswd
> Ascend-Idle-Limit = 1800,
> Ascend-Assign-IP-Pool = 0,
> User-Service = Framed-User,
> Framed-Protocol = PPP,
> Ascend-Maximum-Call-Duration = 480,
> Ascend-Client-Primary-DNS = 208.133.27.10,
> Ascend-Client-Secondary-DNS = 216.152.26.168,
> Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> Ascend-Shared-Profile-Enable = 0,
> Ascend-Multicast-Client = 1,
> Ascend-Multicast-Rate-Limit = 5
>
> DEFAULT Auth-Type = UNIX
> Ascend-Idle-Limit = 1800,
> Ascend-Assign-IP-Pool = 0,
> User-Service = Framed-User,
> Framed-Protocol = PPP,
> Ascend-Maximum-Call-Duration = 480,
> Ascend-Client-Primary-DNS = 208.133.27.10,
> Ascend-Client-Secondary-DNS = 216.152.26.168,
> Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> Ascend-Shared-Profile-Enable = 0,
> Ascend-Multicast-Client = 1,
> Ascend-Multicast-Rate-Limit = 5
> -- end users --
>
> At 09:02 PM 4/26/01 -0500, you wrote:
> >What's the best technique to have Radiator fall back to
> authentication
> >via flat file (UNIX-style auth for example) instead of SQL
> database if the
> >SQL database isn't available.
> >
> >I tried using two DEFAULT entries in my users file, one which did SQL
> >auth, the other which did UNIX auth but that didn't work.
> Instead, it
> >fails to connect to the DB server and won't move on to the flat file.
> >
> >Hints, tips welcome.
> >
> >John
> >
> >
> >===
> >Archive at http://www.starport.net/~radiator/
> >Announcements on radiator-announce at open.com.au
> >To unsubscribe, email 'majordomo at open.com.au' with
> >'unsubscribe radiator' in the body of the message.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 6177 invoked by uid 0); 27 Apr 2001 19:16:45 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 19:16:45 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id DAA11604
for radiator-zzlist; Sat, 28 Apr 2001 03:40:41 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id DAA11566
for radiator at open.com.au; Sat, 28 Apr 2001 03:40:27 +1000 (EST)
>Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id DAA08669
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 03:09:39 +1000 (EST)
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id DAA08669
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 03:09:39 +1000 (EST)
Received: from host.anc.net (dhcp-01.fwti.anc.net [216.152.25.2])
by starship.anc.net (8.9.3+blt/8.9.3) with ESMTP id MAA09173;
Fri, 27 Apr 2001 12:09:34 -0500 (CDT)
Message-Id: <4.3.1.2.20010427120255.00ab3c70 at pop3.arkansas.net>
X-Sender: noc at pop3.arkansas.net
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Fri, 27 Apr 2001 12:04:11 -0500
To: "Kitabjian, Dave" <dave at netcarrier.com>
From: John Coy <jcoy at anc.net>
Subject: RE: (RADIATOR) best technique to fallback to flat file if DB
serv er not available
Cc: radiator at open.com.au
In-Reply-To: <F55475F2CB7AD411BA9700D0B747AFDE24D7C8 at lnt4exch.netcarrier
.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-radiator at open.com.au
Precedence: bulk
It's my understanding that Fall-Through = yes is the default
setting. However, I did try it and it still did not work.
Thank you for your reply, however. I'm certain that I'm
doing something wrong, but I know eventually I'll figure
it out or someone will nudge me in the right direction.
John
At 01:02 PM 4/27/01 -0400, you wrote:
>I'm not a whiz at using DEFAULT, but you might benefit from:
>
>13.2.6 Fall-Through
>This attribute is not actually returned to the NAS. Its presence causes
>Radiator to continue looking for a match with the next DEFAULT user name.
>
> Fall-Through = yes
>
>http://www.open.com.au/radiator/ref.html#pgfId=330995
>
>Dave
>
> > -----Original Message-----
> > From: John Coy [mailto:jcoy at anc.net]
> > Sent: Friday, April 27, 2001 11:31 AM
> > To: radiator at open.com.au
> > Subject: Re: (RADIATOR) best technique to fallback to flat file if DB
> > server not available
> >
> >
> > I know it's wierd to reply to my own message, but I found
> > something in the RADIATOR archives:
> >
> > [ From Mike McCauley ]
> > 2. Chain a second authentication method after SQL, so that if
> > SQL fails (and
> > says IGNORE), it will then auth from (say) a local flat file:
> >
> > <Realm whatever>
> > AuthByPolicy ContinueWhileIgnore
> > <AuthBy SQL>
> > # whatever
> > </AuthBy>
> > # If SQL fails, auth from flat file:
> > <AuthBy FILE>
> > Filename whatever
> > </AuthBy>
> > </Realm>
> >
> > However, this technique doesn't work if you have an arrangement
> > similar to this one -- here, my default realm is authenticated
> > using <Authby FILE>. Inside that file, I make references to
> > several authentication methods, including <AuthBy SQL> and
> > <AuthBy UNIX>. However, since the <AuthBy SQL> fails, it
> > never gets to move on to the second DEFAULT. Not sure if this
> > is intended to be this way, or if my config is just so messed
> > up... anyhow, if there's a way to get it to move on to the next
> > DEFAULT entry that's what I'd like to do....
> >
> > My radiusd.cfg (excerpts):
> >
> > -- radiusd.cfg --
> > <Realm DEFAULT>
> > RewriteUsername tr/A-Z/a-z/
> > AuthByPolicy ContinueWhileIgnore
> >
> > AuthBy AuthANCIUsers
> > </Realm>
> >
> > <AuthBy FILE>
> > Identifier AuthANCIUsers
> > Filename %D/users
> > </AuthBy>
> >
> > <AuthBy SQL>
> > Identifier AuthSQLPasswd
> >
> > DBSource dbi:Oracle:starship
> > DBUsername uname
> > DBAuth password
> >
> > AuthSelect SELECT password, checkattr, replyattr \
> > FROM passwd \
> > WHERE username = LOWER('%n')
> >
> > AuthColumnDef 0, Encrypted-Password, check
> > AuthColumnDef 1, GENERIC, check
> > AuthColumnDef 2, GENERIC, reply
> >
> > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> >
> > AccountingTable
> > </AuthBy>
> >
> > <AuthBy UNIX>
> > Identifier UNIX
> > Filename /usr/local/etc/shadow
> > GroupFilename /usr/local/etc/group
> >
> > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> > </Authby>
> > -- end radiusd.cfg --
> >
> > Then, inside the "users" file, you have a DEFAULT entry:
> >
> > -- users --
> > DEFAULT Auth-Type = AuthSQLPasswd
> > Ascend-Idle-Limit = 1800,
> > Ascend-Assign-IP-Pool = 0,
> > User-Service = Framed-User,
> > Framed-Protocol = PPP,
> > Ascend-Maximum-Call-Duration = 480,
> > Ascend-Client-Primary-DNS = 208.133.27.10,
> > Ascend-Client-Secondary-DNS = 216.152.26.168,
> > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> > Ascend-Shared-Profile-Enable = 0,
> > Ascend-Multicast-Client = 1,
> > Ascend-Multicast-Rate-Limit = 5
> >
> > DEFAULT Auth-Type = UNIX
> > Ascend-Idle-Limit = 1800,
> > Ascend-Assign-IP-Pool = 0,
> > User-Service = Framed-User,
> > Framed-Protocol = PPP,
> > Ascend-Maximum-Call-Duration = 480,
> > Ascend-Client-Primary-DNS = 208.133.27.10,
> > Ascend-Client-Secondary-DNS = 216.152.26.168,
> > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> > Ascend-Shared-Profile-Enable = 0,
> > Ascend-Multicast-Client = 1,
> > Ascend-Multicast-Rate-Limit = 5
> > -- end users --
> >
> > At 09:02 PM 4/26/01 -0500, you wrote:
> > >What's the best technique to have Radiator fall back to
> > authentication
> > >via flat file (UNIX-style auth for example) instead of SQL
> > database if the
> > >SQL database isn't available.
> > >
> > >I tried using two DEFAULT entries in my users file, one which did SQL
> > >auth, the other which did UNIX auth but that didn't work.
> > Instead, it
> > >fails to connect to the DB server and won't move on to the flat file.
> > >
> > >Hints, tips welcome.
> > >
> > >John
> > >
> > >
> > >===
> > >Archive at http://www.starport.net/~radiator/
> > >Announcements on radiator-announce at open.com.au
> > >To unsubscribe, email 'majordomo at open.com.au' with
> > >'unsubscribe radiator' in the body of the message.
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 6313 invoked by uid 0); 27 Apr 2001 22:55:48 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 27 Apr 2001 22:55:48 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA11941
for radiator-zzlist; Sat, 28 Apr 2001 07:40:24 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA11936
for radiator at open.com.au; Sat, 28 Apr 2001 07:40:19 +1000 (EST)
>Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id HAA17768
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 07:24:53 +1000 (EST)
Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id HAA17768
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 07:24:53 +1000 (EST)
Received: from cosa.intranet.pert.com.ar ([192.168.1.10]:14090 "EHLO COSA"
whoson: "popbaby") by dedos.pert.com.ar with ESMTP
id <S35006AbRD0VYO>; Fri, 27 Apr 2001 18:24:14 -0300
From: "Mariano Absatz" <lradius at pert.com.ar>
To: Radiator List <radiator at open.com.au>
Date: Fri, 27 Apr 2001 18:24:35 -0300
MIME-Version: 1.0
Content-transfer-encoding: 7BIT
Subject: (RADIATOR) AuthLog not working
Message-ID: <3AE9B963.4805.1C2239F at localhost>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Content-Type: text/plain; charset=US-ASCII
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi,
Netra T1 AC200, 1CPU 360MHz, 512Mb RAM, 2x18Gb HD, Solaris 8, Perl
v5.6.1, Radiator 2.18.1 (how easy is to be on the edge version when it's
not yet in production :-)
The AuthLog is not created. Period.
That is, I copied the config from another installation and the file
doesn't appear... there is no other new file under the %L hierarchy,
either.
Radiator is started with "rad_instance=test" to set the GlobalVar...
I enclose the full config file and a TRACE 4 after issuing radpwtst once
with a wrong password and once with the correct one... there is no
indication of an error while parsing the <AuthLog FILE> statement.
Any clues?
================= /app/Radiator/etc/radius-test.cfg =====================
================= /app/Radiator/etc/radius-test.cfg =====================
================= /app/Radiator/etc/radius-test.cfg =====================
##################################################################
# TEST CONFIGURATION #
##################################################################
##################################################################
# FILES AND DIRECTORIES SECTION #
##################################################################
LogDir /logs/radius
DbDir /app/Radiator/db
DefineGlobalVar ScriptDir /app/Radiator/scripts
DefineGlobalVar ConfigDir /app/Radiator/etc
DefineGlobalVar TempDir /app/Radiator/tmp
DictionaryFile %{GlobalVar:ConfigDir}/dictionary
PidFile %{GlobalVar:TempDir}/rad-%{GlobalVar:rad_instance}.pid
##################################################################
# DATABASE DEFINITIONS SECTION #
##################################################################
DefineGlobalVar OracleHost localhost
DefineGlobalVar OracleSID radius
DefineGlobalVar MR_DBSource
dbi:Oracle:host=localhost;sid=radius
DefineGlobalVar MR_DBUsername radmin
DefineGlobalVar MR_DBAuth radius
##################################################################
# REWRITE SECTION #
##################################################################
# REWRITE USER NAME BEFORE ANYTHING ELSE
# Rewrite any Name without realm to our realm
# because defaultrealm does not match on HANDLER
RewriteUsername s/^([^@]+)$/$1\@metrored/
# change everything in the username to lowercase
RewriteUsername tr/[A-Z]/[a-z]/
##################################################################
# LOGGING SECTION #
##################################################################
# For debugging, uncomment the 2 following lines
Trace 4
LogFile %L/%Y-%m/%{GlobalVar:rad_instance}/debugLog_%d-%q
#Trace:
#0 ERR. Error conditions. Serious and unexpected failures
#1 WARNING. Warning conditions. Unexpected failures
#2 NOTICE. Normal but significant conditions.
