Re: (RADIATOR) Multiple Host definitions in AuthBy LDAP2
How is the correct syntax? It is not clear in the manual. If I use Host host1 Host host2 Port 389 Radiator uses the second one. If I use Host host1,host2 Radiator uses host1,host2 as one name regards Vangelis Hugh Irvine wrote: Hello Vangelis - Yes. Have a look at section 6.35 in the Radiator 3.3.1 reference manual (doc/ref.html). regards Hugh On Thursday, Nov 21, 2002, at 22:56 Australia/Melbourne, Vangelis Kyriakakis wrote: Hello, If I use two LDAP servers in an AuthBy LDAP2 (two Host attributes) will Radiator change to the second one when the first one fails? thanks Vangelis === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy DYNADDRESS issue
We are putting together a radius server which authenticates from openldap, accounts and holds sessions in mysql, and does the dynamic pooling. All was working fine before I added the dynaddress stuff and now radiator crashes :( Running in debug mode logfile gives: Fri Nov 22 12:39:46 2002: INFO: Server started: Radiator 3.3.1 on breakbox Fri Nov 22 12:39:53 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 32780 Packet length = 113 01 18 00 71 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 01 1b 6a 6f 68 6e 2e 64 6f 65 40 65 76 65 72 79 77 68 65 72 65 75 6b 2e 63 6f 6d 06 06 00 00 00 02 04 06 d4 29 91 c8 05 06 00 00 04 d2 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33 32 31 3d 06 00 00 00 00 08 02 02 12 60 b0 f6 da 95 d7 73 51 ed 1d 69 3c aa e0 aa 8a Code: Access-Request Identifier: 24 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] Service-Type = Framed-User NAS-IP-Address = 1.41.145.200 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async Framed-IP-Address = UNKNOWN User-Password = `176246218149215sQ23729i170224170138 Fri Nov 22 12:39:53 2002: DEBUG: Handling request with Handler 'Realm=everywhereuk.com' Fri Nov 22 12:39:53 2002: DEBUG: Sess-everywhereuk Deleting session for [EMAIL PROTECTED], 1.41.145.200, 1234 Fri Nov 22 12:39:53 2002: DEBUG: do query is: delete from RADONLINE where USERNAME='[EMAIL PROTECTED]' and NASIDENTIFIER='1.41.145.200' and NASPORT='1234,NULL' Fri Nov 22 12:39:53 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='john.doe@domain1' Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthGROUP Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthLDAP2: LDAP-domain1 Fri Nov 22 12:39:53 2002: INFO: Connecting to localhost, port 389 Fri Nov 22 12:39:53 2002: INFO: Attempting to bind with cn=admin, dc=domain2, dc=net, dc=uk, test (server localhost:389) Fri Nov 22 12:39:55 2002: DEBUG: LDAP got result for cn=john.doe, ou=users, dc=domain1, dc=com Fri Nov 22 12:39:55 2002: DEBUG: LDAP got userPassword: password Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 looks for match with [EMAIL PROTECTED] Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 ACCEPT: Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthSQL Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthDYNADDRESS at this point radpwtst simply returns No Reply Has anyone any ideas what is wrong as I've been looking at this for so long now and cannot see the wood for the trees. Config below. TIA Steve. --- content of /etc/radiator/radius.cfg --- LogDir /var/log/radius DbDir /etc/radiator Trace 5 include %D/confs/domain1.com/radius.cfg Client 127.0.0.1 Description Local client (perl script) DupInterval 5 NasType ignore Secret secret /Client Client 1.69.237.113 Description 0845 dialup DupInterval 5 NasType ignore Secret secret /Client Client 1.69.225.5 Description 0808 dialup DupInterval 5 NasType ignore Secret secret /Client --- end /etc/radiator/radius.cfg --- --- content of %D/confs/domain1.com/radius.cfg --- AuthBy GROUP Identifier Auth-domain1 AuthByPolicy DoAllAuth AuthBy LDAP2 Identifier LDAP-domain1 Hostlocalhost AuthDN cn=admin, dc=domain2, dc=net, dc=uk AuthPasswordtest BaseDN ou=users, dc=domain1, dc=com UsernameAttruid PasswordAttrUserPassword AddToReply Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP Debug 255 Timeout 30 FailureBackoffTime 10 IgnoreAccounting /AuthBy AuthBy SQL IgnoreAuthentication Fork Identifier Acct-domain1 HandleAcctStatusTypes Start,Stop AuthSelect DBSourcedbi:mysql:domain1:localhost DBUsername domain1 DBAuth password AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef
Re: (RADIATOR) Remote Postgresql DB
Nathan: Also you have to make some entries in /var/db/postgres/data/pg_hba.conf (PostgreSQL HOST ACCESS CONTROL FILE) in your DB Server to allow your Radiator to access (see examples inside the file). bye, German. - Original Message - From: Dennis Methelev [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 22, 2002 3:33 AM Subject: Re: (RADIATOR) Remote Postgresql DB Nathan Alberti wrote: I see examples for connecting to a remote MySQL database in the user manual, but on searching I am unable to find examples of it being done with Postgresql. Is it possible ? Any pointing the correct direction for help would be appreciated, I wish to authenticate and log to a remote Postgresql DB. Regards, Nathan in MySQL examples make changes: ... DBSourcedbi:Pg:dbname=radius;host=ip DBUsername radiususer DBAuth radiususerpwd ... works fine ;) sy, dennis. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) FailureQuery quoted string
Hello again, I applied the patches using the following procedure: 1) copied the patches archive into the Radiator_3.3.1 directory and gunzip/untarred it. 2) ran perl Makefile.PL 3) ran make test (everything ok) 4) ran make install 5) restarted radiator. I noticed the radiusd file was updated during this process. However, I still get the same exact problem. I'll attach a piece of my radius log. Thanks for the help, Jason Hugh Irvine wrote: Hello Jason - There is a patch for this in the patches area. If it doesn't fix the problem please let me know. regards Hugh On Friday, Nov 22, 2002, at 09:35 Australia/Melbourne, Jason Signalness wrote: Hello, I tried to post this a few hours ago, but it didn't show up in the list for whatever reason. I apologize if it shows up twice. We make use of AuthLog SQL to log authentication failures to an SQL database (Oracle). After upgrading to Radiator v3.3.1, this fails. The reason is that we use a %1 in the FailureQuery parameter to log the error. The single quotes that are now a part of %1 (the quoted reason string for the failure) messes up our SQL syntax. Is there any way to get just the reason string, without the quotes? Here's my AuthLog SQL clause: # Log authentication FAILURES to the database for customers. AuthLog SQL Identifier BTIAuthLoggerSQL DBSourcedbi:Oracle:hidden DBUsername hidden DBAuth hidden Timeout 10 FailureBackoffTime 60 FailureQueryBEGIN radius.logAppAction('%n','rad','LOGIN FAILED (%h): %n (%1)','error','%c'); END; /AuthLog Thanks in advance, -- Jason Signalness, Systems Administrator Basin Telecommunications, Inc. [EMAIL PROTECTED] 1-701-355-5727 -- . . . Fri Nov 22 09:27:15 2002: DEBUG: Packet dump: *** Received from 216.235.160.45 port 52901 Code: Access-Request Identifier: 181 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = Fri Nov 22 09:27:15 2002: DEBUG: Rewrote user name to [EMAIL PROTECTED] Fri Nov 22 09:27:15 2002: DEBUG: Rewrote user name to [EMAIL PROTECTED] Fri Nov 22 09:27:15 2002: DEBUG: Handling request with Handler '' Fri Nov 22 09:27:15 2002: DEBUG: SessionDB Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Fri Nov 22 09:27:15 2002: DEBUG: do query is: BEGIN radius.deleteRADOnline('[EMAIL PROTECTED]','216.235.160.45', 1234); END; Fri Nov 22 09:27:15 2002: DEBUG: Handling with Radius::AuthGROUP Fri Nov 22 09:27:15 2002: DEBUG: Handling with Radius::AuthLDAP2: BTICheckLDAP Fri Nov 22 09:27:15 2002: INFO: Connecting to ds1v.btinet.net, port 389 Fri Nov 22 09:27:15 2002: INFO: Attempting to bind with cn=proxyagent,ou=people,o=bti, (server ds1v.btinet.net:389) Fri Nov 22 09:27:15 2002: DEBUG: LDAP got result for