(RADIATOR) How to custom authentication query?
Hi I am using radiator 3.6 with SQL server 7. Use AuthBy EMERALD module to authenticate dialup. If I want to custom the authentication query statement,what should I do? Lin --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
Re: (RADIATOR) How to custom authentication query?
Hello Lin - See section 6.32 in the Radiator 3.6 reference manual (doc/ref.html), and the code in Radius/AuthEMERALD.pm if you are interested in the nitty-gritty details. regards Hugh On Thursday, Aug 28, 2003, at 11:40 Australia/Melbourne, Huaikun Lin wrote: Hi I am using radiator 3.6 with SQL server 7. Use AuthBy EMERALD module to authenticate dialup. If I want to custom the authentication query statement,what should I do? Lin --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) EAP Authentication
Hello Chris - I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. Also note that you should be running Radiator 3.6 plus all the latest patches. Could you also provide more details on what you mean by The Radiator servers are setup to communicate securely.? And what hardware/software platform are you running and what version of Perl, etc.? regards Hugh On Thursday, Aug 28, 2003, at 04:27 Australia/Melbourne, Christian Fredrickson wrote: I have a Radiator server setup to authenticate users via Wireless Access Points. The Radiator servers are setup to communicate securely. I have set my Radiator server to authenticate using the file provided by default. I can authenticate users with the radpwtst provided with the install from the local box, but when trying to authenticate users via the wireless network, I get the following error: Wed Aug 27 12:14:29 2003: DEBUG: Handling with Radius::AuthFILE: Wed Aug 27 12:14:29 2003: DEBUG: Handling with EAP: code 2, 13, 23 Wed Aug 27 12:14:29 2003: DEBUG: Response type 1 Wed Aug 27 12:14:29 2003: INFO: Access rejected for mikem: EAP authentication is not permitted. We will be using the SSLeay module for secure communication. This is a Windows server. I have downloaded the SSLeay.dll and Libeay.dll, but receive errors while testing those. Has anyone built these DLLs and have them working? Thank you, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Something for the Wish List
Hi folks, I would like to propose a 'feature' to add to the Radiator wishlist. How about a feature where, if a customer is not permitted more than one simultaneous login, that the system allows the second connection to connect, but also drops the first connection. This will have two benefits to my specific case... 1. If a subscriber was logged in at work then went home but forgot to disconnect from work, he can still connect when he gets home without having to get us to drop his other connection. (less support requests = happy customer = happy support staff = happy manager!) 2. 'Leechers' who buy unlimited access accounts then share them with friends will be booted off whenever they break the rules. (less leechers = got the bastards = more profit = happy manager!!) Perhaps a post-auth hook or something could do this. The actual disconnect process would be NAS dependant but I am sure it could be done. Regards, Brian Morris (somewhat happy) Manager, NetSpeed === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How to custom authentication query?
Hi At 12:59 PM 8/28/2003 +1000, Hugh Irvine wrote: Hello Lin - See section 6.32 in the Radiator 3.6 reference manual (doc/ref.html), and the code in Radius/AuthEMERALD.pm if you are interested in the nitty-gritty details. We are using platypus 4.0. Have many different type of dialup and ADSL rates. The normal dialup use one realm, ADSL use another realm ... Is it possible write custom queries for doing authentication in radius.cfg? For example: I want : -normal dialup customers using authentication statement1 -use authentication statement2 authenticate ADSL customers -... Lin regards Hugh On Thursday, Aug 28, 2003, at 11:40 Australia/Melbourne, Huaikun Lin wrote: Hi I am using radiator 3.6 with SQL server 7. Use AuthBy EMERALD module to authenticate dialup. If I want to custom the authentication query statement,what should I do? Lin --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
Re: (RADIATOR) How to custom authentication query?
