[RADIATOR] Unable to disable NAS check

Rohan Henry rohan.henry at cwjamaica.com
Thu Sep 13 18:43:43 UTC 2018 

Thanks much Heidi.

We added the name to IP mapping in the host file and got it working.

Logs below.

"Wed Sep 12 16:11:52 2018: DEBUG: Checking if user is still online: unknown, mhibbert.bar,"

I wondered why the logic need to be like that. I expected that Radiator would already know the NASType and therefore not start any NAS check. But it appears that disabling NAS check is dependent on the CountQuery. Apparently, the CountQuery line is checked first.

Rohan

> 
>     On September 12, 2018 at 11:41 AM Heikki Vatiainen <hvn at open.com.au> wrote:
> 
>     On 11/09/2018 22:21, Rohan wrote:
> 
>         > > 
> >         I cannot disable NAS check.
> > 
> >         NAS check (NASType is set to unknown by default) should be disabled by
> >         default but radiator is still checking user status even when NASType is
> >         set to ignore. How do we disable NAS check?
> > 
> >     > 
>     Hello Rohan,
> 
>     CountQuery in your config is returning incorrect values. The first
>     column it must return must be NAS IP address (or DNS name, IP
>     preferred). Now it's returning the username which can't be mapped to any
>     known RADIUS Client.
> 
>     Once it finds the correct client, the default NAS type should cause the
>     extra check to be skipped.
> 
>     I would also recommend using CountQueryParam with CountQuery, or
>     changing CountQuery to use %0 to make sure any special characters get
>     quoted correctly.
> 
>     You could also consider similar changes to other SQL queries you have.
>     We recommend using query params when possible.
> 
>     For more information about CountQuery, please see Radiator reference
>     manual. It describes in detail what this and any other queries should
>     return and gives hints about configuring them.
> 
>         > > 
> >         We are using version 4.14
> > 
> >     > 
>     Corrected CountQuery should work fine with 4.14, altough I recommend
>     updating to get all enhancements, security and other bug fixes.
> 
>     Thanks,
>     Heikki
> 
>     --
>     Heikki Vatiainen <hvn at open.com.au>
> 
>     Radiator: the most portable, flexible and configurable RADIUS server
>     anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
>     EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
>     DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
> 
>     _______________________________________________
>     radiator mailing list
>     radiator at lists.open.com.au
>     http://lists.open.com.au/mailman/listinfo/radiator
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.open.com.au/pipermail/radiator/attachments/20180913/6ff7e6aa/attachment.html>

More information about the radiator mailing list