uid=jsignal,ou=people,o=clientfactor.com,o=bti Fri Nov 22 09:27:15 2002: DEBUG: LDAP got userPassword: {crypt} Fri Nov 22 09:27:15 2002: DEBUG: LDAP got bticheckattr: Simultaneous-Use=1 Fri Nov 22 09:27:15 2002: DEBUG: LDAP got btireplyattr: Service-Type = Framed-User, Framed-Protocol = PPP Fri Nov 22 09:27:15 2002: DEBUG: Radius::AuthLDAP2 looks for match with [EMAIL PROTECTED] Fri Nov 22 09:27:15 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted password Fri Nov 22 09:27:15 2002: DEBUG: Handling with Radius::AuthPLSQL Fri Nov 22 09:27:15 2002: DEBUG: Handling with Radius::AuthPLSQL: BTICheckDB Fri Nov 22 09:27:15 2002: DEBUG: Query is: BEGIN radius.getUser('[EMAIL PROTECTED]',:passwd,:check_item,:reply_item); END; Fri Nov 22 09:27:16 2002: DEBUG: Radius::AuthPLSQL looks for match with [EMAIL PROTECTED] Fri Nov 22 09:27:16 2002: DEBUG: Radius::AuthPLSQL REJECT: Bad Encrypted password Fri Nov 22 09:27:16 2002: INFO: Access rejected for [EMAIL PROTECTED]: Bad Encrypted password Fri Nov 22 09:27:16 2002: DEBUG: do query is: BEGIN radius.logAppAction('[EMAIL PROTECTED]','rad','LOGIN FAILED (nstest1): [EMAIL PROTECTED] ('Bad Encrypted password')','error','216.235.160.45'); END; Fri Nov 22 09:27:16 2002: ERR: do failed for 'BEGIN radius.logAppAction('[EMAIL PROTECTED]','rad','LOGIN FAILED (nstest1): [EMAIL PROTECTED] ('Bad Encrypted password')','error','216.235.160.45'); END;': ORA-06550: line 1, column 112: PLS-00103: Encountered the symbol BAD when expecting one of the following: . ( ) , * @ % | = - + / at in mod not range rem = .. an exponent (**) or != or ~= = = and or like between is null is not || is dangling (DBD ERROR: OCIStmtExecute) Fri Nov 22 09:27:16 2002: ERR: do failed for 'BEGIN radius.logAppAction('[EMAIL PROTECTED]','rad','LOGIN FAILED (nstest1): [EMAIL PROTECTED] ('Bad Encrypted password')','error','216.235.160.45'); END;': ORA-06550: line 1,
(RADIATOR) Radiator and ACE
I have one question: When I authenticate through Radiator (with ACE as the backend) I do not get any attributes passed back with the Accept. I have a test user in ACE assigned to an ACE profile ABC that has Service-Type = Administrator in it but this information is not being fed back to the client. My suspicion is that either the Perl ACE4 module does not return it or radiator does not accept it. I really need to be able to manage ACE users and assign them different profiles so some will have read only and other read write. I would also like to manage this in one place. My company has chosen ACE as the desired Authentication software. I have built this on one platform so I do not have more points of failure and less hardware to support. Please point me in the right direction so I can complete this task. Outside of this (or hard coding an Attribute) it works great. I really need this last piece to complete the task at hand. Thanks, David S. Loesche [EMAIL PROTECTED] Yipes Enterprise Services, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct: (415) 901-2210 San Francisco, CA 94104 Fax:(415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Sybase Issue. [POSSIBLE RADIATOR BUG]
HEllo Carlos, On Sat, 23 Nov 2002 09:49, Carlos Molina wrote: Greetings. I have the solution for the sybase issue. First. We should add the community column to the emerald system. Radiator wants to take this field for the clients setup. 2) Module AuthEMERALD.pm have a bug. It should have the use Radius::Client; line, because the module drops an error because the constructor isn't build. Thanks for reporting this one. We have fixed it for the next relase, and a new AuthEMERALD.pm and AuthEMERALD4.pm have been uploaded to the Radiator 3.3.1 patches area. It would only have affected installations wherer there were no Client clauses in the configuration file. We apologise for any inconvenience. Cheers. How can I enable debugs...?? Thanks a lot. Carlos -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) [LONG] radiator emerald problems...