Hi At 12:59 PM 8/28/2003 +1000, Hugh Irvine wrote: Hello Lin - See section 6.32 in the Radiator 3.6 reference manual (doc/ref.html), and the code in Radius/AuthEMERALD.pm if you are interested in the nitty-gritty details. We are using platypus 4.0. Have many different type of dialup and ADSL rates. The normal dialup use one realm, ADSL use another realm ... Is it possible write custom queries for doing authentication in radius.cfg? For example: I want : -normal dialup customers using authentication statement1 -use authentication statement2 authenticate ADSL customers -... What we want to achieve is control dialup accounts can only be used as dial up. Not be abled to use as ADSL. And ADSL can only used as ADSL and not be used as dial up. Lin regards Hugh On Thursday, Aug 28, 2003, at 11:40 Australia/Melbourne, Huaikun Lin wrote: Hi I am using radiator 3.6 with SQL server 7. Use AuthBy EMERALD module to authenticate dialup. If I want to custom the authentication query statement,what should I do? Lin --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
Re: (RADIATOR) AuthBy ADSI configuration
Hello Geoffrey - To do what you describe you should change CN=%0 to samaccountname=%0. I am not quite sure what your requirements are for VPDN users - can you clarify? For a detailed description of the AuthBy ADSI clause please see section 6.40 in the Radiator 3.6 reference manual (doc/ref.html). regards Hugh On Wednesday, Aug 27, 2003, at 23:44 Australia/Melbourne, DUFOUR Geoffrey wrote: Hello, I would like to authenticate users using AuthBy ADSI. It works fine with the following configuration : BindString LDAP://myserver/ CN=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC= com AuthUser %0 AuthFlags 0 This configuration sample shows that the username is bound to the CN (common name). I need the username to be bound to the attribute samaccountname. In fact I need to allow VPDN users to use the same parameters (username and password) both to log on the domain and for VPDN access. How can I handle this ? I am quite new to AD, could you please clarify the difference between BindString parameter and AuthUser parameter. Regards. Geoffrey === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How to custom authentication query?
Hello Lin - This is usually done by setting up Handlers for the different types of access, possibly with seperate session databases if required. # define Client clauses with Identifiers Client Identifier DIALUP . /Client Client . Identifier ADSL . /Client . # define Session Databases with different tables SessionDatabase SQL Identifier DIALUPSDB . /SessionDatabase SessionDatabase SQL Identifier ADSLSDB . /SessionDatabase # define Handlers Handler Client-Identifer = DIALUP SessionDatabase DIALUPSDB . /Handler Handler Client-Identifer = ADSL SessionDatabase ADSLSDB . /Handler regards Hugh On Thursday, Aug 28, 2003, at 13:18 Australia/Melbourne, Huaikun Lin wrote: Hi At 12:59 PM 8/28/2003 +1000, Hugh Irvine wrote: Hello Lin - See section 6.32 in the Radiator 3.6 reference manual (doc/ref.html), and the code in Radius/AuthEMERALD.pm if you are interested in the nitty-gritty details. We are using platypus 4.0. Have many different type of dialup and ADSL rates. The normal dialup use one realm, ADSL use another realm ... Is it possible write custom queries for doing authentication in radius.cfg? For example: I want : -normal dialup customers using authentication statement1 -use authentication statement2 authenticate ADSL customers -... What we want to achieve is control dialup accounts can only be used as dial up. Not be abled to use as ADSL. And ADSL can only used as ADSL and not be used as dial up. Lin regards Hugh On Thursday, Aug 28, 2003, at 11:40 Australia/Melbourne, Huaikun Lin wrote: Hi I am using radiator 3.6 with SQL server 7. Use AuthBy EMERALD module to authenticate dialup. If I want to custom the authentication query statement,what should I do? Lin --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How to custom authentication query?
