No subject
Tue Jun 24 01:16:48 CDT 2008
Fixed a problem in AuthBy ADSI where new AD users with a default logon times
setup would not be able to login and get the message Outside allowed login
hours.
regards
Hugh
On Friday 04 May 2001 06:08, Larry Prikockis wrote:
> Hi all...
> we're evalutating Radiator and so far, I've been having a devil of a time
> getting it to talk to our Active Directory server.
> Here's the (very very basic) config file I'm using:
> ------------
> # adsi.cfg
>
> Foreground
> LogStdout
> LogDir .
> DbDir .
> # User a lower trace level in production systems:
> Trace 4
>
> # You will probably want to change this to suit your site.
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
>
> <AuthBy ADSI>
> BindString
> LDAP://mangrove.abi.org/cn=%n,cn=Recipients,ou=Virginia,o=ABI
> DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> </AuthBy>
> </Realm>
> -------------------
> For some reason, the result I'm getting with the testpw program includes
> the following:
>
>
> Thu May 3 15:59:07 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu May 3 15:59:07 2001: DEBUG: Deleting session for larry_prikockis,
> 203.63.1
> 54.1, 1234
> Thu May 3 15:59:07 2001: DEBUG: Handling with ASDI
> Thu May 3 15:59:07 2001: DEBUG: BindString converted to
> LDAP://mangrove.abi.org
> /cn=larry_prikockis,cn=Recipients,ou=Virginia,o=ABI
> Thu May 3 15:59:07 2001: INFO: Access rejected for larry_prikockis:
> Outside all
> owed login hours
> Thu May 3 15:59:07 2001: DEBUG: Packet dump:
> *** Sending to 172.16.5.3 port 1036 ....
> Code: Access-Reject
> Identifier: 242
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> ---------------------------------------
>
> However, there are no login hours-based restrictions on my account, so I'm
> not sure what's going on.
> I'm sure there's some simple answer... any clues would be much appreciated.
> thanks!
>
> +
> Larry J. Prikockis
> Web Applications Specialist
> Association for Biodiversity Information
> 703-908-1833 / larry_prikockis at abi.org / www.abi.org
> +
> All parts should go together without forcing. You must remember that the
> parts you are reassembling were disassembled by you. Therefore, if you
> can't get them together again, there must be a reason. By all means, do
> not use a hammer.
> -- IBM maintenance manual, 1925
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 23711 invoked by uid 0); 4 May 2001 01:20:55 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 4 May 2001 01:20:55 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA08934
for radiator-zzlist; Fri, 4 May 2001 10:40:31 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA08906
for radiator at open.com.au; Fri, 4 May 2001 10:40:21 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id KAA25924
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 4 May 2001 10:21:54 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id KAA25924
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 4 May 2001 10:21:54 +1000 (EST)
Received: from hugo (acc16-ppp173.mel.dialup.connect.net.au [210.10.135.173])
by entoo.connect.com.au (Postfix) with SMTP
id E5AFDDDCE7; Fri, 4 May 2001 10:19:18 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Mariano Absatz" <lradius at pert.com.ar>
Subject: Re: (RADIATOR) performance issue
Date: Fri, 4 May 2001 09:45:26 +1000
X-Mailer: KMail [version 1.1.99]
Cc: Radiator List <radiator at open.com.au>
References: <3AF040A4.27835.99E53DB at localhost> <3AF12BA6.15331.D346092 at localhost>
In-Reply-To: <3AF12BA6.15331.D346092 at localhost>
MIME-Version: 1.0
Message-Id: <0105040945261S.00959 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="ISO-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Mariano -
We have no plans to change the name Radiator (thank goodness I hear you say)!
BTW - in regards to your comment about the size of the Radiator executable,
note that Perl only loads the modules that are needed at run time. In other
words, even though Radiator is delivered with *many* AuthBy modules - only
those that are specified in the configuration file are actually loaded into
memory. It will be the same with the Diameter support.
regards
Hugh
On Thursday 03 May 2001 22:57, Mariano Absatz wrote:
> El 3 May 2001, a las 11:07, Hugh Irvine escribió:
> > Hello Mariano -
> >
> > On Thursday 03 May 2001 06:15, Mariano Absatz wrote:
> > > Hi... on my delayed reading of the list I found this:
> > >
> > > El 18 Apr 2001, a las 9:45, Hugh Irvine escribió:
> > > > Hello Andy -
> > > >
> > > > The session database will be accessed by both authentication (to
> > > > delete and to check limits) and accounting (to insert and delete).
> > >
> > > <SNIP>
> > >
> > > So... I have different instances of Radiator for accounting and
> > > authentication, then BOTH have to have the <SessionDatabase> clause?
> > > And should they be identical?
> >
> > Yes. This is the same situation as having multiple machines running
> > Radiator - they all need to share the same session database (if coherency
> > among them is an issue).
>
> OK... I'll put this in my include file, then...
>
>
> <SNIP>
>
> > BTW - I think the next major release of Radiator will be Radiator-3.0,
> > which will include support for the next generation "Diameter" protocol.
> >
> > http://www.ietf.org/html.charters/aaa-charter.html
>
> Good... I've been reading the diameter i-d's... it's kind of a little
> beast, it would be nice if you could configure Radiator 3.0 (please,
> don't call it Diameterator :-D ) without the diameter support, since I
> guess it will add really lots of code and (yet) I don't see a lot of
> market pressure (here in Argentina, at least) for most of it's features...
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 23719 invoked by uid 0); 4 May 2001 01:21:05 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 4 May 2001 01:21:05 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA08933
for radiator-zzlist; Fri, 4 May 2001 10:40:30 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id KAA08898
for radiator at open.com.au; Fri, 4 May 2001 10:40:19 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id KAA25917
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 4 May 2001 10:21:50 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id KAA25917
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Fri, 4 May 2001 10:21:50 +1000 (EST)
Received: from hugo (acc16-ppp173.mel.dialup.connect.net.au [210.10.135.173])
by entoo.connect.com.au (Postfix) with SMTP
id 8FD2FDDD04; Fri, 4 May 2001 10:19:14 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Andy De Petter" <adepette at krameria.net>,
"Mariano Absatz" <lradius at pert.com.ar>
Subject: Re: (RADIATOR) dictionary request
Date: Fri, 4 May 2001 09:33:16 +1000
X-Mailer: KMail [version 1.1.99]
Cc: "Radiator List" <radiator at open.com.au>
References: <NMEIJMCFCECINGDHLNMOEEFIFHAA.adepette at krameria.net>
In-Reply-To: <NMEIJMCFCECINGDHLNMOEEFIFHAA.adepette at krameria.net>
MIME-Version: 1.0
Message-Id: <0105040933161Q.00959 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Andy -
If you are always getting the same attribute numbers in your errors, you can
put a dummy entry in the dictionary file so that at least the attribute gets
translated. Use your favourite text editor, but when you do find the correct
definitions please let us know so we can add them to the standard dictionary.
VENDORATTR 0 Bogus-Attribute 0 string
BTW - Vendor 429 (attribute 39051) is defined in the dictionary.usr:
VENDORATTR 429 Disconnect-Reason 0x988B integer
If you are using USR equipment, you should add the vendor specifics from the
dictionary.usr to the standard dictionary, again with your favourite text
editor.
cheers
Hugh
On Friday 04 May 2001 03:42, Andy De Petter wrote:
> > > Vendor 1397446990 (attribute 69)
> >
> > Here you have a clear error of some sort, since, as of yesterday (May 2,
> > 2001), te highest vendor number assigned was 9427... as Hugh says, a
> > Trace 4 will probably help to find out what's going on, if that doesn't
> > do, I guess Mike will ask you for a Trace 5 with the hexadecimal packet
> > dumps in it...
