(RADIATOR) Cisco NAS boxen trouble

2001-12-27 Thread Chris M 

I was having trouble getting Framed-IP-Address to update in the Session
database and couldn't figure out why.  I got the following response from
Cisco and thought I'd post it in case it helps anyone else.

Chris
-
I see that you are having difficulty with the aaa accounting on PPP
connections.

The problem you describe is the result of ther router sending the accounting
START record BEFORE the IPCP negotiation is complete.

There are two ways to change this.  The recommended way is to tell the
router to send accounting UPDATEs when there is new information.  This will
accomplish what you are after -- getting the Framed-IP-Address sent to the
Radius server.  This is accomplished through this global configuration mode:

  aaa accounting update newinfo

If, however, your accounting software cannot deal with START, UPDATE, and
STOP records, there is another option, though it is officially not
supported:

  aaa accounting delay-start

Either of these should accomplish what you are after


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Using /etc/group

2001-12-27 Thread Barry Andersson 



Hi,
 
Is it possible for Radiator to examine the Unix group that 
a user is a member of to determine their connection profile (eg session time, 
idle time, etc.)? 
 
I am currently authenticating to /etc/passwd 
and writing to a flat detail file but would like to use the user's group to 
determine their connection profile.
 
Barry Andersson
 

Re: (RADIATOR) check attributes

2001-12-27 Thread Sergio Gonzalez 

*This message was transferred with a trial version of CommuniGate(tm) Pro*

Just forget what I said.

there is a hole difference between Dic (from Diciembre in spanish) and Dec 
(from December in english)

that was my prob.


Best regards


>Hello there:
>
>
>I got the next realm config in my radius.cfg file:
>
>
>
>  RejectHasReason
>  
> DBSourcedbi:mysql:radius
> DBUsername  XX
> DBAuth  XX
>
> DefaultSimultaneousUse 1
>
> AuthSelect select PASSWORD, TIMELEFT, CHECKATTR from SUBSCRIBERS 
> where USERNAME = '%n'  and TIMELEFT > 0
> AuthColumnDef   0,User-Password,check
> AuthColumnDef   1,Session-Timeout,reply
> AuthColumnDef   2,GENERIC,check
>
> AccountingStopsOnly
> AcctSQLStatement update SUBSCRIBERS set 
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n'
>
> 
>
>
>
>I want to set into the CHECKATTR database field for a user this:
>
>Service-Type = Framed-User, NAS-Port-Type = Async, Expiration="Dic 29 2001"
>
>but I think I'm doing something wrong. No matter what date I set in the 
>Expiration attribute, radiator always said:
>
> Reply-Message = "Request Denied"
> Reply-Message = "Expiration date has passed"
>
>What am I doing wrong?
>
>
>
>
>Sergio Alejandro Gonzalez
>Director Operativo
>SkyNet de Colombia.
>Bogota, Colombia, South America.
>57 (+1) 6 422 020
>57 (+3) 7 285 094
>
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on [EMAIL PROTECTED]
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.

Sergio Alejandro Gonzalez
Director Operativo
SkyNet de Colombia.
Bogota, Colombia, South America.
57 (+1) 6 422 020
57 (+3) 7 285 094

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) check attributes

2001-12-27 Thread Sergio Gonzalez 

*This message was transferred with a trial version of CommuniGate(tm) Pro*
Hello there:


I got the next realm config in my radius.cfg file:



  RejectHasReason
  
 DBSourcedbi:mysql:radius
 DBUsername  XX
 DBAuth  XX

 DefaultSimultaneousUse 1

 AuthSelect select PASSWORD, TIMELEFT, CHECKATTR from SUBSCRIBERS 
where USERNAME = '%n'  and TIMELEFT > 0
 AuthColumnDef   0,User-Password,check
 AuthColumnDef   1,Session-Timeout,reply
 AuthColumnDef   2,GENERIC,check

 AccountingStopsOnly
 AcctSQLStatement update SUBSCRIBERS set 
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n'

 



I want to set into the CHECKATTR database field for a user this:

Service-Type = Framed-User, NAS-Port-Type = Async, Expiration="Dic 29 2001"

but I think I'm doing something wrong. No matter what date I set in the 
Expiration attribute, radiator always said:

 Reply-Message = "Request Denied"
 Reply-Message = "Expiration date has passed"

What am I doing wrong?