Hi Hugh Thank you for help. But we have half dialup customers coming from the same radius clients(proxies, not controlled by us.) as ADSL. Is there any way can solve the problem? Lin At 01:36 PM 8/28/2003 +1000, Hugh Irvine wrote: Hello Lin - This is usually done by setting up Handlers for the different types of access, possibly with seperate session databases if required. # define Client clauses with Identifiers Client Identifier DIALUP . /Client Client . Identifier ADSL . /Client . # define Session Databases with different tables SessionDatabase SQL Identifier DIALUPSDB . /SessionDatabase SessionDatabase SQL Identifier ADSLSDB . /SessionDatabase # define Handlers Handler Client-Identifer = DIALUP SessionDatabase DIALUPSDB . /Handler Handler Client-Identifer = ADSL SessionDatabase ADSLSDB . /Handler regards Hugh On Thursday, Aug 28, 2003, at 13:18 Australia/Melbourne, Huaikun Lin wrote: Hi At 12:59 PM 8/28/2003 +1000, Hugh Irvine wrote: Hello Lin - See section 6.32 in the Radiator 3.6 reference manual (doc/ref.html), and the code in Radius/AuthEMERALD.pm if you are interested in the nitty-gritty details. We are using platypus 4.0. Have many different type of dialup and ADSL rates. The normal dialup use one realm, ADSL use another realm ... Is it possible write custom queries for doing authentication in radius.cfg? For example: I want : -normal dialup customers using authentication statement1 -use authentication statement2 authenticate ADSL customers -... What we want to achieve is control dialup accounts can only be used as dial up. Not be abled to use as ADSL. And ADSL can only used as ADSL and not be used as dial up. Lin regards Hugh On Thursday, Aug 28, 2003, at 11:40 Australia/Melbourne, Huaikun Lin wrote: Hi I am using radiator 3.6 with SQL server 7. Use AuthBy EMERALD module to authenticate dialup. If I want to custom the authentication query statement,what should I do? Lin --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
Re: (RADIATOR) Something for the Wish List
That would open a really bad DOS attack. Bret Brian Morris wrote: Hi folks, I would like to propose a 'feature' to add to the Radiator wishlist. How about a feature where, if a customer is not permitted more than one simultaneous login, that the system allows the second connection to connect, but also drops the first connection. This will have two benefits to my specific case... 1. If a subscriber was logged in at work then went home but forgot to disconnect from work, he can still connect when he gets home without having to get us to drop his other connection. (less support requests = happy customer = happy support staff = happy manager!) 2. 'Leechers' who buy unlimited access accounts then share them with friends will be booted off whenever they break the rules. (less leechers = got the bastards = more profit = happy manager!!) Perhaps a post-auth hook or something could do this. The actual disconnect process would be NAS dependant but I am sure it could be done. Regards, Brian Morris (somewhat happy) Manager, NetSpeed === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- ~~~ Bret Jordan Dean's Office Computer Administrator College of Engineering 801.585.3765 University of Utah [EMAIL PROTECTED] ~~~ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How to custom authentication query?
Hello Lin - You should look at a trace 4 debug of the various access requests that you receive to see what you can use to differentiate between the different services. Perhaps you can use NAS-Port-Type or possibly the Calling-Station-Id and/or Called-Station-Id. BTW - we are available for contract consulting services if required. regards Hugh On Thursday, Aug 28, 2003, at 13:45 Australia/Melbourne, Huaikun Lin wrote: Hi Hugh Thank you for help. But we have half dialup customers coming from the same radius clients(proxies, not controlled by us.) as ADSL. Is there any way can solve the problem? Lin At 01:36 PM 8/28/2003 +1000, Hugh Irvine wrote: Hello Lin - This is usually done by setting up Handlers for the different types of access, possibly with seperate session databases if required. # define Client clauses with Identifiers Client Identifier DIALUP . /Client Client . Identifier ADSL . /Client . # define Session Databases with different tables SessionDatabase SQL Identifier DIALUPSDB . /SessionDatabase SessionDatabase SQL Identifier ADSLSDB . /SessionDatabase # define Handlers Handler Client-Identifer = DIALUP SessionDatabase DIALUPSDB . /Handler Handler