Re: (RADIATOR) Multiple Host definitions in AuthBy LDAP2
How is the correct syntax? It is not clear in the manual. If I use Host host1 Host host2 Port 389 Radiator uses the second one. If I use Host host1,host2 Radiator uses host1,host2 as one name regards Vangelis Hugh Irvine wrote: Hello Vangelis - Yes. Have a look at section 6.35 in the Radiator 3.3.1 reference manual (doc/ref.html). regards Hugh On Thursday, Nov 21, 2002, at 22:56 Australia/Melbourne, Vangelis Kyriakakis wrote: Hello, If I use two LDAP servers in an AuthBy LDAP2 (two Host attributes) will Radiator change to the second one when the first one fails? thanks Vangelis === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy DYNADDRESS issue
We are putting together a radius server which authenticates from openldap, accounts and holds sessions in mysql, and does the dynamic pooling. All was working fine before I added the dynaddress stuff and now radiator crashes :( Running in debug mode logfile gives: Fri Nov 22 12:39:46 2002: INFO: Server started: Radiator 3.3.1 on breakbox Fri Nov 22 12:39:53 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 32780 Packet length = 113 01 18 00 71 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 01 1b 6a 6f 68 6e 2e 64 6f 65 40 65 76 65 72 79 77 68 65 72 65 75 6b 2e 63 6f 6d 06 06 00 00 00 02 04 06 d4 29 91 c8 05 06 00 00 04 d2 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33 32 31 3d 06 00 00 00 00 08 02 02 12 60 b0 f6 da 95 d7 73 51 ed 1d 69 3c aa e0 aa 8a Code: Access-Request Identifier: 24 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] Service-Type = Framed-User NAS-IP-Address = 1.41.145.200 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async Framed-IP-Address = UNKNOWN User-Password = `176246218149215sQ23729i170224170138 Fri Nov 22 12:39:53 2002: DEBUG: Handling request with Handler 'Realm=everywhereuk.com' Fri Nov 22 12:39:53 2002: DEBUG: Sess-everywhereuk Deleting session for [EMAIL PROTECTED], 1.41.145.200, 1234 Fri Nov 22 12:39:53 2002: DEBUG: do query is: delete from RADONLINE where USERNAME='[EMAIL PROTECTED]' and NASIDENTIFIER='1.41.145.200' and NASPORT='1234,NULL' Fri Nov 22 12:39:53 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='john.doe@domain1' Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthGROUP Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthLDAP2: LDAP-domain1 Fri Nov 22 12:39:53 2002: INFO: Connecting to localhost, port 389 Fri Nov 22 12:39:53 2002: INFO: Attempting to bind with cn=admin, dc=domain2, dc=net, dc=uk, test (server localhost:389) Fri Nov 22 12:39:55 2002: DEBUG: LDAP got result for cn=john.doe, ou=users, dc=domain1, dc=com Fri Nov 22 12:39:55 2002: DEBUG: LDAP got userPassword: password Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 looks for match with [EMAIL PROTECTED] Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 ACCEPT: Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthSQL Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthDYNADDRESS at this point radpwtst simply returns No Reply Has anyone any ideas what is wrong as I've been looking at this for so long now and cannot see the wood for the trees. Config below. TIA Steve. --- content of /etc/radiator/radius.cfg --- LogDir /var/log/radius DbDir /etc/radiator Trace 5 include %D/confs/domain1.com/radius.cfg Client 127.0.0.1 Description Local client (perl script) DupInterval 5 NasType ignore Secret secret /Client Client 1.69.237.113 Description 0845 