Re: (RADIATOR) Auth by Text Questions
Hello Todd - At 13:49 -0700 01/7/6, Todd Dokey wrote: >I just had Radiator dropped into my lap this last week amidst other things. > >I must be missing a REAL OBVIOUS issue, but I can't get my Radiator to auth >off of a file. > >This is on a Linux box with the rpm file for the install. > >The file is traditional in that it points the logfiles and gets the users >file from the normal spots. >The files are there. > >In radius.cfg is where I have the case of the "DUH"s going on. > >The only Authby Text clause I have is at the bottom (the standard DEFAULT) >and have added above it Client lists of the modems sending the requests. > >Those I sorted by location and type, so they swap out dictionaries as >needed. You can only specify a single dictionary file for Radiator, and you should start off with the standard "dictionary" file and add any additional entries to it with your favourite text editor. >That is about all I did. Radiator starts okay, but won't authenticate off >localhost (yes, built that entry.. once as in the example "localhost" and >redone as 127.0.0.1. > >I looked over the logs, it seems to start, but then doesn't complete. I will need to see a copy of the configuration file (no secrets), together with a trace 4 debug from Radiator showing what is happening at startup. thanks Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems with Bay 8000 RAC
Hello Sergio - I have no direct experience with Bay hardware, but it sounds like either a software version or a software configuration issue on the NAS itself. You can see what attributes the NAS is sending by turning hexidecimal packet dumps on in Radiator with a trace 5 debug. regards Hugh At 18:51 -0500 01/7/6, Sergio Gonzalez wrote: >*This message was transferred with a trial version of CommuniGate(tm) Pro* >Hi there. > > >I got some problems trying to make a bay 8000 RAC to receive and >send the appropriate data from/to the radius radiator server. First >problem, when a ppp session starts for a particular user in radiator >(that has a static IP address, sent via Frame-IP-Address), the bay >8000 RAC doesn't care about it, and just puts an IP address from its >own dynamic pool. I got the same radiator listening and serving to >other 2 RASes without problems when using that specific user. The >other problem I've is when the session stops, the bay 8000 RAC >doesn't send the speed used by the user ( the receive speed used by >the user). Instead of that info, the bay RAC doesn't send anything >(I got just nulls). > > >Somebody has an example of the particular attributes I've to use in >order to make the Bay 8000 RAC to take care about the >Framed-IP-Address and send back to radiator - in accounting stop >packets - the speed used?. > > > >PD: Sombody here in this list has a good example of a config.annex >file?. If someone, please send me a copy to my email address. I >really appreciate if someone can give a hand with that file. > > >Thanks. > >Sergio Alejandro Gonzalez >Director Operativo >SkyNet de Colombia. >Bogota, Colombia, South America. >57 (+1) 6 422 020 >57 (+3) 7 285 094 > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Conditionals?
Hello Griff - The answer to this depends on your exact requirements, however it may be as simple as using special characters, or it may involve writing a Hook, or it may be possible to do something clever in the configurtain file. If you send me a more detailed description of what you want to do I'll try to make some sensible suggestions. regards Hugh At 11:57 -0700 01/7/6, Griff Hamlin wrote: >Hello, > >Is it possible to do a different select statement in an AuthBy SQL >clause based on the value of a global variable set previously in the >config file? If so, how is it done? > >Griff Hamlin, III > > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale DialupandSessionDatabase
Hello Tom - How are you going to know which customer is which? regards Hugh At 12:51 -0400 01/7/6, Tom Daly wrote: >Hugh, > >I would say my problem then is this. I am using CalledStation.pm to send >users to radius proxy which does not use a realm, so users will dialup with >'username'. Now, our ISP does not require users to have a realm name either, >so they also dialup with 'username'. In the case of two identical usernames >between ISPs, one user will not be authenticated. Is there a way I can add a >realm name to the CalledStation.pm users for the sake of the session >database, however, still send the proxy server just 'username'. I am >guessing this will need to be done with some