Client-Identifer = ADSL SessionDatabase ADSLSDB . /Handler regards Hugh On Thursday, Aug 28, 2003, at 13:18 Australia/Melbourne, Huaikun Lin wrote: Hi At 12:59 PM 8/28/2003 +1000, Hugh Irvine wrote: Hello Lin - See section 6.32 in the Radiator 3.6 reference manual (doc/ref.html), and the code in Radius/AuthEMERALD.pm if you are interested in the nitty-gritty details. We are using platypus 4.0. Have many different type of dialup and ADSL rates. The normal dialup use one realm, ADSL use another realm ... Is it possible write custom queries for doing authentication in radius.cfg? For example: I want : -normal dialup customers using authentication statement1 -use authentication statement2 authenticate ADSL customers -... What we want to achieve is control dialup accounts can only be used as dial up. Not be abled to use as ADSL. And ADSL can only used as ADSL and not be used as dial up. Lin regards Hugh On Thursday, Aug 28, 2003, at 11:40 Australia/Melbourne, Huaikun Lin wrote: Hi I am using radiator 3.6 with SQL server 7. Use AuthBy EMERALD module to authenticate dialup. If I want to custom the authentication query statement,what should I do? Lin --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Something for the Wish List
I don't see how (but I would love to find out) If they must first authenticate successfully before we boot the other one off then I can't see how it would cause a DOS. If I am missing something please correct me - It wouldn't be the first time :-) Regards, Brian - Original Message - From: Bret Jordan [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 1:46 PM Subject: Re: (RADIATOR) Something for the Wish List That would open a really bad DOS attack. Bret Brian Morris wrote: Hi folks, I would like to propose a 'feature' to add to the Radiator wishlist. How about a feature where, if a customer is not permitted more than one simultaneous login, that the system allows the second connection to connect, but also drops the first connection. This will have two benefits to my specific case... 1. If a subscriber was logged in at work then went home but forgot to disconnect from work, he can still connect when he gets home without having to get us to drop his other connection. (less support requests = happy customer = happy support staff = happy manager!) 2. 'Leechers' who buy unlimited access accounts then share them with friends will be booted off whenever they break the rules. (less leechers = got the bastards = more profit = happy manager!!) Perhaps a post-auth hook or something could do this. The actual disconnect process would be NAS dependant but I am sure it could be done. Regards, Brian Morris (somewhat happy) Manager, NetSpeed === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- ~~~ Bret Jordan Dean's Office Computer Administrator College of Engineering 801.585.3765 University of Utah [EMAIL PROTECTED] ~~~ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How to custom authentication query?
On Thu, 28 Aug 2003, Huaikun Lin wrote: If I want to custom the authentication query statement,what should I do? Try AuthBy SQL. Andrew === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Something for the Wish List
Hello Brian - You could probably implement this with a PreClientHook to do what you describe. There are some example hooks in the file goodies/hooks.txt. regards Hugh On Thursday, Aug 28, 2003, at 13:06 Australia/Melbourne, Brian Morris wrote: Hi folks, I would like to propose a 'feature' to add to the Radiator wishlist. How about a feature where, if a customer is not permitted more than one simultaneous login, that the system allows the second connection to connect, but also drops the first connection. This will have two benefits to my specific case... 1. If a subscriber was logged in at work then went home but forgot to disconnect from work, he can still connect when he gets home without having to get us to drop his other connection. (less support requests = happy customer = happy support staff = happy manager!) 2. 'Leechers' who buy unlimited access accounts then share them with friends will be booted off whenever they break the rules. (less leechers = got the bastards = more profit = happy manager!!) Perhaps a post-auth hook or something could do this. The actual disconnect process would be NAS dependant but I am sure it could be done. Regards, Brian Morris (somewhat happy) Manager, NetSpeed === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How to handle Accounting request in AuthURL
