RE: (RADIATOR) Setting TLD?

2002-10-08 Thread Shon Stephens 

thanks!

-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 08, 2002 5:14 AM
To: Shon Stephens
Cc: '[EMAIL PROTECTED]'
Subject: Re: (RADIATOR) Setting TLD?



Hello Shon -

Strangely enough, there are no standard radius attributes to do this, 
however some vendors do have special support for this.

You should check with your vendor to see what is supported (if 
anything).

regards

Hugh


On Tuesday, October 8, 2002, at 01:29 AM, Shon Stephens wrote:

> how do you get RADIUS to send top-level domain information in reply
> to client (i.e. tell the dialed-in VPN client that its new TLD is
> somedomain.com?
>
> thanks,
> shon
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Setting TLD?

2002-10-07 Thread Shon Stephens 

how do you get RADIUS to send top-level domain information in reply
to client (i.e. tell the dialed-in VPN client that its new TLD is
somedomain.com?

thanks,
shon
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) handlers and realms

2002-08-30 Thread Shon Stephens 

thanks for all responses. i will just use  then. 

shon

-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 30, 2002 12:25 AM
To: Shon Stephens
Cc: '[EMAIL PROTECTED]'
Subject: Re: (RADIATOR) handlers and realms



Hello Shon -

You *should* not mix Realms and Handlers - it is possible to do - but it 
is almost impossible after the fact to understand what is going on when 
trying to debug problems.

Here is what to do:


..



..



..


Keep in mind that Handlers are evaluated in the order they appear in the 
configuration file, and the first match is the only match, so the more 
specific Handlers must appear before the more general.

Also note that in some cases it makes sense to split the processing into 
two (or more) seperate instances of Radiator, depending on what else you 
are trying to do.


regards

Hugh


On Friday, August 30, 2002, at 11:13 AM, Shon Stephens wrote:

> i am not sure, but i thought i read that you should not (or could not?) 
> use
>  and  in the same radius config file. is this true? if 
> so,
> what to do if for some clients i need to use a handler, and others a 
> realm?
>
> thanks,
> shon
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) handlers and realms

2002-08-29 Thread Shon Stephens 

i am not sure, but i thought i read that you should not (or could not?) use
 and  in the same radius config file. is this true? if so,
what to do if for some clients i need to use a handler, and others a realm?

thanks,
shon
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) which attribute?

2002-07-09 Thread Shon Stephens 

if i wanted to use , how would I do this?

thanks,
shon

-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 08, 2002 7:27 PM
To: Shon Stephens; '[EMAIL PROTECTED]'
Subject: Re: (RADIATOR) which attribute?



Hello Shon -

You would do something like this:


Identifier Carrier1
.



Identifier Carrier1
.



Identifier Carrier2
.



Identifier Carrier3
.


...


..



..



..


If you have any other questions, please ask.

regards

Hugh


On Tue, 9 Jul 2002 00:44, Shon Stephens wrote:
> i am working on a wifi project where several carriers proxy their
> radius packets to me. i need to be able to process some of these
> packets differently. unfortunately, every request, no matter what
> carrier it originates from, will have the same realm. i was going to
> (attempt) to write a preprocessing hook and assign a custom attribute
> based on the ip address of the radius server that proxied the
> requests to me, however i am not confident that i can do so. the
> nas-ipaddress attribute in my situation, is the address of the wifi
> access point, and the nas-identifier is a code associated with said
> access point. what attribute would the ip address of the proxying
> radius server be. i know that in my  statement i just put the
> address in there, without an attriubute name.
>
> thanks,
> shon
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) which attribute?

