(RADIATOR) Cisco NAS boxen trouble
I was having trouble getting Framed-IP-Address to update in the Session database and couldn't figure out why. I got the following response from Cisco and thought I'd post it in case it helps anyone else. Chris - I see that you are having difficulty with the aaa accounting on PPP connections. The problem you describe is the result of ther router sending the accounting START record BEFORE the IPCP negotiation is complete. There are two ways to change this. The recommended way is to tell the router to send accounting UPDATEs when there is new information. This will accomplish what you are after -- getting the Framed-IP-Address sent to the Radius server. This is accomplished through this global configuration mode: aaa accounting update newinfo If, however, your accounting software cannot deal with START, UPDATE, and STOP records, there is another option, though it is officially not supported: aaa accounting delay-start Either of these should accomplish what you are after === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Using /etc/group
Hi, Is it possible for Radiator to examine the Unix group that a user is a member of to determine their connection profile (eg session time, idle time, etc.)? I am currently authenticating to /etc/passwd and writing to a flat detail file but would like to use the user's group to determine their connection profile. Barry Andersson
Re: (RADIATOR) check attributes
*This message was transferred with a trial version of CommuniGate(tm) Pro* Just forget what I said. there is a hole difference between Dic (from Diciembre in spanish) and Dec (from December in english) that was my prob. Best regards >Hello there: > > >I got the next realm config in my radius.cfg file: > > > > RejectHasReason > > DBSourcedbi:mysql:radius > DBUsername XX > DBAuth XX > > DefaultSimultaneousUse 1 > > AuthSelect select PASSWORD, TIMELEFT, CHECKATTR from SUBSCRIBERS > where USERNAME = '%n' and TIMELEFT > 0 > AuthColumnDef 0,User-Password,check > AuthColumnDef 1,Session-Timeout,reply > AuthColumnDef 2,GENERIC,check > > AccountingStopsOnly > AcctSQLStatement update SUBSCRIBERS set > TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n' > > > > > >I want to set into the CHECKATTR database field for a user this: > >Service-Type = Framed-User, NAS-Port-Type = Async, Expiration="Dic 29 2001" > >but I think I'm doing something wrong. No matter what date I set in the >Expiration attribute, radiator always said: > > Reply-Message = "Request Denied" > Reply-Message = "Expiration date has passed" > >What am I doing wrong? > > > > >Sergio Alejandro Gonzalez >Director Operativo >SkyNet de Colombia. >Bogota, Colombia, South America. >57 (+1) 6 422 020 >57 (+3) 7 285 094 > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. Sergio Alejandro Gonzalez Director Operativo SkyNet de Colombia. Bogota, Colombia, South America. 57 (+1) 6 422 020 57 (+3) 7 285 094 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) check attributes
*This message was transferred with a trial version of CommuniGate(tm) Pro* Hello there: I got the next realm config in my radius.cfg file: RejectHasReason DBSourcedbi:mysql:radius DBUsername XX DBAuth XX DefaultSimultaneousUse 1 AuthSelect select PASSWORD, TIMELEFT, CHECKATTR from SUBSCRIBERS where USERNAME = '%n' and TIMELEFT > 0 AuthColumnDef 0,User-Password,check AuthColumnDef 1,Session-Timeout,reply AuthColumnDef 2,GENERIC,check AccountingStopsOnly AcctSQLStatement update SUBSCRIBERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n' I want to set into the CHECKATTR database field for a user this: Service-Type = Framed-User, NAS-Port-Type = Async, Expiration="Dic 29 2001" but I think I'm doing something wrong. No matter what date I set in the Expiration attribute, radiator always said: Reply-Message = "Request Denied" Reply-Message = "Expiration date has passed" What am I doing wrong? Sergio Alejandro Gonzalez Director Operativo SkyNet de Colombia. Bogota, Colombia, South America. 57 (+1) 6 422 020 57 (+3) 7 285 094 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) WARNING messages polluting my log :-/
Hello guys, Has anyone seen these kinds of errors in their authlog? WARNING: OnlineDatabase Could not find a Client for NAS xxx.xxx.xxx.xxx to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Where OnlineDatabase is the Identifier for my SQL SessionDatabase. I must say, that the IP address for NAS is not in my Clients file, so I'm actually wondering where that IP address comes from, and why I'm getting these errors for a NAS that shouldn't even be replied to. Thanks, -Andy -- Andy De Petter - http://www.techos.be/andy - [EMAIL PROTECTED] (ROT13) Senior System Engineer - Skynet Operations - http://www.skynet.be === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Failed Auth
