Hi Hugh, Sorry for any inconvenience and thank you for your help, one more question about the script. I cannot find AuthenticateAttribute from the Ref menu, the nearest one is AuthenticateAccounting, any suggection where I can get this function from??
Regards, Donald -----Original Message----- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2003 11:51 AM To: Foo, Donald Subject: Re: Fw: RADIATOR Evaluation License Hello Donald - You should really post your questions to the Radiator mailing list, however I will try to help. You can implement blacklists directly like this: # define AuthBy clauses <AuthBy FILE> Identifier CheckBlacklist Filename %D/blacklist AuthenticateAttribute Calling-Station-Id NoDefaultIfFound </AuthBy> <AuthBy ...> Identifier YourNormalAuthBy .... </AuthBy> .... # define Realms or Handlers <Realm ....> RejectHasReason AuthByPolicy ContinueWhileAccept AuthBy CheckBlacklist AuthBy YourNormalAuthBy .... </Realm> ..... The file "%D/blacklist" would contain this: # blacklist DEFAULT Auth-Type = Accept 12345678 Auth-Type = "Reject: You did not pay your bill" 23456789 Auth-Type = "Reject: You did not pay your bill" ..... regards Hugh On Friday, Mar 14, 2003, at 13:50 Australia/Melbourne, Mike McCauley wrote: > Hi Hugh, > > can you help this person with blacklists? > > He is an evaluator. Perhaps you can also encourage him to subscribe to > ands > use the mailing list? > > > cheers. > > > ---------- Forwarded Message ---------- > > Subject: RE: Fw: RADIATOR Evaluation License > Date: Fri, 14 Mar 2003 10:39:11 +0800 > From: "Foo, Donald" <[EMAIL PROTECTED]> > To: "'Mike McCauley'" <[EMAIL PROTECTED]> > Cc: "Foo, Donald" <[EMAIL PROTECTED]> > > Hi Mike, > Some more questions for you. > > 1. In the Blacklist authentication, if I want to blacklist one or some > of > the Calling-Station-ID (Mobile No. so all same group mobile user will > use > the same user ID and password) without any sql database and I put it > in the > USERS file in this way. > > # From apn1 > DEFAULT Calling-Station-Id = "12345678", Auth-Type = "Reject:You did > not pay > your bill" > # From apn2 > DEFAULT Calling-Station-Id = "23456789", Auth-Type = "Reject:You did > not pay > your bill" > # From apn3 > DEFAULT Calling-Station-Id = "34567890", Auth-Type = "Reject:You did > not pay > your bill" > # From gsn1 > DEFAULT Calling-Station-Id = "45678901", Auth-Type = "Reject:You did > not pay > your bill" > # From gsn2 > DEFAULT Calling-Station-Id = "56789012", Auth-Type = "Reject:You did > not pay > your bill" > # From gsn3 > DEFAULT Calling-Station-Id = "67890123", Auth-Type = "Reject:You did > not pay > your bill" > > apn1 Password = "secretapn1" > apn2 Password = "secretapn2" > apn3 Password = "secretapn3" > > gsn1 Password = "secretgsn1" > gsn2 Password = "secretgsn2" > gsn3 Password = "secretgsn3" > > Will it works?? Since we don't have the Calling-Station-ID return in > the > test. > > 2. Is there any additional tools which can simplify the input of the > blacklist (The Calling-Station-ID). > > Regards, > Donald > > -----Original Message----- > From: Mike McCauley [mailto:[EMAIL PROTECTED] > Sent: Monday, February 10, 2003 12:24 PM > To: [EMAIL PROTECTED] > Subject: Re: Fw: RADIATOR Evaluation License > > > Hello Donald, > > Nicola forwarded me your email. > I will try to help. > > On Mon, 10 Feb 2003 03:09 pm, Nicola Wassell wrote: >> ----- Original Message ----- >> From: Foo, Donald >> To: 'Nicola Wassell' ; Foo, Donald >> Cc: Joanne Davis ; Foo, Donald >> Sent: Monday, February 10, 2003 3:05 PM >> Subject: RE: RADIATOR Evaluation License >> >> >> Hi Nicola, >> Thanks for the email. >> Actuall I have few questions when I doing the test but not sure where >> should I get the online help from. > > The best place to get help during evaluation is the free email mailing > list. > Details on subscribing and using the mailing list can be found at: > > http://www.open.com.au/mailing.html > > I have tried to answer your questions below. > If you have any additional questions, you should subscribe and send > them to > the Radiator mailing list. > >> 1. Bad authenticator warning message >> >> Mon Jan 20 14:39:46 2003: DEBUG: Received reply in AuthRADIUS for req >> 2 >> from 10.85.4.5:1813 Mon Jan 20 14:39:46 2003: WARNING: Bad >> authenticator >> received in reply to ID 2 Mon Jan 20 14:39:46 2003: DEBUG: Accounting >> accepted >> Mon Jan 20 14:39:46 2003: DEBUG: Packet dump: >> *** Sending to 10.85.4.254 port 21645 .... >> Code: Accounting-Response >> Identifier: 82 >> Authentic: ,<141>e'<5>|<216>dyD<243><181>$M<28><251> >> Attributes: >> >> I'd confirm the secret key are the same in both side (actually I'd >> changed >> it twice). Herewith is the configuration. >> >> <AuthBy RADIUS> >> RetryTimeout 25 >> NoForwardAuthentication >> Secret test123 >> AcctPort 1813 >> Host 10.85.4.5 >> </AuthBy> > > Looks OK, though the timeout is rather long. > > As you guess, normally, 'Bad authenticator' would mean that the remote > radius > server and your server have different Radius shared secrets. > > What sort of Radius server is at 10.85.4.5 port 1813? Is it > complaining > about > _your_ authenticator? If so its pretty sure the shared secrets are > different. > > But.... some Radius servers do not implement correct authenticator > algorithms. > If that is the case, you can set the > > IgnoreReplySignature > > parameter in your AuthBy RADIUS to disable authenticator checking from > proxied > requests. > >> 2. Blacklist authentication. >> As I know Blacklist can be done with mysql database, my question is >> can we >> use plane/text database to do the samething? (like ./user) > > Yes. > > You can have user entries in a file like this: > > baduser Auth-Type=Reject > > nastyuser Auth-Type=Reject:some explanatory message > > etc... > > More details in the reference manual. > There are other ways to skin this cat if you have unusual requirements. > >> 3. Since I am using a CISCO router to be a RAS server, the caller-id >> is >> always "async". Can we grand some fack caller-id to the accounting? > > Do you mean the User-Name is always 'async'? Very unusual, and probably > broken. > > You can use the RewriteUsername paramter to rewrite User-Name in many > ways. > > You can use Radiator hooks to change/add/rewrite any other attribute. > >> 4. Is there anyway to extend the evaluation licenses and how? > > Yes, on your request we can issue you with a key to extend your eval > period, > > or to remove your request limitations.. > > Hope that helps. > > Cheers. > >> Thanks and Regards, >> Donald >> >> >> -----Original Message----- >> From: Nicola Wassell [mailto:[EMAIL PROTECTED] >> Sent: Monday, February 10, 2003 9:55 AM >> To: [EMAIL PROTECTED] >> Cc: Joanne Davis >> Subject: RADIATOR Evaluation License >> >> >> Hello >> >> >> >> You currently have evaluation copies of RADIATOR and RADAR. The >> evaluation licenses will expire soon. We are very interested to know >> how >> your evaluation is progressing and to what extent they meet your >> selection >> criteria. >> >> >> >> What do you like about them? >> >> >> >> What DON'T you like about them? >> >> >> >> Maybe you haven't started your evaluation yet! Are you having any >> problems with installation or configuration that we can help you with? >> >> >> >> Have you subscribed to the Radiator mailing list? >> http://www.open.com.au/mailing.html >> >> >> >> Do you intend to proceed with an order? >> http://www.open.com.au/ordering.html If YES, why? >> >> >> >> If NO, why not? >> >> >> >> We appreciate the value of time and would be very grateful for your >> thoughts on how our products could be improved. Take the trouble to >> reply >> - AND tell us your T-SHIRT size as well. >> >> >> >> Regards, >> >> >> >> Nicola Wassell [EMAIL PROTECTED] >> Open System Consultants Pty. Ltd >> >> 24 Bateman Street Hampton, VIC 3188 Australia >> http://www.open.com.au >> Phone +61 3 9598-0985 Fax +61 3 9598-0955 >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, >> TLS, >> TTLS, PEAP etc on Unix, Windows, MacOS etc. > > -- > Mike McCauley [EMAIL PROTECTED] > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW > 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au > Phone +61 3 9598-0985 Fax +61 3 9598-0955 > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP etc on Unix, Windows, MacOS etc. > > ------------------------------------------------------- > > -- > Mike McCauley [EMAIL PROTECTED] > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW > 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au > Phone +61 3 9598-0985 Fax +61 3 9598-0955 > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP etc on Unix, Windows, MacOS etc. > > NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
