Re: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
Hello Alain -
As the error message in the log file says, you will need a Realm or Handler
clause to deal with the Disconnect-Request. You will also need software on
the NAS that understands Disconnect-Request.
Also note that when the NAS is configured to process Disconnect-Request it is
acting as a Radius server for this operation, and hence, your Radiator will
in fact need to be configured to proxy the Disconnect-Request to the NAS.
The first thing to do though is to check that your NAS supports
Disconnect-Request, second you will have to configure the NAS to process the
requests correctly, and third (optional) you can configure Radiator to
forward the requests correctly.
NOTE: you can also send the Disconnect-Request directly to the NAS from
radpwtst without going through Radiator at all (this may be easier in any
case).
hth
Hugh
On Friday 13 July 2001 02:44, Gonzalez Castillo, Alain wrote:
Hi, i need to disconnect an user.
When i use radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=
logfile tell me:
Thu Jul 12 20:35:30 2001: DEBUG: Check if Handler Realm= should be used
to handle this request
Thu Jul 12 20:35:30 2001: WARNING: Could not find a handler for : request
is ignored
No reply
Muy conf file is this:
# Radiator configuration file.
# Produced by /cgi-bin/radconfig.cgi Fri Jul 6 21:01:45 2001
#REMOTE_USER: , REMOTE_ADDR:
AcctPort 1646
AuthPort 1645
DbDir .
Foreground
LogDir .
LogStdout
AddressAllocator SQL
DBAuth
DBSource dbi:mysql:
DBUsername
Identifier direccionesip
AddressPool pool1
DNSServer
Range
Subnetmask
/AddressPool
/AddressAllocator
AuthBy SQL
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
DBAuth
DBSource dbi:mysql:user_BLOSTE
DBUsername root
Identifier ID_0
/AuthBy
ClientListSQL
DBAuth
DBSource dbi:mysql:
DBUsername root
/ClientListSQL
Log SQL
DBAuth
DBSource dbi:mysql:
DBUsername
LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) values (%t,
'$p', '$s')
Trace 3
/Log
Log FILE
Filename logfile.radiator
Identifier log radiator
Trace 5
/Log
Realm
AuthBy ID_0
AuthByPolicy ContinueWhileIgnore
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase Sesion SQL
AuthBy DYNADDRESS
Allocator direccionesip
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
PoolHint %{Reply:PoolHint}
StripFromReply PoolHint
/AuthBy
/Realm
SessionDatabase SQL
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE)
values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
'%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
where USERNAME='%u'
DBAuth
DBSource dbi:mysql:
DBUsername
DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
NASPORT=0%{NAS-Port}
Description Logs
Identifier Sesion SQL
/SessionDatabase
Anyone can help me?
My NAS is an Cisco AS5300.
Thanks.
Alain.
Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1
Content-Transfer-Encoding: quoted-printable
Content-Description:
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions issue, still a problem
Hello Vangelis - Actually, an internal session database is exactly that - a session database held entirely in memory. The username in each request is what is used, as follows: Access-Request - check current sessions and reject if limit exceeded, Accounting Start - add new record, Accounting Start - delete record. regards Hugh On Thursday 12 July 2001 22:33, Vangelis Kyriakakis wrote: I think the problem when you use the Internal session database is that it uses the username from the Accounting file to count the number of sessions. When a new user logs in it checks the rewritten username against the session database. So it checks with the name uunoc and not with the [EMAIL PROTECTED] and sees that it hasn't logged in again. I had the same problem with small and capital letters. Maxsession 0 works always since it's no need to check the session database... Vangelis Dmitry Kopylov wrote: Hi, I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here is part of config and trace 4 output: Handler Realm=bbeyond.nl RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE /AuthBy AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log /Handler If I set MaxSessions 0, it works and rejects all sessions, but when I set MaxSessions to 1 it allows the second connection with the same username. MaxSessions 0: Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Received from 62.177.149.2 port 1645 Code: Access-Request Identifier: 102 Authentic: z21117822170220204200219w65;11: Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "_178219A02012381923130183 28@q228" NAS-IP-Address = 213.116.1.14 NAS-Port = 70 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "328619273" Ascend-Data-Rate = 64000 Ascend-Xmit-Rate = 64000 Proxy-State = PX0100*z21117822170220204200219w65; 11:026149213t114000F02 7 20 1771443005220224199221h25 1 225 23613XA188NY153O Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be use d to handle this request Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl ' Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116 .1.14, 70 Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions exceeded Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Sending to 62.177.149.2 port 1645 Code: Access-Reject Identifier: 102 Authentic: z21117822170220204200219w65;11: Attributes: Reply-Message = "Request Denied" MaxSessions 1: Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: *** Received from 62.177.149.1 port 1645 Code: Access-Request Identifier: 173 Authentic: 24212 252)203T230252143P20122}9Y Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "e2181373\17241230gi150q 208cn" NAS-IP-Address = 213.116.1.30 NAS-Port = 2054 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "347654980" Ascend-Data-Rate = 64000 Ascend-Xmit-Rate = 64000 Proxy-State = PX0100925424212 252)203T230252143P2 0122}9Y026140213t1300086 0 2 7201771443005220u151253^ 30 H18 514223410v\w187218n Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be use d to handle this request Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl ' Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc Thu Jul 12 11:31:37 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116 .1.30, 2054 Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks
Re: (RADIATOR) Log Syslog not working on HPUX 11i =/
Hello John, Hello Chris -
What platform are you running on? Note that some syslog systems need to be
run with the -r flag.
From http://www.open.com.au/radiator/faq.html#66:
Recent versions of Linux syslogd do not by default listen to the UDP port
that the Perl Sys::Syslog module uses. In order to let Radiator and other
Perl sysloggers work, you need to restart syslogd with the -r flag.