2002-07-08 Thread Shon Stephens 

 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

i am working on a wifi project where several carriers proxy their
radius packets to me. i need to be able to process some of these
packets differently. unfortunately, every request, no matter what
carrier it originates from, will have the same realm. i was going to
(attempt) to write a preprocessing hook and assign a custom attribute
based on the ip address of the radius server that proxied the
requests to me, however i am not confident that i can do so. the
nas-ipaddress attribute in my situation, is the address of the wifi
access point, and the nas-identifier is a code associated with said
access point. what attribute would the ip address of the proxying
radius server be. i know that in my  statement i just put the
address in there, without an attriubute name.

thanks,
shon

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPSmmlherBYVUKJeKEQJYjQCgis2p2qdzHNncjwRTPnMeE77JVoQAoOk7
vPxGWACilXojpHIVebNRi5Gu
=EJAF
-END PGP SIGNATURE-
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) sql logging questions - more

2002-07-02 Thread Shon Stephens 

 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

i really should read the manual more closely. i see that i can log
only the auth rejects using . i still am curious how i
might only log certain requests - see my previous post.

thanks,
shon

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPSHeaBerBYVUKJeKEQIFHgCghHBn5zRw5fy2whwZc9m3tBwFHhYAoOdx
93jeZZSfo8T5sjY26A6ISX5/
=L14v
-END PGP SIGNATURE-
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) sql logging questions

2002-07-02 Thread Shon Stephens 

 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

is it possible to log access rejects to an sql database? i don't want
to log access accepts, just the rejects. also is it possible to
ignore certain requests for logging. in particular i have a client
which is sending me requests with username as either
"access/user@realm" or "software/user@realm" both of these requests
need to authenticate, however i do not want to log any of the
requests for "software" nor do i want correpsonding entries for those
in my accounting tables.

thanks,
shon

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPSHd1RerBYVUKJeKEQIWKQCgwwxe5DQ/fVGkSuLvLYqgHXfj6BMAnjmU
5f13GqrhIqNEKaEGclmAmr7V
=ZY/s
-END PGP SIGNATURE-
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) radiator not starting from inetd - help! (more info)

2002-06-18 Thread Shon Stephens 

the very first time a request is sent to the radiator server, the following
message is generated in /var/adm/messages:

Jun 18 16:30:19 ny-radius-03 inetd[173]: [ID 842545 daemon.warning]
/usr/local/radius/bin/radiusd: Signal 96

next request generates this message in /var/adm/messages:
Jun 18 16:32:00 ny-radius-01 inetd[173]: [ID 667328 daemon.error] radius/udp
server failing (looping), service terminated

then, the cycle repeats itself.

thanks,
shon
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) not running from inetd - help!

2002-06-18 Thread Shon Stephens 

i changed the inetd.conf file entry to the following:

radius  dgram   udp waitroot/usr/local/radius/bin/radiusd
-config_file=/usr/local/radius/conf/radius.conf -foreground   #OSRadius

and i still get this in /var/adm/messages. (no logs generated by radiator)

Jun 18 16:31:06 ny-www-03 inetd[173]: [ID 842545 daemon.warning]
/usr/local/radius/bin/radiusd: Signal 96

could this be a bug? i doubt it, but if i start radiator from any other
method, it functions properly.

thanks,
shon

-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 17, 2002 9:18 PM
To: Shon Stephens; '[EMAIL PROTECTED]'
Subject: Re: (RADIATOR) not running from inetd - help!



Hello Shon -

There is no "=" for the -config_file parameter - it should look like this:


radius  dgram   udp waitroot/usr/local/radius/bin/radiusd
-config_file usr/local/radius/conf/radius.conf -foreground 

BTW - we normally recommend that you start radiusd from your system startup 
sequence (rc.local or your moral equivalent) and that you use the 
restartWrapper program included in the "goodies" directory.

regards

Hugh


On Tue, 18 Jun 2002 06:10, Shon Stephens wrote:
> ok. i have corrected some errors in my radius.conf, and in my
> /etc/inetd.conf file. here is background
>
> radiator 3.1
> solaris 8
> /usr/local/radius/bin/radiusd - location of radiusd
> /usr/local/radius/conf/radius.conf - location of radius.conf
> /usr/local/radius/conf/dictionary - location of radiator dictionary file
>
> /etc/inetd.conf line:
> radius  dgram   udp waitroot/usr/local/radius/bin/radiusd
> -config_file=/usr/local/radius/conf/radius.conf -foreground
>
> an auth request is sent to my radius server. the request times out.
radiusd
> does not create any log files or log messages to stdout. however, in the
> messages file, i now see this:
>
> Jun 17 16:10:13 ny-www-03 inetd[173]: [ID 842545 daemon.warning]
> /usr/local/radius/bin/radiusd: Signal 96
>
> does anyone know what signal 96 is?
>
> thanks,
> shon
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Radius Attribute to set Hostname?

