Re: (RADIATOR) Problem with Radiator 2.19
Hello Ujwol -
On Tue, 5 Feb 2002 22:40, Ujwol Manandhar wrote:
> Hello Hugh,
>
>Thanks for the reply. Please find the answers below
>
> On Tue, 5 Feb 2002, Hugh Irvine wrote:
> > Hello Ujwol -
> >
> > On Mon, 4 Feb 2002 21:21, Ujwol Manandhar wrote:
> > > Hi,
> > > Since upgrading to Radiator 2.19, I'm facing strange problems. First
> > > there was this session limit problem with "NasType Livingston". There
> > > is still that typo mistake in Nas.pm
> >
> > What typo is that?
>
> The typo I'm talking about is in Nas.pm
> In earlier versions of Radiator before 2.18, Nas.pm used to have following
> --
>
> my $result = &Radius::SNMP::snmpget($nas_id,
> $client->{SNMPCommunity},
> "$main::config->{LivingstonMIB}.3.2.1.1.1.2.5");
> my ($xport) = ($result =~ /^.*\"S([0-9]+)\".*$/);
> $xport += 0;
> my $portidx = $nas_port + (5 - $xport);
> $portidx -= $client->{LivingstonHole}
> if ($nas_port > $client->{LivingstonOffs});
>
> $result = &Radius::SNMP::snmpget($nas_id,
> $client->{SNMPCommunity},
>
> "$main::config->{LivingstonMIB}.3.2.1.1.1.5.$portidx");
> #print "--got $result\n";
>
>
> But in the current versions it has
> -
> my $result = &Radius::SNMP::snmpget($nas_id,
> $client->{SNMPCommunity},
> "$main::config->{LivingstonMIB}.2.1.1.1.2.5");
> my ($xport) = ($result =~ /^.*\"S([0-9]+)\".*$/);
> $xport += 0;
> my $portidx = $nas_port + (5 - $xport);
> $portidx -= $client->{LivingstonHole}
> if ($nas_port > $client->{LivingstonOffs});
>
> $result = &Radius::SNMP::snmpget($nas_id,
> $client->{SNMPCommunity},
>
> "$main::config->{LivingstonMIB}.3.2.1.1.1.5.$portidx");
> #print "--got $result\n";
> ---
>
> Please notice the number 3 is missing. This was pointed out earlier by
> my senior Deepak. But the error is still there.
>
Thanks for pointing this out - I have forwarded your mail to Mike.
> > >Another thing is whenever the any NAS goes off, the session does not
> > > get deleted. There is only the message User has gone away. Since the
> > > session is not deleted, user can not login again.
> >
> > Do you mean when a NAS is restarted?
>
> This happens when the link with the NAS gets disconnected. We have not
> checked when NAS is restarted. We're experiencing this problem with our
> cisco AS5300.
>
Sessions will only be deleted from the session database when Radiator
receives an Accounting Stop from the NAS. If you do not receive the
Accounting Stop then the session will remain in the session database.
> > >And the most problematic one is, when such incidence occurs, or
> > > there are lots of duplicate requests, the radiator stops
> > > authenticating. It just freezes. I never had such problem with earlier
> > > versions of Radiator.
> >
> > This is very peculiar.
> >
> > Can you send me a copy of your configuration file (no secrets) together
> > with a trace 4 debug showing what is happening? And can you also tell me
> > what hardware/software platform you are running on?
>
> Right now I don't have trace 4 debug output of when it happened, I can't
> send it. I can send you normal trace 4 debug output and the config file.
> We're using Radiator 2.19 on RH Linux 7.1 with DBD Sybase and user
> databases are in Win 2000 box which runs MSSQL 7.0.
>
It would be helpful to see the configuration file and trace 4 debug.
> > >Lastly I was just wondering if I can find the list of possible debug
> > > errors and explanation. Mailing list is fine and most of the errors are
> > > obvious, but I was just wondering if there is any list.
> >
> > There is no list per-se, however the best way to find out what the error
> > messages mean is to look at the source code to see what causes the
> > messages to be generated.
>
> Thanks, I'll check the source code.
>
May the source be with you ..
:-)
cheers
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Quick Question about StatusServerShowClientDetails.