> >
> > > I'ld also like to know, whether there is something to do
> >
> > against "Attribute
> >
> > > number 0 (Vendor 0)" errors? Some workaround in the dictionary file,
> > > or something? :)
> >
> > Vendor 0 is reserved... there is probably an error here too
>
> I had already thought that those would be errors... but what I'ld like to
> know, is whether there is a workaround, so they will stop polluting my log
> files :)
>
> -a
>
> ps: thanks for the other info though
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 23983 invoked by uid 0); 4 May 2001 02:10:10 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 4 May 2001 02:10:10 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA09001
for radiator-zzlist; Fri, 4 May 2001 11:40:33 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id LAA08989;
Fri, 4 May 2001 11:40:29 +1000 (EST)
>Received: from marina.lowendale.com.au (gw.lowendale.com.au [203.26.242.120]) by perki.connect.com.au with ESMTP id LAA28086
(8.8.8/IDA-1.7); Fri, 4 May 2001 11:08:01 +1000 (EST)
Received: from marina.lowendale.com.au (gw.lowendale.com.au [203.26.242.120]) by perki.connect.com.au with ESMTP id LAA28086
(8.8.8/IDA-1.7); Fri, 4 May 2001 11:08:01 +1000 (EST)
Received: from localhost (neale at localhost)
by marina.lowendale.com.au (8.9.3/8.9.3/Debian/GNU) with ESMTP id LAA11924;
Fri, 4 May 2001 11:22:02 +1000
Date: Fri, 4 May 2001 11:22:01 +1000 (EST)
From: Neale Banks <neale at lowendale.com.au>
To: Hugh Irvine <hugh at open.com.au>
cc: radiator at open.com.au
Subject: Re: (RADIATOR) Telstra DailConnect; AuthBy LDAP2?
In-Reply-To: <0105011851270T.00959 at hugo>
Message-ID: <Pine.LNX.4.05.10105041026190.11844-300000 at marina.lowendale.com.au>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="449546482-394514436-988939321=:11844"
Sender: owner-radiator at open.com.au
Precedence: bulk
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime at docserver.cac.washington.edu for more info.
--449546482-394514436-988939321=:11844
Content-Type: TEXT/PLAIN; charset=US-ASCII
> > Are you sure it's version *ONE* of LDAP? More specifically, should I be
> > talk to openLDAP's slapd which "supports both version 2 and 3 of the
> > Lightweight Directory Access Protocol" via libnet-ldap-perl 0.22?
This is now working (but not extensively tested).
Specifically, Debian Linux (woody, aka testing) and Radiator-2.18.1.
Radiator is using libnet-ldap-perl-0.22 talking to slapd-2.0.7 on a
separate box. Perl is 5.6.0.
> AuthBy LDAP2 uses the following (from section 6.33 in the manual):
>
> AuthBy LDAP2 works with the newer Net::LDAP module version in perl-ldap-0.09
> or better (Available from CPAN). It is implemented in AuthLDAP2.pm. The
> Net::LDAP will work with both University of Michigan LDAP and Netscape's LDAP
> SDK, but it does not support SSL encrypted connections to the LDAP server.
Attached is a diff with some suggested changes to the ref-man (created by
lynx -dump from the .html and editing the text):
* Note the vital correction of the typo in the example for BindDN.
* Nit: the change of RADIUS ports to 1812 & 1813 is not so "recent" now
* Typo in FramedGroupMaxPortsPerClassC (s/mudulus/modulus/)
* AuthBy LDAP2 works with OpenLDAP
* OpenLDAP userPassword is encrypted, requires authentication to retrieve.
* Cisco-NAS mailing list
Also attached is a diff to AuthLDAP2.pm which helped immensely in
diagnosing my situation (in conjunction with slapd loglevel 256). Arguably
this should be logging to DEBUG rather than INFO.
HTH,
Neale.
--449546482-394514436-988939321=:11844
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="AuthLDAP2.pm-test.diff"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.05.10105041122010.11844 at marina.lowendale.com.au>
Content-Description:
Content-Disposition: attachment; filename="AuthLDAP2.pm-test.diff"
LS0tIEF1dGhMREFQMi5wbQlUaHUgQXByIDI2IDA5OjQ3OjI4IDIwMDENCisr
KyBBdXRoTERBUDIucG0tdGVzdAlGcmkgTWF5ICA0IDEwOjQ1OjU0IDIwMDEN
CkBAIC0xOTMsNiArMTkzLDE3IEBADQogew0KICAgICBteSAoJHNlbGYsICRu
YW1lLCAkcGFzc3dvcmQpID0gQF87DQogDQorICAgIGlmIChkZWZpbmVkKCRu
YW1lKSkNCisgICAgew0KKwkkc2VsZi0+bG9nKCRtYWluOjpMT0dfSU5GTywN
CisJCSJBdHRlbXB0aW5nIHRvIGJpbmQgd2l0aCAkbmFtZSwgJHBhc3N3b3Jk
Iik7DQorICAgIH0NCisgICAgZWxzZQ0KKyAgICB7DQorCSRzZWxmLT5sb2co
JG1haW46OkxPR19JTkZPLA0KKwkJIkF0dGVtcHRpbmcgdG8gYmluZCB3aXRo
IG5vIEROIGFuZCBwYXNzIik7DQorICAgIH0NCisNCiAgICAgIG15ICRyZXN1
bHQgPSAkc2VsZi0+e2xkfS0+YmluZCgNCiAgCWRlZmluZWQoJG5hbWUpDQog
IAk/IChkbiA9PiAkbmFtZSwgcGFzc3dvcmQgPT4gJHBhc3N3b3JkKQ0K
--449546482-394514436-988939321=:11844
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="ref-fix.txt.diff"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.05.10105041122011.11844 at marina.lowendale.com.au>
Content-Description:
Content-Disposition: attachment; filename="ref-fix.txt.diff"
LS0tIHJlZi1vcmlnLnR4dAlGcmkgTWF5ICA0IDA5OjAwOjQzIDIwMDENCisr
KyByZWYtZml4LnR4dAlGcmkgTWF5ICA0IDA5OjE1OjI3IDIwMDENCkBAIC0x
MTExLDggKzExMTEsOCBAQA0KICAgIHJlcXVlc3RzLiBUaGUgYXJndW1lbnQg
bWF5IGJlIGVpdGhlciBhIG51bWVyaWMgcG9ydCBudW1iZXIgb3IgYW4NCiAg
ICBhbHBoYW51bWVyaWMgc2VydmljZSBuYW1lIGFzIHNwZWNpZmllZCBpbiAv
ZXRjL3NlcnZpY2VzIChvciBpdHMgbW9yYWwNCiAgICBlcXVpdmFsZW50IG9u
IHlvdXIgc3lzdGVtKS4gVGhlIGRlZmF1bHQgcG9ydCBpcyAxNjQ1LiBOb3Rl
IHRoYXQgdGhlDQotICAgb2ZmaWNpYWxseSBhc3NpZ25lZCBwb3J0IG51bWJl
ciBmb3IgUmFkaXVzIGF1dGhlbnRpY2F0aW9uIGhhcyByZWNlbnRseQ0KLSAg