sort of hook. > >--Tom > >- Original Message - >From: "Hugh Irvine" <[EMAIL PROTECTED]> >To: "Tom Daly" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Friday, July 06, 2001 12:21 PM >Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup >andSessionDatabase > > >> >> Hi Tom - >> >> By default Radiator uses the username string as received from the >> NAS, as that is what it needs if it is to query the NAS directly to >> verify connections. >> >> regards >> >> Hugh >> >> >> At 12:29 -0400 01/7/6, Tom Daly wrote: >> >Hi, >> > >> >By default, what entry does Radiator to put into the Session Database? >From >> >what I can see, it seems that it copies the as entered by the >> >user, before any rewrite username, or other functions are used. >> > >> >Tom >> > >> >- Original Message - >> >From: "Hugh Irvine" <[EMAIL PROTECTED]> >> >To: "Tom Daly" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >> >Sent: Friday, July 06, 2001 5:44 AM >> >Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup and >> >SessionDatabase >> > >> > >> >> >> >> Hello Tom - >> >> >> >> At 12:17 -0400 01/7/5, Tom Daly wrote: >> >> >Hello, >> >> >We are currently using Radiator and MySQL for a SessionDB. As a >wholesale >> >> >provider, we have two ways for our wholesalers to access accounts. >> >> > >> >> >1. Per Port - An ISP is assigned a unique DNIS to which all radius >> >requested >> >> >are directed at thier radius server by proxy. We do this by the >following >> >> >method. >> >> > >> >> > >> >> > >> >> > Host xxx.xxx.xxx.xxx >> >> > Secret VeryVerySecret >> >> > AuthPort 1645 >> >> > AcctPort 1646 >> >> > Retries 5 >> >> > RetryTimeout 15 >> >> > >> >> > >> >> >This method seems to be slow, as we have to search through a few >hundred >> >> >DNISs for the same provider, if they have multiple DNISs. So I am >looking >> >> >for a way to use one statement that will search each providers list >of >> >> >DNISs. Also, when a customer dials in, thier username is just >username. >> >It >> >> >there a way to make the session database show [EMAIL PROTECTED], >but >> >> >still pass username to the proxy radius server? >> >> >> >> >> >> If you are using the "CalledStationId.pm" file from the goodies >> >> section of the distribution, there is almost no overhead, as the >> >> number that is specified in the definition is used as a key to >> >> directly access that clause. This is by far the fastest way to >> >> process large numbers of phone numbers. >> >> >> >> For your second question, you can use RewriteUsername(s) and custom >> >> queries for the SessionDatabase to do what you require. >> >> >> >> >> >> >2. Per User - An ISP is assigned a Unique REALM via a or >> >> >Realm=> Clause. This gets very very complicated, so it there a way to >> >> >simplify this? >> >> >> >> >> >> I don't understand the problem, sorry. Can you elaborate? >> >> >> >> >> >> >Also, 1 ISP does not use a realm, so is there a way to make >> >> >the session database show [EMAIL PROTECTED] and the radius server >> >check >> >> >for just username? > > >> >> >> See above - RewriteUsername(s) and custom queries. >> >> >> >> regards >> >> >> >> Hugh >> >> >> >> -- >> >> >> >> NB: I am travelling this week, so there may be delays in our >> >correspondence. >> >> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> >> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. >> >> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. >> >> >> >> -- >> >> NB: I am travelling this week, so there may be delays in our >correspondence. >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. >> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. >> > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on
Re: (RADIATOR) Radiator Profiles
Hello Kyle - You will need to add the following to your configuration file: # specify an AuthByPolicy to control multiple AuthBy clauses AuthByPolicy ContinueWhileAccept . hth Hugh At 12:42 -0400 01/7/6, Kyle wrote: >Hi guys, I'm trying to make profiles work from a mySql table. I've >followed the example provided in the goodies directory, dealing with >doing from file authentication. I'm adding a reply field of Profile in >my first clause, added a second clause >immediatly following it, and my clause is last. I've >added a StripFromReply at the end of the second AuthBy to take out the >Profile field. It does not appear to be using the second AuthBy when >authenticating an user. I see the Profile field in the reply packet. >I've included my realms.cfg file. file for examination. -- Kyle >Content-Type: application/x-ns-proxy-autoconfig; > name="realms.cfg" >Content-Transfer-Encoding: 7bit >Content-Disposition: inline; > filename="realms.cfg" > >Attachment converted: Macintosh HD:realms.cfg (/) (0001FEEF) -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) restartWrapper
