RE: (RADIATOR) Question in AuthBy EXTERNAL
Hi Do i need to pass any parameter to testcommand.pl ? MAN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike McCauley Sent: Thursday, October 02, 2003 12:36 PM To: Hugh Irvine; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Question in AuthBy EXTERNAL Hi Hugh, If you look at godies/external.cfg, you will see he needs something like this: Command c:/perl/bin/perl ./goodies/testcommand.pl DOS does not know how to interpret #!/usr/bin/perl so it cant run C:\Perl\bin\testcommand.pl without some cluues. Cheers. On Thu, 2 Oct 2003 12:23 pm, Hugh Irvine wrote: Hello Man Meng Fei - I suspect that Radiator is not able to run the external command. What happens when you run the following in a MS-DOS window: C:\Perl\bin\testcommand.pl There is probably something wrong with either the path or the contents of the file. regards Hugh On Thursday, Oct 2, 2003, at 03:56 Australia/Melbourne, Man Meng Fei wrote: Hi Currently i am using a sample configuration (external.cfg) and perl script (testcommand.pl) which can be retrieved from goodies directory to understand the implementation of AuthBy EXTERNAL. But after i executed it, i can't get the expected test result. I got No Reply at Radius client. I hope someone can help me to make this AuthBy EXTERNAL sample working. Lastly i attached Radius Configration file which i used for the testing and Radius Server and Radius Client's output result Man Meng Fei --radius.cfg--- # external.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # EXTERNAL authentication. # # There is an example external program called testcommand.pl # in the goodies directory, whichthe example below uses. It # will accept the request if the username is fred otherwise reject # it. # # So if you run Radiator with this config file, then do # radpwtst -noacct -trace -user fred # you will see something like: # sending Access-Request... # OK # Code: Access-Accept # Identifier: 109 # Authentic: 12_B2152=149140kBM13022110.S # Attributes: # Reply-Message = you are fred # # # And if you do: # radpwtst -noacct -trace -user someoneelse # you will see something like: # sending Access-Request... # Rejected # Code: Access-Reject # Identifier: 70 # Authentic: 165206RiJ208139245129@17013623s2423 # Attributes: # Reply-Message = you are NOT fred, you are 'someoneelse' # Reply-Message = Request Denied # # You should consider this file to be a starting point only # $Id: external.cfg,v 1.3 2003/09/22 23:30:56 mikem Exp $ Foreground LogStdout LogDir c:/Program Files/Radiator DbDir c:/Program Files/Radiator Trace 4 # You will probably want to change this to suit your site. Client DEFAULT Secret mysecret DupInterval 0 /Client Realm DEFAULT AuthBy EXTERNAL # For NT, you might want something like this Command C:\Perl\bin\testcommand.pl # For Unix, maybe something like this # #Command ./goodies/testcommand.pl # This will cause the User-Password # to be decrypted before being passed to the # external program DecryptPassword # You might prefer use this to tell AuthBy EXTERNAL # to get the result from the first line of the # output. The permitted values are ACCEPT, REJECT # IGNORE CHALLENGE or REJECT_IMMEDIATE. ON Win98 # its the only way to get it to work. # We recommend you use this method ResultInOutput /AuthBy /Realm ---Radius Server Output-- Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\Documents and Settings\man\DesktopPERL c:\perl\bin\radiusd Thu Oct 2 01:16:58 2003: DEBUG: Finished reading configuration file 'C:\Program Files\Radiator\radius.cfg' This Radiator license will expire on 2004-02-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED] Thu Oct 2 01:16:58 2003: DEBUG: Reading dictionary file 'c:/Program Files/Radia tor/dictionary' Thu Oct 2 01:16:58 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Thu Oct 2 01:16:58 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Thu Oct 2 01:16:58 2003: NOTICE: Server started: Radiator 3.7 on man (EVALUATIO N) Thu Oct 2 01:18:52 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3006 Code: Access-Request Identifier: 67
(RADIATOR) MySQL server has gone away