IGJlZW4gY2hhbmdlZCB0byAxODEyLg0KKyAgIG9mZmljaWFsbHkgYXNzaWdu
ZWQgcG9ydCBudW1iZXIgZm9yIFJhZGl1cyBhdXRoZW50aWNhdGlvbiBpcw0K
KyAgIDE4MTIgLSB0aGlzIHdhcyBhc3NpZ25lZCBieSBJQU5BIHdoZW4gdGhl
IFJBRElVUyBSRkNzIHdlcmUgcHVibGlzaGVkLg0KIA0KICMgTGlzdGVuIGZv
ciBhdXRoZW50aWNhdGlvbiByZXF1ZXN0cyBvbiBwb3J0IDE4MTIgYXMgcGVy
IFJGQw0KICMgMjEzOA0KQEAgLTExMzMsOCArMTEzMyw4IEBADQogICAgcmVx
dWVzdHMuIFRoZSBhcmd1bWVudCBtYXkgYmUgZWl0aGVyIGEgbnVtZXJpYyBw
b3J0IG51bWJlciBvciBhbg0KICAgIGFscGhhbnVtZXJpYyBzZXJ2aWNlIG5h
bWUgYXMgc3BlY2lmaWVkIGluIC8gZXRjL3NlcnZpY2VzIChvciBpdHMgbW9y
YWwNCiAgICBlcXVpdmFsZW50IG9uIHlvdXIgc3lzdGVtKS4gVGhlIGRlZmF1
bHQgcG9ydCBpcyAxNjQ2LiBOb3RlIHRoYXQgdGhlDQotICAgb2ZmaWNpYWxs
eSBhc3NpZ25lZCBwb3J0IG51bWJlciBmb3IgUmFkaXVzIGFjY291bnRpbmcg
aGFzIHJlY2VudGx5DQotICAgYmVlbiBjaGFuZ2VkIHRvIDE4MTMuDQorICAg
b2ZmaWNpYWxseSBhc3NpZ25lZCBwb3J0IG51bWJlciBmb3IgUmFkaXVzIGFj
Y291bnRpbmcgaXMNCisgICAxODEzIC0gdGhpcyB3YXMgYXNzaWduZWQgYnkg
SUFOQSB3aGVuIHRoZSBSQURJVVMgUkZDcyB3ZXJlIHB1Ymxpc2hlZC4NCiAN
CiAjIExpc3RlbiBmb3IgYWNjb3VudGluZyByZXF1ZXN0cyBvbiBwb3J0IDE4
MTMgYXMNCiAjIHBlciBSRkMgMjEzOQ0KQEAgLTE3ODgsNyArMTc4OCw3IEBA
DQogICAgVGhpcyBvcHRpb25hbCBwYXJhbWV0ZXIgZGVmaW5lcyB0aGUgbWF4
aW11bSBudW1iZXIgb2YgcG9ydHMgdGhhdCBjYW4NCiAgICBiZSBtYXBwZWQg
dG8gYSBjbGFzcyBDIG9yIGNsYXNzIEIgRnJhbWVkR3JvdXBCYXNlQWRkcmVz
cy4gVGhlIGRlZmF1bHQNCiAgICBpcyAyNTUsIHdoaWNoIG1lYW5zIHRoYXQg
YW55IGFkZHJlc3MgZnJvbSAwIHVwIHRvIDI1NSBpbiB0aGUgM3JkIG9yDQot
ICAgNHRoIG9jdGV0cyB3aWxsIGJlIHBlcm1pdHRlZC4gSXQgYWN0dWFsbHkg
c3BlY2lmaWVzIHRoZSBtdWR1bHVzIGZvcg0KKyAgIDR0aCBvY3RldHMgd2ls
bCBiZSBwZXJtaXR0ZWQuIEl0IGFjdHVhbGx5IHNwZWNpZmllcyB0aGUgbW9k
dWx1cyBmb3INCiAgICBjb21wdXRpbmcgdGhlIDNyZCBhbmQgNHRoIG9jdGV0
cyBvZiBhZGRyZXNzZXMgY2FsY3VsYXRlZCBmcm9tDQogICAgRnJhbWVkR3Jv
dXBCYXNlQWRkcmVzcy4gWW91IG1pZ2h0IHVzZSB0aGlzIHRvIGxpbWl0IHRo
ZSBudW1iZXIgb2YNCiAgICBhZGRyZXNzZXMgdXNlZCBpbiBlYWNoIGFkZHJl
c3MgYmxvY2ssIG9yIHRvIHByZXZlbnQgdGhlIGFsbG9jYXRpb24gb2YNCkBA
IC01NTg5LDkgKzU1ODksOSBAQA0KICAgIA0KICAgIEF1dGhCeSBMREFQMiB3
b3JrcyB3aXRoIHRoZSBuZXdlciBOZXQ6OkxEQVAgbW9kdWxlIHZlcnNpb24g
aW4NCiAgICBwZXJsLWxkYXAtMC4wOSBvciBiZXR0ZXIgKEF2YWlsYWJsZSBm
cm9tIENQQU4pLiBJdCBpcyBpbXBsZW1lbnRlZCBpbg0KLSAgIEF1dGhMREFQ
Mi5wbS4gVGhlIE5ldDo6TERBUCB3aWxsIHdvcmsgd2l0aCBib3RoIFVuaXZl
cnNpdHkgb2YgTWljaGlnYW4NCi0gICBMREFQIGFuZCBOZXRzY2FwZSdzIExE
QVAgU0RLLCBidXQgaXQgZG9lcyBub3Qgc3VwcG9ydCBTU0wgZW5jcnlwdGVk
DQotICAgY29ubmVjdGlvbnMgdG8gdGhlIExEQVAgc2VydmVyLg0KKyAgIEF1
dGhMREFQMi5wbS4gVGhlIE5ldDo6TERBUCB3aWxsIHdvcmsgd2l0aCBVbml2
ZXJzaXR5IG9mIE1pY2hpZ2FuDQorICAgTERBUCwgT3BlbkxEQVAsIGFuZCBO
ZXRzY2FwZSdzIExEQVAgU0RLLCBidXQgaXQgZG9lcyBub3Qgc3VwcG9ydCBT
U0wNCisgICBlbmNyeXB0ZWQgY29ubmVjdGlvbnMgdG8gdGhlIExEQVAgc2Vy
dmVyLg0KICAgIA0KICAgIEF1dGhCeSBMREFQU0RLIHdvcmtzIHdpdGggTmV0
c2NhcGUncyBQZXJMREFQIG1vZHVsZSBhbmQgdGhlIE5ldHNjYXBlDQogICAg
RGlyZWN0b3J5IFNESy4gV2UgcHJvdmlkZSB0aGlzIGluIGFkZGl0aW9uIHRv
IHRoZSBvdGhlcnMgYmVjYXVzZQ0KQEAgLTU2ODIsNyArNTY4Miw3IEBADQog
ICAgYWxtb3N0IGFsd2F5cyByZXF1aXJlIHRoaXMgdG8gYmUgc2V0Lg0KIA0K
ICMgTG9nIGluIHRvIExEQVAgYXMgYWRtaW4NCi1BdXRoRG4gYWRtaW4NCitB
dXRoRE4gYWRtaW4NCiANCiA2LjMzLjUgQXV0aFBhc3N3b3JkDQogDQpAQCAt
NTc0OCw2ICs1NzQ4LDkgQEANCiAgICB3YXksIGFuZCBwcm9iYWJseSBub3Qg
ZXZlbiB0aGVuLiBZb3UgbXVzdCBzcGVjaWZ5IGVpdGhlciBQYXNzd29yZEF0
dHINCiAgICBvciBFbmNyeXB0ZWRQYXNzd29yZEF0dHIuIFRoZXJlIGlzIG5v
IGRlZmF1bHQuDQogDQorICAgTm90ZSB0aGF0IE9wZW5MREFQJ3MgdXNlclBh
c3N3b3JkIGlzIChhKSBlbmNyeXB0ZWQgYW5kIChiKSBvbmx5DQorICAgcmV0
cmlldmFibGUgdmlhIGFuIGFwcHJvcHJpYXRlbHkgYXV0aGVudGljYXRlZCBi
aW5kaW5nIHRvIHRoZSBzbGFwZC4NCisNCiAjIFBsYWludGV4dCBwYXNzd29y
ZHMuIEdhc3ANCiBQYXNzd29yZEF0dHIgcGFzc3dkDQogDQpAQCAtMTA0ODks
NiArMTA0OTIsOSBAQA0KIDI1LjcuMSBDaXNjbw0KIA0KICAgIFRoZXJlIGlz
IGEgTmV0IE5ld3MgZ3JvdXAgZm9yIGNpc2NvOiBjb21wLmRjb20uc3lzLmNp
c2NvLg0KKw0KKyAgIFRoZXJlIGlzIGEgbWFpbGluZyBsaXN0IGZvciBDaXNj
byBOQVMgaXNzdWVzICh1bnN1cnByaXNpbmdseSkNCisgICBjYWxsZWQgQ2lz
Y28tTkFTQGV4dGVybmFsLmNpc2NvLmNvbS4gIFRvIHN1YnNjcmliZSwgc2Vu
ZCAuLi4uDQogICAgDQogMjUuNy4yIEFzY2VuZA0KIA0K
--449546482-394514436-988939321=:11844--
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 24666 invoked by uid 0); 4 May 2001 05:19:26 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 4 May 2001 05:19:26 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA09368
for radiator-zzlist; Fri, 4 May 2001 14:40:36 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id OAA09363;
Fri, 4 May 2001 14:40:32 +1000 (EST)
>Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id OAA08243
(8.8.8/IDA-1.7); Fri, 4 May 2001 14:28:28 +1000 (EST)
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8]) by perki.connect.com.au with ESMTP id OAA08243
(8.8.8/IDA-1.7); Fri, 4 May 2001 14:28:28 +1000 (EST)
Received: from hugo (acc7-ppp135.mel.dialup.connect.net.au [210.10.130.135])
by entoo.connect.com.au (Postfix) with SMTP
id 4D8C4DDAE4; Fri, 4 May 2001 14:25:53 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Neale Banks <neale at lowendale.com.au>, mikem at open.com.au
Subject: Re: (RADIATOR) Telstra DailConnect; AuthBy LDAP2?
Date: Fri, 4 May 2001 14:26:52 +1000
X-Mailer: KMail [version 1.1.99]
Cc: radiator at open.com.au
References: <Pine.LNX.4.05.10105041026190.11844-300000 at marina.lowendale.com.au>
In-Reply-To: <Pine.LNX.4.05.10105041026190.11844-300000 at marina.lowendale.com.au>
MIME-Version: 1.0
Message-Id: <0105041426521Z.00959 at hugo>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Neale -
Thanks for your notes and comments.