Hello Cortney - The problem with the Status-Server request is that it is very easy to overflow a UDP buffer if you have lots of Clients. That is why the "StatusServerShowClientDetails" tag is implemented on a per-Client basis. Note that there will be *lots* of new features in this area in the next release of Radiator. regards Hugh On Wed, 6 Feb 2002 03:15, Cortney Thompson wrote: > Is there any way to make "StatusServerShowClientDetails" work correctly if > you are using "IdenticalClients"? I can not get it to report information > about the IdenticalClients. > > I went through some source and as far as I can tell it only reports Details > for Clients you use in the ... and nothing for all > the IdenticalClients in same group. > > Example: > > --Config Snip--- > #TNT Client list, XXX-TNT01 Starts. > > Secret XXX > NasType AscendSNMP > StatusServerShowClientDetails > > #XXX-TNT01 #XXX-TNT01 #XXX-TNT02 > > IdenticalClients 216.XXX.XXX.250 216.XXX.XXX.234 > 216.XXX.XXX.162 > > --- > > > -radiusd -status -trace--- > Code: Status-Server > Identifier: 148 > Authentic: 1234567890123456 > Attributes: > sending Status-Request... > OK > Code: Access-Accept > Identifier: 148 > Authentic: lyPHp_p.?<10><142><17>9k|7 > Attributes: > Reply-Message = "Radiator Radius server version 2.19" > Reply-Message = "Running on machine since Tue Feb 5 07:40:15 > 2002" Reply-Message = "Total requests 817" > Reply-Message = "1 Requests in the last second" > Reply-Message = "0 invalid client addresses" > Reply-Message = "Client 216.XXX.XXX.194:" > Reply-Message = " 577 Access accepts" > Reply-Message = " 0 Access challenges" > Reply-Message = " 6 Access rejects" > Reply-Message = " 583 Access requests" > Reply-Message = " 0 Bad authenticators in accounting requests" > Reply-Message = " 0 Accounting requests" > Reply-Message = " 0 Accounting responses" > Reply-Message = " 0 Bad authenticators in authentication requests" > Reply-Message = " 0 Duplicate access requests" > Reply-Message = " 0 Duplicate accounting requests" > Reply-Message = " 0 Malformed acccess requests" (TYPO "acccess") > Reply-Message = " 0 Malformed accounting requests" > Reply-Message = " 0 Packets dropped" > --- >--- > > As you can see only the 216.XXX.XXX.194 was listed, and the > IdenticalClients 216.XXX.XXX.250, 216.XXX.XXX.134, 216.XXX.XXX.162 were not > reported > > I am not sure if this is a bug, or a feature request. :] > > Thanks in advance for any help > > > Cortney Thompson > [EMAIL PROTECTED] > > Opinions are mine and do not necessarily reflect > those of wyoming.com LLC > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) oracle on a remote machine
Hello Eli -
On Wed, 6 Feb 2002 18:07, Eli Klein wrote:
> Hey all,
>
> just in search of some clear explanation for what to use as the DBSource
> when trying to connect to a remote Oracle database..
>
> let's say for arguments sake that the machine is called "database1" and
> the SID is "int"...
>
> according to what I've found so far, that would mean a DBSource like
> this:
>
> dbi:Oracle:database1:int
>
> but it just won't work.
>
> any suggestions?
>
Have a look at section 23.4 in the Radiator 2.19 reference manual
("doc/ref.html") and also have a look at this FAQ item:
http://www.open.com.au/radiator/faq.html#59
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) oracle on a remote machine
Hey all, just in search of some clear explanation for what to use as the DBSource when trying to connect to a remote Oracle database.. let's say for arguments sake that the machine is called "database1" and the SID is "int"... according to what I've found so far, that would mean a DBSource like this: dbi:Oracle:database1:int but it just won't work. any suggestions? thanks in advance! -eli === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Graphing Individual Access Servers
Hi, Thanks to all the replies to my request on how to graph virtual ports, especially the invaluable assistance from Michael. Everything is now working great with separate mrtg graphs for each Comindico PoP. Barry Andersson
Re: (RADIATOR) CDB format ?
Thanks Dave -
I'm glad one of us is awake.
:-/
cheers
Hugh
On Wed, 6 Feb 2002 01:05, Dave Kitabjian wrote:
> Hugh,
>
> Are you sure you're not confusing DBM-style databases with CDB?
>
> Pascal,
>
> The Radiator manual says: "The CDB is indexed by username and the value
> is the check items followed by a newline followed by the reply items."
> So a typical entry might look like this:
>
> +6,145:corey1->Password="jack", Expiration="May 6 2002"
> Idle-Timeout = 1200, Framed-Address = 116.152.169.219, Service-Type =
> Framed-User, Framed-Protocol = PPP
>
> or if you use default reply items, someone might have an entry like:
>
> +7,41:blinsto->Password="2dogs", Expiration="May 3 2002"
>
> The actual job of formatting and building the CDB is up to you. The
> specs are at:
>
> http://cr.yp.to/cdb/cdbmake.html
>
> Don't forget the extra newline at the end!
>
> Dave
>
> > -Original Message-
> > From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, February 04, 2002 5:43 PM
> > To: Pascal Robert; [EMAIL PROTECTED]
> > Subject: Re: (RADIATOR) CDB format ?
> >
> >
> >
> > Salut Pascal -
> >
> > You should use the "builddbm" utility included in the
> > Radiator distribution
> > top level directory. It is supplied in source form so you can
> > modify it if
> > you need to.