Hello Griff - The restartWrapper program runs "radiusd" as a child process and waits for it to exit. If the child process exits for any reason, restartWrapper will restart it. hth Hugh At 12:54 -0700 01/7/6, Griff Hamlin wrote: >Can anyone tell me how restartWrapper determines whether or not to >restart radius? Is it only of the radiusd process stops or does it >restart it if it crashes (for example if it cannot access the mysql >database anymore?). > >Griff Hamlin, III > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problems with Bay 8000 RAC
*This message was transferred with a trial version of CommuniGate(tm) Pro* Hi there. I got some problems trying to make a bay 8000 RAC to receive and send the appropriate data from/to the radius radiator server. First problem, when a ppp session starts for a particular user in radiator (that has a static IP address, sent via Frame-IP-Address), the bay 8000 RAC doesn't care about it, and just puts an IP address from its own dynamic pool. I got the same radiator listening and serving to other 2 RASes without problems when using that specific user. The other problem I've is when the session stops, the bay 8000 RAC doesn't send the speed used by the user ( the receive speed used by the user). Instead of that info, the bay RAC doesn't send anything (I got just nulls). Somebody has an example of the particular attributes I've to use in order to make the Bay 8000 RAC to take care about the Framed-IP-Address and send back to radiator - in accounting stop packets - the speed used?. PD: Sombody here in this list has a good example of a config.annex file?. If someone, please send me a copy to my email address. I really appreciate if someone can give a hand with that file. Thanks. Sergio Alejandro Gonzalez Director Operativo SkyNet de Colombia. Bogota, Colombia, South America. 57 (+1) 6 422 020 57 (+3) 7 285 094 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator Profiles
Hi guys, I'm trying to make profiles work from a mySql table. I've followed the example provided in the goodies directory, dealing with doing from file authentication. I'm adding a reply field of Profile in my first clause, added a second clause immediatly following it, and my clause is last. I've added a StripFromReply at the end of the second AuthBy to take out the Profile field. It does not appear to be using the second AuthBy when authenticating an user. I see the Profile field in the reply packet. I've included my realms.cfg file. file for examination. -- Kyle realms.cfg
(RADIATOR) restartWrapper
Can anyone tell me how restartWrapper determines whether or not to restart radius? Is it only of the radiusd process stops or does it restart it if it crashes (for example if it cannot access the mysql database anymore?). Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Auth by Text Questions
I just had Radiator dropped into my lap this last week amidst other things. I must be missing a REAL OBVIOUS issue, but I can't get my Radiator to auth off of a file. This is on a Linux box with the rpm file for the install. The file is traditional in that it points the logfiles and gets the users file from the normal spots. The files are there. In radius.cfg is where I have the case of the "DUH"s going on. The only Authby Text clause I have is at the bottom (the standard DEFAULT) and have added above it Client lists of the modems sending the requests. Those I sorted by location and type, so they swap out dictionaries as needed. That is about all I did. Radiator starts okay, but won't authenticate off localhost (yes, built that entry.. once as in the example "localhost" and redone as 127.0.0.1. I looked over the logs, it seems to start, but then doesn't complete. So my long verbose note here is to ask if my brain is kludged in the understanding of the way to set up a radius.cfg file. File information (logs and users file) Client lists with features Authby Text issues End of file. Suggestions? - Inreach Internet Systems Department === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Conditionals?
Hello, Is it possible to do a different select statement in an AuthBy SQL clause based on the value of a global variable set previously in the config file? If so, how is it done? Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple SessionDatabases per Handler?