I've copied Mike on this mail so he can review the suggestions.
cheers
Hugh
On Friday 04 May 2001 11:22, Neale Banks wrote:
> > > > Are you sure it's version *ONE* of LDAP? More specifically, should I
> > > be talk to openLDAP's slapd which "supports both version 2 and 3 of the
> > > Lightweight Directory Access Protocol" via libnet-ldap-perl 0.22?
>
> This is now working (but not extensively tested).
>
> Specifically, Debian Linux (woody, aka testing) and Radiator-2.18.1.
> Radiator is using libnet-ldap-perl-0.22 talking to slapd-2.0.7 on a
> separate box. Perl is 5.6.0.
>
> > AuthBy LDAP2 uses the following (from section 6.33 in the manual):
> >
> > AuthBy LDAP2 works with the newer Net::LDAP module version in
> > perl-ldap-0.09 or better (Available from CPAN). It is implemented in
> > AuthLDAP2.pm. The Net::LDAP will work with both University of Michigan
> > LDAP and Netscape's LDAP SDK, but it does not support SSL encrypted
> > connections to the LDAP server.
>
> Attached is a diff with some suggested changes to the ref-man (created by
> lynx -dump from the .html and editing the text):
>
> * Note the vital correction of the typo in the example for BindDN.
>
> * Nit: the change of RADIUS ports to 1812 & 1813 is not so "recent" now
> * Typo in FramedGroupMaxPortsPerClassC (s/mudulus/modulus/)
> * AuthBy LDAP2 works with OpenLDAP
> * OpenLDAP userPassword is encrypted, requires authentication to retrieve.
> * Cisco-NAS mailing list
>
> Also attached is a diff to AuthLDAP2.pm which helped immensely in
> diagnosing my situation (in conjunction with slapd loglevel 256). Arguably
> this should be logging to DEBUG rather than INFO.
>
> HTH,
> Neale.
----------------------------------------
Content-Type: TEXT/PLAIN; charset="US-ASCII"; name="AuthLDAP2.pm-test.diff"
Content-Transfer-Encoding: BASE64
Content-Description:
----------------------------------------
----------------------------------------
Content-Type: TEXT/PLAIN; charset="US-ASCII"; name="ref-fix.txt.diff"
Content-Transfer-Encoding: BASE64
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 25959 invoked by uid 0); 4 May 2001 15:26:34 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 4 May 2001 15:26:34 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id AAA10234
for radiator-zzlist; Sat, 5 May 2001 00:40:22 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id AAA10222
for radiator at open.com.au; Sat, 5 May 2001 00:40:17 +1000 (EST)
>Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [194.237.142.116]) by perki.connect.com.au with ESMTP id AAA04088
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 5 May 2001 00:09:46 +1000 (EST)
Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [194.237.142.116]) by perki.connect.com.au with ESMTP id AAA04088
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 5 May 2001 00:09:46 +1000 (EST)
Received: from esealnt461 (esealnt461.al.sw.ericsson.se [153.88.251.61])
by albatross.wise.edt.ericsson.se (8.11.0/8.11.0/WIREfire-1.3) with SMTP id f44E9gN10870
for <radiator at open.com.au>; Fri, 4 May 2001 16:09:44 +0200 (MEST)
Received: FROM esealnt400.al.sw.ericsson.se BY esealnt461 ; Fri May 04 16:09:29 2001 +0200
Received: by esealnt400 with Internet Mail Service (5.5.2653.19)
id <G9WKJSQF>; Fri, 4 May 2001 16:09:30 +0200
Message-ID: <8DE93563AC71D311B30400508B5D5D8B017D24D2 at ESELINT201>
From: "Ingvar Berg (EIP)" <Ingvar.Berg at eip.ericsson.se>
To: Radiator Mailing <radiator at open.com.au>
Subject: RE: (RADIATOR) howto (CHAP-Password)
Date: Fri, 4 May 2001 16:09:07 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
charset="ISO-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: den 24 april 2001 01:43
To: Andy De Petter; Radiator Mailing
Subject: Re: (RADIATOR) howto (CHAP-Password)
Hello Andy -
You are out of luck I am afraid - when CHAP is used, you must have
the plaintext password in your database, because only the encryptions
are compared.
*** (IngBe) *** Actually, you need to be able to decrypt the encrypted password. I.e. they must be encrypted using an algorithm that you can reverse, and have the decryption key available at the Radiator machine. And of course some patch or hook to do the decryption.
******* /Ingvar ********
hth
Hugh
At 11:17 +0200 01/4/23, Andy De Petter wrote:
>Is there a variable, that contains the plaintext (decrypted) CHAP-Password,
>for authentication packets? I want to log the username and cleartext
>password, for all users that are authenticating.. also the ones, with
>CHAP-Password..
>
>thx,
>
>-a
>
>
>--
>"For nothing can seem foul to those that win."
> - Henry IV, Pt1, Act 5, Sc 1
>
>*** DISCLAIMER ***
>This e-mail and any attachments thereto may contain information, which
>is confidential and/or protected by intellectual property rights and
>are intended for the sole use of the recipient(s) named above. Any use
>of the information contained herein (including, but not limited to,
>total or partial reproduction, communication or distribution in any
>form) by persons other than the designated recipient(s) is prohibited.
>If you have received this e-mail in error, please notify the sender
>either by telephone or by e-mail and delete the material from any
>computer. Thank you for your cooperation.
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 26051 invoked by uid 0); 4 May 2001 17:20:18 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 4 May 2001 17:20:18 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA10335
for radiator-zzlist; Sat, 5 May 2001 02:40:17 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id CAA10330
for radiator at open.com.au; Sat, 5 May 2001 02:40:12 +1000 (EST)
>Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id CAA09530
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 5 May 2001 02:27:14 +1000 (EST)
Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id CAA09530
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 5 May 2001 02:27:14 +1000 (EST)
Received: from warp-core.skynet.be ([195.238.2.25] helo=Sarabi)
by mail.krameria.net with asmtp (Exim 3.20 #1)
id 14viQC-0001zR-00
for radiator at open.com.au; Fri, 04 May 2001 18:27:12 +0200
From: "Andy De Petter" <adepette at krameria.net>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: (RADIATOR) Radiator 2.18.x
Date: Fri, 4 May 2001 18:29:36 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOEEGPFHAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello,
After upgrading to Radiator 2.18.1, I noticed that on my radius server, I
have more than 2500 TIME_WAIT connections to my MySQL back-end database. I
didn't have this problem before (2.17.x), so I was wondering whether
something changed, with socket management, or anything else, starting
2.18.x. First I thought, it might have something to do with 2.18.1, but
downgrading to 2.18 doesn't help either. On my MySQL server, I can see
that the connections don't seem to stay open.. but the 2.18.1 appears to be
reconnecting all the time (2.17.1 leaves connection open). The MySQL
database isn't loaded at all, so that shouldn't be the problem.
On my 2.17.1 box, I have 0 TIME_WAIT connections, and the load on both
machine is exactly the same (and they're accessing the same database.
Did anyone see this problem before? And what can be done to fix this
behaviour (as there is a significant performance loss detected, on the AS
side).
Regards,
-Andy
PS: I have already tried tuning my TCP kernel parameters on Solaris (2.7),
but that doesn't help. Parameters on both machines are equal at this time.
--
"For nothing can seem foul to those that win."
- Henry IV, Pt1, Act 5, Sc 1
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 26919 invoked by uid 0); 5 May 2001 08:58:11 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 5 May 2001 08:58:11 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id SAA11188
for radiator-zzlist; Sat, 5 May 2001 18:10:17 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id SAA11176
for radiator at open.com.au; Sat, 5 May 2001 18:10:10 +1000 (EST)
>Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id RAA11100
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 5 May 2001 17:38:19 +1000 (EST)
Received: from mail.krameria.net (mail.krameria.net [194.78.241.3]) by perki.connect.com.au with ESMTP id RAA11100
(8.8.8/IDA-1.7 for <radiator at open.com.au>); Sat, 5 May 2001 17:38:19 +1000 (EST)
Received: from adsl-64278.turboline.skynet.be ([217.136.123.22] helo=Sarabi)
by mail.krameria.net with esmtp (Exim 3.20 #1)
id 14vwdt-0002Yy-00
for radiator at open.com.au; Sat, 05 May 2001 09:38:17 +0200
From: "Andy De Petter" <adepette at krameria.net>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: RE: (RADIATOR) Radiator 2.18.x
Date: Sat, 5 May 2001 09:40:41 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOKEHHFHAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
In-Reply-To: <NMEIJMCFCECINGDHLNMOEEGPFHAA.adepette at krameria.net>
Importance: Normal
Content-Type: text/plain;
charset="iso-8859-1"
Sender: owner-radiator at open.com.au
Precedence: bulk
Because I seem to have many retransmits of accounting packets, of which I
didn't find the cause yet, there are a lot of errors returning from the SQL
table (already inserted). Because of this, it seems that radiator is losing
performance.
