Re: [RADIATOR] AcctLogFileName alongside AccountingTable in AuthBy SQL
I was quite puzzled why it does not work for you. I bet you have something like this in your log: ERR: Unknown keyword 'AcctLogFilename' in file.cfg line 38 So use AcctLogFileName in your Handlers and it should work. Notice the spelling (f vs F). That's where the problem is. Thanks! Heikki Hi Heikki, unfortunately the error is in my email only, i typed this from my config file and did not copy/paste. I'll be a little bit more verbose, here's my current handler config, just stripped for some AcctColumnDefs. I Tried the AcctLogFileName %L/detail.local-testing on various positions. The current one is just based on my common sense. Effect is silence, no error in the log or something (Trace is 4). Filename %L/authlog.local-testing works as expected. Handler Client-Identifier=local-testing AcctLogFileName %L/detail.local-testing AuthLog SQL DBSource dbi:Oracle:host=db.host.example.com;service_name=radiator DBUsername radiator DBAuth radiator Table RADAUTHLOG LogSuccess 1 SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE) values (%t, '%n', 1) LogFailure 1 FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON) values (%t, '%n', 0, %1) /AuthLog AuthLog FILE Identifier filelogger_local-testing Filename %L/authlog.local-testing LogSuccess 1 LogFailure 1 /AuthLog AuthByPolicy ContinueWhileAccept AuthBy GROUP AuthByPolicy ContinueWhileAccept AuthBy SQL DBSource dbi:Oracle:host=db.host.example.com;service_name=radiator DBUsername radiator DBAuth radiator AuthSelect select PASSWORD from DEVICE where USER_NAME=%0 AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name [...] AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctFailedLogFileName %D/missedaccounting SQLRecoveryFile %D/missedaccounting /AuthBy AuthBy DYNADDRESS AddressAllocatorallocator.pool1 PoolHintpool1 /AuthBy /AuthBy /Handler www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings, Dr. Torsten Wolf BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our drug eluting absorbable metal scaffold program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document. www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings, Dr. Torsten Wolf BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our drug eluting absorbable metal scaffold program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is
[RADIATOR] Load balancing RADIATOR with Cisco ACE
Hi, We'd like to load balance RADIUS requests over several RADIATOR servers. Therefor we will use an external hardware load balancer: a Cisco ACE (service module). Is there anyone who has experience with this kind of combination, i.e RADIATOR Cisco ACE. Any (white) papers on this subject are welcome, either so any ACE configuration examples. We are particulairy interested in field experiences in the combination Cisco ACE / RADIATOR. (We already have taken notice of the Cisco configuration guide Configuring RADIUS Load Balancing which in genaral describes it, but is not product specific (in this case RADIATOR) :) Regards, Gaston ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Upgrade Challenges to 4.9
Yes...ppm install did give me version 0.44 however, upon futher investigation, we have a hook that calls "use Net::LDAP qw(:all)" . The qw(:all) is what is causing the issue with this version of NET::LDAP. There are several threads regarding this particular issue. One workaround is to import only the constants that are required. Will have to engage a pogrammer to help with that.Thanks for the headsup on the PeapVersion. Again, I only inheirtied the responsibility of the Radius service a while ago and I have no idea of the thought process the previous individual may have had with the configuration. The whole configuration looks a little convuluted to me, but that may have been due to limitations present in previous versions of Radiator.MHOn 2012-05-09, at 3:03 PM, Heikki Vatiainen wrote:On 05/09/2012 09:11 PM, Michael Hulko wrote:It would appear that I have missed the Net-LDAP module that one of ourhooks calls. Not sure why this is not part of the standardpackages...Is there a specific package I should use.I think ppm install perl-ldap should give you version 0.44 which is thecurrent version too.I took a quick look at the configuration too. I suggest the following:# DupInterval 0EAPTLS_PEAPVersion 0Unless there's a good reason, you should not accept duplicates. Also,PEAP version 0 works better with e.g., with Macs and IOS devices. It'salso default in version 4.9HeikkiMHOn 2012-05-09, at 1:36 PM, Michael Hulko wrote:I am attempting to upgrade our radius from 4.5.1 to the latest version4.9. In addition of upgrading Radiator itself, I am also upgradingthe version of ActivePerl from 5.6.x to 5.12.x.Stepping through the installation instructions and