2001-07-10 Thread Shon Stephens 

I am wondering how this is done. When I connected to my former ISP, if I 
ran winipcfg, my hostname would be (as an example) 
199-200-201-202-adsl.nyc.bellatlantic.net. This is even though my Windows 
host was named Laika. I am now working to set up a dial-up service and want 
to know if there is a Radius attribute to configure the hostname of a 
dial-up client. I tried making an entry for the IP address in DNS, figuring 
that maybe Windows would do a reverse lookup on itself, but this did not 
happen?

Thanks,
Shon Stephens

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) AuthBy DYNADDRESS Questions???

2001-05-29 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am planning on using AuthBy DYNADDRESS to allocate IP addresses to
my dial-up users. However, I am not sure what I should set the
DefaultLeasePeriod and LeasReclaimInterval to. Any recommendations?

Thanks,
Shon Stephens

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOxPDFkwGLkuD4lDdEQIjlgCfWRkGOjyH8laKHUvtGNuz/7fecK0AoKcY
HZynRsipqk20O56SeZPRCNja
=wOVq
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Radpwtst Usage - Duh!

2001-05-25 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I just noticed that you can specify extra attributes on the command
line. I do this a lot. Sorry!

Shon Stephens
UNIX Systems Administrator
GoAmerica Communications Corp.
540.942.7292 (Work)
540.649.3508 (Mobile)
shon8work (AIM)
118420749 (ICQ)
[EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOw7HxEwGLkuD4lDdEQJWiwCeMYiPENaERvGz3VXVeyi4e1vUqdIAoPTo
o1fioA/O+EXyFQSWAHwsNsPJ
=vAE7
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Radpwtst Usage & Session Databases

2001-05-25 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am using radpwtst in command line mode. I have Radiator v2.17.1
installed (yes, I know there is a newer version). Is there any way to
specify the attribute NAS-Identifier using radpwtst? I am trying to
test my session database, but my statements do not work properly
because the Auth and Access requests don't contain a NAS-Identifier.

Thanks,
Shon Stephens
UNIX Systems Administrator
GoAmerica Communications Corp.
540.942.7292 (Work)
540.649.3508 (Mobile)
shon8work (AIM)
118420749 (ICQ)
[EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOw7FxEwGLkuD4lDdEQJwqgCfTWjaqdPddEzpwpJQNMAMeW7Vn4kAoNkO
zN8Xs0D8nsXY8TgaJ7+BJWZe
=ymw4
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Radiusd Error Msg

2001-05-17 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Janice,
You must make sure that you have installed Digest::MD5, not just
MD5. I installed the pmtools. When I run 'pminst |grep MD5' on my
Radiator host this is the output:
MD5
Digest::HMAC_MD5
Digest::MD5

You probably installed the "MD5", but not the Digest::MD5?

Shon Stephens
[EMAIL PROTECTED]

- - Original Message - 
From: "Wong, Janice" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 17, 2001 3:10 AM
Subject: FW: (RADIATOR) Radiusd Error Msg