When I remove those UNIQUE indeces, the TIME_WAIT problem on my radius
server seems fixed.
Does radiator "back off" for a while, after getting back an error from his
back-end database? Or what else might cause these errors, to have a direct
impact on radiator performance?
-Andy
PS: TIME_WAIT problem has been fixed, as said, by removing UNIQUE indeces,
from the accounting table.
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Andy De Petter
> Sent: vrijdag 4 mei 2001 18:30
> To: Radiator Mailing
> Subject: (RADIATOR) Radiator 2.18.x
>
>
>
> Hello,
>
> After upgrading to Radiator 2.18.1, I noticed that on my radius server, I
> have more than 2500 TIME_WAIT connections to my MySQL back-end
> database. I
> didn't have this problem before (2.17.x), so I was wondering whether
> something changed, with socket management, or anything else, starting
> 2.18.x. First I thought, it might have something to do with 2.18.1, but
> downgrading to 2.18 doesn't help either. On my MySQL server, I can see
> that the connections don't seem to stay open.. but the 2.18.1
> appears to be
> reconnecting all the time (2.17.1 leaves connection open). The MySQL
> database isn't loaded at all, so that shouldn't be the problem.
>
> On my 2.17.1 box, I have 0 TIME_WAIT connections, and the load on both
> machine is exactly the same (and they're accessing the same database.
>
> Did anyone see this problem before? And what can be done to fix this
> behaviour (as there is a significant performance loss detected, on the AS
> side).
>
> Regards,
>
> -Andy
>
> PS: I have already tried tuning my TCP kernel parameters on Solaris (2.7),
> but that doesn't help. Parameters on both machines are equal at
> this time.
>
> --
> "For nothing can seem foul to those that win."
> - Henry IV, Pt1, Act 5, Sc 1
>
> *** DISCLAIMER ***
> This e-mail and any attachments thereto may contain information, which
> is confidential and/or protected by intellectual property rights and
> are intended for the sole use of the recipient(s) named above. Any use
> of the information contained herein (including, but not limited to,
> total or partial reproduction, communication or distribution in any
> form) by persons other than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender
> either by telephone or by e-mail and delete the material from any
> computer. Thank you for your cooperation.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 31911 invoked by uid 0); 7 May 2001 01:19:56 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 01:19:56 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f46MqKi02588
for radiator-list; Sun, 6 May 2001 17:52:20 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from syd01exc002.POWERTEL.COM.AU (mail.powertel.com.au [202.92.76.4])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f46MqJ402585
for <radiator at open.com.au>; Sun, 6 May 2001 17:52:19 -0500
Received: from syd01exc002.POWERTEL.COM.AU (unverified) by syd01exc002.POWERTEL.COM.AU
(Content Technologies SMTPRS 4.2.1) with ESMTP id <T535f441e120a0032240b4 at syd01exc002.POWERTEL.COM.AU> for <radiator at open.com.au>;
Mon, 7 May 2001 10:49:45 +1000
Received: by exchange.powertel.com.au with Internet Mail Service (5.5.2650.21)
id <KGCF606Y>; Mon, 7 May 2001 10:49:44 +1000
Message-ID: <FF6CEF9995EAD4118C4500306E0118FC82D29F at syd01exc001.powertel.com.au>
From: Brett Rees <reesb at powertel.com.au>
To: "'radiator at open.com.au'" <radiator at open.com.au>
Subject: (RADIATOR) prerequesite MD5 failed to load : Can't locate MD5.pm in @INC
Date: Mon, 7 May 2001 10:47:53 +1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello All,
I am trying to install the demo 2.18 version of Radiator. I have installed
GCC 2.8.1, and perl 5.6.1. I have also installed Digest-MD5 2.13. When I run
the perl Makefile.PL in the Radiator dist dir I get the above error. I tried
running perl -V and find that @INC does not contain a path to the directory
DIGEST/MD5.pm . I am not sure if I have to manipulate @INC somehow or
whether when I installed the Digest-MD5 module that it was installed to the
wrong place or incorrectly. I have read the mailing list archives and am
sure that I have installed everything as per the doco, including the module.
I tried adding the path to MD5.pm to PERL5LIB and then re-running the
Makefile.PM, still no good. Does anyone know what I am doing wrong here? I
would have expected that a clean copy of perl, plus the clean module and all
should work. I tried this with perl 5_005_003 as well, still no good. There
are no other copies of perl available on the box, just the copy that I
built.
Thanks,
Brett.
**********************************************************************
This email (including all attachments) is intended solely for the named
addressee. It is confidential and may contain commercially sensitive
information. If you receive it in error, please let us know by reply email,
delete it from your system and destroy any copies.
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the prior written consent of the copyright owner.
Emails may be interfered with, may contain computer viruses or other defects
and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about
the authenticity of an email purportedly sent by us, please contact us
immediately.
**********************************************************************
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32006 invoked by uid 0); 7 May 2001 03:20:49 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 03:20:49 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f4712r602877
for radiator-list; Sun, 6 May 2001 20:02:53 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from linux.impactcreativity.com.au (IDENT:root@[210.9.57.2])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f4712o402874
for <radiator at open.com.au>; Sun, 6 May 2001 20:02:51 -0500
Received: from pc022 ([192.168.80.25])
by linux.impactcreativity.com.au (8.9.3/8.9.3) with SMTP id OAA00772
for <radiator at open.com.au>; Mon, 7 May 2001 14:03:51 +1000
Message-ID: <000e01c0d6a2$3d39ad50$1950a8c0 at pc022>
From: "Simon" <simon at impactcreativity.com.au>
To: <radiator at open.com.au>
Subject: (RADIATOR) Multiple Domains
Date: Mon, 7 May 2001 13:03:02 +1000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0009_01C0D6F6.0C5F6090"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-radiator at open.com.au
Precedence: bulk
This is a multi-part message in MIME format.
------=_NextPart_000_0009_01C0D6F6.0C5F6090
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi,
I have a Radiator server successfully running for my domain, but I want =
to add a second domain to my configuration file. The second domain has =
the same clients and authentication type (SQL) as the first, but a =
different secret.
My question is, how do I configure the server to try both the secrets =
for incoming requests for a client? At the moment I only have a <Client =
DEFAULT> section, but the requests are valid using either the first =
domain secret or the second domain secret.
Any help would be greatly appreciated :)
Cheers
Simon
------=_NextPart_000_0009_01C0D6F6.0C5F6090
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4611.1300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I have a Radiator server successfully =
running for=20
my domain, but I want to add a second domain to my configuration =
file. The=20
second domain has the same clients and authentication type (SQL) as the =
first,=20
but a different secret.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>My question is, how do I configure the =
server to=20
try both the secrets for incoming requests for a client? At the =
moment I=20
only have a <Client DEFAULT> section, but the requests are valid =
using=20
either the first domain secret or the second domain secret.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Any help would be greatly =
appreciated =20
:)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Cheers</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Simon</FONT></DIV></BODY></HTML>
------=_NextPart_000_0009_01C0D6F6.0C5F6090--
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32037 invoked by uid 0); 7 May 2001 03:58:54 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 03:58:54 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f471XeA02898
for radiator-list; Sun, 6 May 2001 20:33:40 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f471Xd402895
for <radiator at open.com.au>; Sun, 6 May 2001 20:33:39 -0500
Received: from noc ([216.152.29.146])
by starship.anc.net (8.9.3+blt/8.9.3) with SMTP id WAA11484;
Sun, 6 May 2001 22:31:47 -0500 (CDT)
Message-Id: <4.1.20010506223038.00a5a4f0 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Sun, 06 May 2001 22:31:50 -0500
To: Brett Rees <reesb at powertel.com.au>,
"'radiator at open.com.au'" <radiator at open.com.au>
From: John Coy <jcoy at anc.net>
Subject: Re: (RADIATOR) prerequesite MD5 failed to load : Can't locate
MD5.pm in @INC
In-Reply-To: <FF6CEF9995EAD4118C4500306E0118FC82D29F at syd01exc001.powerte
l.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
I'm certainly no expert, but I think the MD5 module you want is this one:
ftp://ftp.perl.org/pub/CPAN/modules/by-module/MD5/MD5-1.7.tar.gz
I freshly compiled both PERL and the new RADIATOR daemon, no problems.