> >
> > Also have a look at section 9 in the Radiator 2.19 reference
> > manual ("doc/ref.html").
> >
> > regards
> >
> > Hugh
> >
> > On Tue, 5 Feb 2002 06:38, Pascal Robert wrote:
> > > Hi list,
> > >
> > > I'm working on a project for a former employer. One of
> >
> > their brands
> >
> > > is on BSDi servers with the BSDi password database as
> >
> > authentication.
> >
> > > I installed Radiator and everything is working fine. But now, they
> > > want to support CHAP (UUNet), so we need a separate users database
> > > with the clear text passwords.
> > >
> > > We already sniff passwords with Radiator fantastic sniffer
> >
> > so this is
> >
> > > not the problem. I wanted to export the passwd file made
> >
> > by Radiator
> >
> > > in CDB (with a Perl script) but after the documentation, I
> >
> > just don't
> >
> > > know what I should put in the "database".
> > >
> > > So after all those words, what is the CDB format I should
> >
> > use ??? For
> >
> > > the record, it's a old PC with BSDi 4.01 and MySQL won't compile on
> > > it. If someone have other suggestions, I'm open to
> >
> > anything that can
> >
> > > support CHAP
> > >
> > > :-)
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on [EMAIL PROTECTED]
> > > To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe
> > > radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS
> > server anywhere. Available on *NIX, *BSD, Windows 95/98/2000,
> > NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical,
> > extensible, flexible with hardware, software, platform and
> > database independence. === Archive at
> > http://www.open.com.au/archives/radiator/
> > Announcements on
> > [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problem with NT Authentication
Hello Gionata -
Have you installed the Authen::Smb module from CPAN?
Section 6.27 in the Radiator manual ("doc/ref.html").
regards
Hugh
On Tue, 5 Feb 2002 20:18, [EMAIL PROTECTED] wrote:
> Hi Hugh,
> I've just use pap authentication but the result is the same. I enclose the
> Log of Radiator as you have asked me:
>
> Fri Jan 25 09:32:03 2002: DEBUG: Packet dump:
> *** Received from 192.168.6.1 port 1645
> Code: Access-Request
> Identifier: 132
> Authentic: e<8>p<138><201>J<240><239><200>1<173><241><16><3>R<146>
> Attributes:
> User-Name = "DEBISITALIA\db00793"
> User-Password =
> "<193><204>f@<216><224>3<158><28><147><174>o<200>^l<228>" NAS-Port = 20030
> cisco-avpair = "interface=Serial0:30"
> NAS-Port-Type = ISDN
> Called-Station-Id = "257517508"
> Calling-Station-Id = "257506057"
> Service-Type = Framed-User
> NAS-IP-Address = 192.168.6.1
>
> Fri Jan 25 09:32:03 2002: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Fri Jan 25 09:32:03 2002: DEBUG: Deleting session for
> DEBISITALIA\db00793, 192.168.6.1, 20030 Fri Jan 25 09:32:03 2002: DEBUG: do
> query is: delete from RADONLINE where NASIDENTIFIER='192.168.6.1' and
> NASPORT=020030
>
> Fri Jan 25 09:32:03 2002: DEBUG: Handling with NT
> Fri Jan 25 09:32:03 2002: INFO: Access rejected for DEBISITALIA\db00793: NT
> Authentication failed: Server Error (1) Fri Jan 25 09:32:03 2002: DEBUG:
> Packet dump:
> *** Sending to 192.168.6.1 port 1645
> Code: Access-Reject
> Identifier: 132
> Authentic: e<8>p<138><201>J<240><239><200>1<173><241><16><3>R<146>
> Attributes:
> Reply-Message = "Request Denied"
> Reply-Message = "NT Authentication failed: Server Error (1)"
>
> Thanks
>
> Gionata
>
>
>
>
> Hugh Irvine <[EMAIL PROTECTED]>@open.com.au on 24/01/2002 22.27.35
>
> Please respond to [EMAIL PROTECTED]
>
> Sent by: [EMAIL PROTECTED]
>
>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> cc:
>
> Subject: Re: (RADIATOR) Problem with NT Authentication
>
>
>
> Hello Gionata -
>
> You will need to use PAP authentication with NT.
>
> If you still have a problem, please send me a trace 4 debug from Radiator
> showing what is happening.
>
> regards
>
> Hugh
>
> > Hi all,
> > I've a big problem, I would like to use Radiator to switch the RAS
> > authentication requests to a NT server . Radiator is installed on Linux
> > server.
> > If in the RADIUS.CFG file I add the "NoCheckPassword" parameter the
> > authentication takes place, otherwise on the Log of the RADIUS I have
>
> this
>
> > error message:
> >
> > "INFO: Access rejected for domain\user: NT Authentication failed: Server
> > Error (1)"
> >
> > on my Cisco AS5300 i've codified to use chap, pap and ms-chap for PPP
> > authentication. I don't know because this happen, on the event view of NT
> > there is no errors messages.