I assume that specifying multiple databases means that both would be written/updated at the appropriate times, and that you wouldn't have to figure out how to replicate them in any way Chris > From: Hugh Irvine <[EMAIL PROTECTED]> > Date: Fri, 6 Jul 2001 19:34:20 +1000 > To: Janet N del Mundo <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: Re: (RADIATOR) Multiple SessionDatabases per Handler? > > > Hello Janet - > > You can specify multiple database targets in a single SessionDatabase SQL. > > # define multiple databases > > > Identifier DSL-SessionCheck > DBSource .. > DBSource .. > .. > > > > hth > > Hugh > > > At 15:24 +1000 01/7/6, Janet N del Mundo wrote: >> Hi, >> >> Is it possible to have more than one SessionDatabase (for SQL fallback >> purposes) within one Handler? If not, how do I go about handling my >> SessionDatabase SQL when the SQL cannot be reached? >> >> I tried to add a SessionDatabase NULL for a fallback from my >> SessionDatabase SQL, but I received error messages when I restarted >> Radiator. >> >> >> Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in >> radius_dsl.cfg line 394 >> Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in >> radius_dsl.cfg line 395 >> >> # Handle DSL users logging into the Shasta # >> >> >> AuthByPolicy ContinueWhileIgnore >> SessionDatabase DSL-SessionCheck >> SessionDatabase NULL >> >> AuthByPolicy ContinueWhileAccept >> AuthBy Check-DSL-Users >> AuthBy Check-SQL-DSLUSERS >> AuthBy DoAccounting >> >> >> Any suggestions or comments? >> Thanks, >> Janet >> >> -- >> _ >> Janet del Mundo >> Internet Administrator, Startec Global Communications >> 135 Chalan Santo Papa Agana, Guam 96910 >> Email: [EMAIL PROTECTED] >> === >> Archive at http://www.open.com.au/archives/radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. > > -- > > NB: I am travelling this week, so there may be delays in our correspondence. > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale Dialup andSessionDatabase
Hugh, I would say my problem then is this. I am using CalledStation.pm to send users to radius proxy which does not use a realm, so users will dialup with 'username'. Now, our ISP does not require users to have a realm name either, so they also dialup with 'username'. In the case of two identical usernames between ISPs, one user will not be authenticated. Is there a way I can add a realm name to the CalledStation.pm users for the sake of the session database, however, still send the proxy server just 'username'. I am guessing this will need to be done with some sort of hook. --Tom - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Tom Daly" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, July 06, 2001 12:21 PM Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup andSessionDatabase > > Hi Tom - > > By default Radiator uses the username string as received from the > NAS, as that is what it needs if it is to query the NAS directly to > verify connections. > > regards > > Hugh > > > At 12:29 -0400 01/7/6, Tom Daly wrote: > >Hi, > > > >By default, what entry does Radiator to put into the Session Database? From > >what I can see, it seems that it copies the as entered by the > >user, before any rewrite username, or other functions are used. > > > >Tom > > > >- Original Message - > >From: "Hugh Irvine" <[EMAIL PROTECTED]> > >To: "Tom Daly" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > >Sent: Friday, July 06, 2001 5:44 AM > >Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup and > >SessionDatabase > > > > > >> > >> Hello Tom - > >> > >> At 12:17 -0400 01/7/5, Tom Daly wrote: > >> >Hello, > >> >We are currently using Radiator and MySQL for a SessionDB. As a wholesale > >> >provider, we have two ways for our wholesalers to access accounts. > >> > > >> >1. Per Port - An ISP is assigned a unique DNIS to which all radius > >requested > >> >are directed at thier radius server by proxy. We do this by the following > >> >method. > >> > > >> > > >> > > >> > Host xxx.xxx.xxx.xxx > >> > Secret VeryVerySecret > >> > AuthPort 1645 > >> > AcctPort 1646 > >> > Retries 5 > >> > RetryTimeout 15 > >> > > >> > > >> >This method seems to be slow, as we have to search through a few hundred > >> >DNISs for the same provider, if they have multiple DNISs. So I am looking > >> >for a way to use one statement that will search each providers list of > >> >DNISs. Also, when a customer dials in, thier username is just username. > >It > >> >there a way to make the session database show [EMAIL PROTECTED], but > >> >still pass username to the proxy radius server? > >> > >> > >> If you are using the "CalledStationId.pm" file from the goodies > >> section of the distribution, there is almost no overhead, as the > >> number that is specified in the definition is used as a key to > >> directly access that clause. This is by far the fastest way to > >> process large numbers of phone numbers. > >> > >> For your second question, you can use RewriteUsername(s) and custom > >> queries for the SessionDatabase to do what you require. > >> > >> > >> >2. Per User - An ISP is assigned a Unique REALM via a or >> >Realm=> Clause. This gets very very complicated, so it there a way to > >> >simplify this? > >> > >> > >> I don't understand the problem, sorry. Can you elaborate? > >> > >> > >> >Also, 1 ISP does not use a realm, so is there a way to make > >> >the session database show [EMAIL PROTECTED] and the radius server > >check > >> >for just username? > >> > >> See above - RewriteUsername(s) and custom queries. > >> > >> regards > >> > >> Hugh > >> > >> -- > >> > >> NB: I am travelling this week, so there may be delays in our > >correspondence. > >> > >> Radiator: the most portable, flexible and configurable RADIUS server > >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > >> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > >> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > >> > > -- > > NB: I am travelling this week, so there may be delays in our correspondence. > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale Dialup andSessionDatabase