> 
> hi, I have tried to install Radiator-2.14.1
> But it has been giving me this error msg (below), eventhough I have
> installed DBI and CPAN file for MD5 and Perl.I hope you can give me
> some insights on this problem. Thank you
> 
> # ./radiusd
> Can't locate Digest/Perl/MD5.pm in @INC (@INC contains: .
> /usr/local/lib/perl5/5.00503/sun4-solaris
> /usr/local/lib/perl5/5.00503
> /usr/local/lib/perl5/site_perl/5.005/sun4-solaris
> /usr/local/lib/perl5/site_perl/5.005 .) at
> /usr/local/lib/perl5/site_perl/5.005/sun4-solaris/MD5.pm line 20.
> BEGIN failed--compilation aborted at Radius/Radius.pm line 23.
> BEGIN failed--compilation aborted at Radius/Client.pm line 27.
> BEGIN failed--compilation aborted at ./radiusd line 24.
> 
> Janice
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOwPa50wGLkuD4lDdEQKQsACdFqlnR6hWOKHaCyFYehqFS+Bw0L8An0Nd
OIdNEpW3u1jrDutzNXJrBX95
=iYqJ
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Radiator Static and Dynamic IP's in the same realm

2001-05-16 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am doing the same kind of setup. Since all of my users gain access
through the same NAS, I use different  for dynamic and static
ip users. user@realm for dynamic and [EMAIL PROTECTED] for static.
For the static users, I just use an , but for dynamic
user, I set and AuthByPolicy ContinueWhileAccept. I then use  to authenticate the user followed by  to
assign an ip address from and SQL database. If your users use
different NAS's you could use a  instead of different
realms. There may also be a cleaner  way.

Shon Stephens
[EMAIL PROTECTED]

- - Original Message - 
From: "Kyle Hultman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 16, 2001 10:26 AM
Subject: (RADIATOR) Radiator Static and Dynamic IP's in the same
realm


> Hi,
>   I am using radiator, latest version, and I am trying to configure
> it for use with our access servers. I have configured it to
> authenticate from a mySql database, and it is running on RH Linux
> 7.0. We have a large number of customers who have dedicated IP's,
> and a large numbers of customers who are assigned an IP at the time
> of dialup. My mySql Subscribers table looks like this:
> 
> USERNAME,PASSWORD,ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR,STATUS,PROTO
> COL,IPADDRESS,IPNETMASK,FRAMEDGROUP  
> 
> My AuthSelect statement looks like:
> AuthSelect select PASSWORD, PROTOCOL, IPADDRESS, IPNETMASK from
> SUBSCRIBERS where USERNAME='%n' and STATUS='A'
> 
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Framed-Protocol, reply
> AuthColumnDef 2, Framed-Address, reply
> AuthColumnDef 3, Framed-Netmask, reply
> 
> I would like to able do both static and dynamic IP's from the same
> realm, but I have yet to be able to figure this out. Does anyone
> have any suggestions?
> 
> -- 
> Kyle Hultman
> [EMAIL PROTECTED]
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOwKrjUwGLkuD4lDdEQIuiwCgyx/mj0e0JE36feLeI8rAjvZl66IAoK9f
7/e1+p9fzsQI0LYkCapo9471
=V0/6
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Problems with Session Database.

2001-05-15 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alright, I know this is a much covered topic, but I'm still having
some difficulty. 
I believe this is how Radiator should be working. I am using
 and . Please tell me if this is
incorrect.

The NAS sends an Auth-Request to Radiator. Radiator will execute the
DeleteQuery "delete from RADONLINE where USERNAME='%n' and
NASIDENITIFIER='%N' and NASPORT='%{Nas-Port}' This is to correct for
dupes. Once this is done, it executes the CountQuery "select
NASIDENTIFIER,NASPORT,ACCTSESSIONID from RADONLINE where USERNAME =
'%n'; If the number of unique sessions doesn't exceed the set limit,
then the AuthSelect query is executed. If the user authenticates
correctly, Radiator will send an Auth-Accept back to the NAS. Which
then (in most cases) will send an Acct-Start request. When this
request is recieved, Radiator will then insert the Acct-Start data
into the Accounting Database. It will also insert the session data
into the SessionDB using the AddQuery "insert into RADONLINE
(USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,
TIME_STAMP,FRAMEDIPADDRESS,PORTYTPE,SERVICETYPE) values ('%n', '%N',
'%{Nas-Port}', '%{Acct-Session-Id}', '%{Timestamp}', 
'%{Framed-IP-Address}', '%{Port-Type}', '%{Service-Type}')

I may have the order of the insert into Accounting and Session
reversed. I am not sure. Either way, my session database never
updates. Here is my configuration:


