Hello Brandon -
Thanks for your mail.
Unfortunately I meant "a trace 4 debug from Radiator" (not a trace 4 debug from radpwtst).
In any event, I suspect that at the very least the "TimeOfDay" radius attribute is not defined in your Radiator dictionary.
regards
Hugh
On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote:
Hugh,
Note: I don't care that I left my ip address in there or the "encrypted"
password. This is a test server with test data.
Brandon
----- Original Message ----- From: "Brandon Lehmann" <[EMAIL PROTECTED]> To: "Hugh Irvine" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems
Hugh,the
Trace 4 with the config in my original message shows:
--- START---- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 .... Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 .... Code: Accounting-Request Identifier: 121 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0
Packet dump: *** Received from 63.148.117.3 port 1646 .... Code: Accounting-Response Identifier: 121 Authentic: f>e#O#<156><150>S<239>N<240><234><182><23><229> Attributes:
OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 .... Code: Accounting-Request Identifier: 122 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Stop Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 20000 Acct-Output-Octets = 30000
Packet dump: *** Received from 63.148.117.3 port 1646 .... Code: Accounting-Response Identifier: 122 Authentic: 5Y<2>V<137><180>L<2>R<138>vzai<248><184> Attributes:
OK -----END----
Chaning AuthByPolicy to ContinueWhileAccept returns this:
-----START-----
Reading dictionary file './dictionary'
sending Access-Request...
Packet dump:
*** Sending to 63.148.117.3 port 1645 ....
Code: Access-Request
Identifier: 81
Authentic: 1234567890123456
Attributes:
User-Name = "brandon"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
Packet dump: *** Received from 63.148.117.3 port 1645 .... Code: Access-Reject Identifier: 81 Authentic: <201>KV<189>Ao<213><235><254>3<22>z>h<239><4> Attributes: Reply-Message = "Request Denied"
Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 .... Code: Accounting-Request Identifier: 82 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0
Packet dump: *** Received from 63.148.117.3 port 1646 .... Code: Accounting-Response Identifier: 82 Authentic: <237><157><221><24><8><3><11><235><207><167>t<226>SVQ<227> Attributes:
OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 .... Code: Accounting-Request Identifier: 83 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Stop Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 20000 Acct-Output-Octets = 30000
Packet dump: *** Received from 63.148.117.3 port 1646 .... Code: Accounting-Response Identifier: 83 Authentic: <4>\<212>g'`<252><214><23><246>>A]<136><172><174> Attributes:
OK
----END-----
Removing the Authby clause for the profile & timeofday returns this (with
ContinueWhileAccept):
----START------
Reading dictionary file './dictionary'
sending Access-Request...
Packet dump:
*** Sending to 63.148.117.3 port 1645 ....
Code: Access-Request
Identifier: 251
Authentic: 1234567890123456
Attributes:
User-Name = "brandon"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
Packet dump: *** Received from 63.148.117.3 port 1645 .... Code: Access-Reject Identifier: 251 Authentic: <2>I<24> <180>7<222><164><151>k<213><22>O<15><255>N Attributes: Reply-Message = "Request Denied"
Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 .... Code: Accounting-Request Identifier: 252 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0
Packet dump: *** Received from 63.148.117.3 port 1646 .... Code: Accounting-Response Identifier: 252 Authentic: <203>r<199><16>8<247>G<146><29>fe<135>`<20><133>Q Attributes:
OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 .... Code: Accounting-Request Identifier: 253 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Stop Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 20000 Acct-Output-Octets = 30000
Packet dump: *** Received from 63.148.117.3 port 1646 .... Code: Accounting-Response Identifier: 253 Authentic: TZ<243><171><164><236><146>h<14>+<186>)<190><14><<197> Attributes:
OK ----------END---------
And with the authbyclaus for timeofday removed and the policy set to ContinueAlways:
--------START---------
Reading dictionary file './dictionary'
sending Access-Request...
Packet dump:
*** Sending to 63.148.117.3 port 1645 ....
Code: Access-Request
Identifier: 62
Authentic: 1234567890123456
Attributes:
User-Name = "brandon"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>"
Packet dump:
*** Received from 63.148.117.3 port 1645 ....
Code: Access-Accept
Identifier: 62
Authentic: 9<165>Y<201><211><140><2>u<210><251><161><200>3<149><179><1>
Attributes:
Service-Type = Framed-User
Session-Timeout = 18000
Idle-Timeout = 1740
Framed-IP-Netmask = 255.255.255.255
Port-Limit = 3
OK sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 .... Code: Accounting-Request Identifier: 63 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0
Packet dump: *** Received from 63.148.117.3 port 1646 .... Code: Accounting-Response Identifier: 63 Authentic: <1>.<245><190>|!.1g<201>0<201><148><229><234>% Attributes:
OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 .... Code: Accounting-Request Identifier: 64 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: User-Name = "brandon" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Stop Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 20000 Acct-Output-Octets = 30000
Packet dump: *** Received from 63.148.117.3 port 1646 .... Code: Accounting-Response Identifier: 64 Authentic: <237><203>Z_<169><202>Um#&<241><136><29>8<145><23> Attributes:
OK --------END----------
As for a crash course in TimeOfDay, its a radius attribute that is used to
define when a user can login. Say 7:30am to 3:30pm etc -> "07:30-15:30" or
cannot login "!00:00-02:00" -> midnight to 2am. It is pretty similar toRadiator Time attribute. However I have tried changing the columndef tolimit
"AuthColumnDef 0,Time,reply" and adding "Al" to the front of the field to
apply for all days as the radiator manual shows. What I need to do isa few users to only login during certain hours (at their bosses request).work
For now I have just added a stored procedure to my SQL server and a job to
turn the account on and off at the specified time however that will notforever.
Thanks for the help,
Brandon
Note: This is running Radiator 3.7.1 on Windows 2000 SP4, w/ activestate
perl 5.6.1 using a 3com total control.
----- Original Message ----- From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Brandon Lehmann" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, November 12, 2003 5:03 PM Subject: Re: (RADIATOR) Profiles problems
Hello Brandon -
Could you please send me a trace 4 debug showing what is happening, and
a bit more detail on what exactly you are wanting to have happen? I am
not clear on what the TimeOfDay reply item is meant to do.
regards
Hugh
On 13/11/2003, at 7:10 AM, Brandon Lehmann wrote:
Hi List,
I cannot get the radius server to return the profile while using the following configuration:
------START----- LogStdout c:/radiator/stdout.txt LogDir c:/radiator DbDir c:/radiator.
<Client DEFAULT> Secret !removed for my protection! DupInterval 0 </Client>
<Realm DEFAULT>
AuthByPolicy ContinueAlways
<AuthBy SQL> Identifier ACCT1 DBSource dbi:ODBC:!removed for my protection! DBUsername !removed for my protection! DBAuth !removed for my protection!
AuthSelect
AccountingTable radacct1
AcctColumnDef UserName,User-Name
AcctColumnDef LogDateTime,Timestamp,integer-date
AcctColumnDef AcctStatusType,Acct-Status-Type
AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef AcctInputPackets,Acct-Input-Packets,integer
AcctColumnDef AcctOutputPackets,Acct-Output-Packets,integer
AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause
AcctColumnDef NasIPAddress,NAS-IP-Address
AcctColumnDef NasIdentifier,NAS-Identifier
AcctColumnDef NasPortId,NAS-Port,integer
AcctColumnDef NasPortType,NAS-Port-Type,integer
AcctColumnDef ConnectInfo,Connect-Info
AcctColumnDef ServiceType,Service-Type
AcctColumnDef FramedProtocol,Framed-Protocol
AcctColumnDef FramedAddress,Framed-IP-Address
AcctColumnDef CallingStationId,Calling-Station-Id
</AuthBy>
<AuthBy SQL> Identifier AUTH1 DBSource dbi:ODBC:!removed for my protection! DBUsername !removed for my protection! DBAuth !removed for my protection!
AuthSelect select
ClearTextPassword,ServiceType,SessionLimit, \
IdleLimit,StaticIP,IPNetmask,FramedRoute,PortLimit, \
PortLimit,ProfileID from Customers where CustomerID=%0 \
and Disable is null
AuthColumnDef 0,Password,check
AuthColumnDef 1,Service-Type,reply
AuthColumnDef 2,Session-Timeout,reply
AuthColumnDef 3,Idle-Timeout,reply
AuthColumnDef 4,Framed-IP-Address,reply
AuthColumnDef 5,Framed-IP-Netmask,reply
AuthColumnDef 6,Framed-Route,reply
AuthColumnDef 7,Port-Limit,reply
AuthColumnDef 8,Simultaneous-Use,check
AuthColumnDef 9,Profile,reply
</AuthBy>
<AuthBy SQL>
DBSource dbi:ODBC:!removed for my protection!
DBUsername !removed for my protection!
DBAuth !removed for my protection!
AuthSelect SELECT timeofday FROM profiles WHERE \ [profile]='%{Reply:Profile}' AuthColumnDef 0,TimeOfDay,reply
StripFromReply Profile </AuthBy>
SessionDatabase SDB1
</Realm>
<SessionDatabase SQL> Identifier SDB1 DBSource dbi:ODBC:!removed for my protection! DBUsername !removed for my protection! DBAuth !removed for my protection! </SessionDatabase> -------END----
If I change "AuthByPolicy ContinueAlways" to "AuthByPolicy
ContinueWhileAccept" then the server always returns "Request Denied".
Any
input would be greatly appreciated. Note: I have already searched the
list
archives, nothing seems to work.
Thank you,
Brandon Lehmann Network Administrator Great Lakes Internet Service, LLC. The Computer Loft, Inc. 218 Justice St Fremont, Ohio 43420 419.332.3553 [EMAIL PROTECTED]
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