> > This is my radius.cfg :
> >
> >
> > Identifier NT
> > # You must set the domain name here to suit your site:
> > Domain administrator
> >
> > # ON NT, optionally specify the name of the
> > # Primary Domain Controller, including the leading
> > # \\ slashes, to override the default domain controller
> > # for the domain you specified above
> > # DomainController \\romeo
> >
> > # On Unix, you MUST specify the Domain Controller
> > # name as the NT host name of the domain controller:
> > # its not optional. This needs to be set to the NT
> > # name of the Primary Domain Controller, and further
> > # the NT name must be in the Unix hosts or DNS
> > DomainController server.domain.it
> >
> > # On NT, you can optionally check the
> > # "Grant dialin permission to user" flag in the
> > # user manager. Requires the
> > # Win32-RasAdmin Perl package to be installed first
> > # HonourDialinPermission
> >
> > # This will set up some standard reply items for
> > # your NAS, you may need others for your NAS
> > DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> > # NoCheckPassword
> >
> >
> >
> > Identifier All-NT
> > Allocator SQLAllocator
> > PoolHint pool-NT
> >
> >
> >
> > RejectHasReason
> > AuthByPolicy ContinueWhileAccept
> > AuthBy NT
> > AuthBy All-NT
> >
> >
> > Could anyone help me ?
> > Please !!!
> >
> > Gionata Lamia
> >
> > Networking Services/Systems Integrations
> > T-Systems Italia S.p.A.
> > Strada 2 Palazzo D
> > 20090 - Assago - MI
> > Phone: +39 02 89248240
> > Fax: +39 02 89248231
> > Mobile: +39 348 4521210
> > e-mail: [EMAIL PROTECTED]
> > Internet: http://www.T-Systems.it
> >
> > ---
Re: (RADIATOR) AuthBy SQL and PostgreSQL
Hello - Could you please send me a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. thanks Hugh On Tue, 5 Feb 2002 19:53, tdn wrote: > Hi Hugh > > > The correct syntax for the DBSource line is this: > > > > DBSourcedbi:Pg:dbname=radius > > I actually noticed that and rectified, however the problem still occurs > when auth by SQL. > Authenticating by flat file works OK. > > > And of course you must install the DBI and DBD modules first. > > I have pgsql_perl5-1.9.0 for the DBD and DBI-1.201 for the DBI > > > > Rgds > TDN > > > - Original Message - > From: Hugh Irvine <[EMAIL PROTECTED]> > To: tdn <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, February 05, 2002 1:38 AM > Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL > > > Hello TDN - > > > > > Hi, > > > > > > I'd like to have radiator authenticate users from a Postgres SQL > > database. > > > > I get the following error whenever I try to test it using radpwtst. > > > > > > Can't read $DBI::errstr, last handle unknown or destroyed at > > > /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 136 > > > > > > Am running Radiator 2.19 and PostgreSQL 7.1 > > > > > > see part of my radius.cfg > > > > > > > > > # > > > # # The filename defaults to %D/users > > > # > > > # Log accounting to the detail file in LogDir > > > # AcctLogFileName %L/detail/detail.%Y%m%d > > > > > > DBSourcedbi:pg:dbname=radius > > > DBUsername xxx > > > DBAuth xxx > > > AuthSelect select CLEARTEXTPASSWORD from USERS where > > > USERID='%n'; > > > > > > > > > > The correct syntax for the DBSource line is this: > > > > DBSourcedbi:Pg:dbname=radius > > > > And of course you must install the DBI and DBD modules first. > > > > regards > > > > Hugh > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) (Radiator) Problem with
Hello Allister - I will need to see a copy of the trace 4 debug. thanks Hugh On Tue, 5 Feb 2002 20:07, Allister Maguire wrote: > Hello, > > We are testing radiator with LDAP to Active Directory, the problem is > Radiator seems to drop authentication attempts. What we have found, > Radiator Trace level 4, dialin with a couple of test clients, first > client fails due to no such user (this is correct, we see Access-Reject > on screen), second client fails with "Error 691: Access was denied > because the username and/or password was invaild on the domain." (This > is incorrect, username and password are correct. Also no Access-Request > or Access-Reject show up). Try again it works, it seems to be a timing > issue with mutliple attempts. > > We are using the demo of Radiator on Debian 2.2r5, client are Windows > XP, AD on Windows 2000 Advanced Server and Test RAS is