Re: (RADIATOR) Continous looping of Radiator after config change
Hello, Young, Tim [EMAIL PROTECTED] writes: We are upgrading from 2.13 to 2.19. I had copied over the radius.cfg file from the one machine to the next. When attempting to authenticate from a test server that works just fine on the 2.13 machine, I get this in the log file: I had similar problem also. I solved it by mentioning 'NoDefault' in Auth block. Here is what happens: Radiator receives auth-request packet for user [EMAIL PROTECTED]. AuthGeneric calls AuthSQL::findUser to get user's password and attributes. If the user is not found then AuthGeneric tries the same for user DEFAULT. If that also fails it proceeds with DEFAULT1, DEAFULT2 ... Here is the code that does it: # Next time round, we look for a DEFAULT $user_name = DEFAULT$defaultNumber; $defaultNumber++; I patched my AuthGeneric by adding a line of code below: # ddzeko: sanity, prevent endless loop last if ($defaultNumber 10); There is also a solution to add a DEFAULT user to your database. Or, DEFAULT1 with no valid password that would result in request-rejected because of bad password. Radiator is a great piece of Perl. Don't be afraid to look under the hood and experiment. Enjoy, ;-) -d === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Continuous looping of Radiator after config change
Hugh, Thanks for the quick response. Let me apologize ahead of time for any rambling I do on this. It has been many years since I have had to deal with this config and I have had many different positions as well. (Some of them management which may explain my decreased technical skills). I will try and annotate the config file as best I can. snip Below is the pertinent Client portion of the config: # Client config for natasha Client natasha.compuware.com Secret blah6 DefaultRealm vpn.compuware.com /Client snip Realm vpn.compuware.com # AuthBy FILE # Filename %D/VPN_User # Nocache # DynamicCheck Group # /AuthBy AuthByPolicy ContinueWhileAccept We do the AuthByPolicy to make sure that both AuthBy SQL statements return accepts before allowing access. AuthBy SQL DBSource dbi:mysql:serauser DBUsername radius DBAuth blah AuthSelect select password, 'Service-Type = Login-User, Auth-Type = System' \ from serauser where serauser='%u' I am quite clear on this but I believe we needed to return not only the password but the two attached attributes in order for the authentication process through the (Isolation System InfoCrypt server = Shiva VPN LanRover gateway = Intel LanRover Gateway) to work correctly. The VPN product has, as noted above, gone through several owners since our initial configuration. The password is stored encrypted in the SQL server. EncryptedPassword /AuthBy AuthBy SQL # DynamicCheck Group DBSource dbi:mysql:serauser DBUsername radius DBAuth blah AuthSelect select seragroup from seragroup where serauser='%u' and seragroup = '%{Shiva-VPN-Group}' This AuthSelect checks another table in the SQL server to verify that the user is in a group that matches the Shiva-VPN-Group attribute that is passed along with the authentication request. I remember working at length with Mike on this. It is mentioned in the History notes for Rev 2.12. AuthColumnDef 0, Shiva-VPN-Group, check /AuthBy AcctLogFileName %L/Natasha.%Y%m%d /Realm /snip /snip Hope this helps clear some things up about my problem. Many thanks to Damir for his suggestion on how to prevent the looping from happening. I have looked under the hood of Radiator which is why I was so happy to convince my company to purchase it instead of many other more expensive commercial versions our there. Regards, Tim Young === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator and Livingston PM3
I'm in the process of switching my radius servers from the Livingston supplied server to Radiator. I'm using the same flat file that I did before. I tried using the same dictionary and the dictionary.livingston and Radiator said that they were missing Attributes, so I decided to use the plain dictionary file that came with Radiator. Now the problem that I have is that if I tell the PM3 to use this radius server for authentication, the username and password is received checked and authenticated but the PM3 doesn't not allow the user to connect. I can successfully use the radpwtst with a username and password and it passed. Any help would be appreciated. David
(RADIATOR) Update Not working
Hi I have tried updating the balancetime in the Database, however it is not working, could you please tell me what I am doing wrong. Regards Realm sql.realm RewriteUsername s/^([^@]+).*/$1/ AuthBy SQL Identifier SQL DBSource dbi:Informix:tis DBUsername xx DBAuth xx AuthSelect select password, balancetime from subscribers where (username='%n' and balancetime 0) AuthColumnDef 0,Password,check AuthColumnDef 1,Session-Timeout,reply AddToReply Service-Type = Framed-User,Framed-Protocol = PPP AcctSQLStatement update subscribers set balancetime = balancetime-0%{Acct-Session-Time} where username = '%n" /AuthBy /Realm
(RADIATOR) SQLRADIUS help/wishlists