Greetings ...:-) I ma testing radiator with emerald (not emerald 4), but I have some problems on tunning my config file. First, I used the emerald.cfg file to make some changes on it. The only features that we need are authenticate, emerald concurrent users feature, and real time users activity display. My problem is that all the users auth request will be fail. On the debug, I see some problems on the DB query for the AcctSQLStatement update ServerPorts set Username directive.. See the complete debug at end of this mail. The key p[art of the debug is Server message number=207 severity=16 state=1 line=1 server=DIAL_DB_1text=Invalid column name 'CallerId'. message Anybody can help me on this ...?? y config file is (really, is the same example config file from goodies/emerald.cfg): Foreground LogStdout LogDir . #DbDir . AuthPort1645 AcctPort1646 . . . Realm DEFAULT AuthBy EMERALD # Change DBSource, DBUsername, DBAuth for your database # See the reference manual DBSource dbi:Sybase:database=emerald DBUsername hidden DBAuth hidden AccountingTable Calls AcctColumnDef UserName,User-Name AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AuthSelect ,sa.LoginLimit AuthColumnDef 0,Simultaneous-Use,check AcctSQLStatement update ServerPorts set Username='%n', AcctSes sionId='%{Acct-Session-Id}', AcctStatusType= case '%{Acct-Status-Type}' when 'St art' then 1 when 'Stop' then 2 else 3 end, CallDate=getdate(), FramedAddress='%a ', CallerId='%{Calling-Station-Id}', ConnectInfo='%{Connect-Info}' where ServerI D=(select ServerID from Servers where IPAddress='%{Client:Name}') and Port=0%{NA S-Port} /AuthBy /Realm -- DEBUG START Packet length = 152 04 9a 00 98 f8 3b 0f fa f0 e9 1f 75 51 49 5c b1 76 82 41 c9 04 06 ac 10 fe fe 05 06 00 00 00 10 1a 0f 00 00 00 09 02 09 41 73 79 6e 63 31 36 3d 06 00 00 00 00 01 0b 67 72 61 74 65 72 6f 6c 6a 1e 06 38 38 30 30 28 06 00 00 00 02 2d 06 00 00 00 01 06 06 00 00 00 02 2c 0a 30 30 30 30 33 43 33 32 07 06 00 00 00 01 08 06 c8 4b 89 c3 31 06 00 00 00 02 2a 06 00 00 8d 88 2b 06 00 03 a9 bb 2f 06 00 00 01 b0 30 06 00 00 02 0a 2e 06 00 00 00 80 29 06 00 00 00 00 Code: Accounting-Request Identifier: 154 Authentic: 248;1525024023331uQI\177v130A201 Attributes: NAS-IP-Address = 172.16.254.254 NAS-Port = 16 Cisco-NAS-Port = Async16 NAS-Port-Type = Async User-Name = graterolj Called-Station-Id = 8800 Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed Acct-Session-Id = 3C32 Framed-Protocol = PPP Framed-IP-Address = 200.75.137.195 Acct-Terminate-Cause = Lost-Carrier Acct-Input-Octets = 36232 Acct-Output-Octets = 240059 Acct-Input-Packets = 432 Acct-Output-Packets = 522 Acct-Session-Time = 128 Acct-Delay-Time = 0 Fri Nov 22 16:02:28 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Fri Nov 22 16:02:28 2002: DEBUG: Deleting session for graterolj, 172.16.254.254, 16 Fri Nov 22 16:02:28 2002: DEBUG: Handling with Radius::AuthEMERALD Fri Nov 22 16:02:28 2002: DEBUG: Handling accounting with Radius::AuthEMERALD Fri Nov 22 16:02:28 2002: DEBUG: do query is: update ServerPorts set Username='graterolj', AcctSessionId='3C32', AcctStatusType= case 'Stop' when 'Start' then 1 when 'Stop' then 2 else 3 end, CallDate=getdate(), FramedAddress='', CallerId='', ConnectInfo='' where ServerID=(select ServerID from Servers where IPAddress='172.16.254.254') and Port=016 DBI handle cleared whilst still active at /usr/local/share/perl/5.6.1/Radius/Util.pm line 526. DBI Handle has uncleared implementors data at /usr/local/share/perl/5.6.1/Radius/Util.pm line 526. dbih_clearcom (sth 0x851ac80 0x85667c0, com 0x8569400, imp DBD::Sybase::st): FLAGS 0x113: COMSET IMPSET Warn PrintError PARENT DBI::db=HASH(0x851c7c4) KIDS 0 (0 Active) IMP_DATA undef LongReadLen 32768 NUM_OF_FIELDS 0