Identifier DefaultSDB
DBSource dbi:mysql:radius:mysqlhost
DBUsername mysqluser
DBAuth password
AddQuery insert into sessions (username, time_stamp, session_id,
\
nas_identifier, nas_port, framed_ip_addr) values ('%U', \
'%{GlobalVar:TimestampFormatted}', '%{Acct-Session-Id}', \
'%{NAS-Identifier}', '%{NAS-Port}', '%{Framed-IP-Address}')
DeleteQuery delete from sessions where username='%U' and \
nas_identifier='%{NAS-Identifier}' and nas_port='%{NAS-Port}'
ClearNasQuery delete from sessions where nas_identifier= \
'%{NAS-Identifier}'
CountQuery select nas_identifier,nas_port,session_id from
sessions \
where username='%U'



SessionDatabase DefaultSDB
MaxSessions 1 
  
  DBSource dbi:mysql:radius:mysqlhost
  DBUsername mysqluser
  DBAuth password
  Timeout 120
  FailureBackoffTime  150
  AuthSelect select password, check, reply from users where \
  username='%U'
  AuthColumnDef 0, User-Password, check
  AuthColumnDef 1, GENERIC, check
  AuthColumnDef 2, GENERIC, reply
  AccountingTable accounting
  DateFormat %x-%d%M%Y
  AcctColumnDef username, User-Name, string
  AcctColumnDef time_stamp, Timestamp, integer-date
  AcctColumnDef status_type, Acct-Status-Type, integer
  AcctColumnDef input_octets, Acct-Input-Octets, integer
  AcctColumnDef output_octets, Acct-Output-Octets, integer
  AcctColumnDef session_id, Acct-Session-Id, string
  AcctColumnDef session_time, Acct-Session-Time, integer
  AcctColumnDef terminate_cause, Acct-Terminate-Cause, integer
  AcctColumnDef nas_identifier, NAS-Identifier, string
  AcctColumnDef nas_port, NAS-Port, integer
  AcctColumnDef framed_ip_addr, Framed-IP-Address, string
  


I am using radpwtst to test this. To make sure that the entry is not
deleted from the session database, I do not send an Acct-Stop. I also
change my Nas-Port. However, even on the first attempt, without a
Acct-Stop Request, Radiator never attempts to execute the AddQuery. I
have looked at my Radiator log files. There are no errors reported. I
have looked at the packet dumps. Everything appears good. When
looking at the query logs on my SQL server, there is never an attempt
to perform an insert into sessions. It just doesn't happen, no
errors, no hiccups, just no session tracking. Why isn't this
happening. I have looked at this a dozen times. Yes, my table names
and formats are different from the default, but I compensate for this
by changing the query statements in the radius.cfg file. Thanks for
looking at this novel.

Shon Stephens
[EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOwFvMUwGLkuD4lDdEQLT6ACfZjzMoDGLmpUqcKVrfOclwhip0kYAn1nt
QbCPt0G7L2F7BXO5FbX59pnL
=L4JK
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) stupid question ,-)

2001-05-15 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I don't know about making Radiator accept connections from your
device. However, I use NOCOL to monitor my Radiator systems. It has a
Radius AAA mechanism built into it. Its free too. Can't remember
where to get it though?

Shon Stephens
[EMAIL PROTECTED]


- - Original Message - 
From: "Andy De Petter" <[EMAIL PROTECTED]>
To: "Radiator Mailing" <[EMAIL PROTECTED]>
Sent: Tuesday, May 15, 2001 7:49 AM
Subject: (RADIATOR) stupid question ,-)