#3 INFO. Informational messages.
#4 DEBUG. Debugging messages.
#5 Incoming raw packet dumps in hexadecimal.
<Log FILE>
Identifier fileLoggerMetroTest
Filename %L/%Y-%m/%{GlobalVar:rad_instance}/stdLog_%d-%q
Trace 3
</Log>
#Log authentication success and failure to a file
<AuthLog FILE>
Identifier testLoggerMetroRED
Filename %L/%Y-%m/%{GlobalVar:rad_instance}/authLog_%d-%q
LogSuccess 1
LogFailure 1
SuccessFormat %l:%n:<****>:OK
FailureFormat %l:%n:%P:FAIL
</AuthLog>
##################################################################
# PROTOCOL SECTION #
##################################################################
AuthPort 1812
AcctPort 1813
<SNMPAgent>
Port 16111
ROCommunity CONFIGURAR-COMUNIDAD
</SNMPAgent>
#################################################################
# CLIENTS SECTION #
##################################################################
# Test CPM
<Client 1.2.3.4>
Identifier testClient
Secret XXXXXXXXXX
IdenticalClients localhost
</Client>
##################################################################
# AUTHENTICATION SECTION #
##################################################################
<Realm DEFAULT>
<AuthBy FILE>
Identifier testFileAuth
Filename %D/testusers
# para poder editar el archivo y no recargar el radius
# OJO que la busqueda es LINEAL!!!
Nocache
</AuthBy>
</Realm>
=========================== TRACE 4 ===============================
=========================== TRACE 4 ===============================
=========================== TRACE 4 ===============================
Fri Apr 27 17:39:24 2001: INFO: Server started: Radiator 2.18.1 on mr-
radius
Fri Apr 27 17:39:32 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 35085 ....
Code: Access-Request
Identifier: 2
Authentic: 1234567890123456
Attributes:
User-Name = "mariano at pert"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"B=<231>g%<251><233>:<238><192><220>`<176><12>\<146>"
Fri Apr 27 17:39:32 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:32 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:32 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Apr 27 17:39:32 2001: DEBUG: Deleting session for mariano at pert,
203.63.154.1, 1234
Fri Apr 27 17:39:32 2001: DEBUG: Handling with Radius::AuthFILE
Fri Apr 27 17:39:32 2001: DEBUG: Reading users file
/app/Radiator/db/testusers
Fri Apr 27 17:39:32 2001: DEBUG: Radius::AuthFILE looks for match with
mariano at pert
Fri Apr 27 17:39:33 2001: DEBUG: Radius::AuthFILE REJECT: Bad Password
Fri Apr 27 17:39:33 2001: DEBUG: Reading users file
/app/Radiator/db/testusers
Fri Apr 27 17:39:33 2001: INFO: Access rejected for mariano at pert: Bad
Password
Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 35085 ....
Code: Access-Reject
Identifier: 2
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 35085 ....
Code: Accounting-Request
Identifier: 3
Authentic:
V<155><221>K<249>*<233><131><212><210><193><148><214><195><11>e
Attributes:
User-Name = "mariano at pert"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Fri Apr 27 17:39:33 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:33 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:33 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Apr 27 17:39:33 2001: DEBUG: Adding session for mariano at pert,
203.63.154.1, 1234
Fri Apr 27 17:39:33 2001: DEBUG: Handling with Radius::AuthFILE
Fri Apr 27 17:39:33 2001: DEBUG: Accounting accepted
Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 35085 ....
Code: Accounting-Response
Identifier: 3
Authentic:
V<155><221>K<249>*<233><131><212><210><193><148><214><195><11>e
Attributes:
Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 35085 ....
Code: Accounting-Request
Identifier: 4
Authentic: <182><179>e<216>L<160><149><206>m_<193>!<182>Wo`
Attributes:
User-Name = "mariano at pert"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Fri Apr 27 17:39:33 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:33 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:33 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Apr 27 17:39:33 2001: DEBUG: Deleting session for mariano at pert,
203.63.154.1, 1234
Fri Apr 27 17:39:33 2001: DEBUG: Handling with Radius::AuthFILE
Fri Apr 27 17:39:33 2001: DEBUG: Accounting accepted
Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 35085 ....
Code: Accounting-Response
Identifier: 4
Authentic: <182><179>e<216>L<160><149><206>m_<193>!<182>Wo`
Attributes:
Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 35086 ....
Code: Access-Request
Identifier: 9
Authentic: 1234567890123456
Attributes:
User-Name = "mariano at pert"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"A/<225>x%<251><233>:<238><192><220>`<176><12>\<146>"
Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:39 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Apr 27 17:39:39 2001: DEBUG: Deleting session for mariano at pert,
203.63.154.1, 1234
Fri Apr 27 17:39:39 2001: DEBUG: Handling with Radius::AuthFILE
Fri Apr 27 17:39:39 2001: DEBUG: Reading users file
/app/Radiator/db/testusers
Fri Apr 27 17:39:39 2001: DEBUG: Radius::AuthFILE looks for match with
mariano at pert
Fri Apr 27 17:39:39 2001: DEBUG: Radius::AuthFILE ACCEPT:
Fri Apr 27 17:39:39 2001: DEBUG: Access accepted for mariano at pert
Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 35086 ....
Code: Access-Accept
Identifier: 9
Authentic: 1234567890123456
Attributes:
Framed-Protocol = PPP
Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 35086 ....
Code: Accounting-Request
Identifier: 10
Authentic: Z<24>}<132><175>=<131><201><11>;<24><217><150><159>7<10>
Attributes:
User-Name = "mariano at pert"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:39 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Apr 27 17:39:39 2001: DEBUG: Adding session for mariano at pert,
203.63.154.1, 1234
Fri Apr 27 17:39:39 2001: DEBUG: Handling with Radius::AuthFILE
Fri Apr 27 17:39:39 2001: DEBUG: Accounting accepted
Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 35086 ....
Code: Accounting-Response
Identifier: 10
Authentic: Z<24>}<132><175>=<131><201><11>;<24><217><150><159>7<10>
Attributes:
Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 35086 ....
Code: Accounting-Request
Identifier: 11
Authentic:
<207><152><10>5<170><228>Po6<200><172><132><197><225><216><161>
Attributes:
User-Name = "mariano at pert"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
Fri Apr 27 17:39:39 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Apr 27 17:39:39 2001: DEBUG: Deleting session for mariano at pert,
203.63.154.1, 1234
Fri Apr 27 17:39:39 2001: DEBUG: Handling with Radius::AuthFILE
Fri Apr 27 17:39:39 2001: DEBUG: Accounting accepted
Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 35086 ....
Code: Accounting-Response
Identifier: 11
Authentic:
<207><152><10>5<170><228>Po6<200><172><132><197><225><216><161>
Attributes:
Fri Apr 27 17:39:54 2001: NOTICE: SIGHUP received: restarting
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 6463 invoked by uid 0); 28 Apr 2001 02:44:25 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 28 Apr 2001 02:44:25 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA12261
for radiator-zzlist; Sat, 28 Apr 2001 11:40:14 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA12249
for radiator at open.com.au; Sat, 28 Apr 2001 11:40:09 +1000 (EST)
>Received: from itsi7.your-net.com (itsi7.your-net.com [216.68.87.17]) by perki.connect.com.au with ESMTP id LAA25863
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 11:12:31 +1000 (EST)
Received: from itsi7.your-net.com (itsi7.your-net.com [216.68.87.17]) by perki.connect.com.au with ESMTP id LAA25863
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 11:12:31 +1000 (EST)
Received: (from apache at localhost)
by itsi7.your-net.com (8.11.0/8.11.0) id f3S1BSr29673;
Fri, 27 Apr 2001 21:11:28 -0400
Date: Fri, 27 Apr 2001 21:11:28 -0400
Message-Id: <200104280111.f3S1BSr29673 at itsi7.your-net.com>
From: "Doug Currey" <doug at curreycentral.com>
To: radiator at open.com.au
Subject: (RADIATOR) Simple question
X-Mailer: NeoMail 1.23
X-IPAddress: 216.68.87.41
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Sender: owner-radiator at open.com.au
Precedence: bulk
I am building a new server to run Radiator on. I have everything
installed correctly but I am forgetting a Perl program that was needed
for proper date format what was it.
--
Doug
doug at curreycentral.com
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 6504 invoked by uid 0); 28 Apr 2001 03:50:10 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 28 Apr 2001 03:50:10 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA12482
for radiator-zzlist; Sat, 28 Apr 2001 12:41:00 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA12462
for radiator at open.com.au; Sat, 28 Apr 2001 12:40:46 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA28596
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 12:28:13 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA28596
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 12:28:13 +1000 (EST)
Received: from hugo (acc22-ppp10.mel.dialup.connect.net.au [210.10.141.10])
by entoo.connect.com.au (Postfix) with SMTP
id 621C7DD238; Sat, 28 Apr 2001 12:25:38 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: John Coy <jcoy at anc.net>, "Kitabjian, Dave" <dave at netcarrier.com>
Subject: Re: (RADIATOR) best technique to fallback to flat file if DB serv er not available
Date: Sat, 28 Apr 2001 12:15:48 +1000
X-Mailer: KMail [version 1.1.99]
Cc: radiator at open.com.au
References: <4.3.1.2.20010427120255.00ab3c70 at pop3.arkansas.net>
In-Reply-To: <4.3.1.2.20010427120255.00ab3c70 at pop3.arkansas.net>
MIME-Version: 1.0
Message-Id: <0104281215480V.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello John, Hello Dave -
The problem you are seeing has to do with the the differences between
multiple DEFAULT handling in a user file and multiple AuthBy clauses under
the control of an AuthByPolicy.
In the case of multiple DEFAULT entries, these are only consulted in the case
of a Reject (or multiple Rejects), except when Fall-Through is used, in
which case it will go on to the next in the case of an Accept. There is no
provision for Ignore as you have discovered.
The way to deal with Ignore is by using multiple AuthBy clauses under the
control of an AuthByPolicy ContinueWhileIgnore. In your case, you could
replace your AuthBy FILE, with an AuthBy GROUP:
<Realm DEFAULT>
RewriteUsername tr/A-Z/a-z/
AuthByPolicy ContinueWhileIgnore
AuthBy AuthANCIUsers
</Realm>
<AuthBy GROUP>
Identifier AuthANCIUsers
AuthByPolicy ContinueWhileIgnore
AuthBy AuthSQLPasswd
AuthBy UNIX
</AuthBy>
<AuthBy SQL>
Identifier AuthSQLPasswd
DBSource dbi:Oracle:starship
DBUsername uname
DBAuth password
AuthSelect SELECT password, checkattr, replyattr \
FROM passwd \
WHERE username = LOWER('%n')
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AddToReplyIfNotExist Ascend-Maximum-Channels = 1
AccountingTable
</AuthBy>
<AuthBy UNIX>
Identifier UNIX
Filename /usr/local/etc/shadow
GroupFilename /usr/local/etc/group
AddToReplyIfNotExist Ascend-Maximum-Channels = 1
</Authby>
hth
Hugh
On Saturday 28 April 2001 03:04, John Coy wrote:
> It's my understanding that Fall-Through = yes is the default
> setting. However, I did try it and it still did not work.
