Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: (RADIATOR) Radiator - Probs with Authby SQL
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Christian Rautscher [EMAIL PROTECTED]] Date: Thu, 18 Jul 2002 04:28:23 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Thu Jul 18 04:28:22 2002 Received: from mail.raiffeisen.it (mail.raiffeisen.net [195.254.224.24]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g6I9SL316539; Thu, 18 Jul 2002 04:28:22 -0500 Sensitivity: Subject: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: (RADIATOR) Radiator - Probs with Authby SQL To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] From: Christian Rautscher [EMAIL PROTECTED] Date: Thu, 18 Jul 2002 11:27:12 +0200 Message-ID: [EMAIL PROTECTED] X-MIMETrack: Serialize by Router on RIS3/RAIFF(Release 5.0.10 |March 22, 2002) at 18.07.2002 11:27:23 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Hello Hugh, hello every1, is me again with the SQL Problem using MYSQL and Radiator. As last-way-out i tried the following: I reinstalled everything (OS/Radiator/Mysql) and updated the sql Database, so that my NAS was authorized to request Radiator for an incoming PPP. Than i tried to connect myself with the Example User (user: mikem pass: fred) and it worked perfectly At this point i am sure that my Router Configuration + Radiator Config are okay. -- Than i did create a new user in the DB: insert into SUBSCRIBERS ( USERNAME, PASSWORD, ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR, TIMELEFT ) values ( 'dialin', 'dialin', password ('dialin'),'Service-Type = Framed-User', 'Framed-Protocol = PPP', '100'); Than again i got the same error as before. That's why i am quite sure that the problem must be the encrypted Password. And as you see in the above-mentioned SQL-String, i used: password('dialin') but nevertheless i did try using: crypt('dialin') or md5('dialin') too. If i do believe the Radiator-manual than Radiator is using as default a Unix crypt(3) standart encryption. In the DOC Reference (Page 149, ref.html, 13.1.1) are some written pieces of examples but i don't understand them correctly. That's why my question: Can anybody tell me the right syntax to insert a new User in the mysql, using the same encrytion as there had been used with the EXAMPLE mikem? Or to give me a hint, or if it's possible an Example? Thankyou just in advance. Kind regards, Christian --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Strange problem when upgrading
--On Thursday, July 18, 2002 08:33:29 AM +1000 Hugh Irvine [EMAIL PROTECTED] wrote: Salut Jeje - Comment va la vie? tres bien, merci :) The first question is have you also applied all the patches for 3.1?. I just did, it seems like it has no effect on my problem. The second question is the usual can you please send me a copy of the configuration file (no secrets) together with a trace 4 debug showing what is happening?. BTW - in what you show below, why don't you use an AuthBy INTERNAL? I just switched to AuthBy INTERNAL following your advice, and magically, AddToReply works fine now. Is it normal, or is it a but that it doesn't work with my AuthBy FILE ? Do you still want my config file ? A+ merci A+ Hugues At 18:25 +0200 17/7/02, Jerome Fleury wrote: When upgrading from 2.19 to. 3.1, I had a strange problem that made me cancel the upgrade. this code (some hidden for security purpose): Handler Realm=/.*(foobar|adsl).hautdebit/ AuthBy FILE # accepte toutes les requetes venant du proxy AcceptIfMissing Filename /dev/null AddToReply \ Tunnel-Type=L2TP, \ Tunnel-Medium-Type=IP, \ Tunnel-Server-Endpoint=1.2.3.4, \ Tunnel-Assignment-ID=1.2.3.4, \ Tunnel-Server-Auth-ID=LNSTISFT01, \ RB-Tunnel-Remote-Name=LNSTISFT01, \ Class = L2FT /AuthBy /Handler used to work in 2.19. when upgrading to 3.1, AddToReply did not work any more and no attributes were sent back during Access-Accept. I saw in Changelog that a lot of code has been rewritten about Reply attributes. Why doesn't this work anymore ? Is there a workaround ? -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. /jeje === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator - Probs with Authby SQL