Hi Guys - I'm using the SQLRADIUS function and am trying to build in a few features and stuff using hooks - which I need a bit of assistance on, and I have a few wishlists for the next Radiator version: Basically I'm trying to do some intelligent choices/logging based on which host was ultimately selected: eg. When I get a reply from a particular proxy-radius server, I want to add a PoolHint that means they get assigned from that wholesale customers IP Pool (I can't trust the ISP to add this attribute themselves). Is there any way to get the IP address of the Radius server that replied...? Another goal I have is to have some counter increased indicating how many successful replies from each radius host, and how many no-replies. Thus somehow I need to figure out whether SQLRADIUS's inbuilt no-reply hook has changed it to a success or failure. Is it possible to get this info out? I've examined the source code but can't seem to find some sort of public variable I can look at. A few wishlists: WISH: Can AuthBy roundrobin support be added into the SQLRADIUS code. The way I understand it is it chooses host1, host2, host3, ... in that order only progressing to the next host when the first one fails. Maybe another column def could be used to indicate host hunting order/algorithm. WISH: Option to strip realms and add/remove reply attributes on a per-client basis. Perhaps add additional column definitions: - StripRealm or RewriteUsername expresion - AddToReply - StripFromReply Love the product and keep recommending it to ISPs over here. Thanks for the good work. . Mark Mackay, === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Update Not working
Shaun, The syntax look right. It is case sensative though...make sure you have everything in the same case that is is in your database. It might help for you to reply to the list with a Trace of the Radiator log. -Ronan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shaun Eck Sent: Tuesday, 19 February, 2002 15:43 To: [EMAIL PROTECTED] Subject: (RADIATOR) Update Not working Hi I have tried updating the balancetime in the Database, however it is not working, could you please tell me what I am doing wrong. Regards Realm sql.realm RewriteUsername s/^([^@]+).*/$1/ AuthBy SQL Identifier SQL DBSource dbi:Informix:tis. DBUsername xx DBAuth xx AuthSelect select password, balancetime from subscribers where (username='%n' and balancetime 0) AuthColumnDef 0,Password,check AuthColumnDef 1,Session-Timeout,reply AddToReply Service-Type = Framed-User,Framed-Protocol = PPP AcctSQLStatement update subscribers set balancetime = balancetime-0%{Acct-Session-Time} where username = '%n /AuthBy /Realm === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radiator and Livingston PM3
David, Please respond with a copy of your config (No Secrets) and a Trace 4 debug from the Radiator log. I had the same type of problem when I first switched. There was something wrong in my config, but I don't remember what it was. -Ronan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Hayes-Moats Sent: Tuesday, 19 February, 2002 15:03 To: [EMAIL PROTECTED] Subject: (RADIATOR) Radiator and Livingston PM3 I'm in the process of switching my radius servers from the Livingston supplied server to Radiator. I'm using the same flat file that I did before. I tried using the same dictionary and the dictionary.livingston and Radiator said that they were missing Attributes, so I decided to use the plain dictionary file that came with Radiator. Now the problem that I have is that if I tell the PM3 to use this radius server for authentication, the username and password is received checked and authenticated but the PM3 doesn't not allow the user to connect. I can successfully use the radpwtst with a username and password and it passed. Any help would be appreciated. David === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Update Not working
Hello Shaun - The configuration looks OK - can you please send me a trace 4 showing what is happening? thanks Hugh On Wed, 20 Feb 2002 07:43, Shaun Eck wrote: Hi I have tried updating the balancetime in the Database, however it is not working, could you please tell me what I am doing wrong. Regards Realm sql.realm RewriteUsername s/^([^@]+).*/$1/ AuthBy SQL Identifier SQL DBSource dbi:Informix:tis DBUsername xx DBAuth xx AuthSelect select password, balancetime from subscribers where (username='%n' and balancetime 0) AuthColumnDef 0,Password,check AuthColumnDef 1,Session-Timeout,reply AddToReply Service-Type = Framed-User,Framed-Protocol = PPP AcctSQLStatement update subscribers set balancetime = balancetime-0%{Acct-Session-Time} where username = '%n /AuthBy /Realm -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator and Livingston PM3
Hello David - On Wed, 20 Feb 2002 07:03, David Hayes-Moats wrote: I'm in the process of switching my radius servers from the Livingston supplied server to Radiator. I'm using the same flat file that I did before. I tried using the same dictionary and the dictionary.livingston and Radiator said that they were missing Attributes, so I decided to use the plain dictionary file that came with Radiator. Now the problem that I have is that if I tell the PM3 to use this radius server for authentication, the username and password is received checked and authenticated but the PM3 doesn't not allow the user to connect. I can successfully use the radpwtst with a username and password and it passed. Any help would be appreciated. This is probably a problem with reply attributes. Could you please send me a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Fwd: Re: (RADIATOR) SNMP Agent, Openlink, Oracle and Radiator
