No Subject

[Wilbert de Graaf]

We have Radiator running on 
both Linux and NT, and authenticate against the Microsoft LDAP server, using the 
AuthbyLDAP clause. With Radiator on Linux, everything was okay but when we tried 
it on NT, every authentication request was rejected.
When I looked into the logfile, I noticed there was an 
extra whitespace at the end of every value. I tried to use AuthbyLDAP2 instead, 
but the same there. When I changed AuthLDAP.pm on NT a little bit it worked, but 
this is not a general solution. The code was something like:

#file 
AuthLDAP.pm

sub finduser {
 #...
 if ($ent) {
 
#...
 for (...) 
{
 
my @vals = ldap_get_values($self-{ld}, $ent, $ber);
 chop 
@vals;
 }
 }
}

The only thing I added was 
the chop @vals;. This is okay on NT, but wrong on 
Linux.

- 
Wilbert

RE: (RADIATOR) tigris

[Ricardo Kustner]

On 29-Jul-99 Ricardo Guerra wrote:
 anyone knows if i  can use calling_station_id on a tigris?, if so.. how
 can i do it?
 i already specified
 AcctColumnDefCALLERID,Calling-Station-Id but it does'nt work

check your logs at Trace 4 to see what's the exact naming of the station id as
your NAS tells Radiator in the Accounting packets if it's there, radiator
should be able to insert it into the database

Ricardo.
---
--
E-Mail: Ricardo Kustner [EMAIL PROTECTED]
Date: 30-Jul-99
Time: 09:32:14

This message was sent by XFMail
--

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Building a new proxy

[Frédéric GARGULA]

Hugh Irvine wrote:
 
 Salut Frédéric - comment va la belle France?

Paris is very nice without parisians !

 
 On Fri, 30 Jul 1999, Frédéric GARGULA wrote:
  My old Radius proxy is dead, so I'm building a new one using Radiator.
 
 
 Excellent idea!

I will be very very happy when our customers will be able to connect...

 
  The old one was running Radius DTC 2.03.
  I didn't find the configuration file, but I found the users file.
  In that file, there is the config for handling runneling from one of the
  clients.
 
 
 I presume that all of your equipment is DTC?

I must explain a little thing : We are an ISP, and we have many POPs.
But to extend the number of our POPs, we buy access from SIRIS, a french
Telecom Operator.

Our customers can connect using a national dialup number, which is owned
by SIRIS

Our trouble is that SIRIS uses a L2F tunnel. To correctly answer to the
incoming requests from SIRIS's servers, we have to add this attributes :

 Tunnel-Type = Tunnel-L2F,
 Tunnel-Medium-Type = Tunnel-IP,
 Tunnel-Client-Endpoint = "[EMAIL PROTECTED]",
 Tunnel-Server-Endpoint = "@toto_example",
 Tunnel-Password = "yy"

to the incoming request.

Those request may arrivve from two Radius Servers. So I have two
Client clauses in my radius.cfg file.

In the old configuration, those attributes was injected in the incoming
in the users file. We had a line in the users file that filter incoming
requests from a particular client :

DEFAULT Password = "PROXY", Suffix="@netclic.fr", DTC-AP-Name="tnt"
    

(in this example, we had a #ap:tnt entry in the clients files,
describing the ip address and secret for tnt client.


 
 All of this looks quite straightforward, provided we have the correct radius
 dictionary that defines the above attributes. Have you found that?
 
  
  My question is : How do I convert that config to suit Radiator ?
  I think I can use a
  Realm toto.org
AuthBy RADIUS
Host radius.toto.org
AuthPort 1812
  AcctPort 1813
  Secret topsecret
  /AuthBy
  /Realm
 
 You will not be able to do this with a Realm toto.org, as it is
 the same in both cases, so I think Handlers would be better in this case.

How can I differentiate incoming request by the client ? those request
are with same Realm...

 I will also need to know how your other users are defined, and how they enter
 their usernames to verify that my suggestions will work.

with have many realm : some with tunnel connection and non-tunnel
connection.
We can suppose that for each realm, there are two cases : with tunnel
(incoming from SIRIS) and without tunnel (incoming from our POPs)


 
 My assumption here is that the tunnel creation is part of the user
 authentication - there is another possibility too, which is that the tunnel
 creation occurs as a separate transaction before the user is authenticated.
 However based on the two fragments that you have provided it looks to me like
 its part of the user authentication.
 
We don't create the tunnel. the tunnel is created, and we must reply in
it. It's SIRS that create the tunnel.
I think we just have to add the tunnel attributes the the incoming
request, before forwarding it to the correct Radius Server. 


 # Standard configuration parameters
 
 Foreground
 LogStdout
 LogDir  .
 DbDir   .
 AuthPort1812
 AcctPort1813
 
 Client .
 .
 /Client
 
 # Define a Handler for "ClientWithTunnel"
 Handler DTC-AP-Name="ClientWithTunnel"

I can't use DTC-AP-Name because using the DTC Radius server, it
correspond to a specific Radius client IP address...