dialup DupInterval 5 NasType ignore Secret secret /Client Client 1.69.225.5 Description 0808 dialup DupInterval 5 NasType ignore Secret secret /Client --- end /etc/radiator/radius.cfg --- --- content of %D/confs/domain1.com/radius.cfg --- AuthBy GROUP Identifier Auth-domain1 AuthByPolicy DoAllAuth AuthBy LDAP2 Identifier LDAP-domain1 Hostlocalhost AuthDN cn=admin, dc=domain2, dc=net, dc=uk AuthPasswordtest BaseDN ou=users, dc=domain1, dc=com UsernameAttruid PasswordAttrUserPassword AddToReply Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP Debug 255 Timeout 30 FailureBackoffTime 10 IgnoreAccounting /AuthBy AuthBy SQL IgnoreAuthentication Fork Identifier Acct-domain1 HandleAcctStatusTypes Start,Stop AuthSelect DBSourcedbi:mysql:domain1:localhost DBUsername domain1 DBAuth password AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef
Re: (RADIATOR) Remote Postgresql DB
Nathan: Also you have to make some entries in /var/db/postgres/data/pg_hba.conf (PostgreSQL HOST ACCESS CONTROL FILE) in your DB Server to allow your Radiator to access (see examples inside the file). bye, German. - Original Message - From: Dennis Methelev [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 22, 2002 3:33 AM Subject: Re: (RADIATOR) Remote Postgresql DB Nathan Alberti wrote: I see examples for connecting to a remote MySQL database in the user manual, but on searching I am unable to find examples of it being done with Postgresql. Is it possible ? Any pointing the correct direction for help would be appreciated, I wish to authenticate and log to a remote Postgresql DB. Regards, Nathan in MySQL examples make changes: ... DBSourcedbi:Pg:dbname=radius;host=ip DBUsername radiususer DBAuth radiususerpwd ... works fine ;) sy, dennis. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) FailureQuery quoted string
Hello again,
I applied the patches using the following procedure:
1) copied the patches archive into the Radiator_3.3.1 directory and
gunzip/untarred it.
2) ran perl Makefile.PL
3) ran make test (everything ok)
4) ran make install
5) restarted radiator. I noticed the radiusd file was updated during
this process.
However, I still get the same exact problem. I'll attach a piece of my
radius log.
Thanks for the help,
Jason
Hugh Irvine wrote:
Hello Jason -
There is a patch for this in the patches area.
If it doesn't fix the problem please let me know.
regards
Hugh
On Friday, Nov 22, 2002, at 09:35 Australia/Melbourne, Jason Signalness
wrote:
Hello,
I tried to post this a few hours ago, but it didn't show up in the
list for whatever reason. I apologize if it shows up twice.
We make use of AuthLog SQL to log authentication failures to an SQL
database (Oracle). After upgrading to Radiator v3.3.1, this fails.
The reason is that we use a %1 in the FailureQuery parameter to log
the error. The single quotes that are now a part of %1 (the quoted
reason string for the failure) messes up our SQL syntax.
Is there any way to get just the reason string, without the quotes?
Here's my AuthLog SQL clause:
# Log authentication FAILURES to the database for customers.
AuthLog SQL
Identifier BTIAuthLoggerSQL
DBSourcedbi:Oracle:hidden
DBUsername hidden
DBAuth hidden
Timeout 10
FailureBackoffTime 60
FailureQueryBEGIN radius.logAppAction('%n','rad','LOGIN
FAILED (%h): %n (%1)','error','%c'); END;
/AuthLog
Thanks in advance,
--
Jason Signalness, Systems Administrator
Basin Telecommunications, Inc.
[EMAIL PROTECTED] 1-701-355-5727
--
. . .
