Re: (RADIATOR) NAS' in Multiple Timezones, AAA in One ?
Hi Brad, On Jul 23, 8:17am, Brad Vonarx - AAPTN VicOne wrote: Subject: (RADIATOR) NAS' in Multiple Timezones, AAA in One ? Has anybody dealt with this issue ? I have Access Servers Australia wide, however Radiator servers in Melb and Syd only.I need to display the time the caller connected locally not the Radiator local time. Then the issue gets more complicated during daylight savings time, any Ideas ? The Unix times that Radiator logs are always in GMT, so showing the _users_ local time for the connection will require: 1. That you know the time zome the user dialled from 2. You convert the GMT time to the local time using 1 above. Radiator wont do either of those for you. Cheers -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ascend To Raditor config
Hi Dwayne, On Jul 23, 4:06pm, Dwayne Godden wrote: Subject: (RADIATOR) Ascend To Raditor config I've now got Raditor to talk to windows NT, But now I'm have the problem with my Ascen MAX 6000 unit. Is there some DOC's on how to do this or has anyone done this befor and can lend a hand?. If you outline the sort of problems, and post relevant config files and log file, someone in this list might be able to help you. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
No Subject
Hi Rajeesh, On Jul 23, 10:33am, Rajesh K wrote: Subject: Hello all! Is it possible to use two different user files in radiator. Yes, you can arrange for Radiator to let them in if they are in either file, or if they are in both files. Or you can arrange for one file for one realm, and a different file for a different realm. Which one are you interested in? Also does the sorting of the userfile improves the speed of authentication . No. The user entries are hashed intenally. Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Hook question
I'm trying to customize radiator for my needs, but I need to do some
complex operations (more than one query during auth process, evaluate a lot
of conditions during auth, customize Replies with "No more time left" or
"Account expired" or "Port not allowed" or other messages).
I've done some of theese things with PostAuthHook, but i neet to know the
content of my userbase (i'm using mysql).
For example...
PostAuthHook sub { my $tipo_richiesto = ${$_[0]}-get_attr('Service-Type'); \
my $tipo_utente = USER-SERVICE-TYPE-ON-DATABASE; \
if ($tipo_utente != $tipo_richiesto) { \
${$_[1]}-add_attr('Reply-Message' , 'Type of service not allowed for
this user'; }}
Regards, Fabrizio Cuseo
--
Fabrizio Cuseo - [EMAIL PROTECTED]
Respons. commerciale - Panservice InterNetWorking
Phone: +39 0773 410020 fax: +39 0773 410020
--
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) proxying Acct?
Hi, On 23-Jul-99 Mike McCauley wrote: its not possible to change the AuthByPolicy in the middle of a Realm. Instead, we would suggest doing it like this (untested): # Handle all acccounting requests here Handler Acct-Status-Type=/.+/ I've tried this setup but i doesnt work... i guess it's because i'm using several Realms too... including a DEFAULT realm... according to the docs, it first checks realms, then looks for default realm before trying out the handlers so maybe i should convert the cfg to Handlers instead... is Handler realm=open.com.au exactly the same as Realm open.com.au ? and Handler would be the same as Realm DEFAULT ? Ricardo. --- -- E-Mail: Ricardo Kustner [EMAIL PROTECTED] Date: 23-Jul-99 Time: 15:58:45 This message was sent by XFMail -- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) NT
Mike, Thanks for the reply. I looked in my goodies directory but did not find the nt.cfg(using the latest production copy of 2.13.1). I found it in 2.14 beta. Thanks again, Mike -Original Message- From: Mike McCauley [mailto:[EMAIL PROTECTED]] Sent: Friday, July 23, 1999 3:14 PM To: [EMAIL PROTECTED]; Michael Jaworski Subject: Re: (RADIATOR) NT Hi, We just purchased Radiator and need to setup a configuration file to work with an NT domain. We modified the radius/cfg file down to the NT authorization but it does not work. We keep getting these error messages when using the password test script. Debug - Check if handler Realm=RealmNameHere should be used to handle this request. Warning - Could not find handler - request ignored. Looks like you had a specific realm set up, but the request that came in was for a user name not inthat realm. Does anyone have a sample of a working NT based config file? One that works with a Platypus based domain would be great too. There is an example config file for NT in goodies\nt.cfg Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: []
Hi well i wanted to have two different files each having diff. set of users.how can it be done. I tried the optionAuthByFilein the realm defaultand added 2 different files each in the tag Auth by .But it didn't worked. why is it the authentication becomes slow with more than 1000 users. Rajesh "Mike McCauley" [EMAIL PROTECTED] wrote: Hi Rajeesh, On Jul 23, 10:33am, Rajesh K wrote: Subject: Hello all! Is it possible to use two different user files in radiator. Yes, you can arrange for Radiator to let them in if they are in either file, or if they are in both files. Or you can arrange for one file for one realm, and a different file for a different realm. Which one are you interested in? Also does the sorting of the userfile improves the speed of authentication . No. The user entries are hashed intenally. Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. ΓΏ Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) DefaultRealm behavior in 2.14