Re: (RADIATOR) [LONG] radiator emerald problems...
Hello Carlos - The error message indicates that there is no column named CallerId in the database. Have you checked the table definitions in the database? regards Hugh On Saturday, Nov 23, 2002, at 13:44 Australia/Melbourne, Carlos Molina (Net-Uno) wrote: Greetings ...:-) I ma testing radiator with emerald (not emerald 4), but I have some problems on tunning my config file. First, I used the emerald.cfg file to make some changes on it. The only features that we need are authenticate, emerald concurrent users feature, and real time users activity display. My problem is that all the users auth request will be fail. On the debug, I see some problems on the DB query for the AcctSQLStatement update ServerPorts set Username directive.. See the complete debug at end of this mail. The key p[art of the debug is Server message number=207 severity=16 state=1 line=1 server=DIAL_DB_1text=Invalid column name 'CallerId'. message Anybody can help me on this ...?? y config file is (really, is the same example config file from goodies/emerald.cfg): Foreground LogStdout LogDir . #DbDir . AuthPort1645 AcctPort1646 . . . Realm DEFAULT AuthBy EMERALD # Change DBSource, DBUsername, DBAuth for your database # See the reference manual DBSource dbi:Sybase:database=emerald DBUsername hidden DBAuth hidden AccountingTable Calls AcctColumnDef UserName,User-Name AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AuthSelect ,sa.LoginLimit AuthColumnDef 0,Simultaneous-Use,check AcctSQLStatement update ServerPorts set Username='%n', AcctSes sionId='%{Acct-Session-Id}', AcctStatusType= case '%{Acct-Status-Type}' when 'St art' then 1 when 'Stop' then 2 else 3 end, CallDate=getdate(), FramedAddress='%a ', CallerId='%{Calling-Station-Id}', ConnectInfo='%{Connect-Info}' where ServerI D=(select ServerID from Servers where IPAddress='%{Client:Name}') and Port=0%{NA S-Port} /AuthBy /Realm -- DEBUG START Packet length = 152 04 9a 00 98 f8 3b 0f fa f0 e9 1f 75 51 49 5c b1 76 82 41 c9 04 06 ac 10 fe fe 05 06 00 00 00 10 1a 0f 00 00 00 09 02 09 41 73 79 6e 63 31 36 3d 06 00 00 00 00 01 0b 67 72 61 74 65 72 6f 6c 6a 1e 06 38 38 30 30 28 06 00 00 00 02 2d 06 00 00 00 01 06 06 00 00 00 02 2c 0a 30 30 30 30 33 43 33 32 07 06 00 00 00 01 08 06 c8 4b 89 c3 31 06 00 00 00 02 2a 06 00 00 8d 88 2b 06 00 03 a9 bb 2f 06 00 00 01 b0 30 06 00 00 02 0a 2e 06 00 00 00 80 29 06 00 00 00 00 Code: Accounting-Request Identifier: 154 Authentic: 248;1525024023331uQI\177v130A201 Attributes: NAS-IP-Address = 172.16.254.254 NAS-Port = 16 Cisco-NAS-Port = Async16 NAS-Port-Type = Async User-Name = graterolj Called-Station-Id = 8800 Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed Acct-Session-Id = 3C32 Framed-Protocol = PPP