Sergio Alejandro Gonzalez
Director Operativo
SkyNet de Colombia.
Bogota, Colombia, South America.
57 (+1) 6 422 020
57 (+3) 7 285 094

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) WARNING messages polluting my log :-/

2001-12-27 Thread Andy De Petter 


Hello guys,

Has anyone seen these kinds of errors in their authlog?

WARNING: OnlineDatabase Could not find a Client for NAS xxx.xxx.xxx.xxx
to double-check Simultaneous-Use.  Perhaps you do not have a reverse DNS
for that NAS?

Where OnlineDatabase is the Identifier for my SQL SessionDatabase.  I
must say, that the IP address for NAS is not in my Clients file, so I'm
actually wondering where that IP address comes from, and why I'm getting
these errors for a NAS that shouldn't even be replied to.

Thanks,

-Andy

-- 
Andy De Petter - http://www.techos.be/andy - [EMAIL PROTECTED] (ROT13)
Senior System Engineer -  Skynet Operations  -  http://www.skynet.be

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Failed Auth

2001-12-27 Thread Hugh Irvine 


Hello Rick -

Thanks for sending the debug output. It shows that Radiator is accepting the 
requests, however I do not see any reply attributes in the Access-Accept. 
>From your configuration file I would have expected to see the Service-Type 
and the Framed-Protocol reply attributes as specified with the AddToReply.

What version of Radiator are you running? And on what platform?