>
> Thank you for your reply, however. I'm certain that I'm
> doing something wrong, but I know eventually I'll figure
> it out or someone will nudge me in the right direction.
>
> John
>
> At 01:02 PM 4/27/01 -0400, you wrote:
> >I'm not a whiz at using DEFAULT, but you might benefit from:
> >
> >13.2.6 Fall-Through
> >This attribute is not actually returned to the NAS. Its presence causes
> >Radiator to continue looking for a match with the next DEFAULT user name.
> >
> > Fall-Through = yes
> >
> >http://www.open.com.au/radiator/ref.html#pgfId=330995
> >
> >Dave
> >
> > > -----Original Message-----
> > > From: John Coy [mailto:jcoy at anc.net]
> > > Sent: Friday, April 27, 2001 11:31 AM
> > > To: radiator at open.com.au
> > > Subject: Re: (RADIATOR) best technique to fallback to flat file if DB
> > > server not available
> > >
> > >
> > > I know it's wierd to reply to my own message, but I found
> > > something in the RADIATOR archives:
> > >
> > > [ From Mike McCauley ]
> > > 2. Chain a second authentication method after SQL, so that if
> > > SQL fails (and
> > > says IGNORE), it will then auth from (say) a local flat file:
> > >
> > > <Realm whatever>
> > > AuthByPolicy ContinueWhileIgnore
> > > <AuthBy SQL>
> > > # whatever
> > > </AuthBy>
> > > # If SQL fails, auth from flat file:
> > > <AuthBy FILE>
> > > Filename whatever
> > > </AuthBy>
> > > </Realm>
> > >
> > > However, this technique doesn't work if you have an arrangement
> > > similar to this one -- here, my default realm is authenticated
> > > using <Authby FILE>. Inside that file, I make references to
> > > several authentication methods, including <AuthBy SQL> and
> > > <AuthBy UNIX>. However, since the <AuthBy SQL> fails, it
> > > never gets to move on to the second DEFAULT. Not sure if this
> > > is intended to be this way, or if my config is just so messed
> > > up... anyhow, if there's a way to get it to move on to the next
> > > DEFAULT entry that's what I'd like to do....
> > >
> > > My radiusd.cfg (excerpts):
> > >
> > > -- radiusd.cfg --
> > > <Realm DEFAULT>
> > > RewriteUsername tr/A-Z/a-z/
> > > AuthByPolicy ContinueWhileIgnore
> > >
> > > AuthBy AuthANCIUsers
> > > </Realm>
> > >
> > > <AuthBy FILE>
> > > Identifier AuthANCIUsers
> > > Filename %D/users
> > > </AuthBy>
> > >
> > > <AuthBy SQL>
> > > Identifier AuthSQLPasswd
> > >
> > > DBSource dbi:Oracle:starship
> > > DBUsername uname
> > > DBAuth password
> > >
> > > AuthSelect SELECT password, checkattr, replyattr \
> > > FROM passwd \
> > > WHERE username = LOWER('%n')
> > >
> > > AuthColumnDef 0, Encrypted-Password, check
> > > AuthColumnDef 1, GENERIC, check
> > > AuthColumnDef 2, GENERIC, reply
> > >
> > > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> > >
> > > AccountingTable
> > > </AuthBy>
> > >
> > > <AuthBy UNIX>
> > > Identifier UNIX
> > > Filename /usr/local/etc/shadow
> > > GroupFilename /usr/local/etc/group
> > >
> > > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> > > </Authby>
> > > -- end radiusd.cfg --
> > >
> > > Then, inside the "users" file, you have a DEFAULT entry:
> > >
> > > -- users --
> > > DEFAULT Auth-Type = AuthSQLPasswd
> > > Ascend-Idle-Limit = 1800,
> > > Ascend-Assign-IP-Pool = 0,
> > > User-Service = Framed-User,
> > > Framed-Protocol = PPP,
> > > Ascend-Maximum-Call-Duration = 480,
> > > Ascend-Client-Primary-DNS = 208.133.27.10,
> > > Ascend-Client-Secondary-DNS = 216.152.26.168,
> > > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> > > Ascend-Shared-Profile-Enable = 0,
> > > Ascend-Multicast-Client = 1,
> > > Ascend-Multicast-Rate-Limit = 5
> > >
> > > DEFAULT Auth-Type = UNIX
> > > Ascend-Idle-Limit = 1800,
> > > Ascend-Assign-IP-Pool = 0,
> > > User-Service = Framed-User,
> > > Framed-Protocol = PPP,
> > > Ascend-Maximum-Call-Duration = 480,
> > > Ascend-Client-Primary-DNS = 208.133.27.10,
> > > Ascend-Client-Secondary-DNS = 216.152.26.168,
> > > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> > > Ascend-Shared-Profile-Enable = 0,
> > > Ascend-Multicast-Client = 1,
> > > Ascend-Multicast-Rate-Limit = 5
> > > -- end users --
> > >
> > > At 09:02 PM 4/26/01 -0500, you wrote:
> > > >What's the best technique to have Radiator fall back to
> > >
> > > authentication
> > >
> > > >via flat file (UNIX-style auth for example) instead of SQL
> > >
> > > database if the
> > >
> > > >SQL database isn't available.
> > > >
> > > >I tried using two DEFAULT entries in my users file, one which did SQL
> > > >auth, the other which did UNIX auth but that didn't work.
> > >
> > > Instead, it
> > >
> > > >fails to connect to the DB server and won't move on to the flat file.
> > > >
> > > >Hints, tips welcome.
> > > >
> > > >John
> > > >
> > > >
> > > >===
> > > >Archive at http://www.starport.net/~radiator/
> > > >Announcements on radiator-announce at open.com.au
> > > >To unsubscribe, email 'majordomo at open.com.au' with
> > > >'unsubscribe radiator' in the body of the message.
> > >
> > > ===
> > > Archive at http://www.starport.net/~radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 6512 invoked by uid 0); 28 Apr 2001 03:53:44 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 28 Apr 2001 03:53:44 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA12478
for radiator-zzlist; Sat, 28 Apr 2001 12:40:54 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA12440;
Sat, 28 Apr 2001 12:40:41 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA28591
(8.8.8/IDA-1.7); Sat, 28 Apr 2001 12:28:09 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA28591
(8.8.8/IDA-1.7); Sat, 28 Apr 2001 12:28:09 +1000 (EST)
Received: from hugo (acc22-ppp10.mel.dialup.connect.net.au [210.10.141.10])
by entoo.connect.com.au (Postfix) with SMTP
id 0FA56DD575; Sat, 28 Apr 2001 12:25:34 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Mariano Absatz" <lradius at pert.com.ar>,
Radiator List <radiator at open.com.au>
Subject: Re: (RADIATOR) AuthLog not working
Date: Sat, 28 Apr 2001 11:55:25 +1000
X-Mailer: KMail [version 1.1.99]
References: <3AE9B963.4805.1C2239F at localhost>
In-Reply-To: <3AE9B963.4805.1C2239F at localhost>
Cc: mikem at open.com.au
MIME-Version: 1.0
Message-Id: <0104281155250U.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="US-ASCII"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Mariano -
I have copied this to Mike also, so he can check.
Just one question - is the <Log FILE> created?
Ie - are you seeing permission problems on the directory?
This is <Log FILE>
Filename %L/%Y-%m/%{GlobalVar:rad_instance}/stdLog_%d-%q
and this is <AuthLog FILE>
Filename %L/%Y-%m/%{GlobalVar:rad_instance}/authLog_%d-%q
If neither one is created, it could be permissions, but if one is created and
not the other, then there may be something in Radiator.
thanks
Hugh
On Saturday 28 April 2001 07:24, Mariano Absatz wrote:
> Hi,
>
> Netra T1 AC200, 1CPU 360MHz, 512Mb RAM, 2x18Gb HD, Solaris 8, Perl
> v5.6.1, Radiator 2.18.1 (how easy is to be on the edge version when it's
> not yet in production :-)
>
> The AuthLog is not created. Period.
>
> That is, I copied the config from another installation and the file
> doesn't appear... there is no other new file under the %L hierarchy,
> either.
>
> Radiator is started with "rad_instance=test" to set the GlobalVar...
>
> I enclose the full config file and a TRACE 4 after issuing radpwtst once
> with a wrong password and once with the correct one... there is no
> indication of an error while parsing the <AuthLog FILE> statement.
>
> Any clues?
>
>
> ================= /app/Radiator/etc/radius-test.cfg =====================
> ================= /app/Radiator/etc/radius-test.cfg =====================
> ================= /app/Radiator/etc/radius-test.cfg =====================
> ##################################################################
> # TEST CONFIGURATION #
> ##################################################################
>
> ##################################################################
> # FILES AND DIRECTORIES SECTION #
> ##################################################################
>
> LogDir /logs/radius
> DbDir /app/Radiator/db
> DefineGlobalVar ScriptDir /app/Radiator/scripts
> DefineGlobalVar ConfigDir /app/Radiator/etc
> DefineGlobalVar TempDir /app/Radiator/tmp
>
> DictionaryFile %{GlobalVar:ConfigDir}/dictionary
> PidFile %{GlobalVar:TempDir}/rad-%{GlobalVar:rad_instance}.pid
>
> ##################################################################
> # DATABASE DEFINITIONS SECTION #
> ##################################################################
>
> DefineGlobalVar OracleHost localhost
> DefineGlobalVar OracleSID radius
>
> DefineGlobalVar MR_DBSource
> dbi:Oracle:host=localhost;sid=radius
> DefineGlobalVar MR_DBUsername radmin
> DefineGlobalVar MR_DBAuth radius
>
>
>
> ##################################################################
> # REWRITE SECTION #
> ##################################################################
>
> # REWRITE USER NAME BEFORE ANYTHING ELSE
> # Rewrite any Name without realm to our realm
> # because defaultrealm does not match on HANDLER
> RewriteUsername s/^([^@]+)$/$1\@metrored/
>
> # change everything in the username to lowercase
> RewriteUsername tr/[A-Z]/[a-z]/
>
> ##################################################################
> # LOGGING SECTION #
> ##################################################################
>
> # For debugging, uncomment the 2 following lines
> Trace 4
> LogFile %L/%Y-%m/%{GlobalVar:rad_instance}/debugLog_%d-%q
>
> #Trace:
> #0 ERR. Error conditions. Serious and unexpected failures
> #1 WARNING. Warning conditions. Unexpected failures
> #2 NOTICE. Normal but significant conditions.
> #3 INFO. Informational messages.
> #4 DEBUG. Debugging messages.
> #5 Incoming raw packet dumps in hexadecimal.
>
> <Log FILE>
> Identifier fileLoggerMetroTest
> Filename %L/%Y-%m/%{GlobalVar:rad_instance}/stdLog_%d-%q
> Trace 3
> </Log>
>
> #Log authentication success and failure to a file
> <AuthLog FILE>
> Identifier testLoggerMetroRED
> Filename %L/%Y-%m/%{GlobalVar:rad_instance}/authLog_%d-%q
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l:%n:<****>:OK
> FailureFormat %l:%n:%P:FAIL
> </AuthLog>
>
>
> ##################################################################
> # PROTOCOL SECTION #
> ##################################################################
>
> AuthPort 1812
> AcctPort 1813
>
> <SNMPAgent>
> Port 16111
> ROCommunity CONFIGURAR-COMUNIDAD
> </SNMPAgent>
>
>
> #################################################################
> # CLIENTS SECTION #
> ##################################################################
>
> # Test CPM
> <Client 1.2.3.4>
> Identifier testClient
> Secret XXXXXXXXXX
> IdenticalClients localhost
> </Client>
>
> ##################################################################
> # AUTHENTICATION SECTION #
> ##################################################################
>
> <Realm DEFAULT>
> <AuthBy FILE>
> Identifier testFileAuth
> Filename %D/testusers
> # para poder editar el archivo y no recargar el radius
> # OJO que la busqueda es LINEAL!!!