Check the documentation for syslogd on your system.
hth
Hugh
On Friday 13 July 2001 07:59, Jon Nistor wrote:
[nistor@outpost2] /opt/radiator/bin: ./radiusd -v
This is Radiator 2.18 on outpost2
Copyright Open System Consultants
http://www.open.com.au/radiator
On Thu, 12 Jul 2001, Chris M wrote:
:::Is this 2.18.2? If so, I think I am having the same or similar issues.
:::
:::Chris
:::
::: From: Jon Nistor [EMAIL PROTECTED]
::: Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
::: To: [EMAIL PROTECTED]
::: Subject: (RADIATOR) Log Syslog not working on HPUX 11i =/
:::
::: Hey all,
:::
::: I've checked through the mail archives, and tried everything listed,
::: but I still can't get syslog to work for the life of me =/
:::
::: This is whats in the config:
::: Log SYSLOG
::: FacilityINFO
::: Trace 4
::: /Log
:::
::: I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a
::: syslog.ph file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
:::
::: Nothing comes through on syslog, when I test it out using Sys::Syslog,
:::
::: start
::: #!/opt/perl5/bin/perl
::: use Sys::Syslog;
::: openlog($ident,$logopt,$facility);
::: syslog('info', 'this is another test');
::: syslog('mail', 'this is a better test: %d', time);
::: closelog();
::: syslog('debug', 'this is the last test');
:::
::: end
:::
::: All that works fine .. Anyone have any insight? =/
:::
:::
::: --
::: ..+.+.=.+.*..-...\//...-..+..._+($)(_)#
::: ..%%@..[]@#.! Jon ([EMAIL PROTECTED]) Unix Systems
::: Administrator, Primus Canada. Tel. (416) 207-7612
::: emerg/afterhour: [EMAIL PROTECTED] cell. (416) 294-7780
::: Internet Services Group
::: ..EOF
:::
::: ===
::: Archive at http://www.open.com.au/archives/radiator/
::: Announcements on [EMAIL PROTECTED]
::: To unsubscribe, email '[EMAIL PROTECTED]' with
::: 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) variable question (realm)
Hello guys, Is there a variable that can be used, to log the realm, that the user went through, in an AuthLog SuccessFormat ? Thanks, -Andy -- *** DISCLAIMER *** This e-mail and any attachments thereto may contain information, which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions issue, still a problem
Hello Dmitry - Here is what I get with this configuration file (copied from your mail): Foreground Trace 4 Client DEFAULT Secret mysecret /Client Handler Realm=bbeyond.nl RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE Filename ./bbeyond.users /AuthBy AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log /Handler This is the debug: Fri Jul 13 17:00:42 2001: DEBUG: Reading users file ./bbeyond.users Fri Jul 13 17:00:42 2001: INFO: Server started: Radiator 2.18.2 on hugo Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Access-Request Identifier: 50 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = 141238,217175\424618889160216}x153 Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:02:35 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE looks for match with uunoc Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE ACCEPT: Fri Jul 13 17:02:35 2001: DEBUG: Access accepted for uunoc Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Access-Accept Identifier: 50 Authentic: 1234567890123456 Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.254 Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Accounting-Request Identifier: 51 Authentic: TW1965g15204x217Y@?+1899 Attributes: User-Name = [EMAIL PROTECTED] Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:02:35 2001: DEBUG: Adding session for [EMAIL PROTECTED], 203.63.154.1, 1234 Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE Fri Jul 13 17:02:35 2001: DEBUG: Accounting accepted Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Accounting-Response Identifier: 51 Authentic: TW1965g15204x217Y@?+1899 Attributes: Fri Jul 13 17:03:42 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Access-Request Identifier: 116 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] Service-Type = Framed-User NAS-IP-Address = 213.116.1.14 NAS-Port = 1234 NAS-Port-Type = Async User-Password = 141238,217175\424618889160216}x153 Fri Jul 13 17:03:42 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:03:42 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:03:42 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:03:42 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116.1.14, 1234 Fri Jul 13 17:03:42 2001: DEBUG: Checking if user is still online: unknown, [EMAIL PROTECTED], 203.63.154.1, 1234, 1234 Fri Jul 13 17:03:42 2001: INFO: Access rejected for uunoc: MaxSessions exceeded Fri Jul 13 17:03:42 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Access-Reject Identifier: 116 Authentic: 1234567890123456 Attributes: Reply-Message = Request Denied I can only think that you have set up the Client clauses differently - perhaps with a Nas-Type Ignore, which will not check the session database at all. Have a look at section 6.5.5 in the Radiator 2.18.2 reference manual for a discussion of the various Nas-Type options. regards Hugh On Thursday 12 July 2001 19:16, Dmitry Kopylov wrote: Hi, I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here is part of config and trace 4 output: Handler Realm=bbeyond.nl RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE /AuthBy AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log /Handler If I set MaxSessions 0, it works and rejects all sessions, but when I set MaxSessions to 1 it allows the second connection with the same username. MaxSessions 0: Thu Jul 12 11:30:06 2001:
Re: (RADIATOR) variable question (realm)
Hello Andy - Sure - %R (section 6.2 in the manual). cheers Hugh On Friday 13 July 2001 17:10, Andy De Petter wrote: Hello guys, Is there a variable that can be used, to log the realm, that the user went through, in an AuthLog SuccessFormat ? Thanks, -Andy -- *** DISCLAIMER *** This e-mail and any attachments thereto may contain information, which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) variable question (realm)
Odd..
I'm using:
SuccessFormat %l:%n:%P:%a:PASS:%N:%c:%R
FailureFormat %l:%n:%P:none:FAIL:%N:%c:%R
And, while it's logging, the last parameter remains empty :(
I'm using this as RewriteFunction:
RewriteFunction sub { my($a) = shift; $a =~ tr/A-Z/a-z/; $a =~ s/[\000]//g;
$a =~ s/^([^@]+).*/$1/; $a =~ s/[^A-Za-z0-9\.\-_\@]//g; $a; }
Any ideas?