Framed-IP-Address = 200.75.137.195 Acct-Terminate-Cause = Lost-Carrier Acct-Input-Octets = 36232 Acct-Output-Octets = 240059 Acct-Input-Packets = 432 Acct-Output-Packets = 522 Acct-Session-Time = 128 Acct-Delay-Time = 0 Fri Nov 22 16:02:28 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Fri Nov 22 16:02:28 2002: DEBUG: Deleting session for graterolj, 172.16.254.254, 16 Fri Nov 22 16:02:28 2002: DEBUG: Handling with Radius::AuthEMERALD Fri Nov 22 16:02:28 2002: DEBUG: Handling accounting with Radius::AuthEMERALD Fri Nov 22 16:02:28 2002: DEBUG: do query is: update ServerPorts set Username='graterolj', AcctSessionId='3C32', AcctStatusType= case 'Stop' when 'Start' then 1 when 'Stop' then 2 else 3 end, CallDate=getdate(), FramedAddress='', CallerId='', ConnectInfo='' where ServerID=(select ServerID from Servers where IPAddress='172.16.254.254') and Port=016 DBI handle cleared whilst still active at /usr/local/share/perl/5.6.1/Radius/Util.pm line 526. DBI Handle has uncleared implementors data at /usr/local/share/perl/5.6.1/Radius/Util.pm line 526.
Re: (RADIATOR) AuthBy DYNADDRESS issue
Hello Steve - I would need to see the Perl error output to be sure, but it is possible that you need to specify the AddressAllocator clause before you refer to it in your configuration file. If you still have a problem, please run radiusd from the command line (with -foreground -log_stdout) so I can see the debug and the Perl messages. regards Hugh On Friday, Nov 22, 2002, at 23:34 Australia/Melbourne, Steve Wilson wrote: We are putting together a radius server which authenticates from openldap, accounts and holds sessions in mysql, and does the dynamic pooling. All was working fine before I added the dynaddress stuff and now radiator crashes :( Running in debug mode logfile gives: Fri Nov 22 12:39:46 2002: INFO: Server started: Radiator 3.3.1 on breakbox Fri Nov 22 12:39:53 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 32780 Packet length = 113 01 18 00 71 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 01 1b 6a 6f 68 6e 2e 64 6f 65 40 65 76 65 72 79 77 68 65 72 65 75 6b 2e 63 6f 6d 06 06 00 00 00 02 04 06 d4 29 91 c8 05 06 00 00 04 d2 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33 32 31 3d 06 00 00 00 00 08 02 02 12 60 b0 f6 da 95 d7 73 51 ed 1d 69 3c aa e0 aa 8a Code: Access-Request Identifier: 24 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] Service-Type = Framed-User NAS-IP-Address = 1.41.145.200 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async Framed-IP-Address = UNKNOWN User-Password = `176246218149215sQ23729i170224170138 Fri Nov 22 12:39:53 2002: DEBUG: Handling request with Handler 'Realm=everywhereuk.com' Fri Nov 22 12:39:53 2002: DEBUG: Sess-everywhereuk Deleting session for [EMAIL PROTECTED], 1.41.145.200, 1234 Fri Nov 22 12:39:53 2002: DEBUG: do query is: delete from RADONLINE where USERNAME='[EMAIL PROTECTED]' and NASIDENTIFIER='1.41.145.200' and NASPORT='1234,NULL' Fri Nov 22 12:39:53 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='john.doe@domain1' Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthGROUP Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthLDAP2: LDAP-domain1 Fri Nov 22 12:39:53 2002: INFO: Connecting to localhost, port 389 Fri Nov 22 