 AuthBy FILE
 Filename 
 AddToReply User-Service = 2,
 DTC-Auth-Allow = "",
 DTC-Auth-Port = 1812,
 DTC-Auth-Server = xxx.xxx.xxx.xxx,
 DTC-Auth-Secret = "topsecret",
 DTC-Acct-Port = 1813,
 DTC-Acct-Server = xxx.xxx.xxx.xxx,
 Tunnel-Type = Tunnel-L2F,
 Tunnel-Medium-Type = Tunnel-IP,
 Tunnel-Client-Endpoint = "[EMAIL PROTECTED]",
 Tunnel-Server-Endpoint = "@toto_example",
 Tunnel-Password = "yy"
 /AuthBy
 /Handler
 

I can't send the tunnel parameters at each time, but only if the client
ip address is from SIRIS, or if the NAS-Identifier field begins with
"SH"

 #Define a Handler for "ClientWithoutTunnel"
 Handler DTC-AP-Name="ClientWithoutTunnel"
 AuthBy FILE
 Filename ..
 AddToReply Service-Type = Framed-User,
 DTC-Auth-Allow = "",
 DTC-Auth-Port = 1812,
 DTC-Auth-Server = xxx.xxx.xxx.xxx,
  

(RADIATOR) Limit Acces

[DAVID PARAJE]

DAVID PARAJE wrote:

 My name is David and i'm from Unisource, Spain. I have some questions
 about Radius Radiator and i hope anyone can help me.

 I want to limitate the simultaneous use of my clients, but i dont know
 how can i
 do it. I am working in a Solaris and AUTH BY FILE.

 I have read some questions about this problem and, for example, when i
 write DefaultSimultaneousUse 1 (to limit acces to 1) and stop and start
 radius, there are a ERROR in the logfile that say that don't recognice
 that command.

 Some question:
 Do i have to configure SNMP in my Acces Server (cisco) and in the
 Radius?
 Do i have to add in the dictionary file some words (like
 DefaultSimultaneousUse or Simultaneous-Use)?
 And, in a few words, what i have to do to limit access, please

 Thanks


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Limit Acces

[tom minchin]

On Fri, Jul 30, 1999 at 12:25:20PM +0200, DAVID PARAJE wrote:
 DAVID PARAJE wrote:
 
  My name is David and i'm from Unisource, Spain. I have some questions
  about Radius Radiator and i hope anyone can help me.
 
  I want to limitate the simultaneous use of my clients, but i dont know
  how can i
  do it. I am working in a Solaris and AUTH BY FILE.
 
  I have read some questions about this problem and, for example, when i
  write DefaultSimultaneousUse 1 (to limit acces to 1) and stop and start
  radius, there are a ERROR in the logfile that say that don't recognice
  that command.
 
  Some question:
  Do i have to configure SNMP in my Acces Server (cisco) and in the
  Radius?
  Do i have to add in the dictionary file some words (like
  DefaultSimultaneousUse or Simultaneous-Use)?
  And, in a few words, what i have to do to limit access, please

Not a lot. This in your radius.cfg:

SessionDatabase DBM
Filename /path/where/the/database/file/will/live
/SessionDatabase

Then for each user add:

Simultaneous-Use = 1

(or use AddToReply and save some work)

I'd recommend enabling SNMP on your Cisco's as that will allow Radiator to
double check before rejecting a user for exceeding the Simultaneous-Use
check. The manual is pretty good in this respect. But you don't have to
use SNMP - just have to access the odd reject if your network/NAS/Server
drops the odd Stop packet.

[EMAIL PROTECTED]

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) MySQL buildsql errors

[Michael Dunne]

I am having a little trouble building my MySQL tables from a livingston 
users file.

When I run buildsql it returns the error,

Can't locate DBI.pm in @INC (@INC contains: . /usr/lib/perl5/i386-linux/5.004
BEGIN failed--compilation aborted at /usr/bin/buildsql line 20.

I have looked through the FAQ, and recompiled radiator, but to no avail, I 
am only new to this list, and have not been able to find an archive that 
may contain old messages relating to this, the FAQ on the radiator website 
does not cover this particular error, nor does any of the documentation 
(html, or pdf).
I appologise if this particular subject has been covered before.


[CC] P1aGu3 :- Admin of the Cairns Carnage Tribes Server :- 
http://games.cairns.net.au/tribes

"When you say 'I wrote a program that crashed Windows', people just stare 
at you blankly and say 'Hey, I got those with the system, *for free*'." -- 
Linus Torvalds

"You know you're a redneck Jedi if :- You consider your lightsaber the best 
bugzapper yet invented"

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Appologies

[Michael Dunne]

I appologise for my previous message, I had forgotten to
remove my signature for when mailing to this list, this has now been
fixed.

Thanks Paul ... you are absolutely correct ... the DBI and DBD drivers
are all installed and working 100% now thanks =)