-Andy
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 13 juli 2001 9:23
To: Andy De Petter; Radiator Mailing
Subject: Re: (RADIATOR) variable question (realm)
Hello Andy -
Sure - %R (section 6.2 in the manual).
cheers
Hugh
On Friday 13 July 2001 17:10, Andy De Petter wrote:
Hello guys,
Is there a variable that can be used, to log the realm, that
the user went
through, in an AuthLog SuccessFormat ?
Thanks,
-Andy
--
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
Title: RE: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
My NAS support Disconnect-Request.
Can u tell me how define Handler or Realm for forward the request correctly?
Thanks
-Mensaje original-
De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Enviado el: viernes, 13 de julio de 2001 8:39
Para: Gonzalez Castillo, Alain; '[EMAIL PROTECTED]'
Asunto: Re: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request
NAS-Port=xxx
Hello Alain -
As the error message in the log file says, you will need a Realm or Handler
clause to deal with the Disconnect-Request. You will also need software on
the NAS that understands Disconnect-Request.
Also note that when the NAS is configured to process Disconnect-Request it is
acting as a Radius server for this operation, and hence, your Radiator will
in fact need to be configured to proxy the Disconnect-Request to the NAS.
The first thing to do though is to check that your NAS supports
Disconnect-Request, second you will have to configure the NAS to process the
requests correctly, and third (optional) you can configure Radiator to
forward the requests correctly.
NOTE: you can also send the Disconnect-Request directly to the NAS from
radpwtst without going through Radiator at all (this may be easier in any
case).
hth
Hugh
On Friday 13 July 2001 02:44, Gonzalez Castillo, Alain wrote:
Hi, i need to disconnect an user.
When i use radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=
logfile tell me:
Thu Jul 12 20:35:30 2001: DEBUG: Check if Handler Realm= should be used
to handle this request
Thu Jul 12 20:35:30 2001: WARNING: Could not find a handler for : request
is ignored
No reply
Muy conf file is this:
# Radiator configuration file.
# Produced by /cgi-bin/radconfig.cgi Fri Jul 6 21:01:45 2001
#REMOTE_USER: , REMOTE_ADDR:
AcctPort 1646
AuthPort 1645
DbDir .
Foreground
LogDir .
LogStdout
AddressAllocator SQL
DBAuth
DBSource dbi:mysql:
DBUsername
Identifier direccionesip
AddressPool pool1
DNSServer
Range
Subnetmask
/AddressPool
/AddressAllocator
AuthBy SQL
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
DBAuth
DBSource dbi:mysql:user_BLOSTE
DBUsername root
Identifier ID_0
/AuthBy
ClientListSQL
DBAuth
DBSource dbi:mysql:
DBUsername root
/ClientListSQL
Log SQL
DBAuth
DBSource dbi:mysql:
DBUsername
LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) values (%t,
'$p', '$s')
Trace 3
/Log
Log FILE
Filename logfile.radiator
Identifier log radiator
Trace 5
/Log
Realm
AuthBy ID_0
AuthByPolicy ContinueWhileIgnore
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase Sesion SQL
AuthBy DYNADDRESS
Allocator direccionesip
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
PoolHint %{Reply:PoolHint}
StripFromReply PoolHint
/AuthBy
/Realm
SessionDatabase SQL
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE)
values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
'%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
where USERNAME='%u'
DBAuth
DBSource dbi:mysql:
DBUsername
DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
NASPORT=0%{NAS-Port}
Description Logs
Identifier Sesion SQL
/SessionDatabase
Anyone can help me?
My NAS is an Cisco AS5300.
Thanks.
Alain.
Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1
Content-Transfer-Encoding: quoted-printable
Content-Description:
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
RE: (RADIATOR) variable question (realm)
Maybe my question wasn't very well understood ;)))
My users authenticate with username and not with username@realm. I'm
forcing their realm, based on the access server they were using..
But my question was: how can I log the realm where they've been pushed into,
even though they didn't provide a realm themselves?
that's probably why the realm is empty in my log, because it will only the
realm that the user provided?
cheers,
-a
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Andy De Petter
Sent: vrijdag 13 juli 2001 9:49
To: Radiator Mailing
Subject: RE: (RADIATOR) variable question (realm)
Odd..
I'm using:
SuccessFormat %l:%n:%P:%a:PASS:%N:%c:%R
FailureFormat %l:%n:%P:none:FAIL:%N:%c:%R
And, while it's logging, the last parameter remains empty :(
I'm using this as RewriteFunction:
RewriteFunction sub { my($a) = shift; $a =~ tr/A-Z/a-z/; $a =~
s/[\000]//g;
$a =~ s/^([^@]+).*/$1/; $a =~ s/[^A-Za-z0-9\.\-_\@]//g; $a; }
Any ideas?
-Andy
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 13 juli 2001 9:23
To: Andy De Petter; Radiator Mailing
Subject: Re: (RADIATOR) variable question (realm)
Hello Andy -
Sure - %R (section 6.2 in the manual).
cheers
Hugh
On Friday 13 July 2001 17:10, Andy De Petter wrote:
Hello guys,
Is there a variable that can be used, to log the realm, that
the user went
through, in an AuthLog SuccessFormat ?
Thanks,
-Andy
--
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
Hello Alain -
As mentioned below, you can use radpwtst to send the Disconnect-Request
directly to the NAS. However, if you want to send it through Radiator you
will have to configure an AuthBy RADIUS clause pointing at the NAS and a
Realm or Handler clause to recognise the Disconnect-Request and send it to
the right NAS.
hth
Hugh
On Friday 13 July 2001 18:07, Gonzalez Castillo, Alain wrote:
My NAS support Disconnect-Request.