John
Arkansas.Net
At 10:47 AM 5/7/01 +1000, Brett Rees wrote:
>
>Hello All,
>
>I am trying to install the demo 2.18 version of Radiator. I have installed
>GCC 2.8.1, and perl 5.6.1. I have also installed Digest-MD5 2.13. When I run
>the perl Makefile.PL in the Radiator dist dir I get the above error. I tried
>running perl -V and find that @INC does not contain a path to the directory
>DIGEST/MD5.pm . I am not sure if I have to manipulate @INC somehow or
>whether when I installed the Digest-MD5 module that it was installed to the
>wrong place or incorrectly. I have read the mailing list archives and am
>sure that I have installed everything as per the doco, including the module.
>
>
>I tried adding the path to MD5.pm to PERL5LIB and then re-running the
>Makefile.PM, still no good. Does anyone know what I am doing wrong here? I
>would have expected that a clean copy of perl, plus the clean module and all
>should work. I tried this with perl 5_005_003 as well, still no good. There
>are no other copies of perl available on the box, just the copy that I
>built.
>
>Thanks,
>Brett.
>
>
>
>
>
>
>**********************************************************************
>This email (including all attachments) is intended solely for the named
>addressee. It is confidential and may contain commercially sensitive
>information. If you receive it in error, please let us know by reply email,
>delete it from your system and destroy any copies.
>
>This email is also subject to copyright. No part of it should be reproduced,
>adapted or transmitted without the prior written consent of the copyright
>owner.
>
>Emails may be interfered with, may contain computer viruses or other defects
>and may not be successfully replicated on other systems. We give no
>warranties in relation to these matters. If you have any doubts about
>the authenticity of an email purportedly sent by us, please contact us
>immediately.
>
>**********************************************************************
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32070 invoked by uid 0); 7 May 2001 04:13:35 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 04:13:35 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f471sDW02914
for radiator-list; Sun, 6 May 2001 20:54:13 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from starship.anc.net (mx1-starship.anc.net [208.133.27.6])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f471sC402911
for <radiator at open.com.au>; Sun, 6 May 2001 20:54:12 -0500
Received: from noc ([216.152.29.146])
by starship.anc.net (8.9.3+blt/8.9.3) with SMTP id WAA20881;
Sun, 6 May 2001 22:52:13 -0500 (CDT)
Message-Id: <4.1.20010506224912.00a5c550 at pop3.anc.net>
X-Sender: noc at pop3.anc.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Sun, 06 May 2001 22:52:12 -0500
To: "Simon" <simon at impactcreativity.com.au>, <radiator at open.com.au>
From: John Coy <jcoy at anc.net>
Subject: Re: (RADIATOR) Multiple Domains
In-Reply-To: <000e01c0d6a2$3d39ad50$1950a8c0 at pc022>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-radiator at open.com.au
Precedence: bulk
Unless I'm mis-understanding your question, you should just have
to add a new <Realm> clause for your new domain name since you
said the client is the same (I'm assuming you're using the same
RAS devices for both domains, so they'd have the same RADIUS secret
wouldn't they?).
In my radiusd.cfg file I have something like this:
<Realm SomeRealm>
AuthByPolicy ContinueAlways
AuthBy AuthSomeRealm
</Realm>
<Realm DEFAULT>
RewriteUsername tr/A-Z/a-z/
AuthByPolicy ContinueAlways
AuthBy AuthANCIUsers
</Realm>
This way, if someone logs in using the username user at SomeRealm,
the RADIUS server handles their authentication using the AuthBy
with the "AuthSomeRealm" identifier; otherwise, it handles
them using the default "AuthANCIUsers" identifier.
Hope that helps,
John
Arkansas.Net
At 01:03 PM 5/7/01 +1000, Simon wrote:
>
> Hi,
>
> I have a Radiator server successfully running for my domain, but I want to
> add a second domain to my configuration file. The second domain has the same
> clients and authentication type (SQL) as the first, but a different secret.
>
> My question is, how do I configure the server to try both the secrets for
> incoming requests for a client? At the moment I only have a <Client DEFAULT>
> section, but the requests are valid using either the first domain secret or
> the second domain secret.
>
> Any help would be greatly appreciated :)
>
> Cheers
>
> Simon
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32207 invoked by uid 0); 7 May 2001 04:36:03 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 04:36:03 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f472FlO02952
for radiator-list; Sun, 6 May 2001 21:15:47 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from syd01exc002.POWERTEL.COM.AU (mail.powertel.com.au [202.92.76.4])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f472Fk402949
for <radiator at open.com.au>; Sun, 6 May 2001 21:15:46 -0500
Received: from syd01exc002.POWERTEL.COM.AU (unverified) by syd01exc002.POWERTEL.COM.AU
(Content Technologies SMTPRS 4.2.1) with ESMTP id <T535ffe70600a0032240b4 at syd01exc002.POWERTEL.COM.AU> for <radiator at open.com.au>;
Mon, 7 May 2001 14:13:16 +1000
Received: by exchange.powertel.com.au with Internet Mail Service (5.5.2650.21)
id <KGCF7BN4>; Mon, 7 May 2001 14:13:15 +1000
Message-ID: <FF6CEF9995EAD4118C4500306E0118FC82D2A6 at syd01exc001.powertel.com.au>
From: Brett Rees <reesb at powertel.com.au>
To: "'radiator at open.com.au'" <radiator at open.com.au>
Subject: SOLUTION - RE: (RADIATOR) prerequesite MD5 failed to load : Can't
locate MD5.pm in @INC
Date: Mon, 7 May 2001 14:11:27 +1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain
Sender: owner-radiator at open.com.au
Precedence: bulk
It turns out that I was using the wrong MD5 module. Using the 1.7 version as
below has allowed me to continue with the installation. Thanks to all of the
people who have replied.
ftp://ftp.perl.org/pub/CPAN/modules/by-module/MD5/MD5-1.7.tar.gz
Brett.
> -----Original Message-----
> From: Brett Rees [SMTP:reesb at powertel.com.au]
> Sent: Monday, May 07, 2001 10:48 AM
> To: 'radiator at open.com.au'
> Subject: (RADIATOR) prerequesite MD5 failed to load : Can't locate
> MD5.pm in @INC
>
>
> Hello All,
>
> I am trying to install the demo 2.18 version of Radiator. I have installed
> GCC 2.8.1, and perl 5.6.1. I have also installed Digest-MD5 2.13. When I
> run
> the perl Makefile.PL in the Radiator dist dir I get the above error. I
> tried
> running perl -V and find that @INC does not contain a path to the
> directory
> DIGEST/MD5.pm . I am not sure if I have to manipulate @INC somehow or
> whether when I installed the Digest-MD5 module that it was installed to
> the
> wrong place or incorrectly. I have read the mailing list archives and am
> sure that I have installed everything as per the doco, including the
> module.
>
>
> I tried adding the path to MD5.pm to PERL5LIB and then re-running the
> Makefile.PM, still no good. Does anyone know what I am doing wrong here? I
> would have expected that a clean copy of perl, plus the clean module and
> all
> should work. I tried this with perl 5_005_003 as well, still no good.
> There
> are no other copies of perl available on the box, just the copy that I
> built.
>
> Thanks,
> Brett.
>
>
>
>
>
>
> **********************************************************************
> This email (including all attachments) is intended solely for the named
> addressee. It is confidential and may contain commercially sensitive
> information. If you receive it in error, please let us know by reply
> email,
> delete it from your system and destroy any copies.
>
> This email is also subject to copyright. No part of it should be
> reproduced,
> adapted or transmitted without the prior written consent of the copyright
> owner.
>
> Emails may be interfered with, may contain computer viruses or other
> defects
> and may not be successfully replicated on other systems. We give no
> warranties in relation to these matters. If you have any doubts about
> the authenticity of an email purportedly sent by us, please contact us
> immediately.
>
> **********************************************************************
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
**********************************************************************
This email (including all attachments) is intended solely for the named
addressee. It is confidential and may contain commercially sensitive
information. If you receive it in error, please let us know by reply email,
delete it from your system and destroy any copies.
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the prior written consent of the copyright owner.
Emails may be interfered with, may contain computer viruses or other defects
and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about
the authenticity of an email purportedly sent by us, please contact us
immediately.