> Nocache
> </AuthBy>
> </Realm>
>
>
>
>
> =========================== TRACE 4 ===============================
> =========================== TRACE 4 ===============================
> =========================== TRACE 4 ===============================
> Fri Apr 27 17:39:24 2001: INFO: Server started: Radiator 2.18.1 on mr-
> radius
> Fri Apr 27 17:39:32 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 35085 ....
> Code: Access-Request
> Identifier: 2
> Authentic: 1234567890123456
> Attributes:
> User-Name = "mariano at pert"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "B=<231>g%<251><233>:<238><192><220>`<176><12>\<146>"
>
> Fri Apr 27 17:39:32 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:32 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:32 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 27 17:39:32 2001: DEBUG: Deleting session for mariano at pert,
> 203.63.154.1, 1234
> Fri Apr 27 17:39:32 2001: DEBUG: Handling with Radius::AuthFILE
> Fri Apr 27 17:39:32 2001: DEBUG: Reading users file
> /app/Radiator/db/testusers
> Fri Apr 27 17:39:32 2001: DEBUG: Radius::AuthFILE looks for match with
> mariano at pert
> Fri Apr 27 17:39:33 2001: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Fri Apr 27 17:39:33 2001: DEBUG: Reading users file
> /app/Radiator/db/testusers
> Fri Apr 27 17:39:33 2001: INFO: Access rejected for mariano at pert: Bad
> Password
> Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 35085 ....
> Code: Access-Reject
> Identifier: 2
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 35085 ....
> Code: Accounting-Request
> Identifier: 3
> Authentic:
> V<155><221>K<249>*<233><131><212><210><193><148><214><195><11>e
> Attributes:
> User-Name = "mariano at pert"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
>
> Fri Apr 27 17:39:33 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:33 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:33 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 27 17:39:33 2001: DEBUG: Adding session for mariano at pert,
> 203.63.154.1, 1234
> Fri Apr 27 17:39:33 2001: DEBUG: Handling with Radius::AuthFILE
> Fri Apr 27 17:39:33 2001: DEBUG: Accounting accepted
> Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 35085 ....
> Code: Accounting-Response
> Identifier: 3
> Authentic:
> V<155><221>K<249>*<233><131><212><210><193><148><214><195><11>e
> Attributes:
>
> Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 35085 ....
> Code: Accounting-Request
> Identifier: 4
> Authentic: <182><179>e<216>L<160><149><206>m_<193>!<182>Wo`
> Attributes:
> User-Name = "mariano at pert"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Stop
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> Acct-Delay-Time = 0
> Acct-Session-Time = 1000
> Acct-Input-Octets = 20000
> Acct-Output-Octets = 30000
>
> Fri Apr 27 17:39:33 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:33 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:33 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 27 17:39:33 2001: DEBUG: Deleting session for mariano at pert,
> 203.63.154.1, 1234
> Fri Apr 27 17:39:33 2001: DEBUG: Handling with Radius::AuthFILE
> Fri Apr 27 17:39:33 2001: DEBUG: Accounting accepted
> Fri Apr 27 17:39:33 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 35085 ....
> Code: Accounting-Response
> Identifier: 4
> Authentic: <182><179>e<216>L<160><149><206>m_<193>!<182>Wo`
> Attributes:
>
> Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 35086 ....
> Code: Access-Request
> Identifier: 9
> Authentic: 1234567890123456
> Attributes:
> User-Name = "mariano at pert"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "A/<225>x%<251><233>:<238><192><220>`<176><12>\<146>"
>
> Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:39 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 27 17:39:39 2001: DEBUG: Deleting session for mariano at pert,
> 203.63.154.1, 1234
> Fri Apr 27 17:39:39 2001: DEBUG: Handling with Radius::AuthFILE
> Fri Apr 27 17:39:39 2001: DEBUG: Reading users file
> /app/Radiator/db/testusers
> Fri Apr 27 17:39:39 2001: DEBUG: Radius::AuthFILE looks for match with
> mariano at pert
> Fri Apr 27 17:39:39 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Fri Apr 27 17:39:39 2001: DEBUG: Access accepted for mariano at pert
> Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 35086 ....
> Code: Access-Accept
> Identifier: 9
> Authentic: 1234567890123456
> Attributes:
> Framed-Protocol = PPP
>
> Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 35086 ....
> Code: Accounting-Request
> Identifier: 10
> Authentic: Z<24>}<132><175>=<131><201><11>;<24><217><150><159>7<10>
> Attributes:
> User-Name = "mariano at pert"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
>
> Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:39 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 27 17:39:39 2001: DEBUG: Adding session for mariano at pert,
> 203.63.154.1, 1234
> Fri Apr 27 17:39:39 2001: DEBUG: Handling with Radius::AuthFILE
> Fri Apr 27 17:39:39 2001: DEBUG: Accounting accepted
> Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 35086 ....
> Code: Accounting-Response
> Identifier: 10
> Authentic: Z<24>}<132><175>=<131><201><11>;<24><217><150><159>7<10>
> Attributes:
>
> Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 35086 ....
> Code: Accounting-Request
> Identifier: 11
> Authentic:
> <207><152><10>5<170><228>Po6<200><172><132><197><225><216><161>
> Attributes:
> User-Name = "mariano at pert"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Stop
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> Acct-Delay-Time = 0
> Acct-Session-Time = 1000
> Acct-Input-Octets = 20000
> Acct-Output-Octets = 30000
>
> Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:39 2001: DEBUG: Rewrote user name to mariano at pert
> Fri Apr 27 17:39:39 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 27 17:39:39 2001: DEBUG: Deleting session for mariano at pert,
> 203.63.154.1, 1234
> Fri Apr 27 17:39:39 2001: DEBUG: Handling with Radius::AuthFILE
> Fri Apr 27 17:39:39 2001: DEBUG: Accounting accepted
> Fri Apr 27 17:39:39 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 35086 ....
> Code: Accounting-Response
> Identifier: 11
> Authentic:
> <207><152><10>5<170><228>Po6<200><172><132><197><225><216><161>
> Attributes:
>
> Fri Apr 27 17:39:54 2001: NOTICE: SIGHUP received: restarting
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 6530 invoked by uid 0); 28 Apr 2001 04:25:24 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 28 Apr 2001 04:25:24 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA12558
for radiator-zzlist; Sat, 28 Apr 2001 13:10:32 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA12539
for radiator at open.com.au; Sat, 28 Apr 2001 13:10:25 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA28722
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 12:34:55 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA28722
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 12:34:55 +1000 (EST)
Received: from hugo (acc22-ppp10.mel.dialup.connect.net.au [210.10.141.10])
by entoo.connect.com.au (Postfix) with SMTP
id 60274DD24A; Sat, 28 Apr 2001 12:32:23 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Doug Currey" <doug at curreycentral.com>, radiator at open.com.au
Subject: Re: (RADIATOR) Simple question
Date: Sat, 28 Apr 2001 12:33:01 +1000
X-Mailer: KMail [version 1.1.99]
References: <200104280111.f3S1BSr29673 at itsi7.your-net.com>
In-Reply-To: <200104280111.f3S1BSr29673 at itsi7.your-net.com>
MIME-Version: 1.0
Message-Id: <0104281233010Y.14904 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Doug -
You may be thinking of the TimeDate package from CPAN?
Have a look at section 6.26.12 in the Radiator 2.18.1 reference manual.
hth
Hugh
On Saturday 28 April 2001 11:11, Doug Currey wrote:
> I am building a new server to run Radiator on. I have everything
> installed correctly but I am forgetting a Perl program that was needed
> for proper date format what was it.
>
>
> --
> Doug
> doug at curreycentral.com
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 6578 invoked by uid 0); 28 Apr 2001 05:59:10 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 28 Apr 2001 05:59:10 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA12717
for radiator-zzlist; Sat, 28 Apr 2001 14:40:21 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA12705
for radiator at open.com.au; Sat, 28 Apr 2001 14:40:16 +1000 (EST)
>Received: from ds9.anc.net (mx1-ds9.anc.net [208.133.27.254]) by perki.connect.com.au with ESMTP id OAA02174
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 14:09:29 +1000 (EST)
Received: from ds9.anc.net (mx1-ds9.anc.net [208.133.27.254]) by perki.connect.com.au with ESMTP id OAA02174
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 28 Apr 2001 14:09:29 +1000 (EST)
Received: from noc ([216.152.29.146])
by ds9.anc.net (8.9.3+blt/8.9.3) with SMTP id XAA25962;
Fri, 27 Apr 2001 23:09:18 -0500 (CDT)
Message-Id: <4.1.20010427230923.00985aa0 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Fri, 27 Apr 2001 23:11:31 -0500
To: radiator at open.com.au
From: John Coy <jcoy at anc.net>
Subject: Re: (RADIATOR) best technique to fallback to flat file if DB
serv er not available
Cc: radiator at open.com.au
In-Reply-To: <0104281215480V.14904 at hugo>
References: <4.3.1.2.20010427120255.00ab3c70 at pop3.arkansas.net>
<4.3.1.2.20010427120255.00ab3c70 at pop3.arkansas.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hugh,
In your example below, I'm unclear how I involve my "users"
file (which contains the DEFAULT entries I'd like to assign
authenticated users) -- that's why I have <AuthBy FILE>
and in that file, I have the Auth-Type pointing to the
appropriate authentication process.
John
At 12:15 PM 4/28/01 +1000, Hugh Irvine wrote:
>
>Hello John, Hello Dave -
>
>The problem you are seeing has to do with the the differences between
>multiple DEFAULT handling in a user file and multiple AuthBy clauses under
>the control of an AuthByPolicy.
>
>In the case of multiple DEFAULT entries, these are only consulted in the case
>of a Reject (or multiple Rejects), except when Fall-Through is used, in
>which case it will go on to the next in the case of an Accept. There is no
>provision for Ignore as you have discovered.
>
>The way to deal with Ignore is by using multiple AuthBy clauses under the
>control of an AuthByPolicy ContinueWhileIgnore. In your case, you could
>replace your AuthBy FILE, with an AuthBy GROUP:
>
><Realm DEFAULT>
> RewriteUsername tr/A-Z/a-z/
> AuthByPolicy ContinueWhileIgnore
>
> AuthBy AuthANCIUsers
></Realm>
>
><AuthBy GROUP>
> Identifier AuthANCIUsers
> AuthByPolicy ContinueWhileIgnore
> AuthBy AuthSQLPasswd
> AuthBy UNIX
></AuthBy>
>
><AuthBy SQL>
> Identifier AuthSQLPasswd
>
> DBSource dbi:Oracle:starship
> DBUsername uname
> DBAuth password
>
> AuthSelect SELECT password, checkattr, replyattr \
> FROM passwd \
> WHERE username = LOWER('%n')
>
> AuthColumnDef 0, Encrypted-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
>
> AddToReplyIfNotExist Ascend-Maximum-Channels = 1
>
> AccountingTable
></AuthBy>
>
><AuthBy UNIX>
> Identifier UNIX
> Filename /usr/local/etc/shadow
> GroupFilename /usr/local/etc/group
>
> AddToReplyIfNotExist Ascend-Maximum-Channels = 1
></Authby>
>
>
>hth
>
>Hugh
>
>
>On Saturday 28 April 2001 03:04, John Coy wrote:
>> It's my understanding that Fall-Through = yes is the default
>> setting. However, I did try it and it still did not work.
>>
>> Thank you for your reply, however. I'm certain that I'm
>> doing something wrong, but I know eventually I'll figure
>> it out or someone will nudge me in the right direction.