Can u tell me how define Handler or Realm for forward the request
correctly? Thanks
-Mensaje original-
De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Enviado el: viernes, 13 de julio de 2001 8:39
Para: Gonzalez Castillo, Alain; '[EMAIL PROTECTED]'
Asunto: Re: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request
NAS-Port=xxx
Hello Alain -
As the error message in the log file says, you will need a Realm or Handler
clause to deal with the Disconnect-Request. You will also need software on
the NAS that understands Disconnect-Request.
Also note that when the NAS is configured to process Disconnect-Request it
is
acting as a Radius server for this operation, and hence, your Radiator will
in fact need to be configured to proxy the Disconnect-Request to the NAS.
The first thing to do though is to check that your NAS supports
Disconnect-Request, second you will have to configure the NAS to process
the
requests correctly, and third (optional) you can configure Radiator to
forward the requests correctly.
NOTE: you can also send the Disconnect-Request directly to the NAS from
radpwtst without going through Radiator at all (this may be easier in any
case).
hth
Hugh
On Friday 13 July 2001 02:44, Gonzalez Castillo, Alain wrote:
Hi, i need to disconnect an user.
When i use radpwtst -noacct -noauth -code Disconnect-Request
NAS-Port=
logfile tell me:
Thu Jul 12 20:35:30 2001: DEBUG: Check if Handler Realm= should be
used
to handle this request
Thu Jul 12 20:35:30 2001: WARNING: Could not find a handler for : request
is ignored
No reply
Muy conf file is this:
# Radiator configuration file.
# Produced by /cgi-bin/radconfig.cgi Fri Jul 6 21:01:45 2001
#REMOTE_USER: , REMOTE_ADDR:
AcctPort 1646
AuthPort 1645
DbDir .
Foreground
LogDir .
LogStdout
AddressAllocator SQL
DBAuth
DBSource dbi:mysql:
DBUsername
Identifier direccionesip
AddressPool pool1
DNSServer
Range
Subnetmask
/AddressPool
/AddressAllocator
AuthBy SQL
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
DBAuth
DBSource dbi:mysql:user_BLOSTE
DBUsername root
Identifier ID_0
/AuthBy
ClientListSQL
DBAuth
DBSource dbi:mysql:
DBUsername root
/ClientListSQL
Log SQL
DBAuth
DBSource dbi:mysql:
DBUsername
LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) values (%t,
'$p', '$s')
Trace 3
/Log
Log FILE
Filename logfile.radiator
Identifier log radiator
Trace 5
/Log
Realm
AuthBy ID_0
AuthByPolicy ContinueWhileIgnore
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase Sesion SQL
AuthBy DYNADDRESS
Allocator direccionesip
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
PoolHint %{Reply:PoolHint}
StripFromReply PoolHint
/AuthBy
/Realm
SessionDatabase SQL
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE)
values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
'%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
where USERNAME='%u'
DBAuth
DBSource dbi:mysql:
DBUsername
DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
NASPORT=0%{NAS-Port}
Description Logs
Identifier Sesion SQL
/SessionDatabase
Anyone can help me?
My NAS is an Cisco AS5300.
Thanks.
Alain.
Content-Type: text/html;
Re: (RADIATOR) variable question (realm)
Hi Andy -
Ahhh - correct.
You will have to use a PreAuthHook, in which you can include the rewrite that
you show below, as well as add a pseudo-attribute for the Realm.
Something like this:
my $realm = .;
$p-add_attr('User-Realm', $realm);
Then in your AuthLog you can use %{User-Realm} instead of $R.
hth
Hugh
On Friday 13 July 2001 18:23, Andy De Petter wrote:
Maybe my question wasn't very well understood ;)))
My users authenticate with username and not with username@realm. I'm
forcing their realm, based on the access server they were using..
But my question was: how can I log the realm where they've been pushed
into, even though they didn't provide a realm themselves?
that's probably why the realm is empty in my log, because it will only the
realm that the user provided?
cheers,
-a
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Andy De Petter
Sent: vrijdag 13 juli 2001 9:49
To: Radiator Mailing
Subject: RE: (RADIATOR) variable question (realm)
Odd..
I'm using:
SuccessFormat %l:%n:%P:%a:PASS:%N:%c:%R
FailureFormat %l:%n:%P:none:FAIL:%N:%c:%R
And, while it's logging, the last parameter remains empty :(
I'm using this as RewriteFunction:
RewriteFunction sub { my($a) = shift; $a =~ tr/A-Z/a-z/; $a =~
s/[\000]//g;
$a =~ s/^([^@]+).*/$1/; $a =~ s/[^A-Za-z0-9\.\-_\@]//g; $a; }
Any ideas?
-Andy
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 13 juli 2001 9:23
To: Andy De Petter; Radiator Mailing
Subject: Re: (RADIATOR) variable question (realm)
Hello Andy -
Sure - %R (section 6.2 in the manual).
cheers
Hugh
On Friday 13 July 2001 17:10, Andy De Petter wrote:
Hello guys,
Is there a variable that can be used, to log the realm, that
the user went
through, in an AuthLog SuccessFormat ?