Hello Rick - Thanks for sending the debug output. It shows that Radiator is accepting the requests, however I do not see any reply attributes in the Access-Accept. >From your configuration file I would have expected to see the Service-Type and the Framed-Protocol reply attributes as specified with the AddToReply. What version of Radiator are you running? And on what platform? thanks Hugh On Thu, 27 Dec 2001 09:53, Rick Ross wrote: > What do i need to do to make this work > what am I missing do I need to have diffrent reply attribs we are useing > CHAP > with Mysql Im just not seeing what I need in the docs or I am just > overlooking it > Rick > ppp log from remot computer## > 12-26-2001 11:25:52.78 - Microsoft Dial Up Adapter log opened. > 12-26-2001 11:25:52.78 - Server type is PPP (Point to Point Protocol). > 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol 80fd (CCP) to > control protocol chain. > 12-26-2001 11:25:52.78 - FSA : Protocol not bound - skipping control > protocol 803f (NBFCP). > 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol 8021 (IPCP) to > control protocol chain. > 12-26-2001 11:25:52.78 - FSA : Protocol not bound - skipping control > protocol 802b (IPXCP). > 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol c029 (CallbackCP) to > control protocol chain. > 12-26-2001 11:25:52.78 - FSA : Encrypted Password required. > 12-26-2001 11:25:52.78 - FSA : Encrypted Password required. > 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol c223 (CHAP) to > control protocol chain. > 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol c021 (LCP) to > control protocol chain. > 12-26-2001 11:25:52.78 - LCP : Callback negotiation enabled. > 12-26-2001 11:25:52.78 - LCP : Layer started. > 12-26-2001 11:25:52.78 - PPP : Transmitting Control Packet of length: 25 > 12-26-2001 11:25:52.78 - Data : c0 21 01 01 00 17 02 06 | .!. > 12-26-2001 11:25:52.78 - Data 0008: 00 0a 00 00 05 06 00 52 | ...R > 12-26-2001 11:25:52.78 - Data 0010: 4a 24 07 02 08 02 0d 03 | J$.. > 12-26-2001 11:25:52.78 - Data 0018: 06 00 00 00 00 00 00 00 | > 12-26-2001 11:25:53.44 - PPP : Received Control Packet of length: 9 > 12-26-2001 11:25:53.44 - Data : c0 21 04 01 00 07 0d 03 | .!.. > 12-26-2001 11:25:53.44 - Data 0008: 06 00 00 00 00 00 00 00 | > 12-26-2001 11:25:53.44 - LCP : Received configure reject for callback > control protocol option. > 12-26-2001 11:25:53.44 - PPP : Transmitting Control Packet of length: 22 > 12-26-2001 11:25:53.44 - Data : c0 21 01 02 00 14 02 06 | .!.. > 12-26-2001 11:25:53.44 - Data 0008: 00 0a 00 00 05 06 00 52 | ...R > 12-26-2001 11:25:53.44 - Data 0010: 4a 24 07 02 08 02 00 00 | J$.. > 12-26-2001 11:25:53.60 - PPP : Received Control Packet of length: 22 > 12-26-2001 11:25:53.60 - Data : c0 21 02 02 00 14 02 06 | .!.. > 12-26-2001 11:25:53.60 - Data 0008: 00 0a 00 00 05 06 00 52 | ...R > 12-26-2001 11:25:53.60 - Data 0010: 4a 24 07 02 08 02 00 00 | J$.. > 12-26-2001 11:25:55.36 - PPP : Received Control Packet of length: 54 > 12-26-2001 11:25:55.36 - Data : c0 21 01 02 00 34 02 06 | .!...4.. > 12-26-2001 11:25:55.36 - Data 0008: 00 0a 00 00 03 05 c2 23 | ...# > 12-26-2001 11:25:55.36 - Data 0010: 05 05 06 54 03 bf aa 07 | ...T > 12-26-2001 11:25:55.36 - Data 0018: 02 08 02 11 04 05 f4 13 | > 12-26-2001 11:25:55.36 - Data 0020: 17 01 6e 61 73 31 30 2e | .nas10. > 12-26-2001 11:25:55.36 - Data 0028: 61 72 6c 69 6e 67 74 6f | arlingto > 12-26-2001 11:25:55.36 - Data 0030: 6e 31 2e 76 61 2e 00 00 | n1.va... > 12-26-2001 11:25:55.36 - LCP : Received and accepted ACCM of a. > 12-26-2001 11:25:55.36 - LCP : Received and accepted authentication > protocol c223 (CHAP). > 12-26-2001 11:25:55.36 - LCP : Received and accepted magic number 5403bfaa. > 12-26-2001 11:25:55.36 - LCP : Received and accepted protocol field > compression option. > 12-26-2001 11:25:55.36 - LCP : Received and accepted address+control field > compression option. > 12-26-2001 11:25:55.36 - PPP : Transmitting Control Packet of length: 33 > 12-26-2001 11:25:55.36 - Data : c0 21 04 02 00 1f 11 04 | .!. > 12-26-2001 11:25:55.36 - Data 0008: 05 f4 13 17 01 6e 61 73 | nas > 12-26-2001 11:25:55.36 - Data 0010: 31 30 2e 61 72 6c 69 6e | 10.arlin > 12-26-2001 11:25:55.36 - Data 0018: 67 74 6f 6e 31 2e 76 61 | gton1.va > 12-26-2001 11:25:55.36 - Data 0020: 2e 00 00 00 00 00 00 00 | > 12-26-2001 11:25:55.52 - PPP : Received Control Packet of length: 27 > 12-26-2001 11:25:55.52 - Data : c0 21 01 03 00 19 02 06 | .!. > 12-26-2001 11:25:55.52 - Data 0008: 00 0a 00 00 03 05 c2 23 | ...# > 12-26-2001 11:25:55.52 - Data 0010: 05 05 06 54 03 bf aa 07 | ...T > 12-26-2001 11:25:55.52 - Data 0018: 02 08 02 00 00 00 00 00 | > 12-26-2001 11:25:55.52 - LCP : Received and accepted ACCM of a. > 12-26-2001 11:25:55.52 - LCP : Received and accepted authentica