>>
>> John
>>
>> At 01:02 PM 4/27/01 -0400, you wrote:
>> >I'm not a whiz at using DEFAULT, but you might benefit from:
>> >
>> >13.2.6 Fall-Through
>> >This attribute is not actually returned to the NAS. Its presence causes
>> >Radiator to continue looking for a match with the next DEFAULT user name.
>> >
>> > Fall-Through = yes
>> >
>> >http://www.open.com.au/radiator/ref.html#pgfId=330995
>> >
>> >Dave
>> >
>> > > -----Original Message-----
>> > > From: John Coy [mailto:jcoy at anc.net]
>> > > Sent: Friday, April 27, 2001 11:31 AM
>> > > To: radiator at open.com.au
>> > > Subject: Re: (RADIATOR) best technique to fallback to flat file if DB
>> > > server not available
>> > >
>> > >
>> > > I know it's wierd to reply to my own message, but I found
>> > > something in the RADIATOR archives:
>> > >
>> > > [ From Mike McCauley ]
>> > > 2. Chain a second authentication method after SQL, so that if
>> > > SQL fails (and
>> > > says IGNORE), it will then auth from (say) a local flat file:
>> > >
>> > > <Realm whatever>
>> > > AuthByPolicy ContinueWhileIgnore
>> > > <AuthBy SQL>
>> > > # whatever
>> > > </AuthBy>
>> > > # If SQL fails, auth from flat file:
>> > > <AuthBy FILE>
>> > > Filename whatever
>> > > </AuthBy>
>> > > </Realm>
>> > >
>> > > However, this technique doesn't work if you have an arrangement
>> > > similar to this one -- here, my default realm is authenticated
>> > > using <Authby FILE>. Inside that file, I make references to
>> > > several authentication methods, including <AuthBy SQL> and
>> > > <AuthBy UNIX>. However, since the <AuthBy SQL> fails, it
>> > > never gets to move on to the second DEFAULT. Not sure if this
>> > > is intended to be this way, or if my config is just so messed
>> > > up... anyhow, if there's a way to get it to move on to the next
>> > > DEFAULT entry that's what I'd like to do....
>> > >
>> > > My radiusd.cfg (excerpts):
>> > >
>> > > -- radiusd.cfg --
>> > > <Realm DEFAULT>
>> > > RewriteUsername tr/A-Z/a-z/
>> > > AuthByPolicy ContinueWhileIgnore
>> > >
>> > > AuthBy AuthANCIUsers
>> > > </Realm>
>> > >
>> > > <AuthBy FILE>
>> > > Identifier AuthANCIUsers
>> > > Filename %D/users
>> > > </AuthBy>
>> > >
>> > > <AuthBy SQL>
>> > > Identifier AuthSQLPasswd
>> > >
>> > > DBSource dbi:Oracle:starship
>> > > DBUsername uname
>> > > DBAuth password
>> > >
>> > > AuthSelect SELECT password, checkattr, replyattr \
>> > > FROM passwd \
>> > > WHERE username = LOWER('%n')
>> > >
>> > > AuthColumnDef 0, Encrypted-Password, check
>> > > AuthColumnDef 1, GENERIC, check
>> > > AuthColumnDef 2, GENERIC, reply
>> > >
>> > > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
>> > >
>> > > AccountingTable
>> > > </AuthBy>
>> > >
>> > > <AuthBy UNIX>
>> > > Identifier UNIX
>> > > Filename /usr/local/etc/shadow
>> > > GroupFilename /usr/local/etc/group
>> > >
>> > > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
>> > > </Authby>
>> > > -- end radiusd.cfg --
>> > >
>> > > Then, inside the "users" file, you have a DEFAULT entry:
>> > >
>> > > -- users --
>> > > DEFAULT Auth-Type = AuthSQLPasswd
>> > > Ascend-Idle-Limit = 1800,
>> > > Ascend-Assign-IP-Pool = 0,
>> > > User-Service = Framed-User,
>> > > Framed-Protocol = PPP,
>> > > Ascend-Maximum-Call-Duration = 480,
>> > > Ascend-Client-Primary-DNS = 208.133.27.10,
>> > > Ascend-Client-Secondary-DNS = 216.152.26.168,
>> > > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
>> > > Ascend-Shared-Profile-Enable = 0,
>> > > Ascend-Multicast-Client = 1,
>> > > Ascend-Multicast-Rate-Limit = 5
>> > >
>> > > DEFAULT Auth-Type = UNIX
>> > > Ascend-Idle-Limit = 1800,
>> > > Ascend-Assign-IP-Pool = 0,
>> > > User-Service = Framed-User,
>> > > Framed-Protocol = PPP,
>> > > Ascend-Maximum-Call-Duration = 480,
>> > > Ascend-Client-Primary-DNS = 208.133.27.10,
>> > > Ascend-Client-Secondary-DNS = 216.152.26.168,
>> > > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
>> > > Ascend-Shared-Profile-Enable = 0,
>> > > Ascend-Multicast-Client = 1,
>> > > Ascend-Multicast-Rate-Limit = 5
>> > > -- end users --
>> > >
>> > > At 09:02 PM 4/26/01 -0500, you wrote:
>> > > >What's the best technique to have Radiator fall back to
>> > >
>> > > authentication
>> > >
>> > > >via flat file (UNIX-style auth for example) instead of SQL
>> > >
>> > > database if the
>> > >
>> > > >SQL database isn't available.
>> > > >
>> > > >I tried using two DEFAULT entries in my users file, one which did SQL
>> > > >auth, the other which did UNIX auth but that didn't work.
>> > >
>> > > Instead, it
>> > >
>> > > >fails to connect to the DB server and won't move on to the flat file.
>> > > >
>> > > >Hints, tips welcome.
>> > > >
>> > > >John
>> > > >
>> > > >
>> > > >===
>> > > >Archive at http://www.starport.net/~radiator/
>> > > >Announcements on radiator-announce at open.com.au
>> > > >To unsubscribe, email 'majordomo at open.com.au' with
>> > > >'unsubscribe radiator' in the body of the message.
>> > >
>> > > ===
>> > > Archive at http://www.starport.net/~radiator/
>> > > Announcements on radiator-announce at open.com.au
>> > > To unsubscribe, email 'majordomo at open.com.au' with
>> > > 'unsubscribe radiator' in the body of the message.
>>
>> ===
>> Archive at http://www.starport.net/~radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 12467 invoked by uid 0); 30 Apr 2001 00:42:17 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 30 Apr 2001 00:42:17 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA15107
for radiator-zzlist; Mon, 30 Apr 2001 09:10:24 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA15102
for radiator at open.com.au; Mon, 30 Apr 2001 09:10:20 +1000 (EST)
>Received: from rex.isdn.net (rex.isdn.net [207.65.4.2]) by perki.connect.com.au with ESMTP id IAA00098
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 08:42:16 +1000 (EST)
Received: from rex.isdn.net (rex.isdn.net [207.65.4.2]) by perki.connect.com.au with ESMTP id IAA00098
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 08:42:16 +1000 (EST)
Received: from isdnnt02.office.isdn.net (isdnnt02.office.isdn.net [207.65.7.12])
by rex.isdn.net (8.11.3/8.11.3) with ESMTP id f3TMgEH25647
for <radiator at open.com.au>; Sun, 29 Apr 2001 17:42:14 -0500
Received: by isdnnt02.office.isdn.net with Internet Mail Service (5.5.2653.19)
id <J1A6F7KS>; Sun, 29 Apr 2001 17:53:53 -0500
Message-ID: <01B712429915D511803600A0C99AB3A7057DFC at isdnnt02.office.isdn.net>
From: Eric Lackey <eric at isdn.net>
To: "'radiator at open.com.au'" <radiator at open.com.au>
Subject: (RADIATOR) Handler Question
Date: Sun, 29 Apr 2001 17:53:52 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
I am trying to use a handler to check NAS-IP-Address for more than system.
It would be something like this. It is quite a big handler and I have to
have multiple copies since they are exactly the same. Is this possible?
Any help would be great.
<Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX>
</Handler>
Thanks,
Eric Lackey
ISDN-Net Operations
eric at isdn.net
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13058 invoked by uid 0); 30 Apr 2001 03:05:12 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 30 Apr 2001 03:05:12 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA15402
for radiator-zzlist; Mon, 30 Apr 2001 11:40:33 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA15397
for radiator at open.com.au; Mon, 30 Apr 2001 11:40:29 +1000 (EST)
>Received: from rex.isdn.net (rex.isdn.net [207.65.4.2]) by perki.connect.com.au with ESMTP id LAA08830
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 11:30:39 +1000 (EST)
Received: from rex.isdn.net (rex.isdn.net [207.65.4.2]) by perki.connect.com.au with ESMTP id LAA08830
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 11:30:39 +1000 (EST)
Received: from isdnnt02.office.isdn.net (isdnnt02.office.isdn.net [207.65.7.12])
by rex.isdn.net (8.11.3/8.11.3) with ESMTP id f3U1UcH03663
for <radiator at open.com.au>; Sun, 29 Apr 2001 20:30:38 -0500
Received: by isdnnt02.office.isdn.net with Internet Mail Service (5.5.2653.19)
id <J1A6F7MM>; Sun, 29 Apr 2001 20:42:18 -0500
Message-ID: <01B712429915D511803600A0C99AB3A7057DFD at isdnnt02.office.isdn.net>
From: Eric Lackey <eric at isdn.net>
To: "'radiator at open.com.au'" <radiator at open.com.au>
Subject: FW: (RADIATOR) Handler Question
Date: Sun, 29 Apr 2001 20:42:17 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
My first email might have been a little confusing. Here is what I meant to
say.
I am trying to use a handler to check NAS-IP-Address for more than one
system.
It is quite a big handler and I hate to have multiple copies since they are
exactly the same. Is this possible?
Any help would be great.
This is what I tried, but it doesn't seem to work.
<Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX>
</Handler>
Thanks,
Eric Lackey
ISDN-Net Operations
eric at isdn.net
-----Original Message-----
From: Eric Lackey [mailto:eric at isdn.net]
Sent: Sunday, April 29, 2001 5:54 PM
To: 'radiator at open.com.au'
Subject: (RADIATOR) Handler Question
I am trying to use a handler to check NAS-IP-Address for more than system.
It would be something like this. It is quite a big handler and I have to
have multiple copies since they are exactly the same. Is this possible?
Any help would be great.
<Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX>
</Handler>
Thanks,
Eric Lackey
ISDN-Net Operations
eric at isdn.net
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13190 invoked by uid 0); 30 Apr 2001 03:59:13 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 30 Apr 2001 03:59:13 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA15610
for radiator-zzlist; Mon, 30 Apr 2001 12:40:52 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA15589
for radiator at open.com.au; Mon, 30 Apr 2001 12:40:42 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA11910
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 12:29:09 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA11910
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 12:29:09 +1000 (EST)
Received: from hugo (acc21-ppp6.mel.dialup.connect.net.au [210.10.140.6])
by entoo.connect.com.au (Postfix) with SMTP
id 20829DDB3C; Mon, 30 Apr 2001 12:26:31 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Eric Lackey <eric at isdn.net>,
"'radiator at open.com.au'" <radiator at open.com.au>
Subject: Re: FW: (RADIATOR) Handler Question
Date: Mon, 30 Apr 2001 12:12:18 +1000
X-Mailer: KMail [version 1.1.99]
References: <01B712429915D511803600A0C99AB3A7057DFD at isdnnt02.office.isdn.net>
In-Reply-To: <01B712429915D511803600A0C99AB3A7057DFD at isdnnt02.office.isdn.net>
MIME-Version: 1.0
Message-Id: <01043012121801.00959 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Eric -
You would use a regular expression, something like this:
<Handler NAS-IP-Address=/XXX.XXX.XXX.XXX|yyy.yyy.yyy.yyy|zzz.zzz.zzz.zzz/>
See section 13 in the Radiator 2.18.1 reference manual.