Thanks,
-Andy
--
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information,
which is confidential and/or protected by intellectual property
rights and are intended for the sole use of the recipient(s) named
above. Any use of the information contained herein (including, but
not limited to, total or partial reproduction, communication or
distribution in any form) by persons other than the designated
recipient(s) is prohibited. If you have received this e-mail in
error, please notify the sender either by telephone or by e-mail and
delete the material from any computer. Thank you for your
cooperation.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) MaxSessions issue, still a problem
Hello, and the problem here is that NAS generates the Access-Request in form "username@realm", proxy stripes off the the realmname and my Radiator receives just "username". Whereas the accounting request approaches the Radiator in its original form e.g. "username@realm". So the session database is built up based on the "username@realm" and not on the "username". The question here is if it's possible to rewrite the User-Name in Accounting request? Or maybe there is another solution? regards, Dmitry Kopylov -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Friday, July 13, 2001 8:43 AM To: Vangelis Kyriakakis; [EMAIL PROTECTED] Subject: Re: (RADIATOR) MaxSessions issue, still a problem Hello Vangelis - Actually, an internal session database is exactly that - a session database held entirely in memory. The username in each request is what is used, as follows: Access-Request - check current sessions and reject if limit exceeded, Accounting Start - add new record, Accounting Start - delete record. regards Hugh On Thursday 12 July 2001 22:33, Vangelis Kyriakakis wrote: I think the problem when you use the Internal session database is that it uses the username from the Accounting file to count the number of sessions. When a new user logs in it checks the rewritten username against the session database. So it checks with the name uunoc and not with the [EMAIL PROTECTED] and sees that it hasn't logged in again. I had the same problem with small and capital letters. Maxsession 0 works always since it's no need to check the session database... Vangelis Dmitry Kopylov wrote: Hi, I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here is part of config and trace 4 output: Handler Realm=bbeyond.nl RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE /AuthBy AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log /Handler If I set MaxSessions 0, it works and rejects all sessions, but when I set MaxSessions to 1 it allows the second connection with the same username. MaxSessions 0: Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Received from 62.177.149.2 port 1645 Code: Access-Request Identifier: 102 Authentic: z21117822170220204200219w65;11: Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "_178219A02012381923130183 28@q228" NAS-IP-Address = 213.116.1.14 NAS-Port = 70 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "328619273" Ascend-Data-Rate = 64000 Ascend-Xmit-Rate = 64000 Proxy-State = PX0100*z21117822170220204200219w65; 11:026149213t114000F02 7 20 1771443005220224199221h25 1 225 23613XA188NY153O Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be use d to handle this request Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl ' Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116 .1.14, 70 Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions exceeded Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Sending to 62.177.149.2 port 1645 Code: Access-Reject Identifier: 102 Authentic: z21117822170220204200219w65;11: Attributes: Reply-Message = "Request Denied" MaxSessions 1: Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: *** Received from 62.177.149.1 port 1645 Code: Access-Request Identifier: 173 Authentic: 24212 252)203T230252143P20122}9Y Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "e2181373\17241230gi150q 208cn" NAS-IP-Address = 213.116.1.30 NAS-Port = 2054 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "347654980"
(RADIATOR) Check/Reply Question
--- Forwarded mail from [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Fri, 13 Jul 2001 05:20:50 -0500 To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Jonathan [EMAIL PROTECTED]] From [EMAIL PROTECTED] Fri Jul 13 05:20:49 2001 Received: from mail.ur.nl (bpapa.ur.nl [212.45.32.139]) by server1.open.com.au (8.11.0/8.11.0) with SMTP id f6DAKmD14232 for [EMAIL PROTECTED]; Fri, 13 Jul 2001 05:20:49 -0500 Received: from [212.45.44.146] (HELO tigger) by mail.ur.nl (Stalker SMTP Server 1.8b6) with SMTP id S.148755 for [EMAIL PROTECTED]; Fri, 13 Jul 2001 14:13:19 +0200 From: Jonathan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Check/Reply Question Date: Fri, 13 Jul 2001 14:12:00 +0200 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Hi all, Like many before me, I've wrestled with check and reply items. I won, but I still want to have something cleared up: userUser-Password = xxx, Service-Type = Framed-User, Framed-IP-Address = xxx.xx.xx.xxx, Framed-IP-Netmask = 255.255.255.255, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP I had to remove the ',' after User-Password to make it work. Found it in the mailinglist archives, the documentation seems to suggest using that extra ',' however. So what I want to know is why the ',' isn't needed here. Is it to separate check and reply items that one needs to get rid of it? Username and User-Password are check items, the rest of them reply items? Thnx! Jonathan ---End of forwarded mail from [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Log Syslog not working on HPUX 11i =/
by default HPUX uses syslogd -D (Prevent the kernel from directly printing
its messages on the system console.). I've tried with -r, syslog by
itself, you name the combination, I can't figure out why it wouldn't be
doing it =/
its an HPUX 11i, Lclass PA2.0RISC box (800 series).
On Fri, 13 Jul 2001, Hugh Irvine wrote:
:::
:::Hello John, Hello Chris -
:::
:::What platform are you running on? Note that some syslog systems need to be
:::run with the -r flag.
:::
:::From http://www.open.com.au/radiator/faq.html#66:
:::
:::Recent versions of Linux syslogd do not by default listen to the UDP port
:::that the Perl Sys::Syslog module uses. In order to let Radiator and other
:::Perl sysloggers work, you need to restart syslogd with the -r flag.
:::
:::Check the documentation for syslogd on your system.
:::
:::hth
:::
:::Hugh
:::
:::
:::On Friday 13 July 2001 07:59, Jon Nistor wrote:
::: [nistor@outpost2] /opt/radiator/bin: ./radiusd -v
:::
:::
::: This is Radiator 2.18 on outpost2
:::
::: Copyright Open System Consultants
:::
::: http://www.open.com.au/radiator
:::
::: On Thu, 12 Jul 2001, Chris M wrote:
::: :::Is this 2.18.2? If so, I think I am having the same or similar issues.