Fri Nov 22 09:27:15 2002: DEBUG: Packet dump:
*** Received from 216.235.160.45 port 52901
Code: Access-Request
Identifier: 181
Authentic: 1234567890123456
Attributes:
User-Name = [EMAIL PROTECTED]
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = 123456789
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password =
Fri Nov 22 09:27:15 2002: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Fri Nov 22 09:27:15 2002: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Fri Nov 22 09:27:15 2002: DEBUG: Handling request with Handler ''
Fri Nov 22 09:27:15 2002: DEBUG: SessionDB Deleting session for
[EMAIL PROTECTED], 203.63.154.1, 1234
Fri Nov 22 09:27:15 2002: DEBUG: do query is: BEGIN
radius.deleteRADOnline('[EMAIL PROTECTED]','216.235.160.45', 1234); END;
Fri Nov 22 09:27:15 2002: DEBUG: Handling with Radius::AuthGROUP
Fri Nov 22 09:27:15 2002: DEBUG: Handling with Radius::AuthLDAP2: BTICheckLDAP
Fri Nov 22 09:27:15 2002: INFO: Connecting to ds1v.btinet.net, port 389
Fri Nov 22 09:27:15 2002: INFO: Attempting to bind with cn=proxyagent,ou=people,o=bti,
(server ds1v.btinet.net:389)
Fri Nov 22 09:27:15 2002: DEBUG: LDAP got result for
uid=jsignal,ou=people,o=clientfactor.com,o=bti
Fri Nov 22 09:27:15 2002: DEBUG: LDAP got userPassword: {crypt}
Fri Nov 22 09:27:15 2002: DEBUG: LDAP got bticheckattr: Simultaneous-Use=1
Fri Nov 22 09:27:15 2002: DEBUG: LDAP got btireplyattr: Service-Type = Framed-User,
Framed-Protocol = PPP
Fri Nov 22 09:27:15 2002: DEBUG: Radius::AuthLDAP2 looks for match with
[EMAIL PROTECTED]
Fri Nov 22 09:27:15 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted password
Fri Nov 22 09:27:15 2002: DEBUG: Handling with Radius::AuthPLSQL
Fri Nov 22 09:27:15 2002: DEBUG: Handling with Radius::AuthPLSQL: BTICheckDB
Fri Nov 22 09:27:15 2002: DEBUG: Query is: BEGIN
radius.getUser('[EMAIL PROTECTED]',:passwd,:check_item,:reply_item); END;
Fri Nov 22 09:27:16 2002: DEBUG: Radius::AuthPLSQL looks for match with
[EMAIL PROTECTED]
Fri Nov 22 09:27:16 2002: DEBUG: Radius::AuthPLSQL REJECT: Bad Encrypted password
Fri Nov 22 09:27:16 2002: INFO: Access rejected for [EMAIL PROTECTED]: Bad
Encrypted password
Fri Nov 22 09:27:16 2002: DEBUG: do query is: BEGIN
radius.logAppAction('[EMAIL PROTECTED]','rad','LOGIN FAILED (nstest1):
[EMAIL PROTECTED] ('Bad Encrypted password')','error','216.235.160.45'); END;
Fri Nov 22 09:27:16 2002: ERR: do failed for 'BEGIN
radius.logAppAction('[EMAIL PROTECTED]','rad','LOGIN FAILED (nstest1):
[EMAIL PROTECTED] ('Bad Encrypted password')','error','216.235.160.45'); END;':
ORA-06550: line 1, column 112:
PLS-00103: Encountered the symbol BAD when expecting one of the following:
. ( ) , * @ % | = - + / at in mod not range rem = ..
an exponent (**) or != or ~= = = and or like
between is null is not || is dangling (DBD ERROR: OCIStmtExecute)
Fri Nov 22 09:27:16 2002: ERR: do failed for 'BEGIN
radius.logAppAction('[EMAIL PROTECTED]','rad','LOGIN FAILED (nstest1):
[EMAIL PROTECTED] ('Bad Encrypted password')','error','216.235.160.45'); END;':
ORA-06550: line 1,
(RADIATOR) Radiator and ACE
I have one question: When I authenticate through Radiator (with ACE as the backend) I do not get any attributes passed back with the Accept. I have a test user in ACE assigned to an ACE profile ABC that has Service-Type = Administrator in it but this information is not being fed back to the client. My suspicion is that either the Perl ACE4 module does not return it or radiator does not accept it. I really need to be able to manage ACE users and assign them different profiles so some will have read only and other read write. I would also like to manage this in one place. My company has chosen ACE as the desired Authentication software. I have built this on one platform so I do not have more points of failure and less hardware to support. Please point me in the right direction so I can complete this task. Outside of this (or hard coding an Attribute) it works great. I really need this last piece to complete the task at hand. Thanks, David S. Loesche [EMAIL PROTECTED] Yipes Enterprise Services, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct: (415) 901-2210 San Francisco, CA 94104 Fax:(415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Sybase Issue. [POSSIBLE RADIATOR BUG]
HEllo Carlos, On Sat, 23 Nov 2002 09:49, Carlos Molina wrote: Greetings. I have the solution for the sybase issue. First. We should add the community column to the emerald system. Radiator wants to take this field for the clients setup. 2) Module AuthEMERALD.pm have a bug. It should have the use Radius::Client; line, because the module drops an error because the constructor isn't build. Thanks for reporting this one. We have fixed it for the next relase, and a new AuthEMERALD.pm and AuthEMERALD4.pm have been uploaded to the Radiator 3.3.1 patches area. It would only have affected installations wherer there were no Client clauses in the configuration file. We apologise for any inconvenience. Cheers. How can I enable debugs...?? Thanks a lot. Carlos -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) [LONG] radiator emerald problems...