Hello Christian, For MySQL: Trye the MD5 function instead of the PASSWORD function. For Perl: For this, you would need to play around with Digest::MD5. Or if you want a quick way to do the creation, there's a Perl module from CPAN called Crypt::PasswdMD5 that provides an MD5-based crypt() function. Saluti, Neil D. Quiogue Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify the sender immediately, and destroy the original message. Do not disclose the contents to anyone. Thank you. - Original Message - From: Mike McCauley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 18, 2002 5:44 PM Subject: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: (RADIATOR) Radiator - Probs with Authby SQL -- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Christian Rautscher [EMAIL PROTECTED]] Date: Thu, 18 Jul 2002 04:28:23 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Thu Jul 18 04:28:22 2002 Received: from mail.raiffeisen.it (mail.raiffeisen.net [195.254.224.24]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g6I9SL316539; Thu, 18 Jul 2002 04:28:22 -0500 Sensitivity: Subject: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: (RADIATOR) Radiator - Probs with Authby SQL To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] From: Christian Rautscher [EMAIL PROTECTED] Date: Thu, 18 Jul 2002 11:27:12 +0200 Message-ID: [EMAIL PROTECTED] X-MIMETrack: Serialize by Router on RIS3/RAIFF(Release 5.0.10 |March 22, 2002) at 18.07.2002 11:27:23 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Hello Hugh, hello every1, is me again with the SQL Problem using MYSQL and Radiator. As last-way-out i tried the following: I reinstalled everything (OS/Radiator/Mysql) and updated the sql Database, so that my NAS was authorized to request Radiator for an incoming PPP. Than i tried to connect myself with the Example User (user: mikem pass: fred) and it worked perfectly At this point i am sure that my Router Configuration + Radiator Config are okay. -- Than i did create a new user in the DB: insert into SUBSCRIBERS ( USERNAME, PASSWORD, ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR, TIMELEFT ) values ( 'dialin', 'dialin', password ('dialin'),'Service-Type = Framed-User', 'Framed-Protocol = PPP', '100'); Than again i got the same error as before. That's why i am quite sure that the problem must be the encrypted Password. And as you see in the above-mentioned SQL-String, i used: password('dialin') but nevertheless i did try using: crypt('dialin') or md5('dialin') too. If i do believe the Radiator-manual than Radiator is using as default a Unix crypt(3) standart encryption. In the DOC Reference (Page 149, ref.html, 13.1.1) are some written pieces of examples but i don't understand them correctly. That's why my question: Can anybody tell me the right syntax to insert a new User in the mysql, using the same encrytion as there had been used with the EXAMPLE mikem? Or to give me a hint, or if it's possible an Example? Thankyou just in advance. Kind regards, Christian --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) 'Drop' Intermin-Accounting
Hi, One of our dial providers is sending Interim-Accounting to Radiator, which in turn is proxied to another Radiusserver to perform authentication. We need to 'drop' these Interim-Accounting updates from Radiator so they are not seen by the authenticating radius server. Has anyone done this already? Do we need to write a handler to achieve this? Thanks Steve
RE: (RADIATOR) 'Drop' Intermin-Accounting
A simple way around it would be to use a handler that accepts the Interim-Accounting requests and then another Handler to proxy the rest. We are using this on a production system for similar purposes. Handler Acct-Status-Type=AliveAuthBy INTERNALDefaultResult ACCEPT/AuthBy/Handler Handler AuthBy RADIUS AuthBy Stuff /AuthBy /Handler -Original Message-From: Steve Rogers [mailto:[EMAIL PROTECTED]]Sent: Thursday, July 18, 2002 10:30 AMTo: [EMAIL PROTECTED]Subject: (RADIATOR) 'Drop' Intermin-Accounting Hi, One of our dial providers is sending Interim-Accounting to Radiator, which in turn is proxied to another Radiusserver to perform authentication. We need to 'drop' these Interim-Accounting updates from Radiator so they are not seen by the authenticating radius server. Has anyone done this already? Do we need to write a handler to achieve this? Thanks Steve