::: :::
::: :::Chris
::: :::
::: ::: From: Jon Nistor [EMAIL PROTECTED]
::: ::: Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
::: ::: To: [EMAIL PROTECTED]
::: ::: Subject: (RADIATOR) Log Syslog not working on HPUX 11i =/
::: :::
::: ::: Hey all,
::: :::
::: ::: I've checked through the mail archives, and tried everything listed,
::: ::: but I still can't get syslog to work for the life of me =/
::: :::
::: ::: This is whats in the config:
::: ::: Log SYSLOG
::: ::: FacilityINFO
::: ::: Trace 4
::: ::: /Log
::: :::
::: ::: I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a
::: ::: syslog.ph file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
::: :::
::: ::: Nothing comes through on syslog, when I test it out using Sys::Syslog,
::: :::
::: ::: start
::: ::: #!/opt/perl5/bin/perl
::: ::: use Sys::Syslog;
::: ::: openlog($ident,$logopt,$facility);
::: ::: syslog('info', 'this is another test');
::: ::: syslog('mail', 'this is a better test: %d', time);
::: ::: closelog();
::: ::: syslog('debug', 'this is the last test');
::: :::
::: ::: end
::: :::
::: ::: All that works fine .. Anyone have any insight? =/
::: :::
::: :::
::: ::: --
::: ::: ..+.+.=.+.*..-...\//...-..+..._+($)(_)#
::: ::: ..%%@..[]@#.! Jon ([EMAIL PROTECTED]) Unix Systems
::: ::: Administrator, Primus Canada. Tel. (416) 207-7612
::: ::: emerg/afterhour: [EMAIL PROTECTED] cell. (416) 294-7780
::: ::: Internet Services Group
::: ::: ..EOF
::: :::
::: ::: ===
::: ::: Archive at http://www.open.com.au/archives/radiator/
::: ::: Announcements on [EMAIL PROTECTED]
::: ::: To unsubscribe, email '[EMAIL PROTECTED]' with
::: ::: 'unsubscribe radiator' in the body of the message.
:::
:::
--
.+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.!
Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada.
Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED]
cell. (416) 294-7780 Internet Services Group
.EOF
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) LDAP2 and ServerChecksPassword
Greetings all,
After using radiator for some time with AuthBy SQL, i'm looking at
tying it into our new directory via LDAP. However, i'm having some
difficulty with AuthBy LADP2, specifically the ServerChecksPassword
parameter. As i understand it, This should cause the LDAP module to
attempt to bind with the directory using the username and password logged
in with, as opposed to specifying one with AuthDN and AuthPassword. From
what i can tell though, this is not happening on my server. Instead,
unless i hard specify the AuthDN and AuthPassword, it binds without
authentication. I'm running Radiator-2.18.2-3 installed via RPM. Some
snippets below:
Start config file excerpt:
Realm DEFAULT
AuthBy LDAP2
ServerChecksPassword
Host10.1.1.1
BaseDN cn=visi.net
PasswordAttruserPassword
UsernameAttruid
Debug 255
/AuthBy
End config file excerpt
Start log file excerpt
Fri Jul 13 15:02:34 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Jul 13 15:02:34 2001: DEBUG: Deleting session for jgh, 203.63.154.1,
1234
Fri Jul 13 15:02:34 2001: DEBUG: Handling with Radius::AuthLDAP2
Fri Jul 13 15:02:34 2001: DEBUG: Connecting to 206.246.194.60, port 389
Fri Jul 13 15:02:34 2001: DEBUG: Attempting to bind with ,
Net::LDAP=HASH(0x87077c8) sending:
30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0`
30 12: SEQUENCE {
0002 021: INTEGER = 1
0005 607: [APPLICATION 0] {
0007 021: INTEGER = 2
000A 040: STRING = ''
000C 800: [CONTEXT 0]
000E: }
000E: }
Net::LDAP=HASH(0x87077c8) received:
30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0a
30 12: SEQUENCE {
0002 021: INTEGER = 1
0005 617: [APPLICATION 1] {
0007 0A1: ENUM = 0
000A 040: STRING = ''
000C 040: STRING = ''
000E: }
000E: }
// Jeremy HintonVisiNet
// [EMAIL PROTECTED] NOC Manager
// I've wrestled with reality for 35 years, doctor,
// and I'm happy to state I finally won out over it. -Elwood P Dowd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Log Syslog not working on HPUX 11i =/
Hi Hugh,
It's good to hear from you.
I'm on Linux RH 7.1.
The problem I am having with logging is that I had a known good config on
one machine and (you may remember all the problems I was having) I decided
to create a brand new box that was Redhat 7.1 and run Radiator on that.
The only new feature I added was taking the text of the clients out and
putting it in a SQL database RADCLIENTLIST. All other features stayed the
same in Radiator the way I was using it.
But when I switched to the new box, and started Radiator, Trace 4 messages
would appear in the log when I started Radiator but then would quit after
the RADCLIENTLIST was built (I'd see the messages from the SQL query and
then no more Trace 4 stuff appears in the raw logs).
The Syslog stuff I can't get to work but I don't think that is related to
the Trace 4 stuff quitting sometime after Radiator is started.
I'm not really sure what to look at. There is a lot of fire and brimstone
coming down around me at the moment but I'd be happy to try looking at some
things.
Chris
From: Hugh Irvine [EMAIL PROTECTED]
Organization: Open System Consultants
Reply-To: [EMAIL PROTECTED]
Date: Fri, 13 Jul 2001 16:31:09 +1000
To: Jon Nistor [EMAIL PROTECTED], Chris M [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Log Syslog not working on HPUX 11i =/
Hello John, Hello Chris -
What platform are you running on? Note that some syslog systems need to be
run with the -r flag.
From http://www.open.com.au/radiator/faq.html#66:
Recent versions of Linux syslogd do not by default listen to the UDP port
that the Perl Sys::Syslog module uses. In order to let Radiator and other
Perl sysloggers work, you need to restart syslogd with the -r flag.