Hi Tom - By default Radiator uses the username string as received from the NAS, as that is what it needs if it is to query the NAS directly to verify connections. regards Hugh At 12:29 -0400 01/7/6, Tom Daly wrote: >Hi, > >By default, what entry does Radiator to put into the Session Database? From >what I can see, it seems that it copies the as entered by the >user, before any rewrite username, or other functions are used. > >Tom > >- Original Message - >From: "Hugh Irvine" <[EMAIL PROTECTED]> >To: "Tom Daly" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Friday, July 06, 2001 5:44 AM >Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup and >SessionDatabase > > >> >> Hello Tom - >> >> At 12:17 -0400 01/7/5, Tom Daly wrote: >> >Hello, >> >We are currently using Radiator and MySQL for a SessionDB. As a wholesale >> >provider, we have two ways for our wholesalers to access accounts. >> > >> >1. Per Port - An ISP is assigned a unique DNIS to which all radius >requested >> >are directed at thier radius server by proxy. We do this by the following >> >method. >> > >> > >> > >> > Host xxx.xxx.xxx.xxx >> > Secret VeryVerySecret >> > AuthPort 1645 >> > AcctPort 1646 >> > Retries 5 >> > RetryTimeout 15 >> > >> > >> >This method seems to be slow, as we have to search through a few hundred >> >DNISs for the same provider, if they have multiple DNISs. So I am looking >> >for a way to use one statement that will search each providers list of >> >DNISs. Also, when a customer dials in, thier username is just username. >It >> >there a way to make the session database show [EMAIL PROTECTED], but >> >still pass username to the proxy radius server? >> >> >> If you are using the "CalledStationId.pm" file from the goodies >> section of the distribution, there is almost no overhead, as the >> number that is specified in the definition is used as a key to >> directly access that clause. This is by far the fastest way to >> process large numbers of phone numbers. >> >> For your second question, you can use RewriteUsername(s) and custom >> queries for the SessionDatabase to do what you require. >> >> >> >2. Per User - An ISP is assigned a Unique REALM via a or > >Realm=> Clause. This gets very very complicated, so it there a way to >> >simplify this? >> >> >> I don't understand the problem, sorry. Can you elaborate? >> >> >> >Also, 1 ISP does not use a realm, so is there a way to make >> >the session database show [EMAIL PROTECTED] and the radius server >check >> >for just username? >> >> See above - RewriteUsername(s) and custom queries. >> >> regards >> >> Hugh >> >> -- >> >> NB: I am travelling this week, so there may be delays in our >correspondence. >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. >> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. >> -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase
Hi, By default, what entry does Radiator to put into the Session Database? From what I can see, it seems that it copies the as entered by the user, before any rewrite username, or other functions are used. Tom - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Tom Daly" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, July 06, 2001 5:44 AM Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase > > Hello Tom - > > At 12:17 -0400 01/7/5, Tom Daly wrote: > >Hello, > >We are currently using Radiator and MySQL for a SessionDB. As a wholesale > >provider, we have two ways for our wholesalers to access accounts. > > > >1. Per Port - An ISP is assigned a unique DNIS to which all radius requested > >are directed at thier radius server by proxy. We do this by the following > >method. > > > > > > > > Host xxx.xxx.xxx.xxx > > Secret VeryVerySecret > > AuthPort 1645 > > AcctPort 1646 > > Retries 5 > > RetryTimeout 15 > > > > > >This method seems to be slow, as we have to search through a few hundred > >DNISs for the same provider, if they have multiple DNISs. So I am looking > >for a way to use one statement that will search each providers list of > >DNISs. Also, when a customer dials in, thier username is just username. It > >there a way to make the session database show [EMAIL PROTECTED], but > >still pass username to the proxy radius server? > > > If you are using the "CalledStationId.pm" file from the goodies > section of the distribution, there is almost no overhead, as the > number that is specified in the definition is used as a key to > directly access that clause. This is by far the fastest way to > process large numbers of phone numbers. > > For your second question, you can use RewriteUsername(s) and custom > queries for the SessionDatabase to do what you require. > > > >2. Per User - An ISP is assigned a Unique REALM via a or >Realm=> Clause. This gets very very complicated, so it there a way to > >simplify this? > > > I don't understand the problem, sorry. Can you elaborate? > > > >Also, 1 ISP does not use a realm, so is there a way to make > >the session database show [EMAIL PROTECTED] and the radius server check > >for just username? > > See above - RewriteUsername(s) and custom queries. > > regards > > Hugh > > -- > > NB: I am travelling this week, so there may be delays in our correspondence. > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous Use Problems
Hello Jonathon -
I will need to see the trace debug from Radiator to see what is going on.