> 
> Hello,
> 
> I don't know if anyone has ever tried this before, but I'm testing
> out a  hardware monitoring tool, that can check ICMP/TCP/UDP
> protocols.
> 
> Now, the problem I'm having here, is that I can't add this device
> in the  client list of Radiator, because it doesn't support any
> "secret" (it  just connects to a port, and sees if it's listening
> or not).
> 
> I noticed that Radiator is rejecting the IP address of the device, 
> because it's an unknown client.  Is there a way, to make Radiator
> accept  connections from this device, even without a shared secret?
>  Or just  stop Radiator from blocking that IP address?
> 
> Thanks,
> 
> -Andy
> 
> -- 
> 
> *** DISCLAIMER ***
> This e-mail and any attachments thereto may contain information,
> which is confidential and/or protected by intellectual property
> rights and are intended for the sole use of the recipient(s) named
> above. Any use of the information contained herein (including, but
> not limited to, total or partial reproduction, communication or
> distribution in any form) by persons other than the designated
> recipient(s) is prohibited. If you have received this e-mail in
> error, please notify the sender either by telephone or by e-mail
> and delete the material from any
> computer. Thank you for your cooperation.
> 
> 
> 
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOwElqEwGLkuD4lDdEQKJywCgz+W43kkCKGfsV5rYrVK3cXpUXlIAoMix
tGUmu0geb/t0zYKoYwUhQ9EX
=ItBQ
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Timestamp Formatting

2001-05-12 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hugh, 
 Thanks for the tip. I guess I could keep it as the epoch.
Really, I just want to have a time format that can be understood by
my operators. I will probably just use perl or php to convert the
timestamp after it has been selected from the database. Also, this is
the format I insert the timestamp into the database in all the other
tables. Consistency and all.

Shon Stephens
[EMAIL PROTECTED]

- - Original Message - 
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Shon Stephens" <[EMAIL PROTECTED]>; "Radiator Mailing
List" <[EMAIL PROTECTED]>
Sent: Friday, May 11, 2001 7:33 PM
Subject: Re: (RADIATOR) Timestamp Formatting


> 
> Hello Shon -
> 
> The Timestamp used inside Radiator is a numeric value representing
> the number  of seconds since the UNIX epoch (midnight January 1,
> 1970) and is used for  calculations that expect this to be the
> case.
> 
> You can add an additional field to the RADPOOL table if you wish
> and provide  your own queries which will write a formatted string
> in addition to the  standard Radiator fields.
> 
> Just out of interest, why do you want to do this?
> 
> regards
> 
> Hugh
> 
> 
> On Saturday 12 May 2001 02:52, Shon Stephens wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > I am planning on using . In the RADPOOL
> > table there is a TIME_STAMP field. Is this the time that the
> > address was allocated? Can I use DateFormat to format this? If so
> > how? If not, what can I do?
> >
> > Thanks,
> > Shon Stephens
> > [EMAIL PROTECTED]
> >
> > P.S. My PGP Public Key is available from either
> > ldap://europe.keys.pgp.com or http://pgpkeys.mit.edu . You can
> > download it and sign it if you like.
> >
> > -BEGIN PGP SIGNATURE-
> > Version: PGPfreeware 7.0.3 for non-commercial use
> > <http://www.pgp.com> 
> >
> > iQA/AwUBOvwYwUwGLkuD4lDdEQKc0ACg8jAv9KjhxF6c4o0F3y9lh9h5XkcAoK+Z
> > Bnx0wP9aTid4nkK35PnscdZV
> > =3eWc
> > -END PGP SIGNATURE-
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS
> server  anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT,
> MacOS X. -
> Nets: internetwork inventory and management - graphical,
> extensible, flexible with hardware, software, platform and database
> independence. ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOv0lbUwGLkuD4lDdEQJxKgCeMWbvBPquL3c5GV2f9qP04/SVsdEAoI5k
xuIucXQxPDh7c6pEPwXJDvJh
=yg67
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Session Database Not Updating???

