Re: (RADIATOR) Setting up a Dynamic Pool
--- Forwarded mail from [EMAIL PROTECTED] Date: Sat, 17 Jun 2000 09:40:13 +1000 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Simon Hackett [EMAIL PROTECTED]] From mikem Sat Jun 17 09:40:09 2000 Received: by oscar.open.com.au (8.9.0/8.9.0) id JAA04584 for [EMAIL PROTECTED]; Sat, 17 Jun 2000 09:40:09 +1000 (EST) Received: from hamish.internode.com.au (hamish.internode.com.au [192.83.231.113]) by perki.connect.com.au with ESMTP id JAA28862 (8.8.8/IDA-1.7 for [EMAIL PROTECTED]); Sat, 17 Jun 2000 09:27:15 +1000 (EST) Received: from hamish.internode.com.au (hamish.internode.com.au [192.83.231.113]) by perki.connect.com.au with ESMTP id JAA28862 (8.8.8/IDA-1.7 for [EMAIL PROTECTED]); Sat, 17 Jun 2000 09:27:15 +1000 (EST) Received: (from simon@localhost) by hamish.internode.com.au (8.9.2/8.9.2) id IAA87843; Sat, 17 Jun 2000 08:57:11 +0930 (CST) (envelope-from simon) From: Simon Hackett [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Setting up a Dynamic Pool In-Reply-To: [EMAIL PROTECTED] from Todd Knaus at "Jun 16, 2000 12:27:59 pm" To: [EMAIL PROTECTED] (Todd Knaus) Date: Sat, 17 Jun 2000 08:57:11 +0930 (CST) Cc: [EMAIL PROTECTED] (Radiator) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII In the past we had the actuall server (a livingston Portmaster) do the assignment. However, we have purchased a new CISCO AS5300 and evidently the 5300 cannot do this. Well, actaully I guess it can however, if we set it up using a dynamic Pool then our Static customer have problems. So we are being told that either you have Radius do everything or you have the CISCO do everything.but you can't have the CISCO hand out dynamic and Radius hand out static. You've been misinformed. You can do what you want with Cisco IOS, and we and have done just that for quite some time. Go dig around in the CCO documentation a bit more, or get yourself 'told' what is possible by someone with more experience with Cisco IOS than the person you've been listening to so far. Essentially, just define a local pool on the cisco and if the radius response doesn't specify an explicit ip address, the cisco will default back to using its local pool. There really isn't much of a problem to solve here. For the ultimate in configurability, you can even use cisco avpairs to download an ip address pool definition to the 5x00 from the radius server (we don't do this - don't really see the point at our existing size) http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/peruser.htm Anyway: An example of the cisco side config lines that are relevant is: ip address-pool local then define a local pool, e.g.: ip local pool default start-ip end-ip on each async (or group-async) interface that's relevant, or sync interface if you also want to work this way for isdn calls, you use the command peer default ip address pool default Which tells IOS to use the pool called 'default' to assign the ip address if the radius response doesn't provide an IP address. However, if it does, then this is respected in preference to using the local pool to assign one. And you're done! Simon ---End of forwarded mail from [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: (Fwd) Simultaneous Logins with 2.14
Hello John - I wanted to see if there were any known problems with version 2.14 of Radiator using AuthBy Emerald and the entry... AuthSelect ,sa.LoginLimit One of our customers has his users loginlimit set to 1 for all but 2 users. And for some reason, everyone can login as many times as they want. You might try setting a DefaultSimultaneousUse parameter in the AuthBy clause: AuthBy EMERALD DefaultSimultaneousUse 1 /AuthBy And could you send me a trace 4 debug showing what is happening? BTW - the latest version of Radiator is 2.16.1. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthByDynaddress
Hi Guys, I am still getting this error in my logs when attempting to use authbydynaddress: Jun 19 10:36:57 contender ./radiusd[24050]: Handling with Radius::AuthRADIUS Jun 19 10:36:57 contender ./radiusd[24050]: Handling with Radius::AuthDYNADDRESS Jun 19 10:36:57 contender ./radiusd[24050]: do query is: update RADPOOL set STATE=0, TIME_STAMP=961375017 where YIADDR='' My cfg looks like this: AddressAllocator SQL Identifier xxx DBSourcedbi:mysql:radius DBUsername root DBAuth radiator AddressPool pool1 Subnetmask 255.255.255.0 Range 203.44.90.130 203.44.90.134 /AddressPool /AddressAllocator Realm xxx.net.au RewriteUsername s/^([^@]+).*/$1/ AuthBy RADIUS Host xxx.xxx.xxx.xxx Secret /AuthBy AcctLogFileName %L/detail.xxx AuthBy DYNADDRESS Allocator xxx PoolHint %{Reply:PoolHint} StripFromReply PoolHint /AuthBy /Realm See any glaring faults? :) I am getting the PoolHint from the /etc/raddb/users file using: username Password = "" PoolHint = pool1 Regards -- Dean Brandt Technical Director Cain Internet Services Pty Ltd ACN 091949405 Ph 61-3-95231065 Satellite Access - $29.95 - no limits === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Sim. use control by Ping
Yes, it works well. Thank you very much. Hugh Irvine wrote: Hello all - On Thu, 15 Jun 2000, Aaron Holtz wrote: I'm not sure that is correct. If you look at the code, DeleteQuery runs right before a new session is entered into the online database. So if your query includes removing the Framed IP from the database you should be good to go. Using the ping type and changing up your DeleteQuery should keep your online database almost perfect. The only instance where things can get goofy are when a Stop packet is lost and the next user who gets the Framed IP of the lost Stop packet user has their Start packet lost. Just modify your DeleteQuery statement per Mike's previous suggestion and you should be all set. Aaron is correct, here is the code from SessSQL.pm: sub add { my ($self, $name, $nas_id, $nas_port, $p) = @_; # (Re)-connect to the database if necessary, return undef if !$self-reconnect; main::log($main::LOG_DEBUG, "$self-{Identifier} Adding session for $name, $nas_id, $nas_port "); # Delete any existing session on this port first: its clearly defunct my $q = Radius::Util::format_special($self-{DeleteQuery}, $p); $self-do($q); # Now add the new one $q = Radius::Util::format_special($self-{AddQuery}, $p); $self-do($q); } As you can see, the DeleteQuery is run immediately before the new session is added. I've copied this to Mike so he can add something to the documentation. Thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Regards, Clement ANS Communications P/L === Post Addr: P O Box 6626 Blacktown BC, NSW 2148 Tel: (02) 9552 1655 Fax: (02) 9972 2633 === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.