Greetings ...:-)
I ma testing radiator with emerald (not emerald 4), but I
have some problems on tunning my config file. First, I
used the emerald.cfg file to make some changes on it.
The only features that we need are authenticate, emerald
concurrent users feature, and real time users activity
display.
My problem is that all the users auth request will be
fail. On the debug, I see some problems on the DB query
for the AcctSQLStatement update ServerPorts set Username
directive.. See the complete debug at end of this mail.
The key p[art of the debug is Server message number=207
severity=16 state=1 line=1 server=DIAL_DB_1text=Invalid
column name 'CallerId'. message
Anybody can help me on this ...??
y config file is (really, is the same example config file
from goodies/emerald.cfg):
Foreground
LogStdout
LogDir .
#DbDir .
AuthPort1645
AcctPort1646
.
.
.
Realm DEFAULT
AuthBy EMERALD
# Change DBSource, DBUsername, DBAuth for
your database
# See the reference manual
DBSource
dbi:Sybase:database=emerald
DBUsername hidden
DBAuth hidden
AccountingTable Calls
AcctColumnDef UserName,User-Name
AcctColumnDef
CallDate,Timestamp,integer-date
AcctColumnDef
AcctStatusType,Acct-Status-Type,integer
AcctColumnDef
AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef
AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef
AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef
AcctSessionId,Acct-Session-Id
AcctColumnDef
AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef
AcctTerminateCause,Acct-Terminate-Cause,integer
AcctColumnDef
NASIdentifier,NAS-Identifier
AcctColumnDef
NASIdentifier,NAS-IP-Address
AcctColumnDef NASPort,NAS-Port,integer
AuthSelect ,sa.LoginLimit
AuthColumnDef 0,Simultaneous-Use,check
AcctSQLStatement update ServerPorts set
Username='%n', AcctSes
sionId='%{Acct-Session-Id}', AcctStatusType= case
'%{Acct-Status-Type}' when 'St
art' then 1 when 'Stop' then 2 else 3 end,
CallDate=getdate(), FramedAddress='%a
', CallerId='%{Calling-Station-Id}',
ConnectInfo='%{Connect-Info}' where ServerI
D=(select ServerID from Servers where
IPAddress='%{Client:Name}') and Port=0%{NA
S-Port}
/AuthBy
/Realm
-- DEBUG START
Packet length = 152
04 9a 00 98 f8 3b 0f fa f0 e9 1f 75 51 49 5c b1
76 82 41 c9 04 06 ac 10 fe fe 05 06 00 00 00 10
1a 0f 00 00 00 09 02 09 41 73 79 6e 63 31 36 3d
06 00 00 00 00 01 0b 67 72 61 74 65 72 6f 6c 6a
1e 06 38 38 30 30 28 06 00 00 00 02 2d 06 00 00
00 01 06 06 00 00 00 02 2c 0a 30 30 30 30 33 43
33 32 07 06 00 00 00 01 08 06 c8 4b 89 c3 31 06
00 00 00 02 2a 06 00 00 8d 88 2b 06 00 03 a9 bb
2f 06 00 00 01 b0 30 06 00 00 02 0a 2e 06 00 00
00 80 29 06 00 00 00 00
Code: Accounting-Request
Identifier: 154
Authentic:
248;1525024023331uQI\177v130A201
Attributes:
NAS-IP-Address = 172.16.254.254
NAS-Port = 16
Cisco-NAS-Port = Async16
NAS-Port-Type = Async
User-Name = graterolj
Called-Station-Id = 8800
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed
Acct-Session-Id = 3C32
Framed-Protocol = PPP
Framed-IP-Address = 200.75.137.195
Acct-Terminate-Cause = Lost-Carrier
Acct-Input-Octets = 36232
Acct-Output-Octets = 240059
Acct-Input-Packets = 432
Acct-Output-Packets = 522
Acct-Session-Time = 128
Acct-Delay-Time = 0
Fri Nov 22 16:02:28 2002: DEBUG: Handling request with
Handler 'Realm=DEFAULT'
Fri Nov 22 16:02:28 2002: DEBUG: Deleting session for
graterolj, 172.16.254.254, 16
Fri Nov 22 16:02:28 2002: DEBUG: Handling with
Radius::AuthEMERALD
Fri Nov 22 16:02:28 2002: DEBUG: Handling accounting with
Radius::AuthEMERALD
Fri Nov 22 16:02:28 2002: DEBUG: do query is: update
ServerPorts set Username='graterolj',
AcctSessionId='3C32', AcctStatusType= case 'Stop' when
'Start' then 1 when 'Stop' then 2 else 3 end,
CallDate=getdate(), FramedAddress='', CallerId='',
ConnectInfo='' where ServerID=(select ServerID from
Servers where IPAddress='172.16.254.254') and Port=016
DBI handle cleared whilst still active at
/usr/local/share/perl/5.6.1/Radius/Util.pm line 526.