Check the documentation for syslogd on your system.
hth
Hugh
On Friday 13 July 2001 07:59, Jon Nistor wrote:
[nistor@outpost2] /opt/radiator/bin: ./radiusd -v
This is Radiator 2.18 on outpost2
Copyright Open System Consultants
http://www.open.com.au/radiator
On Thu, 12 Jul 2001, Chris M wrote:
:::Is this 2.18.2? If so, I think I am having the same or similar issues.
:::
:::Chris
:::
::: From: Jon Nistor [EMAIL PROTECTED]
::: Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
::: To: [EMAIL PROTECTED]
::: Subject: (RADIATOR) Log Syslog not working on HPUX 11i =/
:::
::: Hey all,
:::
::: I've checked through the mail archives, and tried everything listed,
::: but I still can't get syslog to work for the life of me =/
:::
::: This is whats in the config:
::: Log SYSLOG
::: FacilityINFO
::: Trace 4
::: /Log
:::
::: I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a
::: syslog.ph file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
:::
::: Nothing comes through on syslog, when I test it out using Sys::Syslog,
:::
::: start
::: #!/opt/perl5/bin/perl
::: use Sys::Syslog;
::: openlog($ident,$logopt,$facility);
::: syslog('info', 'this is another test');
::: syslog('mail', 'this is a better test: %d', time);
::: closelog();
::: syslog('debug', 'this is the last test');
:::
::: end
:::
::: All that works fine .. Anyone have any insight? =/
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MegaPOP Auth Problems?
On Fri, 13 Jul 2001, Jeremy Bushman wrote: I am having some problems getting our new MegaPOP sites to auth users. The problem is that the username makes it ok, but the password shows up as a bunch of garbage. 99.999% of the time, garbled password == unmatched secrets. Some NASes don't seem to work correctly with secrets more or less than 16 characters. Maybe try that next. - D [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Remote buffer overflow vulnerability
Are any versions of Radiator vulnerable to this ? http://xforce.iss.net/alerts/advise87.php -- Dave St.Louis, Missouri === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) LDAP2 and ServerChecksPassword
Oops, i didn't go far enough into the logs i guess. It looks like
it goes anonymous for the initial search query, and then uses the supplied
username and password to authenticate the actual record lookup later.
Answered my own question ;).
- jeremy
On Fri, 13 Jul 2001, Jeremy Hinton wrote:
Greetings all,
After using radiator for some time with AuthBy SQL, i'm looking at
tying it into our new directory via LDAP. However, i'm having some
difficulty with AuthBy LADP2, specifically the ServerChecksPassword
parameter. As i understand it, This should cause the LDAP module to
attempt to bind with the directory using the username and password logged
in with, as opposed to specifying one with AuthDN and AuthPassword. From
what i can tell though, this is not happening on my server. Instead,
unless i hard specify the AuthDN and AuthPassword, it binds without
authentication. I'm running Radiator-2.18.2-3 installed via RPM. Some
snippets below:
Start config file excerpt:
Realm DEFAULT
AuthBy LDAP2
ServerChecksPassword
Host10.1.1.1
BaseDN cn=visi.net
PasswordAttruserPassword
UsernameAttruid
Debug 255
/AuthBy
End config file excerpt
Start log file excerpt
Fri Jul 13 15:02:34 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Jul 13 15:02:34 2001: DEBUG: Deleting session for jgh, 203.63.154.1,
1234
Fri Jul 13 15:02:34 2001: DEBUG: Handling with Radius::AuthLDAP2
Fri Jul 13 15:02:34 2001: DEBUG: Connecting to 206.246.194.60, port 389
Fri Jul 13 15:02:34 2001: DEBUG: Attempting to bind with ,
Net::LDAP=HASH(0x87077c8) sending:
30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0`
30 12: SEQUENCE {
0002 021: INTEGER = 1
0005 607: [APPLICATION 0] {
0007 021: INTEGER = 2
000A 040: STRING = ''
000C 800: [CONTEXT 0]
000E: }
000E: }
Net::LDAP=HASH(0x87077c8) received:
30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0a
30 12: SEQUENCE {
0002 021: INTEGER = 1
0005 617: [APPLICATION 1] {
0007 0A1: ENUM = 0
000A 040: STRING = ''
000C 040: STRING = ''
000E: }
000E: }
// Jeremy HintonVisiNet
// [EMAIL PROTECTED] NOC Manager
// I've wrestled with reality for 35 years, doctor,
// and I'm happy to state I finally won out over it. -Elwood P Dowd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
// Jeremy HintonVisiNet
// [EMAIL PROTECTED] NOC Manager
// I've wrestled with reality for 35 years, doctor,
// and I'm happy to state I finally won out over it. -Elwood P Dowd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Question about Rodopi?