2001-05-11 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am using Radiator 2.17 and . I have setup and
AddQuery, DeleteQuery, ClearNasQuery, and CountQuery. I noticed from
logs that when a user connects, the first thing that happens is a
delete from the sessions table. The next thing that happens is a
select from the sessions table. However, there is never any insert
into the sessions table. If there is no insert or everytime a user
logs in (Access-Request Accepted) they are deleted from the sessions
table, how can I enforce MaxSessions? I don't know what is wrong at
all. Here is how I configure my SessionDatabase:



  # Session DB Identifier. Use this to assign a name that can be 
  # referred to later.
  Identifier DefaultSDB

  # How we connect to the MySQL server.
  DBSource dbi:mysql:radius:sqlserver
  DBUsername user
  DBAuth secret

  # How we add entries to the session table.
  AddQuery insert into sessions (username, time_stamp, session_id, \
  nas_identifier, nas_port, framed_ip_addr) values ('%U', \
  '%{GlobalVar:TimestampFormatted}', '%{Acct-Session-Id}', \
  '%{NAS-Identifier}', '%{NAS-Port}', '%{Framed-IP-Address}')

 # How we delete entries from the session table.
 #DeleteQuery delete from sessions where username='%U' and \
 #nas_identifier='%{NAS-Identifier}' and nas_port='%{NAS-Port}'
 DeleteQuery delete from sessions where username='%U'

  # Clear the sessions table whenever a NAS is rebooted.
  ClearNasQuery delete from sessions where nas_identifier= \
  '%{NAS-Identifier}'

  # Count number of simultaneous sessions.
  CountQuery select nas_identifier,nas_port,session_id from sessions
\
  where username='%U'



Thanks,
Shon Stephens
[EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOvxvHUwGLkuD4lDdEQKAUQCglH5CB0+vIPX30Va2uD4D6FZNg90AniQ7
p48z2lbLqnclCBYYlWEZJQxt
=ISZR
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Retraction of Multiple AuthBy Methods

2001-05-11 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Never mind. The  doesn't contain AccountingTable.

My apologies.

Shon Stephens
[EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOvwuxUwGLkuD4lDdEQJvxQCfV67NTMqw7D+fwxDU3FgpGavpdHEAoIua
nNK2Bw08a7LO9J2b9O1F1mC2
=emDB
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Multiple AuthBy Methods

2001-05-11 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I would like to use an AuthByPolicy ContinueWhileAccept to first
authenticate users from using . This would check username
and password. Then I am using  to allocate IP
Addresses. In which one of my  clauses should I put my
AccountingTable information? Should I use the first, last, or both. I
am not using multiple tables.

Thanks,
Shon Stephens
[EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOvwuOEwGLkuD4lDdEQLKiwCgmS4dsYGkgvREJ8NWutTzQJn36UkAoIxF
PQ4TlR+NJFfbnbmehmswQeI3
=s8kQ
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername

2001-05-11 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I would like to put my RewriteUsername Rule into the clients table of
my MySQL database. Should I put the whole statement like this:

RewriteUsername s/^([^@]+).*/$1/

into the database, or just the regex. Also, I am not so good with
regex. I believe that the above will take [EMAIL PROTECTED] and rewrite
that as user. Is that so?

Thanks,
Shon Stephens
[EMAIL PROTECTED]

- -BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use
<http://www.pgp.com>

iQA/AwUBOvwg6kwGLkuD4lDdEQIN4gCfQxiNNrjNd1vua1GeCjVumSaY4EMAoIjd
file://rAvD53MivQfaXnjz0yoYL+
=HD3n
- -END PGP SIGNATURE-

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOvwhGUwGLkuD4lDdEQLajQCeKrRBN2r0jXWnHOHlBO7JH7iIEUEAn2Z2
e5TlRZHZZxKFjMh0JKikdhh4
=pUSf
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Timestamp Formatting

2001-05-11 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am planning on using . In the RADPOOL table
there is a TIME_STAMP field. Is this the time that the address was
allocated? Can I use DateFormat to format this? If so how? If not,
what can I do?

Thanks,
Shon Stephens
[EMAIL PROTECTED]

P.S. My PGP Public Key is available from either
ldap://europe.keys.pgp.com or http://pgpkeys.mit.edu . You can
download it and sign it if you like.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOvwYwUwGLkuD4lDdEQKc0ACg8jAv9KjhxF6c4o0F3y9lh9h5XkcAoK+Z
Bnx0wP9aTid4nkK35PnscdZV
=3eWc
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.