**********************************************************************
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32310 invoked by uid 0); 7 May 2001 06:26:22 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 06:26:22 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f473wTG03134
for radiator-list; Sun, 6 May 2001 22:58:29 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from mail.krameria.net (root at mail.krameria.net [194.78.241.3])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f473wO403131
for <radiator at open.com.au>; Sun, 6 May 2001 22:58:28 -0500
Received: from warp-core.skynet.be ([195.238.2.25] helo=Sarabi)
by mail.krameria.net with asmtp (Exim 3.20 #1)
id 14we0d-00041z-00
for radiator at open.com.au; Mon, 07 May 2001 07:56:39 +0200
From: "Andy De Petter" <adepette at krameria.net>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: (RADIATOR) variety of AS
Date: Mon, 7 May 2001 07:59:10 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOOEIHFHAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Importance: Normal
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello,
As I have a verity of access servers, I was wondering how it would be
possible to link 2 attributes to eachother.
For example, from some access servers, I get the attribute "Framed-IP", and
from other ones, I get "Framed-IP-Address", to get the client's IP address.
Now, I know that it's possible to link the same integer attribute id to more
than 1 name, like this:
ATTRIBUTE Framed-IP 8 ipaddr
ATTRIBUTE Framed-IP-Address 8 ipaddr
BUT the problem with this is, that it only takes the last one, to translate
an accounting packet.
So, when I do a AcctColumnDef myframedip,Framed-IP-Address I don't get the
ones, that have been sent with Framed-IP .
Is there any way, to make sure, that I'm always saving either Framed-IP or
Framed-IP-Address into myframedip, depending on what has been sent by the
access server?
If not, I might lose a considerable amount of information, for those who
have been sent with Framed-IP.
Thanks,
-Andy
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32432 invoked by uid 0); 7 May 2001 09:05:50 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 09:05:50 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f476hSQ03506
for radiator-list; Mon, 7 May 2001 01:43:28 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f476hR403503
for <radiator at open.com.au>; Mon, 7 May 2001 01:43:27 -0500
Received: from hugo (acc18-ppp235.mel.dialup.connect.net.au [210.10.137.235])
by entoo.connect.com.au (Postfix) with SMTP
id 0EE14DD9A4; Mon, 7 May 2001 18:39:04 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Simon" <simon at impactcreativity.com.au>, <radiator at open.com.au>
Subject: Re: (RADIATOR) Multiple Domains
Date: Mon, 7 May 2001 18:39:56 +1000
X-Mailer: KMail [version 1.1.99]
Content-Type: text/plain;
charset="iso-8859-1"
References: <000e01c0d6a2$3d39ad50$1950a8c0 at pc022>
In-Reply-To: <000e01c0d6a2$3d39ad50$1950a8c0 at pc022>
MIME-Version: 1.0
Message-Id: <0105071839562K.00959 at hugo>
Content-Transfer-Encoding: 8bit
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Simon -
There can only be a single shared secret for a Radius client, but perhaps I
don't understand your question. Could you elaborate?
thanks
Hugh
On Monday 07 May 2001 13:03, Simon wrote:
> > Hi,
>
> I have a Radiator server successfully running for my domain, but I want to
> add a second domain to my configuration file. The second domain has the
> same clients and authentication type (SQL) as the first, but a different
> secret.
>
> My question is, how do I configure the server to try both the secrets for
> incoming requests for a client? At the moment I only have a <Client
> DEFAULT> section, but the requests are valid using either the first domain
> secret or the second domain secret.
>
> Any help would be greatly appreciated :)
>
> Cheers
>
> Simon
----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32431 invoked by uid 0); 7 May 2001 09:05:50 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 09:05:50 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f476hPR03501
for radiator-list; Mon, 7 May 2001 01:43:25 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f476hO403498
for <radiator at open.com.au>; Mon, 7 May 2001 01:43:24 -0500
Received: from hugo (acc18-ppp235.mel.dialup.connect.net.au [210.10.137.235])
by entoo.connect.com.au (Postfix) with SMTP
id A6AD8DD8B4; Mon, 7 May 2001 18:39:00 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Andy De Petter" <adepette at krameria.net>,
"Radiator Mailing" <radiator at open.com.au>
Subject: Re: (RADIATOR) variety of AS
Date: Mon, 7 May 2001 18:32:27 +1000
X-Mailer: KMail [version 1.1.99]
Content-Type: text/plain;
charset="iso-8859-1"
References: <NMEIJMCFCECINGDHLNMOOEIHFHAA.adepette at krameria.net>
In-Reply-To: <NMEIJMCFCECINGDHLNMOOEIHFHAA.adepette at krameria.net>
MIME-Version: 1.0
Message-Id: <0105071832272I.00959 at hugo>
Content-Transfer-Encoding: 8bit
Sender: owner-radiator at open.com.au
Precedence: bulk
Hello Andy -
Actually, what you get from any Radius client is a binary packet - the
translation to/from binary is done entirely by the Radius server which itself
is completely controlled by the local dictionary. In other words, you will
always get the same binary code from the NAS for an IP address (8) as you
correctly show below.
The only problem that you may have is on the server side, when different
dictionaries have been used for different user definitions. The simple fix to
this problem is to convert items such as you show below to all have the same
format and then just use that dictionary definition (or use the latest
version of the dictionary that defines both).
Note that there are two things happening with the dictionary. The first is
the translation from binary to string (for an inbound request) which will
always use the last such definition in the dictionary. However, to translate
from string to binary (for an outbound reply), either string will be
translated into the correct binary representation.
On Monday 07 May 2001 15:59, Andy De Petter wrote:
> Hello,
>
> As I have a verity of access servers, I was wondering how it would be
> possible to link 2 attributes to eachother.
>
> For example, from some access servers, I get the attribute "Framed-IP", and
> from other ones, I get "Framed-IP-Address", to get the client's IP address.
>
> Now, I know that it's possible to link the same integer attribute id to
> more than 1 name, like this:
>
> ATTRIBUTE Framed-IP 8 ipaddr
> ATTRIBUTE Framed-IP-Address 8 ipaddr
>
> BUT the problem with this is, that it only takes the last one, to translate
> an accounting packet.
>
> So, when I do a AcctColumnDef myframedip,Framed-IP-Address I don't get the
> ones, that have been sent with Framed-IP .
>
This will never happen - see above.
> Is there any way, to make sure, that I'm always saving either Framed-IP or
> Framed-IP-Address into myframedip, depending on what has been sent by the
> access server?
>
> If not, I might lose a considerable amount of information, for those who
> have been sent with Framed-IP.
>
All of the above said, there are a few cases where different NAS vendors send
the same information in different attributes entirely, but this is easy to
address with multiple AcctColumnDef's all using the same database column. As
there will only ever be one of the multiple attributes in the single packet,
you will never have a problem.
This topic has been discussed on the list a few times, so check the archive.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32468 invoked by uid 0); 7 May 2001 09:49:31 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 09:49:31 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f477V8T03563
for radiator-list; Mon, 7 May 2001 02:31:08 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from mail.krameria.net (root at mail.krameria.net [194.78.241.3])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f477V7403560
for <radiator at open.com.au>; Mon, 7 May 2001 02:31:08 -0500
Received: from warp-core.skynet.be ([195.238.2.25] helo=Sarabi)
by mail.krameria.net with asmtp (Exim 3.20 #1)
id 14whKU-0004CC-00
for radiator at open.com.au; Mon, 07 May 2001 11:29:22 +0200
From: "Andy De Petter" <adepette at krameria.net>
To: "Radiator Mailing" <radiator at open.com.au>
Subject: (RADIATOR) Malformed Vendor Specific Attribute with length 6: ignored
Date: Mon, 7 May 2001 11:31:54 +0200
Message-ID: <NMEIJMCFCECINGDHLNMOAEJDFHAA.adepette at krameria.net>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Importance: Normal
Sender: owner-radiator at open.com.au
Precedence: bulk
How can I find out, which attribute is giving this error? Even in trace 5
debug output, I don't get the name (or ID) of the attribute that is
generating this error..
-Andy
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 32593 invoked by uid 0); 7 May 2001 11:54:50 -0000
Received: from oscar.open.com.au (203.63.154.1)
by 61.8.97.232 with SMTP; 7 May 2001 11:54:50 -0000
Received: by oscar.open.com.au (8.9.0/8.9.0) id UAA14716
for radiator-zzlist; Mon, 7 May 2001 20:49:36 +1000 (EST)
X-Authentication-Warning: oscar.open.com.au: majordom set sender to owner-radiator at open.com.au using -f
Received: by oscar.open.com.au (8.9.0/8.9.0) id UAA14710;
Mon, 7 May 2001 20:49:31 +1000 (EST)
From: "Mike McCauley" <mikem at open.com.au>
Message-Id: <1010507204930.ZM14708 at oscar.open.com.au>
Date: Mon, 7 May 2001 20:49:30 -0500
X-Mailer: Z-Mail (4.0.1 13Jan97)
To: radiator at open.com.au, radiator-announce.open.com.au at oscar.open.com.au
Subject: (RADIATOR) Radiator training courses- expressions of interest?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
Hi All,
We are considering running some courses later in the year.