Ascend 4000. > > Would this be a problem with our test NAS, Radiator, the server > Ratiator's on, or Active Directory? > > Can anyone help. > > Thanks > > Allister Maguire > > > > > # ad-ldap.cfg > # > # Example Radiator configuration file for authenticating from > # Active Directory via LDAP2, possibly from a Unix host. > # > # This very simple file will allow you to get started with > # a simple LDAP authentication system from AD. > # > # We suggest you start simple, prove to yourself that it > # works and then develop a more complicated configuration. > # > # > # You should consider this file to be a starting point only > # $Id: ad-ldap.cfg,v 1.1 2001/05/17 05:33:34 mikem Exp $ > > Foreground > LogStdout > LogDir /var/log/radacct/radius > DbDir . > Trace 4 > LogFile %L/%Y-logfile > > DictionaryFile /home/amaguire/Radiator/dictionary.ascend > > > # You will probably want to add other Clients to suit your site. > > Secret mysecret > DupInterval 0 > > > > Secret X > DupInterval 0 > > > # Authenticates users in the Organisational Unit called 'csx users' > # The user name coming from the NAS must match the sAMAccountName > # attribute of a user in that OU./ Users that are not in 'csx users' > # will not be able to log in. > > > Host192.168.0.6 > AuthDN cn=Proxy User,ou=Resources,ou=Globe.Net > Communications Ltd,dc=gnc,dc=net,dc=nz > # AuthPasswordyourADadminpasswordhere > AuthPasswordX > BaseDN ou=People,ou=Globe.Net Communications > Ltd,dc=gnc,dc=net,dc=nz > UsernameAttr sAMAccountName > # PasswordAttr msSFUPassword > # Password checking is performed using an LDAP bind > operation. > ServerChecksPassword > > # TCP connection timeout period, for LDAP server. > Timeout 2 > > AddToReply Service-Type = Framed-User,\ > Framed-Protocol = PPP,\ > Framed-Netmask = 255.255.255.255,\ > Framed-Routing = None,\ > Framed-Compression = Van-Jacobson-TCP-IP,\ > Ascend-Maximum-Channels = 1 > > AuthAttrDef radiusIdleTimeout,Ascend-Idle-Limit,reply > AuthAttrDef > radiusSessionTimeout,Ascend-Maximum-Time,reply > AuthAttrDef radiusCallingStationID,Caller-Id,check > # AuthAttrDef radiusCalledStationID,,check > AuthAttrDef radiusNASPortType,NAS-Port-Type,check > > # Reply with all the items in replyitems > # ReplyAttr radiusConnectionAttributes > > > AcctLogFileName %L/%Y-%v-detail > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RV: (RADIATOR) Content filtering
Paul, thanks for the answering. Any other ideas are wellcome. -Mensaje original- De: Paul [mailto:[EMAIL PROTECTED]] Enviado el: Tuesday, February 05, 2002 11:23 AM Para: Rolando Riley Asunto: RE: (RADIATOR) Content filtering a quick and dirty way would be to have 2 seperate IP pools... one for restricted users one for unrestricted... I like this idea. Is it possible to make radius assign IP from a pool of IP on a Database rather than let the NAS do this task? with your content filter you can probably specify rules according to IP or you could use a postauthhook to write to a squid user or conf file or external db I have configured hooks before to talk to a variety of different devices... possibilities are endless... have just implemented something along those lines for GPRS / 3G ___ Paul O'Shea Level9 Networks ___ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rolando Riley Sent: Tuesday, February 05, 2002 1:45 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Content filtering Hi list: This is not probably a radius question although radius is involved as one of the main elements. Our goal is make content filtering with a software like ( smartfilter, websense or squidguard) under the following scenario. 1) A customer dials in to our ISP. 2) Our radius auths and accounts the user connection. 3) Our radius forward the user info to squid ( or any other Cache). 4) Squid verify the user policies for http requests against SmartFilter . 5) If SmartFilter has any matching against the user it applies the filter. else it lets the user browse any site. Does anyone have an idea or an experience on how to make this work? We basically want to do content filtering as a customer service. best regards, --- Ing. Rolando Riley Administrador de Sistemas Unix (Unix System Administrator) AYAYAI.COM S.A. Tel: (507) 265-2424 ext. 408 --- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Quick Question about StatusServerShowClientDetails.