thanks
Hugh
At 9:34 -0700 01/7/6, Jonathon Lindbo wrote:
>Hi,
>
>I have been trying for the past 4 days to get my Simultaneous Login
>restrictions to work. I am currently working with PM3's and have
>SNMP enabled on them all. I'm not sure what I am doing wrong.
>Below is the config that I am using. Any ideas ? Where should I
>look for debugging information on this. I am not seeing much in the
>radius.log.
>
>Thanks
>Jon Lindbo
>
>
>### BASE CONFIGURATION ###
>Trace 5
>PidFile /tmp/radiusd.pid
>AuthPort1645
>AcctPort1646
>LogDir /var/log/radiator
>DbDir /etc/radiator/raddb
>LogFile %L/radius.log
>SnmpgetProg /usr/local/bin/snmpget
>FingerProg /usr/bin/finger
>#LivingstonOffs 23
>#LivingstonHole 1
>LivingstonHole 0
>
>### CLIENT CONFIGURATION ###
>
> Secret BBsecretKEY
> DupInterval 2
> NasType Livingston
>
>
>### REALM CONFIGURATION ###
>
>
> RewriteUsername s/^([^@]+).*/$1/
> AcctLogFileName %L/%Ndetail
> AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name}
> PasswordLogFileName %L/password.log
> MaxSessions 1
>
> Identifier System
> Filename /etc/shadow
> Match ^([^:]*):([^:]*):?[^:]*:?([^:]*)
> DefaultSimultaneousUse 1
> AddToReply Service-Type = Framed-User,
>Framed-Protocol = PPP, Session-Timeout = 14400, Idle-Timeout = 1500
>
>
>
>
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on [EMAIL PROTECTED]
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Simultaneous Use Problems
I didn't know PM3's supported SNMP. You might want to find out whether SNMP
or Finger works with your equipment. If SNMP, you might want to specify an
SNMPCommunity entry for the .
Also, look in /var/log/radiator/radius.log and it will show you what
Radiator tries to do when it should be enforcing sim use. In the case of
SNMP, I know it will show you the whole Unix commanline that it runs, which
you can copy and paste onto your command line to test directly.
Also, if you're not sure what's in your SessionDatabase, you might want to
use a SessionDatabase DBM and then use the cgi to see who RADIATOR thinks is
online.
Dave
> -Original Message-
> From: Jonathon Lindbo [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 06, 2001 12:34 PM
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) Simultaneous Use Problems
>
>
> Hi,
>
> I have been trying for the past 4 days to get my Simultaneous Login
> restrictions to work. I am currently working with PM3's and
> have SNMP
> enabled on them all. I'm not sure what I am doing wrong.
> Below is the
> config that I am using. Any ideas ? Where should I look for
> debugging
> information on this. I am not seeing much in the radius.log.