Re: (RADIATOR) Limiting connections using a custom dialer and UUNET setup
Hugh, I cannot find documentation on OSC-AVPAIR, can you direct me to some. Can you describe at a high level what/how the dialer program could send something special to radiator to identify itself? Regards, Gilbert. Hello Gilbert - We have recently introduced vendor-specific attributes for Radiator, so you could use the OSC-AVPAIR attribute to do this. If you are wnating to do something special with your own dialer, I suggest you write your own AuthBy module. You should start with the Radius/AuthTEST.pm module and refer to section 17 in the Radiator 3.1 reference manual (doc/ref.html). For your last point, this topic has been discussed on the mailing list, so check the archive site and do a search (www.open.com.au/archives/radiator). regards Hugh At 14:31 -0400 17/7/02, Gilbert Rebeiro wrote: Hi, I will be developping a dialer and am looking for a radius server that will allow me to make sure that my users will only be able to connect if they use my dialer. Does or can Radiator do this? If so how? If I wanted to push updates and communicate with the dialer after the user auths can I use the Exec-Program. I guess I should use the at the end of the program invokecation. Also I might use UUNET as a provider, are there any configs available for complying with UUNET's 242 datafilters - for anti-spam? Thanks in advance. Gilbert. -- Distributed System Laboratory (http://dslab.ee.ncku.edu.tw) Department of Electrical Engineering National Cheng Kung University, Tainan, Taiwan, R.O.C. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- Distributed System Laboratory (http://dslab.ee.ncku.edu.tw) Department of Electrical Engineering National Cheng Kung University, Tainan, Taiwan, R.O.C. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problem: AuthByPolicy
Hello Hugh I'm unable to establish a policy that I want to achieve as described below: 1. user access if found in the deny file will be rejected and nothing else. 2. user access if not found in the deny file will be checked against the /etc/passwd file if not found in the /etc/passwd then check with the oracle database Here's my radius configuration: - LogDir /var/log/radius/test DbDir /usr/local/etc/raddb AuthPort2112 AcctPort2113 Trace 4 Log FILE Filename %L/logfile Trace 4 /Log Client 165.21.81.35 Secret xx /Client Client localhost Secret xx /Client Client 165.21.100.15 Secret xx /Client Client 165.21.100.18 Secret xx /Client AuthBy UNIX Identifier System Filename/etc/shadow /AuthBy AuthBy SQL Identifier CheckSQL DBSourcedbi:Oracle:ahimsa DBUsername xx DBAuth xx DBSourcedbi:Oracle:parthenon DBUsername xx DBAuth xx AuthSelect SELECT passwd FROM subscribers \ WHERE name = '%n' \ AND roam = 'T' \ AND status = 'T' AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, check AuthColumnDef 3, GENERIC, reply AuthColumnDef 4, GENERIC, reply /AuthBy Handler Realm=/.*\.sg/ RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueWhileReject AuthBy FILE Filename %D/deny /AuthBy AuthBy FILE Filename %D/users /AuthBy AuthBy CheckSQL AcctLogFileName /radacct/%C/detail /Handler - Here's my deny file: jaafarAuth-Type = Reject Here's my users file: -- DEFAULT Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255 --- Thank you. Best Regards Jaafar Sarim SingNet === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Reject Reason
Quick question all. How do you determine what message is sent back with a Access-Reject? This is mainly for a log file to know why people were rejected. In specific time-banked users. Say the check for their timeleft fails and an Access-Reject is sent back, is there a way to form the Reject message to a custom message. I already have RejectHasReason for this. The only way that I have thought I could do this is with a PostAuthHook. Any suggestions? -Ronan Ronan Eckelberry [EMAIL PROTECTED] Sr. Network/Systems Engineer WEBco Solutions, Inc (352)746-2500 www.webcosolutions.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort:Re: Antwort: Re: (RADIATOR) Radiator - Probs with Authby SQL