Is there any way to make "StatusServerShowClientDetails" work correctly if you are using "IdenticalClients"? I can not get it to report information about the IdenticalClients. I went through some source and as far as I can tell it only reports Details for Clients you use in the ... and nothing for all the IdenticalClients in same group. Example: --Config Snip--- #TNT Client list, XXX-TNT01 Starts. Secret XXX NasType AscendSNMP StatusServerShowClientDetails #XXX-TNT01 #XXX-TNT01 #XXX-TNT02 IdenticalClients 216.XXX.XXX.250 216.XXX.XXX.234 216.XXX.XXX.162 --- -radiusd -status -trace--- Code: Status-Server Identifier: 148 Authentic: 1234567890123456 Attributes: sending Status-Request... OK Code: Access-Accept Identifier: 148 Authentic: lyPHp_p.?<10><142><17>9k|7 Attributes: Reply-Message = "Radiator Radius server version 2.19" Reply-Message = "Running on machine since Tue Feb 5 07:40:15 2002" Reply-Message = "Total requests 817" Reply-Message = "1 Requests in the last second" Reply-Message = "0 invalid client addresses" Reply-Message = "Client 216.XXX.XXX.194:" Reply-Message = " 577 Access accepts" Reply-Message = " 0 Access challenges" Reply-Message = " 6 Access rejects" Reply-Message = " 583 Access requests" Reply-Message = " 0 Bad authenticators in accounting requests" Reply-Message = " 0 Accounting requests" Reply-Message = " 0 Accounting responses" Reply-Message = " 0 Bad authenticators in authentication requests" Reply-Message = " 0 Duplicate access requests" Reply-Message = " 0 Duplicate accounting requests" Reply-Message = " 0 Malformed acccess requests" (TYPO "acccess") Reply-Message = " 0 Malformed accounting requests" Reply-Message = " 0 Packets dropped" -- As you can see only the 216.XXX.XXX.194 was listed, and the IdenticalClients 216.XXX.XXX.250, 216.XXX.XXX.134, 216.XXX.XXX.162 were not reported I am not sure if this is a bug, or a feature request. :] Thanks in advance for any help Cortney Thompson [EMAIL PROTECTED] Opinions are mine and do not necessarily reflect those of wyoming.com LLC === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Mode secure in radacct.cgi
Hi I have enable secure in radacct.cgi, but any user that is previous auth by radiator (using Apache-AuthenRadius) can still see all the others (sessions). I have search for this topic in mailing list but without much success. The Radiator version is 2.16.1 best regards, pais === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Suggestion for better Define(Formatted)GlobalVar
Hugh, I need to have the possibility to have spaces within the value of a GlobalVar: 'DefineFormattedGlobalVar variable "value with spaces"' or 'DefineFormattedGlobalVar variable value with spaces' However, in the current code it is not possible to have a space within the value of a GlobalVar, because of the way the line is parsed by Radiator in Radius::ServerConfig.pm line 192 and 198. my($name, $v) = split(/\s+/, $value); The intended value of my GlobalVar is also splitted on the space and only the first part is returned. My suggestion is to add a limit to the split(): my($name, $v) = split(/\s+/, $value, 2); As far as I can see this should work and give no problems. Do you agree and can you add this patch in the next release? groeten van mij... -- Ruud Besseling Product Specialist KPN - Internet Operator - Development TI tel.: (070 - 45) 11081 mail: r.c.w.besseling@.kpn.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) CDB format ?
Hugh,
Are you sure you're not confusing DBM-style databases with CDB?
Pascal,
The Radiator manual says: "The CDB is indexed by username and the value
is the check items followed by a newline followed by the reply items."
So a typical entry might look like this:
+6,145:corey1->Password="jack", Expiration="May 6 2002"
Idle-Timeout = 1200, Framed-Address = 116.152.169.219, Service-Type =
Framed-User, Framed-Protocol = PPP
or if you use default reply items, someone might have an entry like:
+7,41:blinsto->Password="2dogs", Expiration="May 3 2002"
The actual job of formatting and building the CDB is up to you. The
specs are at:
http://cr.yp.to/cdb/cdbmake.html
Don't forget the extra newline at the end!
Dave
> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 04, 2002 5:43 PM
> To: Pascal Robert; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) CDB format ?
>
>
>
> Salut Pascal -
>
> You should use the "builddbm" utility included in the
> Radiator distribution
> top level directory. It is supplied in source form so you can
> modify it if
> you need to.
>
> Also have a look at section 9 in the Radiator 2.19 reference
> manual ("doc/ref.html").
>
> regards
>
> Hugh
>
> On Tue, 5 Feb 2002 06:38, Pascal Robert wrote:
> > Hi list,
> >
> > I'm working on a project for a former employer. One of
> their brands
> > is on BSDi servers with the BSDi password database as
> authentication.
> > I installed Radiator and everything is working fine. But now, they
> > want to support CHAP (UUNet), so we need a separate users database
> > with the clear text passwords.
> >
> > We already sniff passwords with Radiator fantastic sniffer
> so this is
> > not the problem. I wanted to export the passwd file made
> by Radiator
> > in CDB (with a Perl script) but after the documentation, I
> just don't
> > know what I should put in the "database".