Hello All, On Tue, 26 Aug 2003 11:12 pm, Frank Danielson wrote: Hugh- I can't speak for Angus but it makes sense that if you are passing authentication reqests to an external system using AuthBy URL that you may want to pass accounting requests to that same system. It's something that we have looked at since we have a lot of internal talent in developing java webapps and it would be relatively easy to develop http interfaces to some of our systems. Just a thought. Yes, this is a good thought. We have now added a new paramter AcctUrl, which is the URL that will be used for handling accounting requests. All the Radius attributes in the accounting request will be sent as HTTP tags using GET or POST, depending on the setting of UrlMethod. The new version of AuthURL.pm is now available in the 3.6 patches area. Feedback to me. Cheers. -Frank -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 4:14 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) How to handle Accounting request in AuthURL Hello Angus - How do you want to store the accounting information? You should use the AcctLogFileName parameter in the Realm or Handler if you want to use a file, or you should use an additional AuthBy SQL clause if you want to store the accounting to an SQL database. See sections 6.16.4 and 6.28 in the Radiator 3.6 reference manual (doc/ref.html). regards Hugh On Tuesday, Aug 26, 2003, at 16:52 Australia/Melbourne, [EMAIL PROTECTED] wrote: Dear Support, We are using AuthURL to do the authentication. In AuthURL.pm module, i cannot see any function to handle accounting information (e.g. listen accounting request, write accounting information). Can you teach me how to handle the accounting issue in AuthURL? Thank you very much for your support. Regards, Angus === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) finger and Cisco
Hi, Over the last day or so radiator has started to try and finger one of our NASs. At trace level 4 I get: Thu Aug 28 16:45:36 2003: DEBUG: Checking if user is still online: Cisco, XX, X.X.X.X, 20003, 2AA7 Thu Aug 28 16:45:36 2003: DEBUG: Cisco: Checking ISDN X.X.X.X:20003:XX Thu Aug 28 16:45:36 2003: DEBUG: Using internal client to finger @X.X.X.X Thu Aug 28 16:45:36 2003: ERR: The internal finger client failed with: Can't connect to X.X.X.X: Connection refused Thu Aug 28 16:45:36 2003: DEBUG: Radius::AuthSQL REJECT: Simultaneous-Use of 1 exceeded What I can't work out is why its trying to finger a NAS it clearly still thinks is a Cisco. The NAS is listed in the same Client clause (using IdenticalClients as many other NASs all of which are queried via SNMP. NasType is set to Cisco. I'm using radiator 3.6. Thanks, Andrew === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems with BindAddress
Hello Paul - Further to this I note that there is a patch for Radiator 3.6 that addresses something like this: AuthBy RADIUS could crash if BindAddress was set to multiple comma-separated addresses. Reported by Anthony Stanton. regards Hugh On Wednesday, Aug 27, 2003, at 15:51 Australia/Melbourne, Paul wrote: Hi All, I am trying to do BindAddress on a multihomed Radiator server and when it goes to process the packet it halts at the mysql select for the AuthBY Clause and then restarts itself. It doesn't dump any errors or give any helpful information. I was sure to modify the mysql connect line to change its localhost to the actual IP so that would work, but I'm still having the same problem. Normally it bnids to 0.0.0.0 but I've changed it to BindAddress 203.100.100.100, 192.168.1.100, 127.0.0.1 Any ideas on how I can get this working? Regards, Paul Rivoli [EMAIL PROTECTED] K B S I N T E R N E T NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) finger and Cisco
Hello Andrew - The code in Radius/Nas/Cisco.pm will try to use finger if the NAS-Port is ISDN (2). This was a contribution that was added in Radiator 3.4. I have copied Mike on this mail for his comments (I am not sure what to suggest). regards Hugh On Thursday, Aug 28, 2003, at 17:06 Australia/Melbourne, Andrew Stevenson wrote: Hi, Over the last day or so radiator has started to try and finger one of our NASs. At trace level 4 I get: Thu Aug 28 16:45:36 2003: DEBUG: Checking if user is still online: Cisco, XX, X.X.X.X, 20003, 2AA7 Thu Aug 28 16:45:36 2003: DEBUG: Cisco: Checking ISDN X.X.X.X:20003:XX Thu Aug 28 16:45:36 2003: DEBUG: Using internal client to finger @X.X.X.X Thu Aug 28 16:45:36 2003: ERR: The internal finger client failed with: Can't connect to X.X.X.X: Connection refused Thu Aug 28 16:45:36 2003: DEBUG: Radius::AuthSQL REJECT: Simultaneous-Use of 1 exceeded What I can't work out is why its trying to finger a NAS it clearly still thinks is a Cisco. The NAS is listed in the same Client clause (using IdenticalClients as many other NASs all of which are queried via SNMP. NasType is set to Cisco. I'm using radiator 3.6. Thanks, Andrew === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy ADSI configuration