Hello Christian - If you want to do both CHAP and PAP authentication, your passwords *must* be stored in clear text in the database. If you want to store encrypted passwords (and only use PAP) you must use an external program to do the encryption and then take the resulting string and put that into the database. regards Hugh At 11:27 +0200 18/7/02, Christian Rautscher wrote: Hello Hugh, hello every1, is me again with the SQL Problem using MYSQL and Radiator. As last-way-out i tried the following: I reinstalled everything (OS/Radiator/Mysql) and updated the sql Database, so that my NAS was authorized to request Radiator for an incoming PPP. Than i tried to connect myself with the Example User (user: mikem pass: fred) and it worked perfectly At this point i am sure that my Router Configuration + Radiator Config are okay. -- Than i did create a new user in the DB: insert into SUBSCRIBERS ( USERNAME, PASSWORD, ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR, TIMELEFT ) values ( 'dialin', 'dialin', password ('dialin'),'Service-Type = Framed-User', 'Framed-Protocol = PPP', '100'); Than again i got the same error as before. That's why i am quite sure that the problem must be the encrypted Password. And as you see in the above-mentioned SQL-String, i used: password('dialin') but nevertheless i did try using: crypt('dialin') or md5('dialin') too. If i do believe the Radiator-manual than Radiator is using as default a Unix crypt(3) standart encryption. In the DOC Reference (Page 149, ref.html, 13.1.1) are some written pieces of examples but i don't understand them correctly. That's why my question: Can anybody tell me the right syntax to insert a new User in the mysql, using the same encrytion as there had been used with the EXAMPLE mikem? Or to give me a hint, or if it's possible an Example? Thankyou just in advance. Kind regards, Christian -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Strange problem when upgrading
Salut Jeje - Si t'es content avec ca - je le suis aussi. A+ Hugues At 12:38 +0200 18/7/02, Jeje wrote: --On Thursday, July 18, 2002 08:33:29 AM +1000 Hugh Irvine [EMAIL PROTECTED] wrote: Salut Jeje - Comment va la vie? tres bien, merci :) The first question is have you also applied all the patches for 3.1?. I just did, it seems like it has no effect on my problem. The second question is the usual can you please send me a copy of the configuration file (no secrets) together with a trace 4 debug showing what is happening?. BTW - in what you show below, why don't you use an AuthBy INTERNAL? I just switched to AuthBy INTERNAL following your advice, and magically, AddToReply works fine now. Is it normal, or is it a but that it doesn't work with my AuthBy FILE ? Do you still want my config file ? A+ merci A+ Hugues At 18:25 +0200 17/7/02, Jerome Fleury wrote: When upgrading from 2.19 to. 3.1, I had a strange problem that made me cancel the upgrade. this code (some hidden for security purpose): Handler Realm=/.*(foobar|adsl).hautdebit/ AuthBy FILE # accepte toutes les requetes venant du proxy AcceptIfMissing Filename /dev/null AddToReply \ Tunnel-Type=L2TP, \ Tunnel-Medium-Type=IP, \ Tunnel-Server-Endpoint=1.2.3.4, \ Tunnel-Assignment-ID=1.2.3.4, \ Tunnel-Server-Auth-ID=LNSTISFT01, \ RB-Tunnel-Remote-Name=LNSTISFT01, \ Class = L2FT /AuthBy /Handler used to work in 2.19. when upgrading to 3.1, AddToReply did not work any more and no attributes were sent back during Access-Accept. I saw in Changelog that a lot of code has been rewritten about Reply attributes. Why doesn't this work anymore ? Is there a workaround ? -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. /jeje -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Problem: AuthByPolicy