> >
> > So after all those words, what is the CDB format I should
> use ??? For
> > the record, it's a old PC with BSDi 4.01 and MySQL won't compile on
> > it. If someone have other suggestions, I'm open to
> anything that can
> > support CHAP
> >
> > :-)
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe
> > radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS
> server anywhere. Available on *NIX, *BSD, Windows 95/98/2000,
> NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical,
> extensible, flexible with hardware, software, platform and
> database independence. === Archive at
> http://www.open.com.au/archives/radiator/
> Announcements on
> [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Content filtering
Hi list: This is not probably a radius question although radius is involved as one of the main elements. Our goal is make content filtering with a software like ( smartfilter, websense or squidguard) under the following scenario. 1) A customer dials in to our ISP. 2) Our radius auths and accounts the user connection. 3) Our radius forward the user info to squid ( or any other Cache). 4) Squid verify the user policies for http requests against SmartFilter . 5) If SmartFilter has any matching against the user it applies the filter. else it lets the user browse any site. Does anyone have an idea or an experience on how to make this work? We basically want to do content filtering as a customer service. best regards, --- Ing. Rolando Riley Administrador de Sistemas Unix (Unix System Administrator) AYAYAI.COM S.A. Tel: (507) 265-2424 ext. 408 --- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problem with Radiator 2.19
Hello Hugh,
Thanks for the reply. Please find the answers below
On Tue, 5 Feb 2002, Hugh Irvine wrote:
>
> Hello Ujwol -
>
> On Mon, 4 Feb 2002 21:21, Ujwol Manandhar wrote:
> > Hi,
> > Since upgrading to Radiator 2.19, I'm facing strange problems. First
> > there was this session limit problem with "NasType Livingston". There is
> > still that typo mistake in Nas.pm
> >
>
> What typo is that?
>>>
The typo I'm talking about is in Nas.pm
In earlier versions of Radiator before 2.18, Nas.pm used to have following
--
my $result = &Radius::SNMP::snmpget($nas_id,
$client->{SNMPCommunity},
"$main::config->{LivingstonMIB}.3.2.1.1.1.2.5");
my ($xport) = ($result =~ /^.*\"S([0-9]+)\".*$/);
$xport += 0;
my $portidx = $nas_port + (5 - $xport);
$portidx -= $client->{LivingstonHole}
if ($nas_port > $client->{LivingstonOffs});
$result = &Radius::SNMP::snmpget($nas_id,
$client->{SNMPCommunity},
"$main::config->{LivingstonMIB}.3.2.1.1.1.5.$portidx");
#print "--got $result\n";
But in the current versions it has
-
my $result = &Radius::SNMP::snmpget($nas_id,
$client->{SNMPCommunity},
"$main::config->{LivingstonMIB}.2.1.1.1.2.5");
my ($xport) = ($result =~ /^.*\"S([0-9]+)\".*$/);
$xport += 0;
my $portidx = $nas_port + (5 - $xport);
$portidx -= $client->{LivingstonHole}
if ($nas_port > $client->{LivingstonOffs});
$result = &Radius::SNMP::snmpget($nas_id,
$client->{SNMPCommunity},
"$main::config->{LivingstonMIB}.3.2.1.1.1.5.$portidx");
#print "--got $result\n";
---
Please notice the number 3 is missing. This was pointed out earlier by
my senior Deepak. But the error is still there.
>
> >Another thing is whenever the any NAS goes off, the session does not
> > get deleted. There is only the message User has gone away. Since the
> > session is not deleted, user can not login again.
> >
>
> Do you mean when a NAS is restarted?
This happens when the link with the NAS gets disconnected. We have not
checked when NAS is restarted. We're experiencing this problem with our
cisco AS5300.
> >And the most problematic one is, when such incidence occurs, or there
> > are lots of duplicate requests, the radiator stops authenticating. It just
> > freezes. I never had such problem with earlier versions of Radiator.
> >
>
> This is very peculiar.
>
> Can you send me a copy of your configuration file (no secrets) together with
> a trace 4 debug showing what is happening? And can you also tell me what
> hardware/software platform you are running on?
>>>
Right now I don't have trace 4 debug output of when it happened, I can't
send it. I can send you normal trace 4 debug output and the config file.
We're using Radiator 2.19 on RH Linux 7.1 with DBD Sybase and user
databases are in Win 2000 box which runs MSSQL 7.0.
> >Lastly I was just wondering if I can find the list of possible debug
> > errors and explanation. Mailing list is fine and most of the errors are
> > obvious, but I was just wondering if there is any list.
> >
>
> There is no list per-se, however the best way to find out what the error
> messages mean is to look at the source code to see what causes the messages
> to be generated.
> >
Thanks, I'll check the source code.