DBI Handle has uncleared implementors data at
/usr/local/share/perl/5.6.1/Radius/Util.pm line 526.
dbih_clearcom (sth 0x851ac80 0x85667c0, com
0x8569400, imp DBD::Sybase::st):
FLAGS 0x113: COMSET IMPSET Warn PrintError
PARENT DBI::db=HASH(0x851c7c4)
KIDS 0 (0 Active)
IMP_DATA undef
LongReadLen 32768
NUM_OF_FIELDS 0
Re: (RADIATOR) [LONG] radiator emerald problems...
Hello Carlos -
The error message indicates that there is no column named CallerId in
the database.
Have you checked the table definitions in the database?
regards
Hugh
On Saturday, Nov 23, 2002, at 13:44 Australia/Melbourne, Carlos Molina
(Net-Uno) wrote:
Greetings ...:-)
I ma testing radiator with emerald (not emerald 4), but I have some
problems on tunning my config file. First, I used the emerald.cfg file
to make some changes on it.
The only features that we need are authenticate, emerald concurrent
users feature, and real time users activity display.
My problem is that all the users auth request will be fail. On the
debug, I see some problems on the DB query for the AcctSQLStatement
update ServerPorts set Username directive.. See the complete debug at
end of this mail. The key p[art of the debug is Server message
number=207 severity=16 state=1 line=1 server=DIAL_DB_1text=Invalid
column name 'CallerId'. message
Anybody can help me on this ...??
y config file is (really, is the same example config file from
goodies/emerald.cfg):
Foreground
LogStdout
LogDir .
#DbDir .
AuthPort1645
AcctPort1646
.
.
.
Realm DEFAULT
AuthBy EMERALD
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual
DBSource dbi:Sybase:database=emerald
DBUsername hidden
DBAuth hidden
AccountingTable Calls
AcctColumnDef UserName,User-Name
AcctColumnDef CallDate,Timestamp,integer-date
AcctColumnDef AcctStatusType,Acct-Status-Type,integer
AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef
AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef
AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef AcctSessionId,Acct-Session-Id
AcctColumnDef
AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef
AcctTerminateCause,Acct-Terminate-Cause,integer
AcctColumnDef NASIdentifier,NAS-Identifier
AcctColumnDef NASIdentifier,NAS-IP-Address
AcctColumnDef NASPort,NAS-Port,integer
AuthSelect ,sa.LoginLimit
AuthColumnDef 0,Simultaneous-Use,check
AcctSQLStatement update ServerPorts set Username='%n',
AcctSes
sionId='%{Acct-Session-Id}', AcctStatusType= case
'%{Acct-Status-Type}' when 'St
art' then 1 when 'Stop' then 2 else 3 end, CallDate=getdate(),
FramedAddress='%a
', CallerId='%{Calling-Station-Id}', ConnectInfo='%{Connect-Info}'
where ServerI
D=(select ServerID from Servers where IPAddress='%{Client:Name}') and
Port=0%{NA
S-Port}
/AuthBy
/Realm
-- DEBUG START
Packet length = 152
04 9a 00 98 f8 3b 0f fa f0 e9 1f 75 51 49 5c b1
76 82 41 c9 04 06 ac 10 fe fe 05 06 00 00 00 10
1a 0f 00 00 00 09 02 09 41 73 79 6e 63 31 36 3d
06 00 00 00 00 01 0b 67 72 61 74 65 72 6f 6c 6a
1e 06 38 38 30 30 28 06 00 00 00 02 2d 06 00 00
00 01 06 06 00 00 00 02 2c 0a 30 30 30 30 33 43
33 32 07 06 00 00 00 01 08 06 c8 4b 89 c3 31 06
00 00 00 02 2a 06 00 00 8d 88 2b 06 00 03 a9 bb
2f 06 00 00 01 b0 30 06 00 00 02 0a 2e 06 00 00
00 80 29 06 00 00 00 00
Code: Accounting-Request
Identifier: 154
Authentic: 248;1525024023331uQI\177v130A201
Attributes:
NAS-IP-Address = 172.16.254.254
NAS-Port = 16