Otherwise, you can use Identifiers in your Client clauses to create groups
(the same Identifier in each Client in the group) and then use this:
<Handler Client-Identifier = nnnnnnnn>
You can also set up your AuthBy's like this, and refer to them in your
Handler(s):
<AuthBy .....>
Identifier DoSomething
.....
</AuthBy>
<AuthBy .....>
Identifier DoSomethingElse
.....
</AuthBy>
<AuthBy GROUP>
Identifier DoWhatever
AuthByPolicy ContinueUntilAccept # or whatever
AuthBy DoSomething
AuthBy DoSomethingElse
</AuthBy>
<Handler .......>
AuthBy DoWhatever
......
</Handler>
hth
Hugh
On Monday 30 April 2001 11:42, Eric Lackey wrote:
> My first email might have been a little confusing. Here is what I meant to
> say.
>
> I am trying to use a handler to check NAS-IP-Address for more than one
> system.
> It is quite a big handler and I hate to have multiple copies since they are
> exactly the same. Is this possible?
> Any help would be great.
>
> This is what I tried, but it doesn't seem to work.
>
> <Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX>
>
> </Handler>
>
> Thanks,
>
> Eric Lackey
> ISDN-Net Operations
> eric at isdn.net
>
> -----Original Message-----
> From: Eric Lackey [mailto:eric at isdn.net]
> Sent: Sunday, April 29, 2001 5:54 PM
> To: 'radiator at open.com.au'
> Subject: (RADIATOR) Handler Question
>
>
> I am trying to use a handler to check NAS-IP-Address for more than system.
> It would be something like this. It is quite a big handler and I have to
> have multiple copies since they are exactly the same. Is this possible?
> Any help would be great.
>
> <Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX>
>
> </Handler>
>
> Thanks,
>
> Eric Lackey
> ISDN-Net Operations
> eric at isdn.net
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13202 invoked by uid 0); 30 Apr 2001 04:02:12 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 30 Apr 2001 04:02:12 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA15609
for radiator-zzlist; Mon, 30 Apr 2001 12:40:51 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id MAA15582
for radiator at open.com.au; Mon, 30 Apr 2001 12:40:41 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA11907
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 12:29:06 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id MAA11907
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 12:29:06 +1000 (EST)
Received: from hugo (acc21-ppp6.mel.dialup.connect.net.au [210.10.140.6])
by entoo.connect.com.au (Postfix) with SMTP
id 85335DDA9B; Mon, 30 Apr 2001 12:26:25 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: John Coy <jcoy at anc.net>, radiator at open.com.au
Subject: Re: (RADIATOR) best technique to fallback to flat file if DB serv er not available
Date: Mon, 30 Apr 2001 12:01:00 +1000
X-Mailer: KMail [version 1.1.99]
Cc: radiator at open.com.au
References: <4.3.1.2.20010427120255.00ab3c70 at pop3.arkansas.net> <4.1.20010427230923.00985aa0 at pop3.anc.net>
In-Reply-To: <4.1.20010427230923.00985aa0 at pop3.anc.net>
MIME-Version: 1.0
Message-Id: <01043012010000.00959 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello John -
You would not use the "users" file.
hth
Hugh
On Saturday 28 April 2001 14:11, John Coy wrote:
> Hugh,
>
> In your example below, I'm unclear how I involve my "users"
> file (which contains the DEFAULT entries I'd like to assign
> authenticated users) -- that's why I have <AuthBy FILE>
> and in that file, I have the Auth-Type pointing to the
> appropriate authentication process.
>
> John
>
> At 12:15 PM 4/28/01 +1000, Hugh Irvine wrote:
> >Hello John, Hello Dave -
> >
> >The problem you are seeing has to do with the the differences between
> >multiple DEFAULT handling in a user file and multiple AuthBy clauses under
> >the control of an AuthByPolicy.
> >
> >In the case of multiple DEFAULT entries, these are only consulted in the
> > case of a Reject (or multiple Rejects), except when Fall-Through is used,
> > in which case it will go on to the next in the case of an Accept. There
> > is no provision for Ignore as you have discovered.
> >
> >The way to deal with Ignore is by using multiple AuthBy clauses under the
> >control of an AuthByPolicy ContinueWhileIgnore. In your case, you could
> >replace your AuthBy FILE, with an AuthBy GROUP:
> >
> ><Realm DEFAULT>
> > RewriteUsername tr/A-Z/a-z/
> > AuthByPolicy ContinueWhileIgnore
> >
> > AuthBy AuthANCIUsers
> ></Realm>
> >
> ><AuthBy GROUP>
> > Identifier AuthANCIUsers
> > AuthByPolicy ContinueWhileIgnore
> > AuthBy AuthSQLPasswd
> > AuthBy UNIX
> ></AuthBy>
> >
> ><AuthBy SQL>
> > Identifier AuthSQLPasswd
> >
> > DBSource dbi:Oracle:starship
> > DBUsername uname
> > DBAuth password
> >
> > AuthSelect SELECT password, checkattr, replyattr \
> > FROM passwd \
> > WHERE username = LOWER('%n')
> >
> > AuthColumnDef 0, Encrypted-Password, check
> > AuthColumnDef 1, GENERIC, check
> > AuthColumnDef 2, GENERIC, reply
> >
> > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> >
> > AccountingTable
> ></AuthBy>
> >
> ><AuthBy UNIX>
> > Identifier UNIX
> > Filename /usr/local/etc/shadow
> > GroupFilename /usr/local/etc/group
> >
> > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> ></Authby>
> >
> >
> >hth
> >
> >Hugh
> >
> >On Saturday 28 April 2001 03:04, John Coy wrote:
> >> It's my understanding that Fall-Through = yes is the default
> >> setting. However, I did try it and it still did not work.
> >>
> >> Thank you for your reply, however. I'm certain that I'm
> >> doing something wrong, but I know eventually I'll figure
> >> it out or someone will nudge me in the right direction.
> >>
> >> John
> >>
> >> At 01:02 PM 4/27/01 -0400, you wrote:
> >> >I'm not a whiz at using DEFAULT, but you might benefit from:
> >> >
> >> >13.2.6 Fall-Through
> >> >This attribute is not actually returned to the NAS. Its presence causes
> >> >Radiator to continue looking for a match with the next DEFAULT user
> >> > name.
> >> >
> >> > Fall-Through = yes
> >> >
> >> >http://www.open.com.au/radiator/ref.html#pgfId=330995
> >> >
> >> >Dave
> >> >
> >> > > -----Original Message-----
> >> > > From: John Coy [mailto:jcoy at anc.net]
> >> > > Sent: Friday, April 27, 2001 11:31 AM
> >> > > To: radiator at open.com.au
> >> > > Subject: Re: (RADIATOR) best technique to fallback to flat file if
> >> > > DB server not available
> >> > >
> >> > >
> >> > > I know it's wierd to reply to my own message, but I found
> >> > > something in the RADIATOR archives:
> >> > >
> >> > > [ From Mike McCauley ]
> >> > > 2. Chain a second authentication method after SQL, so that if
> >> > > SQL fails (and
> >> > > says IGNORE), it will then auth from (say) a local flat file:
> >> > >
> >> > > <Realm whatever>
> >> > > AuthByPolicy ContinueWhileIgnore
> >> > > <AuthBy SQL>
> >> > > # whatever
> >> > > </AuthBy>
> >> > > # If SQL fails, auth from flat file:
> >> > > <AuthBy FILE>
> >> > > Filename whatever
> >> > > </AuthBy>
> >> > > </Realm>
> >> > >
> >> > > However, this technique doesn't work if you have an arrangement
> >> > > similar to this one -- here, my default realm is authenticated
> >> > > using <Authby FILE>. Inside that file, I make references to
> >> > > several authentication methods, including <AuthBy SQL> and
> >> > > <AuthBy UNIX>. However, since the <AuthBy SQL> fails, it
> >> > > never gets to move on to the second DEFAULT. Not sure if this
> >> > > is intended to be this way, or if my config is just so messed
> >> > > up... anyhow, if there's a way to get it to move on to the next
> >> > > DEFAULT entry that's what I'd like to do....
> >> > >
> >> > > My radiusd.cfg (excerpts):
> >> > >
> >> > > -- radiusd.cfg --
> >> > > <Realm DEFAULT>
> >> > > RewriteUsername tr/A-Z/a-z/
> >> > > AuthByPolicy ContinueWhileIgnore
> >> > >
> >> > > AuthBy AuthANCIUsers
> >> > > </Realm>
> >> > >
> >> > > <AuthBy FILE>
> >> > > Identifier AuthANCIUsers
> >> > > Filename %D/users
> >> > > </AuthBy>
> >> > >
> >> > > <AuthBy SQL>
> >> > > Identifier AuthSQLPasswd
> >> > >
> >> > > DBSource dbi:Oracle:starship
> >> > > DBUsername uname
> >> > > DBAuth password
> >> > >
> >> > > AuthSelect SELECT password, checkattr, replyattr \
> >> > > FROM passwd \
> >> > > WHERE username = LOWER('%n')
> >> > >
> >> > > AuthColumnDef 0, Encrypted-Password, check
> >> > > AuthColumnDef 1, GENERIC, check
> >> > > AuthColumnDef 2, GENERIC, reply
> >> > >
> >> > > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> >> > >
> >> > > AccountingTable
> >> > > </AuthBy>
> >> > >
> >> > > <AuthBy UNIX>
> >> > > Identifier UNIX
> >> > > Filename /usr/local/etc/shadow
> >> > > GroupFilename /usr/local/etc/group
> >> > >
> >> > > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
> >> > > </Authby>
> >> > > -- end radiusd.cfg --
> >> > >
> >> > > Then, inside the "users" file, you have a DEFAULT entry:
> >> > >
> >> > > -- users --
> >> > > DEFAULT Auth-Type = AuthSQLPasswd
> >> > > Ascend-Idle-Limit = 1800,
> >> > > Ascend-Assign-IP-Pool = 0,
> >> > > User-Service = Framed-User,
> >> > > Framed-Protocol = PPP,
> >> > > Ascend-Maximum-Call-Duration = 480,
> >> > > Ascend-Client-Primary-DNS = 208.133.27.10,
> >> > > Ascend-Client-Secondary-DNS = 216.152.26.168,
> >> > > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> >> > > Ascend-Shared-Profile-Enable = 0,
> >> > > Ascend-Multicast-Client = 1,
> >> > > Ascend-Multicast-Rate-Limit = 5
> >> > >
> >> > > DEFAULT Auth-Type = UNIX
> >> > > Ascend-Idle-Limit = 1800,
> >> > > Ascend-Assign-IP-Pool = 0,
> >> > > User-Service = Framed-User,
> >> > > Framed-Protocol = PPP,
> >> > > Ascend-Maximum-Call-Duration = 480,
> >> > > Ascend-Client-Primary-DNS = 208.133.27.10,
> >> > > Ascend-Client-Secondary-DNS = 216.152.26.168,
> >> > > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> >> > > Ascend-Shared-Profile-Enable = 0,
> >> > > Ascend-Multicast-Client = 1,
> >> > > Ascend-Multicast-Rate-Limit = 5
> >> > > -- end users --
> >> > >
> >> > > At 09:02 PM 4/26/01 -0500, you wrote:
> >> > > >What's the best technique to have Radiator fall back to
> >> > >
> >> > > authentication
> >> > >
> >> > > >via flat file (UNIX-style auth for example) instead of SQL
> >> > >
> >> > > database if the
> >> > >
> >> > > >SQL database isn't available.