Hi All, After a long struggle with Oracle, I can add some more to this thread. I was able to reproduce what seems like the same problem reported here with Oracle 9i on RedHat 7.1. The symptoms during the Oracle installation included a number of reported errrors during the link phase of the installation. Later when building DBD-Oracle-1.12, no errors were reported, but when trying to connect using DBD-Oracle, it reported problems with missing libraries. The fine print in the Oracle release notes says Oracle is actually only certified for SuSE Linux 7.1 with particular versions of kernel, glibc and binutils. However closer investigation shows that it _is_ possible to avoid the install problems on RH 7.1 and get a dynamically linked DBD-Oracle. The cause of the linking problems (on my host at least) is a failure to correctly build one of the libraries at link time. The solution is discussed at: http://dbforums.com/archive/49/2001/11/1/193916 I have confirmed that after this you can build a dynalically linked DBD-Oracle that loads and works. Hope that helps. Cheers. -- Forwarded Message -- Subject: Re: (RADIATOR) SNMP Agent, Openlink, Oracle and Radiator Date: Mon, 18 Feb 2002 12:14:24 +0100 From: Tunde Itayemi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hi Hugh, The following info is just in case anyone else has trouble with installing DBI/DBD-Oracle on Redhat Linux 7.2 . Note that you must use the static linking option to install DBD-Oracle or else, you won't be able to get radiator to authenticate via the module against an Oracle DB. You will see a reference to the errors that you get (after using the default dynamic linking option in the Readme.help file that comes with the DBD-Oracle-1.12.tar.gz file) and how to do the static linking under the For platforms which require static linking. section. Thanks for the info on the ODBC module. Though as I remember, when I downloaded the ODBC module, it said that it was just for Informix or so - not Oracle? Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Tunde Itayemi [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, February 18, 2002 00:09 Subject: Re: (RADIATOR) SNMP Agent, Openlink, Oracle and Radiator Hello Tunde - On Sun, 17 Feb 2002 02:43, Tunde Itayemi wrote: Hi All, I have installed Openlink's ODBC driver for Linux on my Redhat 7.2 system. I have also tested it. I have also installed Oracle 9i client on the same system with a view to implementing the DBI/Oracle DBD connection as I want to use a remote database for authentication. Please, with respect to Openlink's software, How do I reference the DSN in the radius.cfg file? Do I just put the DSN's name in the DBI clause? - I don't think this would work though. Is there anything I need to know about the Perl DBD/DBI before installing it? I have the files DBI-1.21.tar.gz and DBD-Oracle-1.12.tar.gz and I am just about to install them. I hope to hear from you soon as I should have the system up and running before Monday - today is Saturday in Nigeria. Its Monday morning here in Australia. Normally if you are using Oracle with DBI and DBD-Oracle, you do not use ODBC at all - you just need the Oracle client libraries. If you do want to use ODBD, you would use DBI and DBD-ODBC. You will have to check the Openlink ODBC documentation to see how to configure it for use with various databases. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Fwd: Questions about Radiator
Hello Corey, thanks for your note. To: [EMAIL PROTECTED] Subject: Questions about Radiator Date: Tue, 19 Feb 2002 10:26:58 -0800 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal Hello, My name is Corey Spain. I am a Systems Engineer for Rodopi, Inc. (ISP Billing Software Company). I have a few questions about your Radius Server product Radiator We have customers that are either already using Radiator or would like to use Radiator sometime in the future and ask us questions concerning integrations with Rodopi. We support both ODBC (Microsoft SQL 7 2000) and Livingston Radius Format. Supporting Radiator through Livingston Radius Format has been a simple and easy task before in the past. I now notice that you support ODBC as well, and to be able to use all the features of Rodopi, an ODBC connection is the preferred way to go. So, my questions are, How exactly, or preferred way, does Radiator integrate with us (Rodopi) using ODBC? 1) Do you use Store Procedure(s) to integrate with Rodopi in MS SQL? If so, do you use the store procedures designed by Rodopi(ex. Interface_VircomUsers, Interface_SteelbeltedUsers?), or do you provide them with your software. And what are the names of these store procedures. If you do not use store procedures, how does Radiator query the database and send accounting info to SQL? Yes, by default we we use your Interface_VircomUsers and Interface_VircomDetails stored procedures, however this is configurable and could be changed or customised by individual customers if they wished. Radiator can connect to MS-SQL by a variety of methods, including ODBC from Windows and Unix, and also by a number of alternative methods from Unix. This means that customers can run Radiator on Unix, and work with Rodopi running on MS-SQL on Windows. Many ISPs want to do this as they dont want to run their Radius server on Windows. Some of your potential customers would be interested in this. 2) Does Radiator support the session timeout attribute to count down usage time. This is an important feature in Rodopi to use PrePaid accounts and PrePaid Cards. Yes Radiator supports Session-Timeout, as returned by Interface_VircomUsers. Any detail answer would be greatly appreciated. With better knowledge of your Radius Software Radiator, we can be more confident to support and provide your and our customers with the answers that they need. Thank you. Please let me know if we can be of any assistance. We are keen to promote interoperation between our products for the benefit of our mutual customers. Cheers. If you have any questions, please call me at 1-858-410-6994 or email at [EMAIL PROTECTED] Regards, Corey Rodopi System Engineer Joanne Davis Open System Consultants Pty Ltd, 24 Bateman St, Hampton, Vic 3188 Australia Phone +61 3 9598 0985, Fax +61 3 9598 0955, [EMAIL PROTECTED] www.open.com.au RADIATOR radius server, NETS network inventory management, RADMIN user admininstration, SUBs subcription management, DTS tracking system, PIRATECHECK pirate password checking -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.