I would try ContinueUntilReject. :) -Ronan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jaafar Bin Sarim Sent: Thursday, 18 July, 2002 20:53 To: [EMAIL PROTECTED] Subject: (RADIATOR) Problem: AuthByPolicy Hello Hugh I'm unable to establish a policy that I want to achieve as described below: 1. user access if found in the deny file will be rejected and nothing else. 2. user access if not found in the deny file will be checked against the /etc/passwd file if not found in the /etc/passwd then check with the oracle database Here's my radius configuration: - LogDir /var/log/radius/test DbDir /usr/local/etc/raddb AuthPort2112 AcctPort2113 Trace 4 Log FILE Filename %L/logfile Trace 4 /Log Client 165.21.81.35 Secret xx /Client Client localhost Secret xx /Client Client 165.21.100.15 Secret xx /Client Client 165.21.100.18 Secret xx /Client AuthBy UNIX Identifier System Filename/etc/shadow /AuthBy AuthBy SQL Identifier CheckSQL DBSourcedbi:Oracle:ahimsa DBUsername xx DBAuth xx DBSourcedbi:Oracle:parthenon DBUsername xx DBAuth xx AuthSelect SELECT passwd FROM subscribers \ WHERE name = '%n' \ AND roam = 'T' \ AND status = 'T' AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, check AuthColumnDef 3, GENERIC, reply AuthColumnDef 4, GENERIC, reply /AuthBy Handler Realm=/.*\.sg/ RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueWhileReject AuthBy FILE Filename %D/deny /AuthBy AuthBy FILE Filename %D/users /AuthBy AuthBy CheckSQL AcctLogFileName /radacct/%C/detail /Handler - Here's my deny file: jaafarAuth-Type = Reject Here's my users file: -- DEFAULT Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255 --- Thank you. Best Regards Jaafar Sarim SingNet === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
FW: [QRgriff3]: RE: (RADIATOR) Problem: AuthByPolicy
Whoever is on the list that is using this service, could you please do something about it so people do not get this message everytime they post to the list? Thanks, -Ronan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, 18 July, 2002 21:27 To: [EMAIL PROTECTED] Subject: [QRgriff3]: RE: (RADIATOR) Problem: AuthByPolicy QUIKCOP has arrested your e-mail message to a Quik customer, with subject RE: (RADIATOR) Problem: AuthByPolicy Due to privacy and SPAM issues, you need to authorize yourself to continue to send e-mail to this person. You can easily do this by visiting the following web-page within the next 48 hours: http://q3.quik.com/cgi-bin/spamweb.pl?user=griff3[EMAIL PROTECTED] t.com.sg Enter your e-mail address on this web-page. The e-mail you sent will then be delivered. You specified the following TO and CC address(es) in your e-mail: [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problem: AuthByPolicy
Hello Jaafar - You will need to use AuthBy GROUP's for the different AuthBy policies. # define AuthBy clauses AuthBy UNIX Identifier System Filename/etc/shadow /AuthBy AuthBy SQL Identifier CheckSQL DBSourcedbi:Oracle:ahimsa DBUsername xx DBAuth xx DBSourcedbi:Oracle:parthenon DBUsername xx DBAuth xx AuthSelect SELECT passwd FROM subscribers \ WHERE name = '%n' \ AND roam = 'T' \ AND status = 'T' AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, check AuthColumnDef 3, GENERIC, reply AuthColumnDef 4, GENERIC, reply /AuthBy AuthBy FILE Identifier CheckDenyFile Filename %D/deny AcceptIfMissing NoDefault /AuthBy AuthBy Group Identifier CheckSystemThenSQL AuthByPolicy ContinueUntilAccept AuthBy System AuthBy CheckSQL /AuthBy AuthBy GROUP Identifier CheckUsers AuthByPolicy ContinueWhileAccept AuthBy CheckDenyFile AuthBy CheckSystemThenSQL AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP, \ Framed-IP-Netmask = 255.255.255.255 /AuthBy # define Handlers Handler Realm=/.*\.sg/ RewriteUsername s/^([^@]+).*/$1/ AuthBy CheckUsers AcctLogFileName /radacct/%C/detail /Handler regards Hugh At 8:53 +0800 19/7/02, Jaafar Bin Sarim wrote: Hello Hugh I'm unable to establish a policy that I want to achieve as described below: 1. user access if found in the deny file will be rejected and nothing else. 2. user access if not found in the deny file will be checked against the /etc/passwd file if not found in the /etc/passwd then check with the oracle database Here's my radius configuration: - LogDir /var/log/radius/test DbDir /usr/local/etc/raddb AuthPort2112 AcctPort2113 Trace 4 Log FILE Filename %L/logfile Trace 4 /Log Client 165.21.81.35 Secret xx /Client Client localhost Secret xx /Client Client 165.21.100.15 Secret xx /Client Client 165.21.100.18 Secret xx /Client AuthBy UNIX Identifier System Filename/etc/shadow /AuthBy AuthBy SQL Identifier CheckSQL DBSourcedbi:Oracle:ahimsa DBUsername xx DBAuth xx DBSourcedbi:Oracle:parthenon DBUsername xx DBAuth xx AuthSelect SELECT passwd FROM subscribers \ WHERE name = '%n' \ AND roam = 'T' \ AND status = 'T' AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, check AuthColumnDef 3, GENERIC, reply AuthColumnDef 4, GENERIC, reply /AuthBy Handler Realm=/.