12:39:53 2002: INFO: Attempting to bind with cn=admin, dc=domain2, dc=net, dc=uk, test (server localhost:389) Fri Nov 22 12:39:55 2002: DEBUG: LDAP got result for cn=john.doe, ou=users, dc=domain1, dc=com Fri Nov 22 12:39:55 2002: DEBUG: LDAP got userPassword: password Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 looks for match with [EMAIL PROTECTED] Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 ACCEPT: Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthSQL Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthDYNADDRESS at this point radpwtst simply returns No Reply Has anyone any ideas what is wrong as I've been looking at this for so long now and cannot see the wood for the trees. Config below. TIA Steve. --- content of /etc/radiator/radius.cfg --- LogDir /var/log/radius DbDir /etc/radiator Trace 5 include %D/confs/domain1.com/radius.cfg Client 127.0.0.1 Description Local client (perl script) DupInterval 5 NasType ignore Secret secret /Client Client 1.69.237.113 Description 0845 dialup DupInterval 5 NasType ignore Secret secret /Client Client 1.69.225.5 Description 0808 dialup DupInterval 5 NasType ignore Secret secret /Client --- end /etc/radiator/radius.cfg --- --- content of %D/confs/domain1.com/radius.cfg --- AuthBy GROUP Identifier Auth-domain1 AuthByPolicy DoAllAuth AuthBy LDAP2 Identifier LDAP-domain1 Host localhost AuthDN cn=admin, dc=domain2, dc=net, dc=uk AuthPassword test BaseDN ou=users, dc=domain1, dc=com UsernameAttr uid PasswordAttr UserPassword AddToReply Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP Debug 255 Timeout 30 FailureBackoffTime 10 IgnoreAccounting /AuthBy AuthBy SQL IgnoreAuthentication Fork Identifier Acct-domain1 HandleAcctStatusTypes Start,Stop AuthSelect DBSource dbi:mysql:domain1:localhost DBUsername domain1 DBAuth password AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef
Re: (RADIATOR) Problem with Class attribute
Hello Ganbold - What definition do you have for Class in your dictionary (looks like integer)? It should be defined as string. Here is the entry from the standard dictionary: ATTRIBUTE Class 25 string regards Hugh On Friday, Nov 22, 2002, at 17:20 Australia/Melbourne, Ganbold wrote: Hi, I'm having trouble with Radiator 3.3.1. I'm putting concatenated value to Class attribute. But in radius logfile it says ERR: There is no value named 19-400 for attribute Class. Using 0. In insert statement it gets Class value and gets part of string and puts into 2 different int field. Following is the part of logfile and insert statement. Ganbold --Logfile -- Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for attribute Class. Using 0. Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for attribute Class. Using 0. Thu Nov 21 19:53:08 2002: DEBUG: do query is: insert into ACCOUNTING (USERNAME,ACCTSTATUSTYPE,class_id,TIME_STAMP,ACCTTERMINAT ECAUSE,NASPORT,CALLINGSTATIONID,ACCTDELAYTIME,CONTRACTID,ACCTSESSIONID, ACCTINPUTOCTETS,FRAMEDIPADDRESS,ACCTSESSIONTIME,ACCTOUT PUTOCTETS) values ('skytel','Stop',substring('19-400',1,locate('-','19-400')- 1),1037879588,'User-Request','56','11366801',0,su bstring('19-400',locate('-','19- 400')+1),'000F6CE3',511690,'202.179.x.xx',3131,7864103) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.