Hello Chairarth - It only makes sense to keep your user definitions in a single database, so if you are going to use Rodopi you should keep all your users there. regards Hugh On Friday 13 July 2001 21:23, Chairarth K wrote: Hello Hugh, Maybe only in Rodopi , maybe in Ropopi and Radmin . Please advise us in both case . Thanks, Chairath Hugh Irvine wrote: Hello Chairarth - Where are you going to maintain your customer definitions? In Radmin, Rodopi, or both? regards Hugh At 13:49 +0700 01/7/12, Chairarth K wrote: There is any problem if we will use Radmin, Radiator and Rodopi billing at the same time. Regards, Chairath -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. Content-Type: text/html; charset=us-ascii; name=Attachment: 1 Content-Transfer-Encoding: 7bit Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Check/Reply Question
Hello Jonathon - Like many before me, I've wrestled with check and reply items. I won, but I still want to have something cleared up: userUser-Password = xxx, Service-Type = Framed-User, Framed-IP-Address = xxx.xx.xx.xxx, Framed-IP-Netmask = 255.255.255.255, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP I had to remove the ',' after User-Password to make it work. Found it in the mailinglist archives, the documentation seems to suggest using that extra ',' however. So what I want to know is why the ',' isn't needed here. Is it to separate check and reply items that one needs to get rid of it? Username and User-Password are check items, the rest of them reply items? You have answered your own question. All of the check items must appear on the first line (that starts in column 1 and does not end with a comma), while the reply items are on the second and subsequent lines (that start with white space and end with commas except the last line). Have a look at section 15.2 in the Radiator 2.18.2 reference manual. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Remote buffer overflow vulnerability
Hello Dave - On Saturday 14 July 2001 01:24, Dave Salaman wrote: Are any versions of Radiator vulnerable to this ? http://xforce.iss.net/alerts/advise87.php As you know, Radiator is written in Perl, which handles bounds checking for all variables automatically. Mike has stated that Radiator is not subject to this sort of attack. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions issue, still a problem
Hello Dmitry - I see. I think you have two choices: first (prefered) is to change the proxy so it sends you all requests with the realm intact, and second is to add an additional proxy in front of your Radiator that only rewrites the usernames. The only way that the session database is going to work reliably is if it always gets the usernames in the same format. regards Hugh On Friday 13 July 2001 20:58, Dmitry Kopylov wrote: Hello, and the problem here is that NAS generates the Access-Request in form "username@realm", proxy stripes off the the realmname and my Radiator receives just "username". Whereas the accounting request approaches the Radiator in its original form e.g. "username@realm". So the session database is built up based on the "username@realm" and not on the "username". The question here is if it's possible to rewrite the User-Name in Accounting request? Or maybe there is another solution? regards, Dmitry Kopylov -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Friday, July 13, 2001 8:43 AM To: Vangelis Kyriakakis; [EMAIL PROTECTED] Subject: Re: (RADIATOR) MaxSessions issue, still a problem Hello Vangelis - Actually, an internal session database is exactly that - a session database held entirely in memory. The username in each request is what is used, as follows: Access-Request - check current sessions and reject if limit exceeded, Accounting Start - add new record, Accounting Start - delete record. regards Hugh On Thursday 12 July 2001 22:33, Vangelis Kyriakakis wrote: I think the problem when you use the Internal session database is that it uses the username from the Accounting file to count the number of sessions. When a new user logs in it checks the rewritten username against the session database. So it checks with the name uunoc and not with the [EMAIL PROTECTED] and sees that it hasn't logged in again. I had the same problem with small and capital letters. Maxsession 0 works always since it's no need to check the session database... Vangelis Dmitry Kopylov wrote: Hi, I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here is part of config and trace 4 output: Handler Realm=bbeyond.nl RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE /AuthBy AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log /Handler If I set MaxSessions 0, it works and rejects all sessions, but when I set MaxSessions to 1 it allows the second connection with the same username. MaxSessions 0: Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Received from 62.177.149.2 port 1645 Code: Access-Request Identifier: 102 Authentic: z21117822170220204200219w65;11: Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "_178219A02012381923130183 28@q228" NAS-IP-Address = 213.116.1.14 NAS-Port = 70 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "328619273" Ascend-Data-Rate = 64000 Ascend-Xmit-Rate = 64000 Proxy-State = PX0100*z21117822170220204200219w65; 11:026149213t114000F02 7 20 1771443005220224199221h25 1 225 23613XA188NY153O Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be use d to handle this request Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl ' Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116 .1.14, 70 Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions exceeded Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Sending to 62.177.149.2 port 1645 Code: Access-Reject Identifier: 102 Authentic: z21117822170220204200219w65;11: Attributes: Reply-Message = "Request Denied" MaxSessions 1: Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:31:37 2001: DEBUG: Packet
Re: (RADIATOR) MegaPOP Auth Problems?
Hello Jeremy - This sounds very much like the shared secrets are not set correctly. hth Hugh On Saturday 14 July 2001 00:55, Jeremy Bushman wrote: I am having some problems getting our new MegaPOP sites to auth users. The problem is that the username makes it ok, but the password shows up as a bunch of garbage. I end up with entries like this: Tue Jul 10 20:55:17 2001:994816517:USERNAME:^Wg^UzaW:PASSWORD:FAIL:64.24.37.5 Tue Jul 10 20:55:35 2001:994816535:USERNAME:^Wg^UzaW:PASSWORD:FAIL:64.24.37.5 Tue Jul 10 20:58:50 2001:994816730:USERNAME:^X^S^Jo^A^N^WBb-^[:PASSWORD:FAIL:64.24.37.4 Tue Jul 10 20:59:08 2001:994816748:USERNAME:^X^S^Jo^A^N^WBb-^[:PASSWORD:FAIL:64.24.37.4 I've tried various MegaPOP numbers across the country and come up with the same problem. I can take the same user and dial into any of our POP's just fine. I've presented this information to MegaPOP and they just replied: When I run a radtest through our radius, I get a timeout. When I bounce it directly off your radius, I get Request Denied. This sounds like a problem(s) in your radius configuration. Could this possibly be a problem with my Client statement? An example: Client 216.126.128.8 Secret *** RewriteUsername s/\s//g; DupInterval 300 NasType ignore /Client I have an entry exactly like this for each of the MegaPOP radius servers, as well as a few of our RAS's. (Something with the NasType ignore that we need) I am also doing some re-writes in the Handler field, but that is just appending domains and converting uppercase to lowercase, the same things we are doing for all our POP's. I've tried a Trace 4 and it just looks like we are getting a bad password from MegaPOP. Anyone have any insight or ideas? Thank you. Jeremy Bushman (Voice) 563-557-8463 Network Operations Center MidWest Communications, Inc. 241 Main St.[EMAIL PROTECTED] Dubuque, IA 52001 [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