Cisco-NAS-Port = Async16
NAS-Port-Type = Async
User-Name = graterolj
Called-Station-Id = 8800
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed
Acct-Session-Id = 3C32
Framed-Protocol = PPP
Framed-IP-Address = 200.75.137.195
Acct-Terminate-Cause = Lost-Carrier
Acct-Input-Octets = 36232
Acct-Output-Octets = 240059
Acct-Input-Packets = 432
Acct-Output-Packets = 522
Acct-Session-Time = 128
Acct-Delay-Time = 0
Fri Nov 22 16:02:28 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Nov 22 16:02:28 2002: DEBUG: Deleting session for graterolj,
172.16.254.254, 16
Fri Nov 22 16:02:28 2002: DEBUG: Handling with Radius::AuthEMERALD
Fri Nov 22 16:02:28 2002: DEBUG: Handling accounting with
Radius::AuthEMERALD
Fri Nov 22 16:02:28 2002: DEBUG: do query is: update ServerPorts set
Username='graterolj', AcctSessionId='3C32', AcctStatusType= case
'Stop' when 'Start' then 1 when 'Stop' then 2 else 3 end,
CallDate=getdate(), FramedAddress='', CallerId='', ConnectInfo=''
where ServerID=(select ServerID from Servers where
IPAddress='172.16.254.254') and Port=016
DBI handle cleared whilst still active at
/usr/local/share/perl/5.6.1/Radius/Util.pm line 526.
DBI Handle has uncleared implementors data at
/usr/local/share/perl/5.6.1/Radius/Util.pm line 526.
Re: (RADIATOR) AuthBy DYNADDRESS issue
Hello Steve - I would need to see the Perl error output to be sure, but it is possible that you need to specify the AddressAllocator clause before you refer to it in your configuration file. If you still have a problem, please run radiusd from the command line (with -foreground -log_stdout) so I can see the debug and the Perl messages. regards Hugh On Friday, Nov 22, 2002, at 23:34 Australia/Melbourne, Steve Wilson wrote: We are putting together a radius server which authenticates from openldap, accounts and holds sessions in mysql, and does the dynamic pooling. All was working fine before I added the dynaddress stuff and now radiator crashes :( Running in debug mode logfile gives: Fri Nov 22 12:39:46 2002: INFO: Server started: Radiator 3.3.1 on breakbox Fri Nov 22 12:39:53 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 32780 Packet length = 113 01 18 00 71 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 01 1b 6a 6f 68 6e 2e 64 6f 65 40 65 76 65 72 79 77 68 65 72 65 75 6b 2e 63 6f 6d 06 06 00 00 00 02 04 06 d4 29 91 c8 05 06 00 00 04 d2 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33 32 31 3d 06 00 00 00 00 08 02 02 12 60 b0 f6 da 95 d7 73 51 ed 1d 69 3c aa e0 aa 8a Code: Access-Request Identifier: 24 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] Service-Type = Framed-User NAS-IP-Address = 1.41.145.200 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async Framed-IP-Address = UNKNOWN User-Password = `176246218149215sQ23729i170224170138 Fri Nov 22 12:39:53 2002: DEBUG: Handling request with Handler 'Realm=everywhereuk.com' Fri Nov 22 12:39:53 2002: DEBUG: Sess-everywhereuk Deleting session for [EMAIL PROTECTED], 1.41.145.200, 1234 Fri Nov 22 12:39:53 2002: DEBUG: do query is: delete from RADONLINE where USERNAME='[EMAIL PROTECTED]' and NASIDENTIFIER='1.41.145.200' and NASPORT='1234,NULL' Fri Nov 22 12:39:53 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='john.doe@domain1' Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthGROUP Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthLDAP2: LDAP-domain1 Fri Nov 22 12:39:53 2002: INFO: Connecting to localhost, port 389 Fri Nov 22 12:39:53 2002: INFO: Attempting to bind with cn=admin, dc=domain2, dc=net, dc=uk, test (server localhost:389) Fri Nov 22 12:39:55 2002: DEBUG: LDAP got result for cn=john.doe, ou=users, dc=domain1, dc=com Fri Nov 22 12:39:55 2002: DEBUG: LDAP got userPassword: password Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 looks for match with [EMAIL PROTECTED] Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 ACCEPT: Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthSQL Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthDYNADDRESS at this point radpwtst simply returns No Reply Has anyone any ideas what is wrong as I've been looking at this for so long now and cannot see the wood for the trees. Config below. TIA Steve. --- content of /etc/radiator/radius.cfg --- LogDir /var/log/radius DbDir /etc/radiator Trace 5 include %D/confs/domain1.com/radius.cfg Client 127.0.0.1 Description Local client (perl script) DupInterval 5 NasType ignore Secret secret /Client Client 1.69.237.113 Description 0845 dialup DupInterval 5 NasType ignore Secret secret /Client Client 1.69.225.5 Description 0808 dialup DupInterval 5 NasType ignore Secret secret /Client --- end /etc/radiator/radius.cfg --- --- content of %D/confs/domain1.com/radius.cfg --- AuthBy GROUP Identifier Auth-domain1 AuthByPolicy DoAllAuth AuthBy LDAP2 Identifier LDAP-domain1 Host localhost AuthDN cn=admin, dc=domain2, dc=net, dc=uk AuthPassword test BaseDN ou=users, dc=domain1, dc=com UsernameAttr uid PasswordAttr UserPassword AddToReply Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP Debug 255 Timeout 30 FailureBackoffTime 10 IgnoreAccounting /AuthBy AuthBy SQL IgnoreAuthentication Fork Identifier Acct-domain1 HandleAcctStatusTypes Start,Stop AuthSelect DBSource dbi:mysql:domain1:localhost DBUsername domain1 DBAuth password AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef
Re: (RADIATOR) Problem with Class attribute
Hello Ganbold -
What definition do you have for Class in your dictionary (looks like
integer)?
It should be defined as string.
Here is the entry from the standard dictionary:
ATTRIBUTE Class 25 string
regards
Hugh
On Friday, Nov 22, 2002, at 17:20 Australia/Melbourne, Ganbold wrote:
Hi,
I'm having trouble with Radiator 3.3.1. I'm putting concatenated value
to Class attribute.
But in radius logfile it says ERR: There is no value named 19-400 for
attribute Class. Using 0.
In insert statement it gets Class value and gets part of string and
puts into 2 different int field.
Following is the part of logfile and insert statement.
Ganbold
--Logfile --
Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for
attribute Class. Using 0.
Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for
attribute Class. Using 0.
Thu Nov 21 19:53:08 2002: DEBUG: do query is: insert into ACCOUNTING
(USERNAME,ACCTSTATUSTYPE,class_id,TIME_STAMP,ACCTTERMINAT
ECAUSE,NASPORT,CALLINGSTATIONID,ACCTDELAYTIME,CONTRACTID,ACCTSESSIONID,
ACCTINPUTOCTETS,FRAMEDIPADDRESS,ACCTSESSIONTIME,ACCTOUT
PUTOCTETS) values
('skytel','Stop',substring('19-400',1,locate('-','19-400')-
1),1037879588,'User-Request','56','11366801',0,su
bstring('19-400',locate('-','19-
400')+1),'000F6CE3',511690,'202.179.x.xx',3131,7864103)
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