Hi, I see verry often the following errors: Thu Oct 2 06:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065068995': MySQL server has gone away Thu Oct 2 06:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065070795': MySQL server has gone away Thu Oct 2 07:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065072595': MySQL server has gone away Thu Oct 2 07:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065074395': MySQL server has gone away And here also an error: Code: Access-Request Identifier: 108 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] NAS-Port = 2030108795 User-Password = 200185l173175\424618889160216}x153 NAS-Identifier = nl-gv-dc2-fsip-gr05-3 Timestamp = 1064997007 Wed Oct 1 10:30:07 2003: DEBUG: Handling request with Handler 'Realm=adsl, Request-Type=Access-Request' Wed Oct 1 10:30:07 2003: DEBUG: mySessionDB Deleting session for [EMAIL PROTECTED], 195.190.240.82, 2030108795 Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'delete from RADONLINE where ACCTSESSIONID=''': Wed Oct 1 10:30:07 2003: ERR: do failed for 'delete from RADONLINE where ACCTSESSIONID=''': MySQL server has gone away Wed Oct 1 10:30:07 2003: DEBUG: Handling with AuthINTERNAL: DefaultAccept Wed Oct 1 10:30:07 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Wed Oct 1 10:30:07 2003: DEBUG: Query is: 'select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='nl-gv-dc2-fsip-gr05-3' and STATE=0 order by TIME_STAMP limit 1': Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'update RADPOOL set STATE=1, TIME_STAMP=1064997007, EXPIRY=1065083407, USERNAME='[EMAIL PROTECTED]' where YIADDR='172.16.178.124' and TIME_STAMP =1064929204': Wed Oct 1 10:30:07 2003: DEBUG: Access accepted for [EMAIL PROTECTED] I am using the following versions: DBD-mysql-2.9002 DBI-1.38 Digest-MD5-2.27 mysql-4.0.14 Radiator-3.6 Has someone an idea? Met vriendelijke groet, Bobbejaan van Elst === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MySQL server has gone away
Hello Bobby - It looks like the MySQL server does not like certain requests. You should try to run the same requests by hand to see what happens and you should check the MySQL log files to see what is happening with the database. regards Hugh On Thursday, Oct 2, 2003, at 16:36 Australia/Melbourne, Bobbejaan van Elst wrote: Hi, I see verry often the following errors: Thu Oct 2 06:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065068995': MySQL server has gone away Thu Oct 2 06:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065070795': MySQL server has gone away Thu Oct 2 07:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065072595': MySQL server has gone away Thu Oct 2 07:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065074395': MySQL server has gone away And here also an error: Code: Access-Request Identifier: 108 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] NAS-Port = 2030108795 User-Password = 200185l173175\424618889160216}x153 NAS-Identifier = nl-gv-dc2-fsip-gr05-3 Timestamp = 1064997007 Wed Oct 1 10:30:07 2003: DEBUG: Handling request with Handler 'Realm=adsl, Request-Type=Access-Request' Wed Oct 1 10:30:07 2003: DEBUG: mySessionDB Deleting session for [EMAIL PROTECTED], 195.190.240.82, 2030108795 Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'delete from RADONLINE where ACCTSESSIONID=''': Wed Oct 1 10:30:07 2003: ERR: do failed for 'delete from RADONLINE where ACCTSESSIONID=''': MySQL server has gone away Wed Oct 1 10:30:07 2003: DEBUG: Handling with AuthINTERNAL: DefaultAccept Wed Oct 1 10:30:07 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Wed Oct 1 10:30:07 2003: DEBUG: Query is: 'select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='nl-gv-dc2-fsip-gr05-3' and STATE=0 order by TIME_STAMP limit 1': Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'update RADPOOL set STATE=1, TIME_STAMP=1064997007, EXPIRY=1065083407, USERNAME='[EMAIL PROTECTED]' where YIADDR='172.16.178.124' and TIME_STAMP =1064929204': Wed Oct 1 10:30:07 2003: DEBUG: Access accepted for [EMAIL PROTECTED] I am using the following versions: DBD-mysql-2.9002 DBI-1.38 Digest-MD5-2.27 mysql-4.0.14 Radiator-3.6 Has someone an idea? Met vriendelijke groet, Bobbejaan van Elst === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) MySQL server has gone away
If I run it by hand there is no problem: mysql update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065068995 - ; Query OK, 0 rows affected (0.03 sec) Rows matched: 0 Changed: 0 Warnings: 0 I see this in the mysql log: 031002 9:32:34 Aborted connection 531 to db: 'radiusaccess' user: 'radiator' host: `localhost' (Got timeout reading communication packets) 031002 9:38:32 Aborted connection 532 to db: 'radiusaccess' user: 'radiator' host: `localhost' (Got timeout reading communication packets) 031002 9:42:34 Aborted connection 533 to db: 'radiusaccess' user: 'radiator' host: `localhost' (Got timeout reading communication packets) 031002 9:55:40 Aborted connection 534 to db: 'radiusaccess' user: 'radiator' host: `localhost' (Got timeout reading communication packets) 031002 10:02:34 Aborted connection 535 to db: 'radiusaccess' user: 'radiator' host: `localhost' (Got timeout reading communication packets) 031002 10:12:35 Aborted connection 536 to db: 'radiusaccess' user: 'radiator' host: `localhost' (Got timeout reading communication packets) Met vriendelijke groet, Bobbejaan van Elst Planet Technologies -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: donderdag 2 oktober 2003 9:38 To: Bobbejaan van Elst Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) MySQL server has gone away Hello Bobby - It looks like the MySQL server does not like certain requests. You should try to run the same requests by hand to see what happens and you should check the MySQL log files to see what is happening with the database. regards Hugh On Thursday, Oct 2, 2003, at 16:36 Australia/Melbourne, Bobbejaan van Elst wrote: Hi, I see verry often the following errors: Thu Oct 2 06:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065068995': MySQL server has gone away Thu Oct 2 06:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065070795': MySQL server has gone away Thu Oct 2 07:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065072595': MySQL server has gone away Thu Oct 2 07:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065074395': MySQL server has gone away And here also an error: Code: Access-Request Identifier: 108 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] NAS-Port = 2030108795 User-Password = 200185l173175\424618889160216}x153 NAS-Identifier = nl-gv-dc2-fsip-gr05-3 Timestamp = 1064997007 Wed Oct 1 10:30:07 2003: DEBUG: Handling request with Handler 'Realm=adsl, Request-Type=Access-Request' Wed Oct 1 10:30:07 2003: DEBUG: mySessionDB Deleting session for [EMAIL PROTECTED], 195.190.240.82, 2030108795 Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'delete from RADONLINE where ACCTSESSIONID=''': Wed Oct 1 10:30:07 2003: ERR: do failed for 'delete from RADONLINE where ACCTSESSIONID=''': MySQL server has gone away Wed Oct 1 10:30:07 2003: DEBUG: Handling with AuthINTERNAL: DefaultAccept Wed Oct 1 10:30:07 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Wed Oct 1 10:30:07 2003: DEBUG: Query is: 'select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='nl-gv-dc2-fsip-gr05-3' and STATE=0 order by TIME_STAMP limit 1': Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'update RADPOOL set STATE=1, TIME_STAMP=1064997007, EXPIRY=1065083407, USERNAME='[EMAIL PROTECTED]' where YIADDR='172.16.178.124' and TIME_STAMP =1064929204': Wed Oct 1 10:30:07 2003: DEBUG: Access accepted for [EMAIL PROTECTED] I am using the following versions: DBD-mysql-2.9002 DBI-1.38 Digest-MD5-2.27 mysql-4.0.14 Radiator-3.6 Has someone an idea? Met vriendelijke groet, Bobbejaan van Elst === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthLog not logging password
Hi, I am trying to log the password in an AuthLog FILE-clausule, but the field is left blank? What I get in the log.txt-file is FAIL:Thu Oct 2 12:31:06 2003:A03245014::FAIL FAIL:Thu Oct 2 12:31:15 2003:A03266007::FAIL Any help would be appreciated. Herman # Radius.cfg # # N E T 4 A L L # Foreground LogStdout LogDir d:/radius/log DbDir c:/Program Files/Radiator BindAddress XX.YY.96.20 AuthPort1812,1645 AcctPort1813,1646 LogFile %L/log%Y%m%d.log Trace 4 SnmpgetProg c:/Program Files/Radiator/net-snmp/snmpget.exe #Strip realm RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ # Allow only these chars in the username #UsernameCharset a-zA-Z0-9\.-_@ # You will probably want to change this to suit your site. Client XX.YY.96.128 # Cisco 5300 Ras Identifier DIALUP Secret DupInterval 10 # NasType Cisco IdenticalClients XX.YY.96.5 IdenticalClients XX.YY.96.3 /Client Client XX.YY.ZZ.249 # Scarlet DSL Identifier 2UDSL Secret DupInterval 10 IdenticalClients XX.YY.ZZ.241 /Client Handler Client-Identifier=DIALUP AcctLogFileName %L/%Y%m%d.log AuthByPolicyContinueWhileAccept SessionDatabase DIAL AuthBy SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth AuthSelect select PASSWORD,CHECKATTR, REPLYATTR From SUBSCRIBERS where USERNAME=%0 DefaultSimultaneousUse 1 # Accounting DateFormat %b %e, %Y %H:%M:%S AccountingTable Calls AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef UserName,User-Name AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef FramedAddress,Framed-IP-Address AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer AcctColumnDef ConnectInfo,Connect-Info,string AcctColumnDef CallerID,Calling-Station-Id,string AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctInputOctets,RB-Acct-Input-Octets-64,integer AcctColumnDef AcctOutputOctets,RB-Acct-Output-Octets-64,integer /AuthBy AuthBy FILE Filename %D/Profile.cfg StripFromReply Profile /AuthBy AuthLog FILE