>
> Thanks
> Jon Lindbo
>
>
> ### BASE CONFIGURATION ###
> Trace 5
> PidFile /tmp/radiusd.pid
> AuthPort1645
> AcctPort1646
> LogDir /var/log/radiator
> DbDir /etc/radiator/raddb
> LogFile %L/radius.log
> SnmpgetProg /usr/local/bin/snmpget
> FingerProg /usr/bin/finger
> #LivingstonOffs 23
> #LivingstonHole 1
> LivingstonHole 0
>
> ### CLIENT CONFIGURATION ###
>
> Secret BBsecretKEY
> DupInterval 2
> NasType Livingston
>
>
> ### REALM CONFIGURATION ###
>
>
> RewriteUsername s/^([^@]+).*/$1/
> AcctLogFileName %L/%Ndetail
> AcctLogFileFormat %{Timestamp} %{Acct-Session-Id}
> %{User-Name}
> PasswordLogFileName %L/password.log
> MaxSessions 1
>
> Identifier System
> Filename /etc/shadow
> Match ^([^:]*):([^:]*):?[^:]*:?([^:]*)
> DefaultSimultaneousUse 1
> AddToReply Service-Type = Framed-User,
> Framed-Protocol = PPP, Session-Timeout = 14400, Idle-Timeout = 1500
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Simultaneous Use Problems
Hi,
I have been trying for the past 4 days to get my Simultaneous Login
restrictions to work. I am currently working with PM3's and have SNMP
enabled on them all. I'm not sure what I am doing wrong. Below is the
config that I am using. Any ideas ? Where should I look for debugging
information on this. I am not seeing much in the radius.log.
Thanks
Jon Lindbo
### BASE CONFIGURATION ###
Trace 5
PidFile /tmp/radiusd.pid
AuthPort1645
AcctPort1646
LogDir /var/log/radiator
DbDir /etc/radiator/raddb
LogFile %L/radius.log
SnmpgetProg /usr/local/bin/snmpget
FingerProg /usr/bin/finger
#LivingstonOffs 23
#LivingstonHole 1
LivingstonHole 0
### CLIENT CONFIGURATION ###
Secret BBsecretKEY
DupInterval 2
NasType Livingston
### REALM CONFIGURATION ###
RewriteUsername s/^([^@]+).*/$1/
AcctLogFileName %L/%Ndetail
AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name}
PasswordLogFileName %L/password.log
MaxSessions 1
Identifier System
Filename /etc/shadow
Match ^([^:]*):([^:]*):?[^:]*:?([^:]*)
DefaultSimultaneousUse 1
AddToReply Service-Type = Framed-User,
Framed-Protocol = PPP, Session-Timeout = 14400, Idle-Timeout = 1500
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Strange accounting record Acct-Status-Type =Accounting-On
Hello Stafanita - These are normal startup packets from a NAS after it reboots, but it looks like you are not responding to them correctly. I suspect you may not have a Client entry for this NAS in the Radiator configuration file. I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. thanks Hugh At 15:10 +0300 01/7/5, Stefanita Vilcu wrote: >Hello, > >I have an Max TNT (sw ver. 8.0.3) and a Radiator (2.18.2) on a RedHat >Linux 6.2. >I receive some strage accounting packets very often, is there any way to >stop/ignore them? > >Thank you, > >Stefanita Vilcu > >*** Received from x.x.x.x port 7011 > >Packet length = 61 >04 2c 00 3d 1f 81 a7 c0 8f 3f 32 43 bd 1a 00 b3 >b1 6e 94 6c 04 06 c1 e2 64 45 1a 0c 00 00 02 11 >56 06 00 00 00 00 28 06 00 00 00 07 29 06 00 00 >04 a2 2c 0b 37 32 30 30 31 30 36 30 32 >Code: Accounting-Request >Identifier: 44 >Authentic: <31><129><167><192><143>?2C<189><26><0><179><177>n<148>l >Attributes: > NAS-IP-Address = x.x.x.x > Ascend-Owner-IP-Addr = 0.0.0.0 > Acct-Status-Type = Accounting-On > Acct-Delay-Time = 1186 > Acct-Session-Id = "720010602" > >14:19:21.797673 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:19:26.795443 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:19:31.795295 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:20:56.817318 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:21:01.798182 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:21:06.794379 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:25:13.787386 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:25:18.787312 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:25:23.787621 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:37:36.768373 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:37:41.770545 eth0 < bucharest2 7011 > xxx.radacct: udp 61 >14:37:46.767644 eth0 < bucharest2 7011 > xxx.radacct: udp 61 > > >-- >Stefanita Valeriu Vilcu, [EMAIL PROTECTED] >Dynamic Network Technologies, Romania >Tel: +40-1-2106863 Fax: +40-1-3122745 > > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) IPs allocated forever