*\.sg/ RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueWhileReject AuthBy FILE Filename %D/deny /AuthBy AuthBy FILE Filename %D/users /AuthBy AuthBy CheckSQL AcctLogFileName /radacct/%C/detail /Handler - Here's my deny file: jaafarAuth-Type = Reject Here's my users file: -- DEFAULT Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255 --- Thank you. Best Regards Jaafar Sarim SingNet === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Limiting connections using a custom dialer andUUNET setup
Hello Gilbert - The OSC-AVPAIR is defined in the Radiator 3.1 dictionary. You would use it like this: OSC-AVPAIR = sometag = somestring It is completely up to you how you define and use sometag = somestring - it can be anything at all that suits your requirements. You can also have multiple OSC-AVPAIR's if required. regards Hugh At 20:11 -0400 18/7/02, Gilbert Rebeiro wrote: Hugh, I cannot find documentation on OSC-AVPAIR, can you direct me to some. Can you describe at a high level what/how the dialer program could send something special to radiator to identify itself? Regards, Gilbert. Hello Gilbert - We have recently introduced vendor-specific attributes for Radiator, so you could use the OSC-AVPAIR attribute to do this. If you are wnating to do something special with your own dialer, I suggest you write your own AuthBy module. You should start with the Radius/AuthTEST.pm module and refer to section 17 in the Radiator 3.1 reference manual (doc/ref.html). For your last point, this topic has been discussed on the mailing list, so check the archive site and do a search (www.open.com.au/archives/radiator). regards Hugh At 14:31 -0400 17/7/02, Gilbert Rebeiro wrote: Hi, I will be developping a dialer and am looking for a radius server that will allow me to make sure that my users will only be able to connect if they use my dialer. Does or can Radiator do this? If so how? If I wanted to push updates and communicate with the dialer after the user auths can I use the Exec-Program. I guess I should use the at the end of the program invokecation. Also I might use UUNET as a provider, are there any configs available for complying with UUNET's 242 datafilters - for anti-spam? Thanks in advance. Gilbert. -- Distributed System Laboratory (http://dslab.ee.ncku.edu.tw) Department of Electrical Engineering National Cheng Kung University, Tainan, Taiwan, R.O.C. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- Distributed System Laboratory (http://dslab.ee.ncku.edu.tw) Department of Electrical Engineering National Cheng Kung University, Tainan, Taiwan, R.O.C. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reject Reason
Hello Ronan - AddToReply Reply-Message = . Whether or not your users see such messages is up to the dialer that is being used, and most do not display these messages in any case. regards Hugh At 21:09 -0400 18/7/02, Ronan Eckelberry wrote: Quick question all. How do you determine what message is sent back with a Access-Reject? This is mainly for a log file to know why people were rejected. In specific time-banked users. Say the check for their timeleft fails and an Access-Reject is sent back, is there a way to form the Reject message to a custom message. I already have RejectHasReason for this. The only way that I have thought I could do this is with a PostAuthHook. Any suggestions? -Ronan Ronan Eckelberry [EMAIL PROTECTED] Sr. Network/Systems Engineer WEBco Solutions, Inc (352)746-2500 www.webcosolutions.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problem: AuthByPolicy
