Re: (RADIATOR) Re:
Jeff, I have a program (for Win NT) that will convert a log file into a comma-delimited text file. You can also select the dictionary attributes you want collected / discard. I wrote it a while ago before I changed over to SQL. It works, but recording to SQL works even better. E-mail me if you would like a copy. Regards, Brian Morris - Original Message - From: Hugh Irvine <[EMAIL PROTECTED]> To: Jeff Baldwin <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, December 01, 1999 9:24 AM Subject: (RADIATOR) Re: > > Hello Jeff - > > On Tue, 30 Nov 1999, Jeff Baldwin wrote: > > >%_I was wondering if you know of any software that would be good > > for reading the radius logfile. I need two do two things. > > one i need to count origional logins by realm and two i need to record > > time online from sertain clients for example the user may log in from radius > > client one but that is part of their account but client two is a bonus or > > maybee like 800 dialup so i need to track the users time online only from that > > client. any help with a good way to get this info would be helpful. > > > > In all honesty, there is no good way to do this from the logfile - my advice > would be to use an SQL database for your accounting records. > > hth > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy RADIUS, write authentication to mySQL?
Hello George - On Wed, 01 Dec 1999, George Jeffery wrote: > Hey all, > > I have been givin the task of using RADIATOR to AuthBy PROXY to another > RADIUS server (MERIT) and then upon authentication not only write the > Accounting information but to also write the Authentication information to > a mySQL database. > > I can get RADIATOR to AuthBy PROXY and write the Accounting information > into the mySQL database. However, I can't see anyway to write the > Authentication information, specifically logon-id and password. > > I have reread the RADIATOR installation manual a number of times but I > don't get it. Am I crazy or can it be done? > Use the PasswordLogFilename in the Handler or Realm in question. See Section 6.13.7 in the Radiator 2.14.1 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy RADIUS, write authentication to mySQL?
Hey all, I have been givin the task of using RADIATOR to AuthBy PROXY to another RADIUS server (MERIT) and then upon authentication not only write the Accounting information but to also write the Authentication information to a mySQL database. I can get RADIATOR to AuthBy PROXY and write the Accounting information into the mySQL database. However, I can't see anyway to write the Authentication information, specifically logon-id and password. I have reread the RADIATOR installation manual a number of times but I don't get it. Am I crazy or can it be done? Any suggestions would be most welcome!! George P. Jeffery # George P. Jeffery, Web-Database Developer # Digital Design Corporation # www.ddc.net === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Nasport problem
Hello Cortney - On Wed, 01 Dec 1999, Cortney Thompson wrote: > Hi all, > > I am having a small problem monitoring radius. I am running radiator on a > NT 4.0 machine accross ODBC to a SQL 7.0 server. We are using a monitoring > system call Inetmapper to monitor radius. I am not sure if anyone has used > this before. Well in its authentication request it does not send a Nasport > just a Username and Password and IP address. Well this causes a problem > because I have our radonline table set to no nulls in the Nasport > field. So I am receiving an error in the log each time it tries to check > the status. What I want it to do is simply check the Username and Password > no logging to radonline or to the accounting table. Just a simple Hi I am > still up and running. I have tried a couple of things with no avail, but > I'm not sure I am on the right track. Has anyone done something like this > before? > >From your description, I assume Inetmapper is sending a Radius request to Radiator? If this is the case and you want to do something special for it, you should set up a special Handler to deal with it. Otherwise, you can also monitor Radiator from any SNMP monitoring system. For a special Handler you should do something like this: # handle Inetmapper requests # Client definition and Client-Id can use DNS name or IP address # but both must be the same Secret *somesecret* Filename %D/inetmapper.user SessionDatabase SDB-inetmapper # define a special SessionDatabase for inetmapper Handler # this SessionDatabase definition must appear before the existing one # this is because the *last* one defined is used by default for everything else Identifier SDB-inetmapper # inetmapper.user file contains whatever for your inetmapper requests inetmapper Password = xx Reply-Message = "Hi - I am still up and running!" The usual caveat applies to Realms and Handlers. Do not mix Realms and Handlers in the same configuration file. If you are already using Realms, change them to Handlers like this: becomes . Also keep in mind that Handlers are scanned sequentially, so more restrictive clauses must preceed less restrictive clauses in the configuration file. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session Timeout Until xx:xx
Hello Ferhat - On Tue, 30 Nov 1999, Ferhat DILMAN wrote: > >%_Hi, > The module AuthGeneric in 2.1.14 patch area states that: > 28/9/99 New version of AuthGeneric supports a new format for Session-Timeout > reply items:. > If you have for example: Session-Timeout="until 1800" Then the > Session-Timeout in the reply will be calculated as the number of seconds up > until the time of day specified > > However, I am puzzled since I don't understand how to use this extra string > in AuthBy SQL module. Is it possible to use a parameter in AuthGeneric > inside AuthSQL ? AuthSQL (and all other Authxxx modules) inherits from (is built on) AuthGeneric, so anything in AuthGeneric is also usable in AuthSQL. Keep in mind also that Session-Timeout is a standard reply item and as such can be sent in any Access-Accept packet. You should have a look at Section 13 in the manual - Check and Reply Items. These can be used in a variety of places in Radiator: as Handler check items, as AuthBy reply items, and as check and reply items in user definitions. You could use Session-Timeout in an AuthBy SQL like this: DBSource ... DBAuth ... DBUsername ... ... AddToReply Session-Timeout = "until 1800" ... and of course there are lots of other possibilities... hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) ClearNasQuery
Hello Ferhat - On Tue, 30 Nov 1999, Ferhat DILMAN wrote: > >%_Hi, > > I remember we had once discussed the same issue long time ago but could not > find it in the archive logs. > > What I need is when the Leased Line between POP and the location where > radiator resides is down, users are still on RADONLINE and also there are no > STOP records arrived into the accounting table so that they still seem to be > online. This is not a problem if their account is unlimited-time-account. > However, if they only have xx hours per month, then it is a problem and we > have to clear-nas. > > I can handle this using a SQL statement manually. Is there anyone done this > automatically? Since the leased line is down, radiator will not receive > clearnasquery request from the NAS. > The NAS never sends a "clearnasquery", unless you count the "Accounting-On" that some NAS's send when they start up. > MRTG sending the request to radiator when the line is down? anybody tried? > Don't know about this. > Another idea would be, periodically check the NAS within radiator and when > it does not receive response, issue a clearnasquery? > But is this the correct behaviour? Just because you have lost connectivity between your Radiator host and your NAS doesn't necessarily mean that you should clear the SessionDatabase. I'm also not clear on how this is going to help your users' accounting records in any case. It seems to me if you don't get a Stop from the NAS, your only option is to manually send a Stop from something like radpwtst. Or perhaps I don't understand your problem well enough? Please get back to me if I haven't understood. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: More about PostAuthHook
Hello Antonio -
On Tue, 30 Nov 1999, Antonio Navarro Navarro wrote:
> Hi All !
>
> I have discovered the PostuthHook file:"filename" and works fine.
> I have read the documentation, about the PostAuthHooks, and was trying to
> write a Hook for assigning IP Addresses from a limited pool. >
> I think there are three parameters passed to the hook: the current request, the
> reply packet currently being construted and the result of the authentication.
> How can I access the contents of this three parameters ? >
> My actual PostAuthHook is a very simple program that only writes to an external file:
>
> open(trace, '>>/trace.txt');
> print trace "PostAuthHook working...\n";
> close(trace);
>
> I need to obtain the following in order to assign a Fixed IP Address:
>
> - The result of the authentication: Only will continue with the
> process if the authentication is right (ACCEPT).
>
> - The Fixed IP Address assigned to the user (if exists).
>
> - The number of users actually conected and the IP Addresses
> assigned to all of them.
>
> I use the RADONLINE database in MySQL for tracking the users connected. The
>PostAuthHook will assignt he first IP Address not used from the pool to the user
>(pseudo-code follows):
>
> if (authentication_is_ok()) {
> if (resultpacket_doesn't_contain_a_fixed_IP_Address) {
> iplist=obtain_list_of_current_IP_Addresses();
> for( ip=begin_of_pool; ip if not_in_use(ip, list) {
> ad_to_reply_packet(ip);
> exit for;
> }
> }
> }
> }
>
You access the parameters like this:
# get the parameters passed to this hook
my $p = ${$_[0]}; # current request packet
my $rp = ${$_[1]}; # current reply packet
my $code = ${$_[2]}; # authentication result
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Re:
Hello Jeff - On Tue, 30 Nov 1999, Jeff Baldwin wrote: > >%_I was wondering if you know of any software that would be good > for reading the radius logfile. I need two do two things. > one i need to count origional logins by realm and two i need to record > time online from sertain clients for example the user may log in from radius > client one but that is part of their account but client two is a bonus or > maybee like 800 dialup so i need to track the users time online only from that > client. any help with a good way to get this info would be helpful. > In all honesty, there is no good way to do this from the logfile - my advice would be to use an SQL database for your accounting records. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Nasport problem
Hi all, I am having a small problem monitoring radius. I am running radiator on a NT 4.0 machine accross ODBC to a SQL 7.0 server. We are using a monitoring system call Inetmapper to monitor radius. I am not sure if anyone has used this before. Well in its authentication request it does not send a Nasport just a Username and Password and IP address. Well this causes a problem because I have our radonline table set to no nulls in the Nasport field. So I am receiving an error in the log each time it tries to check the status. What I want it to do is simply check the Username and Password no logging to radonline or to the accounting table. Just a simple Hi I am still up and running. I have tried a couple of things with no avail, but I'm not sure I am on the right track. Has anyone done something like this before? Thanks in advance. If you any questions please contact me at: Personal Address [EMAIL PROTECTED] Opinions are mine and do not necessarily reflect those of wyoming.com === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) "logging turned on"
Here is the platform: web# uname -a FreeBSD ... 3.2-STABLE FreeBSD 3.2-STABLE #0: Mon Jul 12 08:55:0 5 EDT 1999 root@...:/usr/src/sys/compile/WEB i386 Regarding version, I downloaded: "Radiator-2.14.1"; no patches were applied. (btw, is there a way to confirm the version from the command line, such as "perl radiusd -v"?) Let me know what else I can do to assist. Dave -Original Message- From: Hugh Irvine [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, November 30, 1999 1:00 AM To: [EMAIL PROTECTED]; Dave Kitabjian; [EMAIL PROTECTED] Subject:Re: (RADIATOR) "logging turned on" Hello Dave - On Tue, 30 Nov 1999, Dave Kitabjian wrote: > See: http://www.open.com.au/radiator/install.html > > It says: > > "Run radiator with perl radiusd -config_file goodies/simple.cfg. This >runs Radiator with logging turned on (so you can see whats > happening), and >authenticates all requests from the file users. You will see > some messages, followed >by INFO: Server started. Radiator is now waiting for > requests to arrive." > > However, I get *no* messages at all either to the console or the local > terminal. > > - I'm using the stock "simple.cfg", which has "LogStdout" > - All "make test" tests passed "ok" > - The authentication test succeeds regardless: > > web# perl radpwtst -user fred -password fred > sending Access-Request... > OK > sending Accounting-Request Start... > OK > sending Accounting-Request Stop... > OK > > - "detail" contains accounting records > Could you tell me what platform you are running on? and which version of Radiator? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) "logging turned on"
I too have this problem but everything works except for the information going to stdout. I've even got it authenticating the way I need it so I just ignored it. Would be nice to know why it didn't work. I'm running on FreeBSD 3.3 stable and the latest Radiator(without any patches) On Tue, 30 Nov 1999, Hugh Irvine wrote: > > Hello Dave - > > On Tue, 30 Nov 1999, Dave Kitabjian wrote: > > See: http://www.open.com.au/radiator/install.html > > > > It says: > > > > "Run radiator with perl radiusd -config_file goodies/simple.cfg. This > >runs Radiator with logging turned on (so you can see whats > > happening), and > >authenticates all requests from the file users. You will see > > some messages, followed > >by INFO: Server started. Radiator is now waiting for > > requests to arrive." > > > > However, I get *no* messages at all either to the console or the local > > terminal. > > > > - I'm using the stock "simple.cfg", which has "LogStdout" > > - All "make test" tests passed "ok" > > - The authentication test succeeds regardless: > > > > web# perl radpwtst -user fred -password fred > > sending Access-Request... > > OK > > sending Accounting-Request Start... > > OK > > sending Accounting-Request Stop... > > OK > > > > - "detail" contains accounting records > > > > Could you tell me what platform you are running on? and which version of > Radiator? > > thanks > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) ClearNasQuery
Title: ClearNasQuery Hi, I remember we had once discussed the same issue long time ago but could not find it in the archive logs. What I need is when the Leased Line between POP and the location where radiator resides is down, users are still on RADONLINE and also there are no STOP records arrived into the accounting table so that they still seem to be online. This is not a problem if their account is unlimited-time-account. However, if they only have xx hours per month, then it is a problem and we have to clear-nas. I can handle this using a SQL statement manually. Is there anyone done this automatically? Since the leased line is down, radiator will not receive clearnasquery request from the NAS. MRTG sending the request to radiator when the line is down? anybody tried? Another idea would be, periodically check the NAS within radiator and when it does not receive response, issue a clearnasquery? Regards, Ferhat
(RADIATOR) Session Timeout Until xx:xx
Title: Session Timeout Until xx:xx Hi, The module AuthGeneric in 2.1.14 patch area states that: 28/9/99 New version of AuthGeneric supports a new format for Session-Timeout reply items:. If you have for example: Session-Timeout="until 1800" Then the Session-Timeout in the reply will be calculated as the number of seconds up until the time of day specified However, I am puzzled since I don't understand how to use this extra string in AuthBy SQL module. Is it possible to use a parameter in AuthGeneric inside AuthSQL ? Regards, Ferhat
(RADIATOR) More about PostAuthHook
Hi All !
I have discovered the PostuthHook file:"filename" and works fine. I have read the
documentation, about the PostAuthHooks, and was trying to write a Hook for assigning
IP Addresses from a limited pool.
I think there are three parameters passed to the hook: the current request, the reply
packet currently being construted and the result of the authentication. How can I
access the contents of this three parameters ?
My actual PostAuthHook is a very simple program that only writes to an external file:
open(trace, '>>/trace.txt');
print trace "PostAuthHook working...\n";
close(trace);
I need to obtain the following in order to assign a Fixed IP Address:
- The result of the authentication: Only will continue with the
process if the authentication is right (ACCEPT).
- The Fixed IP Address assigned to the user (if exists).
- The number of users actually conected and the IP Addresses
assigned to all of them.
I use the RADONLINE database in MySQL for tracking the users connected. The
PostAuthHook will assignt he first IP Address not used from the pool to the user
(pseudo-code follows):
if (authentication_is_ok()) {
if (resultpacket_doesn't_contain_a_fixed_IP_Address) {
iplist=obtain_list_of_current_IP_Addresses();
for( ip=begin_of_pool; iphttp://www.bemarnet.es
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook in an external file
Hi Hugh ! I'm working in a PostAuthHook on my system, and I was wondering if is possible to specify an external file instead of writing all the PostAuthHook code in the configuration file. Regards, Antonio Navarro Navarro BemarNet Management [EMAIL PROTECTED] http://www.bemarnet.es === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
No Subject
I was wondering if you know of any software that would be good for reading the radius logfile. I need two do two things. one i need to count origional logins by realm and two i need to record time online from sertain clients for example the user may log in from radius client one but that is part of their account but client two is a bonus or maybee like 800 dialup so i need to track the users time online only from that client. any help with a good way to get this info would be helpful. Thanks in Advance Jeff