Hi Jon - At 12:11 +0200 01/7/5, Jon Omagojeaskoa wrote: >Thanks Hugh > >My config-file was like: > > > DBSource ... > DBUsername ... > DBAuth ... > > GetClientQueryselect NASIDENTIFIER,SECRET,NULL,NULL, \ > DEFAULTREALM,NASTYPE,SNMPCOMMUNITY \ > from RADCLIENTLIST > > > > >I've added the DUPINTERVAL field to my RADCLIENTLIST table with >value "4" for the problematic NAS and: > > GetClientQueryselect >NASIDENTIFIER,SECRET,NULL,DUPINTERVAL, \ > DEFAULTREALM,NASTYPE,SNMPCOMMUNITY \ > from RADCLIENTLIST > > >Problem solved !! Good. > > >There are still "lost" IPs due to lost Stop-Packets, but I can clean >them once a day with a crontab-script that sets STATE=0 to those IPs >on RADPOOL that are not in RADONLINE.FRAMEDIPADDRESS. Is there a way >to do the same "cleaning" within radiusd using > > ReclaimQuery > DefaultLeasePeriod > LeaseReclaimInterval > >I work with MySQL database an nested SELECT querys are not allowed :-( > I think you will be better off doing your housekeeping outside Radiator. hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase
Hello Tom - At 12:17 -0400 01/7/5, Tom Daly wrote: >Hello, >We are currently using Radiator and MySQL for a SessionDB. As a wholesale >provider, we have two ways for our wholesalers to access accounts. > >1. Per Port - An ISP is assigned a unique DNIS to which all radius requested >are directed at thier radius server by proxy. We do this by the following >method. > > > > Host xxx.xxx.xxx.xxx > Secret VeryVerySecret > AuthPort 1645 > AcctPort 1646 > Retries 5 > RetryTimeout 15 > > >This method seems to be slow, as we have to search through a few hundred >DNISs for the same provider, if they have multiple DNISs. So I am looking >for a way to use one statement that will search each providers list of >DNISs. Also, when a customer dials in, thier username is just username. It >there a way to make the session database show [EMAIL PROTECTED], but >still pass username to the proxy radius server? If you are using the "CalledStationId.pm" file from the goodies section of the distribution, there is almost no overhead, as the number that is specified in the definition is used as a key to directly access that clause. This is by far the fastest way to process large numbers of phone numbers. For your second question, you can use RewriteUsername(s) and custom queries for the SessionDatabase to do what you require. >2. Per User - An ISP is assigned a Unique REALM via a or Realm=> Clause. This gets very very complicated, so it there a way to >simplify this? I don't understand the problem, sorry. Can you elaborate? >Also, 1 ISP does not use a realm, so is there a way to make >the session database show [EMAIL PROTECTED] and the radius server check >for just username? See above - RewriteUsername(s) and custom queries. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple SessionDatabases per Handler?
Hello Janet - You can specify multiple database targets in a single SessionDatabase SQL. # define multiple databases Identifier DSL-SessionCheck DBSource .. DBSource .. .. hth Hugh At 15:24 +1000 01/7/6, Janet N del Mundo wrote: >Hi, > >Is it possible to have more than one SessionDatabase (for SQL fallback >purposes) within one Handler? If not, how do I go about handling my >SessionDatabase SQL when the SQL cannot be reached? > >I tried to add a SessionDatabase NULL for a fallback from my >SessionDatabase SQL, but I received error messages when I restarted >Radiator. > > >Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in >radius_dsl.cfg line 394 >Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in >radius_dsl.cfg line 395 > ># Handle DSL users logging into the Shasta # > > > AuthByPolicy ContinueWhileIgnore > SessionDatabase DSL-SessionCheck > SessionDatabase NULL > > AuthByPolicy ContinueWhileAccept > AuthBy Check-DSL-Users > AuthBy Check-SQL-DSLUSERS > AuthBy DoAccounting > > >Any suggestions or comments? >Thanks, >Janet > >-- >_ >Janet del Mundo >Internet Administrator, Startec Global Communications >135 Chalan Santo Papa Agana, Guam 96910 >Email: [EMAIL PROTECTED] >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
