No Subject
We have Radiator running on both Linux and NT, and authenticate against the Microsoft LDAP server, using the AuthbyLDAP clause. With Radiator on Linux, everything was okay but when we tried it on NT, every authentication request was rejected. When I looked into the logfile, I noticed there was an extra whitespace at the end of every value. I tried to use AuthbyLDAP2 instead, but the same there. When I changed AuthLDAP.pm on NT a little bit it worked, but this is not a general solution. The code was something like: #file AuthLDAP.pm sub finduser { #... if ($ent) { #... for (...) { my @vals = ldap_get_values($self-{ld}, $ent, $ber); chop @vals; } } } The only thing I added was the chop @vals;. This is okay on NT, but wrong on Linux. - Wilbert
RE: (RADIATOR) tigris
On 29-Jul-99 Ricardo Guerra wrote: anyone knows if i can use calling_station_id on a tigris?, if so.. how can i do it? i already specified AcctColumnDefCALLERID,Calling-Station-Id but it does'nt work check your logs at Trace 4 to see what's the exact naming of the station id as your NAS tells Radiator in the Accounting packets if it's there, radiator should be able to insert it into the database Ricardo. --- -- E-Mail: Ricardo Kustner [EMAIL PROTECTED] Date: 30-Jul-99 Time: 09:32:14 This message was sent by XFMail -- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Building a new proxy
Hugh Irvine wrote: Salut Frédéric - comment va la belle France? Paris is very nice without parisians ! On Fri, 30 Jul 1999, Frédéric GARGULA wrote: My old Radius proxy is dead, so I'm building a new one using Radiator. Excellent idea! I will be very very happy when our customers will be able to connect... The old one was running Radius DTC 2.03. I didn't find the configuration file, but I found the users file. In that file, there is the config for handling runneling from one of the clients. I presume that all of your equipment is DTC? I must explain a little thing : We are an ISP, and we have many POPs. But to extend the number of our POPs, we buy access from SIRIS, a french Telecom Operator. Our customers can connect using a national dialup number, which is owned by SIRIS Our trouble is that SIRIS uses a L2F tunnel. To correctly answer to the incoming requests from SIRIS's servers, we have to add this attributes : Tunnel-Type = Tunnel-L2F, Tunnel-Medium-Type = Tunnel-IP, Tunnel-Client-Endpoint = "[EMAIL PROTECTED]", Tunnel-Server-Endpoint = "@toto_example", Tunnel-Password = "yy" to the incoming request. Those request may arrivve from two Radius Servers. So I have two Client clauses in my radius.cfg file. In the old configuration, those attributes was injected in the incoming in the users file. We had a line in the users file that filter incoming requests from a particular client : DEFAULT Password = "PROXY", Suffix="@netclic.fr", DTC-AP-Name="tnt" (in this example, we had a #ap:tnt entry in the clients files, describing the ip address and secret for tnt client. All of this looks quite straightforward, provided we have the correct radius dictionary that defines the above attributes. Have you found that? My question is : How do I convert that config to suit Radiator ? I think I can use a Realm toto.org AuthBy RADIUS Host radius.toto.org AuthPort 1812 AcctPort 1813 Secret topsecret /AuthBy /Realm You will not be able to do this with a Realm toto.org, as it is the same in both cases, so I think Handlers would be better in this case. How can I differentiate incoming request by the client ? those request are with same Realm... I will also need to know how your other users are defined, and how they enter their usernames to verify that my suggestions will work. with have many realm : some with tunnel connection and non-tunnel connection. We can suppose that for each realm, there are two cases : with tunnel (incoming from SIRIS) and without tunnel (incoming from our POPs) My assumption here is that the tunnel creation is part of the user authentication - there is another possibility too, which is that the tunnel creation occurs as a separate transaction before the user is authenticated. However based on the two fragments that you have provided it looks to me like its part of the user authentication. We don't create the tunnel. the tunnel is created, and we must reply in it. It's SIRS that create the tunnel. I think we just have to add the tunnel attributes the the incoming request, before forwarding it to the correct Radius Server. # Standard configuration parameters Foreground LogStdout LogDir . DbDir . AuthPort1812 AcctPort1813 Client . . /Client # Define a Handler for "ClientWithTunnel" Handler DTC-AP-Name="ClientWithTunnel" I can't use DTC-AP-Name because using the DTC Radius server, it correspond to a specific Radius client IP address... AuthBy FILE Filename AddToReply User-Service = 2, DTC-Auth-Allow = "", DTC-Auth-Port = 1812, DTC-Auth-Server = xxx.xxx.xxx.xxx, DTC-Auth-Secret = "topsecret", DTC-Acct-Port = 1813, DTC-Acct-Server = xxx.xxx.xxx.xxx, Tunnel-Type = Tunnel-L2F, Tunnel-Medium-Type = Tunnel-IP, Tunnel-Client-Endpoint = "[EMAIL PROTECTED]", Tunnel-Server-Endpoint = "@toto_example", Tunnel-Password = "yy" /AuthBy /Handler I can't send the tunnel parameters at each time, but only if the client ip address is from SIRIS, or if the NAS-Identifier field begins with "SH" #Define a Handler for "ClientWithoutTunnel" Handler DTC-AP-Name="ClientWithoutTunnel" AuthBy FILE Filename .. AddToReply Service-Type = Framed-User, DTC-Auth-Allow = "", DTC-Auth-Port = 1812, DTC-Auth-Server = xxx.xxx.xxx.xxx,
(RADIATOR) Limit Acces
DAVID PARAJE wrote: My name is David and i'm from Unisource, Spain. I have some questions about Radius Radiator and i hope anyone can help me. I want to limitate the simultaneous use of my clients, but i dont know how can i do it. I am working in a Solaris and AUTH BY FILE. I have read some questions about this problem and, for example, when i write DefaultSimultaneousUse 1 (to limit acces to 1) and stop and start radius, there are a ERROR in the logfile that say that don't recognice that command. Some question: Do i have to configure SNMP in my Acces Server (cisco) and in the Radius? Do i have to add in the dictionary file some words (like DefaultSimultaneousUse or Simultaneous-Use)? And, in a few words, what i have to do to limit access, please Thanks === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Limit Acces
On Fri, Jul 30, 1999 at 12:25:20PM +0200, DAVID PARAJE wrote: DAVID PARAJE wrote: My name is David and i'm from Unisource, Spain. I have some questions about Radius Radiator and i hope anyone can help me. I want to limitate the simultaneous use of my clients, but i dont know how can i do it. I am working in a Solaris and AUTH BY FILE. I have read some questions about this problem and, for example, when i write DefaultSimultaneousUse 1 (to limit acces to 1) and stop and start radius, there are a ERROR in the logfile that say that don't recognice that command. Some question: Do i have to configure SNMP in my Acces Server (cisco) and in the Radius? Do i have to add in the dictionary file some words (like DefaultSimultaneousUse or Simultaneous-Use)? And, in a few words, what i have to do to limit access, please Not a lot. This in your radius.cfg: SessionDatabase DBM Filename /path/where/the/database/file/will/live /SessionDatabase Then for each user add: Simultaneous-Use = 1 (or use AddToReply and save some work) I'd recommend enabling SNMP on your Cisco's as that will allow Radiator to double check before rejecting a user for exceeding the Simultaneous-Use check. The manual is pretty good in this respect. But you don't have to use SNMP - just have to access the odd reject if your network/NAS/Server drops the odd Stop packet. [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MySQL buildsql errors
I am having a little trouble building my MySQL tables from a livingston users file. When I run buildsql it returns the error, Can't locate DBI.pm in @INC (@INC contains: . /usr/lib/perl5/i386-linux/5.004 BEGIN failed--compilation aborted at /usr/bin/buildsql line 20. I have looked through the FAQ, and recompiled radiator, but to no avail, I am only new to this list, and have not been able to find an archive that may contain old messages relating to this, the FAQ on the radiator website does not cover this particular error, nor does any of the documentation (html, or pdf). I appologise if this particular subject has been covered before. [CC] P1aGu3 :- Admin of the Cairns Carnage Tribes Server :- http://games.cairns.net.au/tribes "When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, *for free*'." -- Linus Torvalds "You know you're a redneck Jedi if :- You consider your lightsaber the best bugzapper yet invented" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Appologies
I appologise for my previous message, I had forgotten to remove my signature for when mailing to this list, this has now been fixed. Thanks Paul ... you are absolutely correct ... the DBI and DBD drivers are all installed and working 100% now thanks =)