The courses would be on Radius protocol and Radiator installation and
configuration. They would run for about 3 days, with one in US, and one in
Europe, open to all comers.
If anyone is interested, please contact me directly.
Cheers.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 309 invoked by uid 0); 7 May 2001 15:14:51 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 15:14:51 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f47BxG604108
for radiator-list; Mon, 7 May 2001 06:59:16 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from linux.impactcreativity.com.au (IDENT:root@[210.9.57.2])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f47BxF404105
for <radiator at open.com.au>; Mon, 7 May 2001 06:59:15 -0500
Received: from darknight (p75-tnt1.mel.ihug.com.au [203.173.160.75])
by linux.impactcreativity.com.au (8.9.3/8.9.3) with SMTP id BAA01982
for <radiator at open.com.au>; Tue, 8 May 2001 01:00:33 +1000
Message-ID: <002f01c0d6fd$3ba20e00$0100a8c0 at darknight>
From: "Simon Darwent" <simon at impactcreativity.com.au>
To: <radiator at open.com.au>
References: <000e01c0d6a2$3d39ad50$1950a8c0 at pc022> <0105071839562K.00959 at hugo>
Subject: Re: (RADIATOR) Multiple Domains
Date: Mon, 7 May 2001 23:54:14 +1000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-radiator at open.com.au
Precedence: bulk
Thanks Hugh and John,
My problem is that the same Radius client is sending access requests for
both domains to my server, but with two different secrets - one for each
domain. It would be alright if there were different clients for each
domain, but since they are the same, it makes it difficult since I assume I
cannot have 2 secret entries for the same client.
I will try to get it set up so both domains use the same secret, as then
with a default client I can interpret requests for both. I imagine this is
the only way to do it. :)
Thanks for your input, it got me thinking!
Cheers
Simon
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Simon" <simon at impactcreativity.com.au>; <radiator at open.com.au>
Sent: Monday, May 07, 2001 6:39 PM
Subject: Re: (RADIATOR) Multiple Domains
>
> Hello Simon -
>
> There can only be a single shared secret for a Radius client, but perhaps
I
> don't understand your question. Could you elaborate?
>
> thanks
>
> Hugh
>
> On Monday 07 May 2001 13:03, Simon wrote:
>
> > > Hi,
> >
> > I have a Radiator server successfully running for my domain, but I want
to
> > add a second domain to my configuration file. The second domain has the
> > same clients and authentication type (SQL) as the first, but a different
> > secret.
> >
> > My question is, how do I configure the server to try both the secrets
for
> > incoming requests for a client? At the moment I only have a <Client
> > DEFAULT> section, but the requests are valid using either the first
domain
> > secret or the second domain secret.
> >
> > Any help would be greatly appreciated :)
> >
> > Cheers
> >
> > Simon
>
> ----------------------------------------
> Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
> Content-Transfer-Encoding: quoted-printable
> Content-Description:
> ----------------------------------------
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 319 invoked by uid 0); 7 May 2001 15:22:08 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 15:22:08 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f47CaEa04145
for radiator-list; Mon, 7 May 2001 07:36:14 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from ds9.anc.net (mx1-ds9.anc.net [208.133.27.254])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f47CaA404142;
Mon, 7 May 2001 07:36:10 -0500
Received: from host.anc.net (dhcp-01.fwti.anc.net [216.152.25.2])
by ds9.anc.net (8.9.3+blt/8.9.3) with ESMTP id JAA22954;
Mon, 7 May 2001 09:34:23 -0500 (CDT)
Message-Id: <4.3.1.2.20010507092716.00bda800 at pop3.arkansas.net>
X-Sender: noc at pop3.arkansas.net
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Mon, 07 May 2001 09:27:55 -0500
To: "Mike McCauley" <mikem at open.com.au>, radiator at open.com.au,
radiator-announce.open.com.au at oscar.open.com.au
From: John Coy <jcoy at anc.net>
Subject: Re: (RADIATOR) Radiator training courses- expressions of
interest?
In-Reply-To: <1010507204930.ZM14708 at oscar.open.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-radiator at open.com.au
Precedence: bulk
hehe, pick a cool place like Las Vegas and I'll get my company
to pay my way =)
At 08:49 PM 5/7/01 -0500, Mike McCauley wrote:
>Hi All,
>
>We are considering running some courses later in the year.
>The courses would be on Radius protocol and Radiator installation and
>configuration. They would run for about 3 days, with one in US, and one in
>Europe, open to all comers.
>
>If anyone is interested, please contact me directly.
>
>Cheers.
===
Archive at http://www.starport.net/~radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Received: (qmail 838 invoked by uid 0); 7 May 2001 21:09:02 -0000
Received: from server1.open.com.au (209.61.182.19)
by 61.8.97.232 with SMTP; 7 May 2001 21:09:02 -0000
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f47Il9A05322
for radiator-list; Mon, 7 May 2001 13:47:09 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f47Il3405319;
Mon, 7 May 2001 13:47:04 -0500
Received: from cosa.intranet.pert.com.ar ([192.168.1.10]:14605 "EHLO COSA"
whoson: "popbaby") by dedos.pert.com.ar with ESMTP
id <S34846AbREGUog> convert rfc822-to-8bit; Mon, 7 May 2001 17:44:36 -0300
From: "Mariano Absatz" <lradius at pert.com.ar>
To: Hugh Irvine <hugh at open.com.au>
Date: Mon, 7 May 2001 17:44:55 -0300
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 8BIT
Subject: Re: (RADIATOR) performance issue
CC: Radiator List <radiator at open.com.au>
Message-ID: <3AF6DF17.12406.BBD373A at localhost>
References: <3AF040A4.27835.99E53DB at localhost>
In-reply-to: <0105031107411B.00959 at hugo>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Sender: owner-radiator at open.com.au
Precedence: bulk
El 3 May 2001, a las 11:07, Hugh Irvine escribió:
>
> Hello Mariano -
>
> On Thursday 03 May 2001 06:15, Mariano Absatz wrote:
> > Hi... on my delayed reading of the list I found this:
> >
> > El 18 Apr 2001, a las 9:45, Hugh Irvine escribió:
> > > Hello Andy -
> > >
> > > The session database will be accessed by both authentication (to delete
> > > and to check limits) and accounting (to insert and delete).
> >
> > <SNIP>
> >
> > So... I have different instances of Radiator for accounting and
> > authentication, then BOTH have to have the <SessionDatabase> clause? And
> > should they be identical?
> >
>
> Yes. This is the same situation as having multiple machines running Radiator
> - they all need to share the same session database (if coherency among them
> is an issue).
>
> > On re-reading the "Performance and Tunning" section in the manual
> > (http://www.open.com.au/radiator/ref.html#pgfId=406539), I find a good
> > list of hints, but most of them are sometimes not very usefull when you
> > DO have to do some strange things... anyway, since I saw it many times in
> > the list, the separation between an Authentication server and an
> > Accounting server in different instances even when it is in the same
> > machine, seems to be a no-lose proposition, since you are losing no
> > functionality at all (I think) and you don't have to buy extra hardware
> > (it's easy to say "see, boss, I need 4 or 5 more Sun Netras T1 to improve
> > radius speed" only to hear him say "gee, why don't you do it with that
> > Sparc I that no one is using now?").
> >
> > Since I see this so often said in the list, it might get a subsection
> > with some configuration tips for this, like, "you have to put this kind
> > of sections on the auth config, those sections in the acct config and
> > this bunch in both... maybe you should use "Include common.cfg" for these
> > last ones...
> >
> > Put it in the wishlist for the next release (2.18.2? 2.19? please don't
> > do anything like naming it "Radiator 20" -à la Solaris- or "Radiator
> > 2001" or "Radiator NE (Nonsense Edition)" -à la MS- :-)
>
> I have been thinking about adding some more complex configuration files to
> the goodies section and I can see that the manual could contain some more
> detail. Thanks for the suggestion.
On a general way, I would like to be as "clean" as possible when writing
my config files and repeat as little as possible.
I am writing 3 config files:
1)radius-auth.cfg
2)radius-acct.cfg
3)radius-common.cfg
first thing 1) & 2) do is include 3), which has the common configuration.
1) & 2) obviously have the corresponding authport & acctport, and
SNMPAgent in different ports.
More information about the radiator
mailing list