thanks

Hugh


On Thu, 27 Dec 2001 09:53, Rick Ross wrote:
> What do i need to do to make this work
> what am I missing do I need to have diffrent reply attribs  we are useing
> CHAP
> with Mysql   Im just not seeing what I need in the docs or I am just
> overlooking it
> Rick
> ppp log from remot computer##
> 12-26-2001 11:25:52.78 - Microsoft Dial Up Adapter log opened.
> 12-26-2001 11:25:52.78 - Server type is  PPP (Point to Point Protocol).
> 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol 80fd (CCP) to
> control protocol chain.
> 12-26-2001 11:25:52.78 - FSA : Protocol not bound - skipping control
> protocol 803f (NBFCP).
> 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol 8021 (IPCP) to
> control protocol chain.
> 12-26-2001 11:25:52.78 - FSA : Protocol not bound - skipping control
> protocol 802b (IPXCP).
> 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol c029 (CallbackCP) to
> control protocol chain.
> 12-26-2001 11:25:52.78 - FSA : Encrypted Password required.
> 12-26-2001 11:25:52.78 - FSA : Encrypted Password required.
> 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol c223 (CHAP) to
> control protocol chain.
> 12-26-2001 11:25:52.78 - FSA : Adding Control Protocol c021 (LCP) to
> control protocol chain.
> 12-26-2001 11:25:52.78 - LCP : Callback negotiation enabled.
> 12-26-2001 11:25:52.78 - LCP : Layer started.
> 12-26-2001 11:25:52.78 - PPP : Transmitting Control Packet of length: 25
> 12-26-2001 11:25:52.78 - Data : c0 21 01 01 00 17 02 06 | .!.
> 12-26-2001 11:25:52.78 - Data 0008: 00 0a 00 00 05 06 00 52 | ...R
> 12-26-2001 11:25:52.78 - Data 0010: 4a 24 07 02 08 02 0d 03 | J$..
> 12-26-2001 11:25:52.78 - Data 0018: 06 00 00 00 00 00 00 00 | 
> 12-26-2001 11:25:53.44 - PPP : Received Control Packet of length: 9
> 12-26-2001 11:25:53.44 - Data : c0 21 04 01 00 07 0d 03 | .!..
> 12-26-2001 11:25:53.44 - Data 0008: 06 00 00 00 00 00 00 00 | 
> 12-26-2001 11:25:53.44 - LCP : Received configure reject for callback
> control protocol option.
> 12-26-2001 11:25:53.44 - PPP : Transmitting Control Packet of length: 22
> 12-26-2001 11:25:53.44 - Data : c0 21 01 02 00 14 02 06 | .!..
> 12-26-2001 11:25:53.44 - Data 0008: 00 0a 00 00 05 06 00 52 | ...R
> 12-26-2001 11:25:53.44 - Data 0010: 4a 24 07 02 08 02 00 00 | J$..
> 12-26-2001 11:25:53.60 - PPP : Received Control Packet of length: 22
> 12-26-2001 11:25:53.60 - Data : c0 21 02 02 00 14 02 06 | .!..
> 12-26-2001 11:25:53.60 - Data 0008: 00 0a 00 00 05 06 00 52 | ...R
> 12-26-2001 11:25:53.60 - Data 0010: 4a 24 07 02 08 02 00 00 | J$..
> 12-26-2001 11:25:55.36 - PPP : Received Control Packet of length: 54
> 12-26-2001 11:25:55.36 - Data : c0 21 01 02 00 34 02 06 | .!...4..
> 12-26-2001 11:25:55.36 - Data 0008: 00 0a 00 00 03 05 c2 23 | ...#
> 12-26-2001 11:25:55.36 - Data 0010: 05 05 06 54 03 bf aa 07 | ...T
> 12-26-2001 11:25:55.36 - Data 0018: 02 08 02 11 04 05 f4 13 | 
> 12-26-2001 11:25:55.36 - Data 0020: 17 01 6e 61 73 31 30 2e | .nas10.
> 12-26-2001 11:25:55.36 - Data 0028: 61 72 6c 69 6e 67 74 6f | arlingto
> 12-26-2001 11:25:55.36 - Data 0030: 6e 31 2e 76 61 2e 00 00 | n1.va...
> 12-26-2001 11:25:55.36 - LCP : Received and accepted ACCM of a.
> 12-26-2001 11:25:55.36 - LCP : Received and accepted authentication
> protocol c223 (CHAP).
> 12-26-2001 11:25:55.36 - LCP : Received and accepted magic number 5403bfaa.
> 12-26-2001 11:25:55.36 - LCP : Received and accepted protocol field
> compression option.
> 12-26-2001 11:25:55.36 - LCP : Received and accepted address+control field
> compression option.
> 12-26-2001 11:25:55.36 - PPP : Transmitting Control Packet of length: 33
> 12-26-2001 11:25:55.36 - Data : c0 21 04 02 00 1f 11 04 | .!.
> 12-26-2001 11:25:55.36 - Data 0008: 05 f4 13 17 01 6e 61 73 | nas
> 12-26-2001 11:25:55.36 - Data 0010: 31 30 2e 61 72 6c 69 6e | 10.arlin
> 12-26-2001 11:25:55.36 - Data 0018: 67 74 6f 6e 31 2e 76 61 | gton1.va
> 12-26-2001 11:25:55.36 - Data 0020: 2e 00 00 00 00 00 00 00 | 
> 12-26-2001 11:25:55.52 - PPP : Received Control Packet of length: 27
> 12-26-2001 11:25:55.52 - Data : c0 21 01 03 00 19 02 06 | .!.
> 12-26-2001 11:25:55.52 - Data 0008: 00 0a 00 00 03 05 c2 23 | ...#
> 12-26-2001 11:25:55.52 - Data 0010: 05 05 06 54 03 bf aa 07 | ...T
> 12-26-2001 11:25:55.52 - Data 0018: 02 08 02 00 00 00 00 00 | 
> 12-26-2001 11:25:55.52 - LCP : Received and accepted ACCM of a.
> 12-26-2001 11:25:55.52 - LCP : Received and accepted authentica