pointing therepository to open.au.com http://open.au.com for the Win32-LSA.pmmodule, it would appear that everything was in order. However, twoproblems arose...First, when attempting to run the radiusd daemon from the command lineprior to running the test script, I receive an error: " 'all' is notdefined in %NET::LDAP::Constant::EXPORT_TAGS at (eval 62) line 191. When I run the test.pl http://test.pl script, everything checksout. Not quite sure about what I am missing?Second...after i create a service and copy the original files andcerts into the directory, I get the following message when I start theservice in the logfile:"ERR: Compliation error in PostAuthHook: Can't continue after importerrors at (eval 68) line 191BEGIN failed--compliation aborted at (eval 68) line 191"I have tested authentication to the server, and it appears to work,however, I am concerned that something will break later. This is aWindows Server 2003 box. Any suggestions/comments would be greatlyappreciated. Attached is the original radius config I inheirted.(please do not critique the config)radius.cfgAll passwords/secrets have been removedThanksMH___radiator mailing listradiator@open.com.au mailto:radiator@open.com.auhttp://www.open.com.au/mailman/listinfo/radiatorMichael HulkoNetwork AnalystWestern University CanadaNetwork Operations CentreInformation Technology Services1393 Western Road, SSB 3300CCLondon, Ontario N6G 1G9tel: 519-661-2111 x81390e-mail: mihu...@uwo.ca mailto:mihu...@uwo.ca mailto:mihu...@uwo.ca___radiator mailing listradiator@open.com.auhttp://www.open.com.au/mailman/listinfo/radiator-- Heikki Vatiainen h...@open.com.auRadiator: the most portable, flexible and configurable RADIUS serveranywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,NetWare etc.___radiator mailing listradiator@open.com.auhttp://www.open.com.au/mailman/listinfo/radiator Michael HulkoNetwork AnalystWestern University CanadaNetwork Operations CentreInformation Technology Services1393 Western Road, SSB 3300CCLondon, Ontario N6G 1G9tel: 519-661-2111 x81390e-mail: mihu...@uwo.ca mailto:mihu...@uwo.ca ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Load balancing RADIATOR with Cisco ACE
I've done it -- currently in production serving an environment with over 80,000 users. No issues. If you're load balancing TACACS+ you should enable stickiness so that the session remains pinned to one Radiator server. If load balancing simple RADIUS, just do a simple serverfarm and load balance with a least connections or round robin LB algorithm. Hope this helps. -james On Thu, May 10, 2012 at 5:15 AM, Janssen, G.H.C. (Gaston) g.jans...@uci.ru.nl wrote: Hi, We'd like to load balance RADIUS requests over several RADIATOR servers. Therefor we will use an external hardware load balancer: a Cisco ACE (service module). Is there anyone who has experience with this kind of combination, i.e RADIATOR Cisco ACE. Any (white) papers on this subject are welcome, either so any ACE configuration examples. We are particulairy interested in field experiences in the combination Cisco ACE / RADIATOR. (We already have taken notice of the Cisco configuration guide Configuring RADIUS Load Balancing which in genaral describes it, but is not product specific (in this case RADIATOR) :) Regards, Gaston ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Load balancing RADIATOR with Cisco ACE
EAP and OTP also requires pinning which I personally would always use. Am 2012-05-10 16:56, schrieb James: I've done it -- currently in production serving an environment with over 80,000 users. No issues. If you're load balancing TACACS+ you should enable stickiness so that the session remains pinned to one Radiator server. If load balancing simple RADIUS, just do a simple serverfarm and load balance with a least connections or round robin LB algorithm. Hope this helps. -james On Thu, May 10, 2012 at 5:15 AM, Janssen, G.H.C. (Gaston) g.jans...@uci.ru.nl wrote: Hi, We'd like to load balance RADIUS requests over several RADIATOR servers. Therefor we will use an external hardware load balancer: a Cisco ACE (service module). Is there anyone who has experience with this kind of combination, i.e RADIATOR Cisco ACE. Any (white) papers on this subject are welcome, either so any ACE configuration examples. We are particulairy interested in field experiences in the combination Cisco ACE / RADIATOR. (We already have taken notice of the Cisco configuration guide Configuring RADIUS Load Balancing which in genaral describes it, but is not product specific (in this case RADIATOR) :) Regards, Gaston ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Cheers, Alex *** T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *** Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *** ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator