Re: (RADIATOR) User name as parameter to URL in AddToReply?
At 10:28 23/09/00 +1100, Hugh Irvine wrote: You will also have to edit the radacct.cgi file and turn on secure mode by uncommenting the following line: $secure = 1; I did, and it does work, but there doesn't a way to forbid users from seeing the All Users script. Obviously, no ISP wants users to have access to this information. FF. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Performance Monitoring
Hi, I'm trying to monitor the performance of Radiator. Is there any way to check the number of users authenticated per day and the number of authentication failures? Also, how can I record the total response time for each authentication request? Thanks.
Re: (RADIATOR) Apache PAM module
Hello ! Does anybody know where can I find the Apache PAM modul, which I can use Radius requests to authenticate with ? SUTO Janos GTS-Datanet === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) snmpget fro TotalControlSNMP
Hi there! I'm trying to limit Maxsession by using SNMP to our NAS. We are using TotalControl Hyper Arc running ver 4.1.59. Already successfully download and compiled ucd-snmp. But i have problem limiting the user to just one session. There's seems to be the problem with the snmpget to the NAS. He's the error that i get: Fri Sep 22 16:30:51 2000: DEBUG: Checking if user is still online: TotalControlSNMP, userid, 165.21.xx.xx, 280, 18284546 165.21.xx.xx Fri Sep 22 16:30:51 2000: DEBUG: Running command `/usr/local/bin/snmpget 165.21.62.254 X .iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.8.49.56.50.56.52.53.52.54` Error in packet Reason: (genError) A general failure occured We are running Radiator 2.16.3. Here's how the configuration looks like: LogDir /usr/local/etc/raddb DbDir /usr/local/etc/raddb AuthPort1745 AcctPort1746 SnmpgetProg /usr/local/bin/snmpget Client 165.21.xx.xx Secret xx NasType TotalControlSNMP SNMPCommunity x /Client AuthBy UNIX Identifier System Filename/etc/shadow /AuthBy Realm DEFAULT MaxSessions 1 AuthBy System AcctLogFileName %D/detail /Realm Hope someone can help. Cheers! * Sajari Bin Sarkan * SingNet Network Support * * -BEGIN PGP PUBLIC KEY BLOCK- Version: 2.6.i mQBtAjc9fI4AAAEDAMx6kkJcuhMq9TJEecb3JaiHe6fHRMlaVX/5Om7eCi2xdONO HfVeuTUryabhb7J2mRgKo7z4YWoNxOdNdDtRVaMfD7H18mdV0KYvlR/+9NAgKGxi UEaOYPJsKNHWCAKV1QAFEbQeU2FKYVJpIDxzYWphcmlAc2luZ25ldC5jb20uc2c+ =gG2n -END PGP PUBLIC KEY BLOCK- === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Performance Monitoring
Hello Elias - On Mon, 25 Sep 2000, Elias wrote: Hi, I'm trying to monitor the performance of Radiator. Is there any way to check the number of users authenticated per day and the number of authentication failures? Also, how can I record the total response time for each authentication request? The easiest way to check the number of authentications per day is simply to count the number of accounting records (starts or stops) in your database on a daily basis. Also if you set logging to the database, you can do the same thing with failure messages (or you can just parse the log file). As to measuring total response time for each authentication, that is a bit harder, as Radiator will only see the access request after the modem handshake and the initial PPP sequence. Some NAS equipment will report the amount of time taken to set up a call in the accounting records, but most do not. Normally Radiator does not log successful authentications unless it is running with Trace 4, but I would not recommend this in a production environment. There are some statistics maintained by Radiator that you can query via a radius status server request or via SNMP. The only other option might be to check your database statistics for response times to certain queries. hth Hugh ps - how is everyone at Telecom Malaysia? Please say hello on my behalf. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User name as parameter to URL in AddToReply?
Hello Frederic - On Mon, 25 Sep 2000, Frederic Faure wrote: At 10:28 23/09/00 +1100, Hugh Irvine wrote: You will also have to edit the radacct.cgi file and turn on secure mode by uncommenting the following line: $secure = 1; I did, and it does work, but there doesn't a way to forbid users from seeing the All Users script. Obviously, no ISP wants users to have access to this information. I must apologise to you, as it does appear that there is a problem with radacct.cgi and SQL databases in secure mode. I am very sorry that you have spent a rather frustrating time trying to make this work. We will fix the problem as soon as we can and post a patch. Many thanks for your patience. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Getting rid of Alive records
I am using a MwSQL DB to authenticate and log accounting requests. I would like to only get starts and stops and no alives because they clutter up my DB. How can I configure that?? I currently have one realm for DEFAULT and and AuthBySQL clause in it. Any assitance would be appreciated. Aaron Kenny Network Administrator www.safebrowse.com [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Stop Responding
Ive had a strange occurance today on one of my radius servers. It just stops responding though its still running after being up no more then 5 minutes. Stopped/Started many times, a few times with trace level 4 for heavy debug info. Nothing... just stops apparantly in the middle of logging someone in. Its been working fine for the week ive been using it. At one point i noticed my server getting slow as well, and TOP showed the radiusd taking up 25% CPU resources. Any hints on how to track down what could be making it hang? === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Performance Monitoring
Hello Elias, what we did on our end is monitor Radiator's performance using MRTG graphs. we are only monitoring total requests against accepts, rejects, dropped, bad authenticators, and accounting. one nice thing about Radiator is that you can define SNMP comunity trings and even a separate SNMP port in case you are using the standard SNMP port for your server (hardware, disks, memory, traffic) performance monitoring. i can share my MRTG config if you are interested. Hugh Irvine wrote: Hello Elias - On Mon, 25 Sep 2000, Elias wrote: Hi, I'm trying to monitor the performance of Radiator. Is there any way to check the number of users authenticated per day and the number of authentication failures? Also, how can I record the total response time for each authentication request? The easiest way to check the number of authentications per day is simply to count the number of accounting records (starts or stops) in your database on a daily basis. Also if you set logging to the database, you can do the same thing with failure messages (or you can just parse the log file). As to measuring total response time for each authentication, that is a bit harder, as Radiator will only see the access request after the modem handshake and the initial PPP sequence. Some NAS equipment will report the amount of time taken to set up a call in the accounting records, but most do not. Normally Radiator does not log successful authentications unless it is running with Trace 4, but I would not recommend this in a production environment. There are some statistics maintained by Radiator that you can query via a radius status server request or via SNMP. The only other option might be to check your database statistics for response times to certain queries. hth Hugh ps - how is everyone at Telecom Malaysia? Please say hello on my behalf. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- __ OO- `. Darwin A. Bawasanta [EMAIL PROTECTED] pgp-id: 0x367CADAC * ||| Systems Development Manager SKYCablenet, Inc. L_(_/ Ofc: +63 32 253-6677 Mobile: +63 917 486-5033 |||== ((_| "If the facts don't fit the theory, change the facts." === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radiator proxying and NAT
-Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Monday, September 25, 2000 12:17 PM To: Andrew Pollock; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Radiator proxying and NAT Hello Andrew - On Mon, 25 Sep 2000, Andrew Pollock wrote: Hi, I'm currently troubleshooting a curious problem with Radiator proxying to a second Radiator server that is behind a firewall and is having address translation performed on it. The Radiator server doing the proxying is on the Internet, and the Radiator server being proxied to has a private IP address and a fixed public address is translated to that private IP address. Translation is occuring some of the time, but not consistently, and it's naturally causing all sorts of problems. The problem is going have to be the firewall, but I'm wondering if anything Radiator is doing isn't helping either. One thing I noticed is Radiator is proxying on the packets with a high source port (not 1645). I'm pretty sure that previously I've seen RADIUS servers do all the talking in all directions on port 1645, is this the case? As far as I know, radius clients (which is what Radiator is when acting as a proxy) use high source port numbers when sending requests. The only time we have seen something different (ie. broken) is with some versions of GRIC on NT, which don't reply to the source port as sent in the request. Someone else on the list may have other comments. Hi again, I've done a little bit more research and noticed the following: NAS (outside firewall) talking to RADIUS (Radiator) server (inside firewall) The NAS will change it's source port (the high port) with each new request. Retransmitted requests all use the same source port as the original request. Everything works fine with the firewall and the NATing. Radiator server (outside firewall) talking to Radiator server (inside firewall) The Radiator server outside the firewall changes it's source port every minute or so. Multiple different requests are sent to the other Radiator server on the same source port. The first request is NATed correctly, the subsequent requests are not. Once the Radiator server outside the firewall changes it's source port again, that first request is also NATed successfully, the rest are not. How hard is it going to be to change Radiator to use a new source port for each request that it proxies? Andrew === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.