Hello Hugh, It does not work (I get an Access-Reject). You will find hereafter DEBUG information for several configurations : With the BindString LDAP://myserver/SAMAccountName=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com ... parameter : DEBUG== Thu Aug 28 10:38:08 2003: DEBUG: BindString converted to LDAP://myserver/SAMAccountName=geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Thu Aug 28 10:38:08 2003: DEBUG: AuthUser converted to geoffrey Thu Aug 28 10:38:08 2003: DEBUG: Connecting to namespace: LDAP: Thu Aug 28 10:38:09 2003: DEBUG: Running OpenDSObject on LDAP://myserver/SAMAccountName=geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Win32::OLE(0.1601) error 0x8007052e: Logon failure: unknown user name or bad password in METHOD/PROPERTYGET OpenDSObject at C:/Perl/site/lib/Radius/AuthADSI.pm line 133 Thu Aug 28 10:38:09 2003: DEBUG: Could not get user object: Win32::OLE(0.1601) error 0x8007052e: Logon failure: unknown user name or bad password in METHOD/PROPERTYGET OpenDSObject Thu Aug 28 10:38:09 2003: INFO: Access rejected for geoffrey: Could not find user /DEBUG= With : SearchAttribute SAMAccountName BindString LDAP://myserver/DC=staff,DC=mycompany,DC=com AuthUser %0 AuthFlags 0 DEBUG== Thu Aug 28 10:47:43 2003: DEBUG: Handling with ASDI Thu Aug 28 10:47:43 2003: DEBUG: BindString converted to LDAP://myserver/DC=staff,DC=mycompany,DC=com Thu Aug 28 10:47:43 2003: DEBUG: AuthUser converted to geoffrey Thu Aug 28 10:47:43 2003: DEBUG: Starting ADODB search for SAMAccountName = geoffrey OLE exception from ADODB.Command: Object or provider is not capable of performing requested operation. Win32::OLE(0.1601) error 0x800a0cb3in METHOD/PROPERTYGET at C:/Perl/site/lib/Radius/AuthADSI.pm line 372 Thu Aug 28 10:47:44 2003: DEBUG: User found at LDAP://CN=DUFOUR Geoffrey, OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Thu Aug 28 10:47:44 2003: DEBUG: Connecting to namespace: LDAP: Thu Aug 28 10:47:44 2003: DEBUG: Running OpenDSObject on LDAP://CN=DUFOUR Geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Win32::OLE(0.1601) error 0x8007052e: Logon failure: unknown user name or bad password in METHOD/PROPERTYGET OpenDSObject at C:/Perl/site/lib/Radius/AuthADSI.pm line 133 Thu Aug 28 10:47:44 2003: DEBUG: Could not get user object: Win32::OLE(0.1601) error 0x8007052e: Logon failure: unknown user name or bad password in METHOD/PROPERTYGET OpenDSObject Thu Aug 28 10:47:44 2003: INFO: Access rejected for geoffrey: Could not find user /DEBUG== Any ideas ? Btw, I can't find any information related to the SearchAttribute parameter in the reference manual. Does that mean that some additional documents are available ? Thanks for your help. Regards. Geoffrey -Message d'origine- De : Hugh Irvine [mailto:[EMAIL PROTECTED] Envoyé : jeudi 28 août 2003 5:26 À : DUFOUR Geoffrey Cc : [EMAIL PROTECTED] Objet : Re: (RADIATOR) AuthBy ADSI configuration Hello Geoffrey - To do what you describe you should change CN=%0 to samaccountname=%0. I am not quite sure what your requirements are for VPDN users - can you clarify? For a detailed description of the AuthBy ADSI clause please see section 6.40 in the Radiator 3.6 reference manual (doc/ref.html). regards Hugh On Wednesday, Aug 27, 2003, at 23:44 Australia/Melbourne, DUFOUR Geoffrey wrote: Hello, I would like to authenticate users using AuthBy ADSI. It works fine with the following configuration : BindString LDAP://myserver/ CN=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC= com AuthUser %0 AuthFlags 0 This configuration sample shows that the username is bound to the CN (common name). I need the username to be bound to the attribute samaccountname. In fact I need to allow VPDN users to use the same parameters (username and password) both to log on the domain and for VPDN access. How can I handle this ? I am quite new to AD, could you please clarify the difference between BindString parameter and AuthUser parameter. Regards. Geoffrey === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.