> >> > > >
> >> > > >I tried using two DEFAULT entries in my users file, one which did
> >> > > > SQL auth, the other which did UNIX auth but that didn't work.
> >> > >
> >> > > Instead, it
> >> > >
> >> > > >fails to connect to the DB server and won't move on to the flat
> >> > > > file.
> >> > > >
> >> > > >Hints, tips welcome.
> >> > > >
> >> > > >John
> >> > > >
> >> > > >
> >> > > >===
> >> > > >Archive at http://www.starport.net/~radiator/
> >> > > >Announcements on radiator-announce at open.com.au
> >> > > >To unsubscribe, email 'majordomo at open.com.au' with
> >> > > >'unsubscribe radiator' in the body of the message.
> >> > >
> >> > > ===
> >> > > Archive at http://www.starport.net/~radiator/
> >> > > Announcements on radiator-announce at open.com.au
> >> > > To unsubscribe, email 'majordomo at open.com.au' with
> >> > > 'unsubscribe radiator' in the body of the message.
> >>
> >> ===
> >> Archive at http://www.starport.net/~radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >
> >--
> >Radiator: the most portable, flexible and configurable RADIUS server
> >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> >-
> >Nets: internetwork inventory and management - graphical, extensible,
> >flexible with hardware, software, platform and database independence.
> >
> >===
> >Archive at http://www.starport.net/~radiator/
> >Announcements on radiator-announce at open.com.au
> >To unsubscribe, email 'majordomo at open.com.au' with
> >'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13257 invoked by uid 0); 30 Apr 2001 04:50:24 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 30 Apr 2001 04:50:24 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA15783
for radiator-zzlist; Mon, 30 Apr 2001 13:40:35 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id NAA15739;
Mon, 30 Apr 2001 13:40:22 +1000 (EST)
>Received: from rex.isdn.net (rex.isdn.net [207.65.4.2]) by perki.connect.com.au with ESMTP id NAA14202
(8.8.8/IDA-1.7); Mon, 30 Apr 2001 13:13:40 +1000 (EST)
Received: from rex.isdn.net (rex.isdn.net [207.65.4.2]) by perki.connect.com.au with ESMTP id NAA14202
(8.8.8/IDA-1.7); Mon, 30 Apr 2001 13:13:40 +1000 (EST)
Received: from isdnnt02.office.isdn.net (isdnnt02.office.isdn.net [207.65.7.12])
by rex.isdn.net (8.11.3/8.11.3) with ESMTP id f3U3DYH07677;
Sun, 29 Apr 2001 22:13:34 -0500
Received: by isdnnt02.office.isdn.net with Internet Mail Service (5.5.2653.19)
id <J1A6F7N4>; Sun, 29 Apr 2001 22:25:14 -0500
Message-ID: <01B712429915D511803600A0C99AB3A7057E00 at isdnnt02.office.isdn.net>
From: Eric Lackey <eric at isdn.net>
To: "'hugh at open.com.au'" <hugh at open.com.au>,
"'radiator at open.com.au'"
<radiator at open.com.au>
Subject: RE: FW: (RADIATOR) Handler Question
Date: Sun, 29 Apr 2001 22:25:13 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Thanks Hugh. That is exactly what I needed. I think the Client list is the
best solution.
Eric
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Sunday, April 29, 2001 9:12 PM
To: Eric Lackey; 'radiator at open.com.au'
Subject: Re: FW: (RADIATOR) Handler Question
Hello Eric -
You would use a regular expression, something like this:
<Handler NAS-IP-Address=/XXX.XXX.XXX.XXX|yyy.yyy.yyy.yyy|zzz.zzz.zzz.zzz/>
See section 13 in the Radiator 2.18.1 reference manual.
Otherwise, you can use Identifiers in your Client clauses to create groups
(the same Identifier in each Client in the group) and then use this:
<Handler Client-Identifier = nnnnnnnn>
You can also set up your AuthBy's like this, and refer to them in your
Handler(s):
<AuthBy .....>
Identifier DoSomething
.....
</AuthBy>
<AuthBy .....>
Identifier DoSomethingElse
.....
</AuthBy>
<AuthBy GROUP>
Identifier DoWhatever
AuthByPolicy ContinueUntilAccept # or whatever
AuthBy DoSomething
AuthBy DoSomethingElse
</AuthBy>
<Handler .......>
AuthBy DoWhatever
......
</Handler>
hth
Hugh
On Monday 30 April 2001 11:42, Eric Lackey wrote:
> My first email might have been a little confusing. Here is what I meant
to
> say.
>
> I am trying to use a handler to check NAS-IP-Address for more than one
> system.
> It is quite a big handler and I hate to have multiple copies since they
are
> exactly the same. Is this possible?
> Any help would be great.
>
> This is what I tried, but it doesn't seem to work.
>
> <Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX>
>
> </Handler>
>
> Thanks,
>
> Eric Lackey
> ISDN-Net Operations
> eric at isdn.net
>
> -----Original Message-----
> From: Eric Lackey [mailto:eric at isdn.net]
> Sent: Sunday, April 29, 2001 5:54 PM
> To: 'radiator at open.com.au'
> Subject: (RADIATOR) Handler Question
>
>
> I am trying to use a handler to check NAS-IP-Address for more than system.
> It would be something like this. It is quite a big handler and I have to
> have multiple copies since they are exactly the same. Is this possible?
> Any help would be great.
>
> <Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX>
>
> </Handler>
>
> Thanks,
>
> Eric Lackey
> ISDN-Net Operations
> eric at isdn.net
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13480 invoked by uid 0); 30 Apr 2001 06:03:05 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 30 Apr 2001 06:03:05 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA15907
for radiator-zzlist; Mon, 30 Apr 2001 14:40:45 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA15888;
Mon, 30 Apr 2001 14:40:39 +1000 (EST)
>Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id OAA17974
(8.8.8/IDA-1.7); Mon, 30 Apr 2001 14:23:40 +1000 (EST)
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6]) by perki.connect.com.au with ESMTP id OAA17974
(8.8.8/IDA-1.7); Mon, 30 Apr 2001 14:23:40 +1000 (EST)
Received: from noc ([216.152.29.146])
by starship.anc.net (8.9.3+blt/8.9.3) with SMTP id XAA29977;
Sun, 29 Apr 2001 23:23:36 -0500 (CDT)
Message-Id: <4.1.20010429232311.0099eba0 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Sun, 29 Apr 2001 23:25:50 -0500
To: hugh at open.com.au, radiator at open.com.au
From: John Coy <jcoy at anc.net>
Subject: Re: (RADIATOR) best technique to fallback to flat file if DB
serv er not available
Cc: radiator at open.com.au
In-Reply-To: <01043012010000.00959 at hugo>
References: <4.1.20010427230923.00985aa0 at pop3.anc.net>
<4.3.1.2.20010427120255.00ab3c70 at pop3.arkansas.net>
<4.1.20010427230923.00985aa0 at pop3.anc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Actually, I managed to get it working using your hints and a
user file. I just replaced the Auth-Type to point to the
identifier specified by the <AuthBy GROUP>:
In my "users" file:
DEFAULT Auth-Type = ANCI-SQLFallbackFILE
Ascend-Idle-Limit = 1800,
Ascend-Assign-IP-Pool = 0,
User-Service = Framed-User,
Framed-Protocol = PPP,
Ascend-Maximum-Call-Duration = 480,
Ascend-Client-Primary-DNS = 208.133.27.10,
Ascend-Client-Secondary-DNS = 216.152.26.168,
Ascend-Client-Assign-DNS = DNS-Assign-Yes,
Ascend-Shared-Profile-Enable = 0,
Ascend-Multicast-Client = 1,
Ascend-Multicast-Rate-Limit = 5
and in my radiusd.cfg:
<AuthBy GROUP>
Identifier ANCI-SQLFallbackFILE
AuthByPolicy ContinueWhileIgnore
AuthBy ANCI-AuthSQLPasswd
AuthBy UNIX
</AuthBy>
This way I could set default attributes and fall back to a flat
file if the SQL database failed. Worked like a champ.
Thanks a ton for your assistance!
At 12:01 PM 4/30/01 +1000, Hugh Irvine wrote:
>
>Hello John -
>
>You would not use the "users" file.
>
>hth
>
>Hugh
>
>On Saturday 28 April 2001 14:11, John Coy wrote:
>> Hugh,
>>
>> In your example below, I'm unclear how I involve my "users"
>> file (which contains the DEFAULT entries I'd like to assign
>> authenticated users) -- that's why I have <AuthBy FILE>
>> and in that file, I have the Auth-Type pointing to the
>> appropriate authentication process.
>>
>> John
>>
>> At 12:15 PM 4/28/01 +1000, Hugh Irvine wrote:
>> >Hello John, Hello Dave -
>> >
>> >The problem you are seeing has to do with the the differences between
>> >multiple DEFAULT handling in a user file and multiple AuthBy clauses under
>> >the control of an AuthByPolicy.
>> >
>> >In the case of multiple DEFAULT entries, these are only consulted in the
>> > case of a Reject (or multiple Rejects), except when Fall-Through is used,
>> > in which case it will go on to the next in the case of an Accept. There
>> > is no provision for Ignore as you have discovered.
>> >
>> >The way to deal with Ignore is by using multiple AuthBy clauses under the
>> >control of an AuthByPolicy ContinueWhileIgnore. In your case, you could
>> >replace your AuthBy FILE, with an AuthBy GROUP:
>> >
>> ><Realm DEFAULT>
>> > RewriteUsername tr/A-Z/a-z/
>> > AuthByPolicy ContinueWhileIgnore
>> >
>> > AuthBy AuthANCIUsers
>> ></Realm>
>> >
>> ><AuthBy GROUP>
>> > Identifier AuthANCIUsers
>> > AuthByPolicy ContinueWhileIgnore
>> > AuthBy AuthSQLPasswd
>> > AuthBy UNIX
>> ></AuthBy>
>> >
>> ><AuthBy SQL>
>> > Identifier AuthSQLPasswd
>> >
>> > DBSource dbi:Oracle:starship
>> > DBUsername uname
>> > DBAuth password
>> >
>> > AuthSelect SELECT password, checkattr, replyattr \
>> > FROM passwd \
>> > WHERE username = LOWER('%n')
>> >
>> > AuthColumnDef 0, Encrypted-Password, check
>> > AuthColumnDef 1, GENERIC, check
>> > AuthColumnDef 2, GENERIC, reply
>> >
>> > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
>> >
>> > AccountingTable
>> ></AuthBy>
>> >
>> ><AuthBy UNIX>
>> > Identifier UNIX
>> > Filename /usr/local/etc/shadow
>> > GroupFilename /usr/local/etc/group
>> >
>> > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
>> ></Authby>
>> >
>> >
>> >hth
>> >
>> >Hugh
>> >
>> >On Saturday 28 April 2001 03:04, John Coy wrote:
>> >> It's my understanding that Fall-Through = yes is the default
>> >> setting. However, I did try it and it still did not work.
>> >>
>> >> Thank you for your reply, however. I'm certain that I'm
>> >> doing something wrong, but I know eventually I'll figure
>> >> it out or someone will nudge me in the right direction.
>> >>
>> >> John
>> >>
>> >> At 01:02 PM 4/27/01 -0400, you wrote:
>> >> >I'm not a whiz at using DEFAULT, but you might benefit from:
>> >> >
>> >> >13.2.6 Fall-Through
>> >> >This attribute is not actually returned to the NAS. Its presence causes
>> >> >Radiator to continue looking for a match with the next DEFAULT user
>> >> > name.