> regards
>
> Hugh
>
>
>
--
Regds,
Ujwol Manandhar
Mercantile Communications Pvt Ltd
P.O.Box 876
Durbarmarg,Kathmandu, Nepal
Tel: +977-1-240920
Fax: +977-1-225407
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL and PostgreSQL
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["tdn" <[EMAIL PROTECTED]>] Date: Tue, 5 Feb 2002 01:21:16 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Tue Feb 5 01:21:15 2002 Received: from mx1.uunet.co.ke (mx1.uunet.co.ke [195.202.64.8]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g157Km302454; Tue, 5 Feb 2002 01:21:02 -0600 Received: from [195.202.85.31] (helo=spider) by mx1.uunet.co.ke with smtp (Exim 3.21 #2) id 16Y4A6-0001HF-00; Tue, 05 Feb 2002 11:53:22 + Message-ID: <014801c1ae22$976feb60$[EMAIL PROTECTED]> From: "tdn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL Date: Tue, 5 Feb 2002 11:53:33 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Hi Hugh > The correct syntax for the DBSource line is this: > > DBSourcedbi:Pg:dbname=radius I actually noticed that and rectified, however the problem still occurs when auth by SQL. Authenticating by flat file works OK. > And of course you must install the DBI and DBD modules first. I have pgsql_perl5-1.9.0 for the DBD and DBI-1.201 for the DBI Rgds TDN - Original Message - From: Hugh Irvine <[EMAIL PROTECTED]> To: tdn <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, February 05, 2002 1:38 AM Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL > Hello TDN - > > > Hi, > > > > I'd like to have radiator authenticate users from a Postgres SQL database. > > I get the following error whenever I try to test it using radpwtst. > > > > Can't read $DBI::errstr, last handle unknown or destroyed at > > /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 136 > > > > Am running Radiator 2.19 and PostgreSQL 7.1 > > > > see part of my radius.cfg > > > > > > # > > # # The filename defaults to %D/users > > # > > # Log accounting to the detail file in LogDir > > # AcctLogFileName %L/detail/detail.%Y%m%d > > > > DBSourcedbi:pg:dbname=radius > > DBUsername xxx > > DBAuth xxx > > AuthSelect select CLEARTEXTPASSWORD from USERS where > > USERID='%n'; > > > > > > The correct syntax for the DBSource line is this: > > DBSourcedbi:Pg:dbname=radius > > And of course you must install the DBI and DBD modules first. > > regards > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) (Radiator) Problem with
Hello, We are testing radiator with LDAP to Active Directory, the problem is Radiator seems to drop authentication attempts. What we have found, Radiator Trace level 4, dialin with a couple of test clients, first client fails due to no such user (this is correct, we see Access-Reject on screen), second client fails with "Error 691: Access was denied because the username and/or password was invaild on the domain." (This is incorrect, username and password are correct. Also no Access-Request or Access-Reject show up). Try again it works, it seems to be a timing issue with mutliple attempts. We are using the demo of Radiator on Debian 2.2r5, client are Windows XP, AD on Windows 2000 Advanced Server and Test RAS is Ascend 4000. Would this be a problem with our test NAS, Radiator, the server Ratiator's on, or Active Directory? Can anyone help. Thanks Allister Maguire # ad-ldap.cfg # # Example Radiator configuration file for authenticating from # Active Directory via LDAP2, possibly from a Unix host. # # This very simple file will allow you to get started with # a simple LDAP authentication system from AD. # # We suggest you start simple, prove to yourself that it # works and then develop a more complicated configuration. # # # You should consider this file to be a starting point only # $Id: ad-ldap.cfg,v 1.1 2001/05/17 05:33:34 mikem Exp $ Foreground LogStdout LogDir /var/log/radacct/radius DbDir . Trace 4 LogFile %L/%Y-logfile DictionaryFile /home/amaguire/Radiator/dictionary.ascend # You will probably want to add other Clients to suit your site. Secret mysecret DupInterval 0 Secret X DupInterval 0 # Authenticates users in the Organisational Unit called 'csx users' # The user name coming from the NAS must match the sAMAccountName # attribute of a user in that OU./ Users that are not in 'csx users' # will not be able to log in. Host192.168.0.6 AuthDN cn=Proxy User,ou=Resources,ou=Globe.Net Communications Ltd,dc=gnc,dc=net,dc=nz # AuthPasswordyourADadminpasswordhere AuthPasswordX BaseDN ou=People,ou=Globe.Net Communications Ltd,dc=gnc,dc=net,dc=nz UsernameAttr sAMAccountName # PasswordAttr msSFUPassword # Password checking is performed using an LDAP bind operation. ServerChecksPassword # TCP connection timeout period, for LDAP server. Timeout 2 AddToReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Ascend-Maximum-Channels = 1 AuthAttrDef radiusIdleTimeout,Ascend-Idle-Limit,reply AuthAttrDef radiusSessionTimeout,Ascend-Maximum-Time,reply AuthAttrDef radiusCallingStationID,Caller-Id,check # AuthAttrDef radiusCalledStationID,,check AuthAttrDef radiusNASPortType,NAS-Port-Type,check # Reply with all the items in replyitems # ReplyAttr radiusConnectionAttributes AcctLogFileName %L/%Y-%v-detail === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