Hello Hugh, user test004 which is in the deny file still get authenticated against the /etc/passwd. pls see attached for the logs. Pls advise. Thank you. Best Regards Jaafar Sarim SingNet On Fri, 19 Jul 2002, Hugh Irvine wrote: Hello Jaafar - You will need to use AuthBy GROUP's for the different AuthBy policies. # define AuthBy clauses AuthBy UNIX Identifier System Filename/etc/shadow /AuthBy AuthBy SQL Identifier CheckSQL DBSourcedbi:Oracle:ahimsa DBUsername xx DBAuth xx DBSourcedbi:Oracle:parthenon DBUsername xx DBAuth xx AuthSelect SELECT passwd FROM subscribers \ WHERE name = '%n' \ AND roam = 'T' \ AND status = 'T' AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, check AuthColumnDef 3, GENERIC, reply AuthColumnDef 4, GENERIC, reply /AuthBy AuthBy FILE Identifier CheckDenyFile Filename %D/deny AcceptIfMissing NoDefault /AuthBy AuthBy Group Identifier CheckSystemThenSQL AuthByPolicy ContinueUntilAccept AuthBy System AuthBy CheckSQL /AuthBy AuthBy GROUP Identifier CheckUsers AuthByPolicy ContinueWhileAccept AuthBy CheckDenyFile AuthBy CheckSystemThenSQL AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP, \ Framed-IP-Netmask = 255.255.255.255 /AuthBy # define Handlers Handler Realm=/.*\.sg/ RewriteUsername s/^([^@]+).*/$1/ AuthBy CheckUsers AcctLogFileName /radacct/%C/detail /Handler regards Hugh At 8:53 +0800 19/7/02, Jaafar Bin Sarim wrote: Hello Hugh I'm unable to establish a policy that I want to achieve as described below: 1. user access if found in the deny file will be rejected and nothing else. 2. user access if not found in the deny file will be checked against the /etc/passwd file if not found in the /etc/passwd then check with the oracle database Here's my radius configuration: - LogDir /var/log/radius/test DbDir /usr/local/etc/raddb AuthPort2112 AcctPort2113 Trace 4 Log FILE Filename %L/logfile Trace 4 /Log Client 165.21.81.35 Secret xx /Client Client localhost Secret xx /Client Client 165.21.100.15 Secret xx /Client Client 165.21.100.18 Secret xx /Client AuthBy UNIX Identifier System Filename/etc/shadow /AuthBy AuthBy SQL Identifier CheckSQL DBSourcedbi:Oracle:ahimsa DBUsername xx DBAuth xx DBSourcedbi:Oracle:parthenon DBUsername xx DBAuth xx AuthSelect SELECT passwd FROM subscribers \ WHERE name = '%n' \ AND roam = 'T' \ AND status = 'T' AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, check AuthColumnDef 3, GENERIC, reply AuthColumnDef 4, GENERIC, reply /AuthBy Handler Realm=/.*\.sg/ RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueWhileReject AuthBy FILE Filename %D/deny /AuthBy AuthBy FILE Filename %D/users /AuthBy AuthBy CheckSQL AcctLogFileName /radacct/%C/detail /Handler - Here's my deny file: jaafarAuth-Type = Reject Here's my users file: -- DEFAULT Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255 --- Thank you. Best Regards Jaafar Sarim SingNet === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
Re: (RADIATOR) Reject Reason
Hugh, Thanx for the quick replyonce again you guys are great. Is there a way to only send this reply on an Access-Reject? Of course I don't want this coming back on every reply. :) -Ronan - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ronan Eckelberry [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, July 18, 2002 9:25 PM Subject: Re: (RADIATOR) Reject Reason Hello Ronan - AddToReply Reply-Message = . Whether or not your users see such messages is up to the dialer that is being used, and most do not display these messages in any case. regards Hugh At 21:09 -0400 18/7/02, Ronan Eckelberry wrote: Quick question all. How do you determine what message is sent back with a Access-Reject? This is mainly for a log file to know why people were rejected. In specific time-banked users. Say the check for their timeleft fails and an Access-Reject is sent back, is there a way to form the Reject message to a custom message. I already have RejectHasReason for this. The only way that I have thought I could do this is with a PostAuthHook. Any suggestions? -Ronan Ronan Eckelberry [EMAIL PROTECTED] Sr. Network/Systems Engineer WEBco Solutions, Inc (352)746-2500 www.webcosolutions.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.