>> >> >
>> >> > Fall-Through = yes
>> >> >
>> >> >http://www.open.com.au/radiator/ref.html#pgfId=330995
>> >> >
>> >> >Dave
>> >> >
>> >> > > -----Original Message-----
>> >> > > From: John Coy [mailto:jcoy at anc.net]
>> >> > > Sent: Friday, April 27, 2001 11:31 AM
>> >> > > To: radiator at open.com.au
>> >> > > Subject: Re: (RADIATOR) best technique to fallback to flat file if
>> >> > > DB server not available
>> >> > >
>> >> > >
>> >> > > I know it's wierd to reply to my own message, but I found
>> >> > > something in the RADIATOR archives:
>> >> > >
>> >> > > [ From Mike McCauley ]
>> >> > > 2. Chain a second authentication method after SQL, so that if
>> >> > > SQL fails (and
>> >> > > says IGNORE), it will then auth from (say) a local flat file:
>> >> > >
>> >> > > <Realm whatever>
>> >> > > AuthByPolicy ContinueWhileIgnore
>> >> > > <AuthBy SQL>
>> >> > > # whatever
>> >> > > </AuthBy>
>> >> > > # If SQL fails, auth from flat file:
>> >> > > <AuthBy FILE>
>> >> > > Filename whatever
>> >> > > </AuthBy>
>> >> > > </Realm>
>> >> > >
>> >> > > However, this technique doesn't work if you have an arrangement
>> >> > > similar to this one -- here, my default realm is authenticated
>> >> > > using <Authby FILE>. Inside that file, I make references to
>> >> > > several authentication methods, including <AuthBy SQL> and
>> >> > > <AuthBy UNIX>. However, since the <AuthBy SQL> fails, it
>> >> > > never gets to move on to the second DEFAULT. Not sure if this
>> >> > > is intended to be this way, or if my config is just so messed
>> >> > > up... anyhow, if there's a way to get it to move on to the next
>> >> > > DEFAULT entry that's what I'd like to do....
>> >> > >
>> >> > > My radiusd.cfg (excerpts):
>> >> > >
>> >> > > -- radiusd.cfg --
>> >> > > <Realm DEFAULT>
>> >> > > RewriteUsername tr/A-Z/a-z/
>> >> > > AuthByPolicy ContinueWhileIgnore
>> >> > >
>> >> > > AuthBy AuthANCIUsers
>> >> > > </Realm>
>> >> > >
>> >> > > <AuthBy FILE>
>> >> > > Identifier AuthANCIUsers
>> >> > > Filename %D/users
>> >> > > </AuthBy>
>> >> > >
>> >> > > <AuthBy SQL>
>> >> > > Identifier AuthSQLPasswd
>> >> > >
>> >> > > DBSource dbi:Oracle:starship
>> >> > > DBUsername uname
>> >> > > DBAuth password
>> >> > >
>> >> > > AuthSelect SELECT password, checkattr, replyattr \
>> >> > > FROM passwd \
>> >> > > WHERE username = LOWER('%n')
>> >> > >
>> >> > > AuthColumnDef 0, Encrypted-Password, check
>> >> > > AuthColumnDef 1, GENERIC, check
>> >> > > AuthColumnDef 2, GENERIC, reply
>> >> > >
>> >> > > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
>> >> > >
>> >> > > AccountingTable
>> >> > > </AuthBy>
>> >> > >
>> >> > > <AuthBy UNIX>
>> >> > > Identifier UNIX
>> >> > > Filename /usr/local/etc/shadow
>> >> > > GroupFilename /usr/local/etc/group
>> >> > >
>> >> > > AddToReplyIfNotExist Ascend-Maximum-Channels = 1
>> >> > > </Authby>
>> >> > > -- end radiusd.cfg --
>> >> > >
>> >> > > Then, inside the "users" file, you have a DEFAULT entry:
>> >> > >
>> >> > > -- users --
>> >> > > DEFAULT Auth-Type = AuthSQLPasswd
>> >> > > Ascend-Idle-Limit = 1800,
>> >> > > Ascend-Assign-IP-Pool = 0,
>> >> > > User-Service = Framed-User,
>> >> > > Framed-Protocol = PPP,
>> >> > > Ascend-Maximum-Call-Duration = 480,
>> >> > > Ascend-Client-Primary-DNS = 208.133.27.10,
>> >> > > Ascend-Client-Secondary-DNS = 216.152.26.168,
>> >> > > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
>> >> > > Ascend-Shared-Profile-Enable = 0,
>> >> > > Ascend-Multicast-Client = 1,
>> >> > > Ascend-Multicast-Rate-Limit = 5
>> >> > >
>> >> > > DEFAULT Auth-Type = UNIX
>> >> > > Ascend-Idle-Limit = 1800,
>> >> > > Ascend-Assign-IP-Pool = 0,
>> >> > > User-Service = Framed-User,
>> >> > > Framed-Protocol = PPP,
>> >> > > Ascend-Maximum-Call-Duration = 480,
>> >> > > Ascend-Client-Primary-DNS = 208.133.27.10,
>> >> > > Ascend-Client-Secondary-DNS = 216.152.26.168,
>> >> > > Ascend-Client-Assign-DNS = DNS-Assign-Yes,
>> >> > > Ascend-Shared-Profile-Enable = 0,
>> >> > > Ascend-Multicast-Client = 1,
>> >> > > Ascend-Multicast-Rate-Limit = 5
>> >> > > -- end users --
>> >> > >
>> >> > > At 09:02 PM 4/26/01 -0500, you wrote:
>> >> > > >What's the best technique to have Radiator fall back to
>> >> > >
>> >> > > authentication
>> >> > >
>> >> > > >via flat file (UNIX-style auth for example) instead of SQL
>> >> > >
>> >> > > database if the
>> >> > >
>> >> > > >SQL database isn't available.
>> >> > > >
>> >> > > >I tried using two DEFAULT entries in my users file, one which did
>> >> > > > SQL auth, the other which did UNIX auth but that didn't work.
>> >> > >
>> >> > > Instead, it
>> >> > >
>> >> > > >fails to connect to the DB server and won't move on to the flat
>> >> > > > file.
>> >> > > >
>> >> > > >Hints, tips welcome.
>> >> > > >
>> >> > > >John
>> >> > > >
>> >> > > >
>> >> > > >===
>> >> > > >Archive at http://www.starport.net/~radiator/
>> >> > > >Announcements on radiator-announce at open.com.au
>> >> > > >To unsubscribe, email 'majordomo at open.com.au' with
>> >> > > >'unsubscribe radiator' in the body of the message.
>> >> > >
>> >> > > ===
>> >> > > Archive at http://www.starport.net/~radiator/
>> >> > > Announcements on radiator-announce at open.com.au
>> >> > > To unsubscribe, email 'majordomo at open.com.au' with
>> >> > > 'unsubscribe radiator' in the body of the message.
>> >>
>> >> ===
>> >> Archive at http://www.starport.net/~radiator/
>> >> Announcements on radiator-announce at open.com.au
>> >> To unsubscribe, email 'majordomo at open.com.au' with
>> >> 'unsubscribe radiator' in the body of the message.
>> >
>> >--
>> >Radiator: the most portable, flexible and configurable RADIUS server
>> >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> >-
>> >Nets: internetwork inventory and management - graphical, extensible,
>> >flexible with hardware, software, platform and database independence.
>> >
>> >===
>> >Archive at http://www.starport.net/~radiator/
>> >Announcements on radiator-announce at open.com.au
>> >To unsubscribe, email 'majordomo at open.com.au' with
>> >'unsubscribe radiator' in the body of the message.
>>
>> ===
>> Archive at http://www.starport.net/~radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 13671 invoked by uid 0); 30 Apr 2001 06:47:23 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 30 Apr 2001 06:47:23 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA16075
for radiator-zzlist; Mon, 30 Apr 2001 15:40:23 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA16059
for radiator at open.com.au; Mon, 30 Apr 2001 15:40:17 +1000 (EST)
>Received: from marina.lowendale.com.au (gw.lowendale.com.au [203.26.242.120]) by perki.connect.com.au with ESMTP id PAA20329
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 15:11:56 +1000 (EST)
Received: from marina.lowendale.com.au (gw.lowendale.com.au [203.26.242.120]) by perki.connect.com.au with ESMTP id PAA20329
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 15:11:56 +1000 (EST)
Received: from localhost (neale at localhost)
by marina.lowendale.com.au (8.9.3/8.9.3/Debian/GNU) with ESMTP id PAA04713
for <radiator at open.com.au>; Mon, 30 Apr 2001 15:25:21 +1000
Date: Mon, 30 Apr 2001 15:25:20 +1000 (EST)
From: Neale Banks <neale at lowendale.com.au>
To: radiator at open.com.au
Subject: (RADIATOR) Telstra DailConnect; AuthBy LDAP2?
Message-ID: <Pine.LNX.4.05.10104301459280.4629-100000 at marina.lowendale.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-radiator at open.com.au
Precedence: bulk
Greetings all,
Regarding setting up Radiator for Authentication and Accounting for
Telstra's DialConnect, is this simply a matter of configuring the
DialConnect AAA server as a RADIUS client?
Regarding AuthBy LDAP2, an obvious starting point is to use LDAP2 for
Authentication and log Accounting to a file. Any tricks to adding more
sophisticated Accounting methods (database, RADIUS-proxy)?
Lastly, in the case of proxying RADIUS accounting, is there anything
particularly clever required to log to file and proxy to another RADIUS
server which may or may not be always available (i.e. ignore
unreachability problems)?
Thanks,
Neale.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 14037 invoked by uid 0); 30 Apr 2001 08:25:00 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 30 Apr 2001 08:25:00 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA16461
for radiator-zzlist; Mon, 30 Apr 2001 17:10:49 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA16438
for radiator at open.com.au; Mon, 30 Apr 2001 17:10:41 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA24967
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 16:37:22 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id QAA24967
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Mon, 30 Apr 2001 16:37:22 +1000 (EST)
Received: from hugo (acc16-ppp106.mel.dialup.connect.net.au [210.10.135.106])
by entoo.connect.com.au (Postfix) with SMTP
id 0DC2ADDD55; Mon, 30 Apr 2001 16:34:44 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Neale Banks <neale at lowendale.com.au>, radiator at open.com.au
Subject: Re: (RADIATOR) Telstra DailConnect; AuthBy LDAP2?
Date: Mon, 30 Apr 2001 15:50:50 +1000
X-Mailer: KMail [version 1.1.99]
References: <Pine.LNX.4.05.10104301459280.4629-100000 at marina.lowendale.com.au>
In-Reply-To: <Pine.LNX.4.05.10104301459280.4629-100000 at marina.lowendale.com.au>
MIME-Version: 1.0
Message-Id: <01043015505007.00959 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="US-ASCII"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Neale -
Having done a few of these, yes all you need is a Client clause.
Note that AuthBy LDAP2 implements LDAP version 1 - it just uses a different
Perl module to do it (perl-ldap), but yes you can use LDAP and log accouting
to a file. As for more sophisticated solutions, have a look at the "goodies"
directory and check the archive site: www.starport.net/~radiator.
There is nothing clever required for AuthBy RADIUS.
regards
Hugh
On Monday 30 April 2001 15:25, Neale Banks wrote:
> Greetings all,
>
> Regarding setting up Radiator for Authentication and Accounting for
> Telstra's DialConnect, is this simply a matter of configuring the
> DialConnect AAA server as a RADIUS client?
>
> Regarding AuthBy LDAP2, an obvious starting point is to use LDAP2 for
> Authentication and log Accounting to a file. Any tricks to adding more
> sophisticated Accounting methods (database, RADIUS-proxy)?
>
> Lastly, in the case of proxying RADIUS accounting, is there anything
> particularly clever required to log to file and proxy to another RADIUS
> server which may or may not be always available (i.e. ignore
> unreachability problems)?
>
> Thanks,
> Neale.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list