Mike, I'v read this thread brought by Ian, but I didn't understand it. I used to have 4 Clients, all referencing the same DefaultRealm. It always worked before 2.14. Now, it is appending the realm in the username. If I comment the DefaulRealm clause, I get: "Fri Jul 23 16:57:52 1999: WARNING: Could not find a handler: request is ignored" I have to strip out the realm. I think it shouldn't be necessary. So my question is: "How can I have a default realm, without having to strip it out before auth?" Cheers, Ricardo Freire, MCP === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Call-check
On Jul 22, 11:23am, I wrote: My Lucent (Livingston) PortMasters are capable of using a feature named "call-check". With this feature, the PM sends an authentication request before it accepts an incoming call. The request specifies the phone-number from which the call is coming as the user name. Radius has the opportunity to reject the call immediately and return a busy signal to the caller. Alternatively, the call can be accepted and the caller then put through the normal authentication process. I have over 100 PortMasters world-wide and I'd like to use this feature on most of them. However, if I enable the feature and Radiator is not set-up to process the requests, the PMs will default to rejecting the call and all callers will get busies. So I believe it is imperative to get Radiator properly configured first. According to Lucent, the proper way to respond to most call-check requests is with a single users file entry like this at the very end of the file. DEFAULT Service-Type = Call-Check Because this line contains no reply items, the PM treats the response as an indication that the call should be accepted but the caller put through the normal authentication process. If I add this line to my users file, my Radiator log file (2.13.1, at trace level 3) starts recording lines like the following. Wed Jul 21 17:37:10 1999: INFO: Access rejected for joeblow: Check item Service-Type value 'Call-Check' does not match 'Framed-User' in request "joeblow" is a valid user with a proper entry earlier in the users file. These messages continue at a high rate until I remove the DEFAULT line from the users file. Thanks to Mike McCauley and Bernd Strehhuber for the replies. I've got it figured out. Actually, Bernd gave me the necessary clue. My configuration had never before used Handlers, only a default Realm. Adding the call-check stuff to the end of the configuration file was essentially pointless because the default Realm appeared earlier. Converting to using two Handlers, one for call-check first and one for everything else second, has cleared up the problem nicely. I guess I had basically ignored the Handler stuff in the manual, figuring I'd get back to it someday after I had things working. Well, now was the time. -- Dave Close Quik Internet +1 949 548 2171 Costa Mesa California [EMAIL PROTECTED] http://www.quik.com/ === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) (off-topic?) simple snmp info from nas
Re: (RADIATOR) SNMP Counter logging On Wed, Jul 07, 1999 at 04:26:38PM +1000, tom minchin wrote: I use the SNMP method to clear the interface, that sends a Stop (IOS version 11.3(8)T1). snmpset hostname community .1.3.6.1.4.1.9.2.9.10.0 i interface would you have a list anywhere of what these cisco oids mean? i've spent half of today searching all over the net and i can't find a listing anywhere of what they mean. (i found cisco mibs on their ftp site but have no idea how to add the mibs to cmu snmp's mib.txt file). basically what i want to do is, given a line number (e.g. Se0:7 or Async20) convert that to various interesting snmp oids and get useful data out of it. in particular, i want to find out if a given line is up or down, who is logged in on it (if possible...scanning enterprise.* oids from a 5200 iit seems possible for async but mysteriously not possible for isdn connections), when they logged in, and how many bytes they've uploaded or downloaded. i've spent most of the rest of today using snmpwalk/snmpget and grep and other tools trying to make some sense of .1.3.6.1.4.1.* -- i've already figured out that oids for isdn line 'n' often end in (n+7), and async lines often end in (n+71). now i want to know which of these can give me useful info. i don't want to spend ages messing about with some enormous network management package (i've got scotty/tkined and that's great for network monitoring/exploring but i hate scripting in tcl)...i just want to do a few simple queries in shell and perl. am i missing something really basic about snmp or is it meant to be ridiculously clumsy and over-complicated?? craig -- Craig Sanders Systems Administrator VICNET- Victoria's Network http://www.vicnet.net.au/ === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) (off-topic?) simple snmp info from nas
On Sat, Jul 24, 1999 at 04:05:55PM +1000, Craig Sanders wrote: Re: (RADIATOR) SNMP Counter logging On Wed, Jul 07, 1999 at 04:26:38PM +1000, tom minchin wrote: I use the SNMP method to clear the interface, that sends a Stop (IOS version 11.3(8)T1). snmpset hostname community .1.3.6.1.4.1.9.2.9.10.0 i interface would you have a list anywhere of what these cisco oids mean? There's some meaty documents on www.cisco.com which go through each MIB that you can download from the website. I was never able to integrate the Cisco MIBs into CMU or UCD (but I'm hardly an expert). Unfortunately I don't have any URLs as they keep changing the damn site layout. am i missing something really basic about snmp or is it meant to be ridiculously clumsy and over-complicated?? I'm sure it's not meant to be clumsy, but the way Cisco (and others) have implemented it (ie in an accumulatory fashion rather than any attractive plan) means that it's ugly and complicated. The Cisco solution is to buy CiscoWorks and be done with it :) [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