FilenameD:/radius/log.Txt LogFailure 1 FailureFormat FAIL:%l:%n:%P:FAIL /AuthLog FILE AuthLog REMOTESYSLOG SysLogHost XX.YY.ZZ.8 LogSuccess 1 LogFailure 1 FailureFormat FAIL:%l:%n:%P:FAIL /AuthLog AuthLog SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth LogSuccess 1 LogFailure 1 /AuthLog /Handler Handler AcctLogFileName %L/%Y%m%d.log AuthByPolicyContinueWhileAccept SessionDatabase ADSL AuthBy SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth AuthSelect select PASSWORD,CHECKATTR, REPLYATTR From SUBSCRIBERS where USERNAME=%0 DefaultSimultaneousUse 1 # Accounting DateFormat %b %e, %Y %H:%M:%S AccountingTable Calls AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef UserName,User-Name AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef FramedAddress,Framed-IP-Address AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer AcctColumnDef ConnectInfo,Connect-Info,string AcctColumnDef
Re: (RADIATOR) AuthLog not logging password
Hello Herman - I will need to see a trace 4 debug to be sure, but I suspect you are using CHAP (or MS-CHAP) passwords which cannot be decrypted. regards Hugh On Thursday, Oct 2, 2003, at 20:32 Australia/Melbourne, Herman verschooten wrote: Hi, I am trying to log the password in an AuthLog FILE-clausule, but the field is left blank? What I get in the log.txt-file is FAIL:Thu Oct 2 12:31:06 2003:A03245014::FAIL FAIL:Thu Oct 2 12:31:15 2003:A03266007::FAIL Any help would be appreciated. Herman # Radius.cfg # # N E T 4 A L L # Foreground LogStdout LogDir d:/radius/log DbDir c:/Program Files/Radiator BindAddress XX.YY.96.20 AuthPort1812,1645 AcctPort1813,1646 LogFile %L/log%Y%m%d.log Trace 4 SnmpgetProg c:/Program Files/Radiator/net-snmp/snmpget.exe #Strip realm RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ # Allow only these chars in the username #UsernameCharset a-zA-Z0-9\.-_@ # You will probably want to change this to suit your site. Client XX.YY.96.128 # Cisco 5300 Ras Identifier DIALUP Secret DupInterval 10 # NasType Cisco IdenticalClients XX.YY.96.5 IdenticalClients XX.YY.96.3 /Client Client XX.YY.ZZ.249 # Scarlet DSL Identifier 2UDSL Secret DupInterval 10 IdenticalClients XX.YY.ZZ.241 /Client Handler Client-Identifier=DIALUP AcctLogFileName %L/%Y%m%d.log AuthByPolicyContinueWhileAccept SessionDatabase DIAL AuthBy SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth AuthSelect select PASSWORD,CHECKATTR, REPLYATTR From SUBSCRIBERS where USERNAME=%0 DefaultSimultaneousUse 1 # Accounting DateFormat %b %e, %Y %H:%M:%S AccountingTable Calls AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef UserName,User-Name AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef FramedAddress,Framed-IP-Address AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer AcctColumnDef ConnectInfo,Connect-Info,string AcctColumnDef CallerID,Calling-Station-Id,string AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctInputOctets,RB-Acct-Input-Octets-64,integer AcctColumnDef AcctOutputOctets,RB-Acct-Output-Octets-64,integer /AuthBy AuthBy FILE Filename %D/Profile.cfg StripFromReply Profile /AuthBy AuthLog FILE FilenameD:/radius/log.Txt LogFailure 1 FailureFormat FAIL:%l:%n:%P:FAIL /AuthLog FILE AuthLog REMOTESYSLOG SysLogHost XX.YY.ZZ.8 LogSuccess 1 LogFailure 1 FailureFormat FAIL:%l:%n:%P:FAIL /AuthLog AuthLog SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth LogSuccess 1 LogFailure 1 /AuthLog /Handler Handler AcctLogFileName %L/%Y%m%d.log AuthByPolicyContinueWhileAccept SessionDatabase ADSL AuthBy SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth AuthSelect select PASSWORD,CHECKATTR, REPLYATTR From SUBSCRIBERS where USERNAME=%0 DefaultSimultaneousUse 1 # Accounting DateFormat %b %e, %Y %H:%M:%S AccountingTable Calls AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef UserName,User-Name AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef
RE: (RADIATOR) AuthLog not logging password
You probably won't be getting the password from the NAS in the first place. If you're using a challenge-response based auth scheme the password is never sent. -Original Message- From: Herman verschooten [mailto:[EMAIL PROTECTED] Sent: 02 October 2003 11:32 To: [EMAIL PROTECTED] Subject: (RADIATOR) AuthLog not logging password Hi, I am trying to log the password in an AuthLog FILE-clausule, but the field is left blank? What I get in the log.txt-file is FAIL:Thu Oct 2 12:31:06 2003:A03245014::FAIL FAIL:Thu Oct 2 12:31:15 2003:A03266007::FAIL Any help would be appreciated. Herman # Radius.cfg # # N E T 4 A L L # Foreground LogStdout LogDir d:/radius/log DbDir c:/Program Files/Radiator BindAddress XX.YY.96.20 AuthPort1812,1645 AcctPort1813,1646 LogFile %L/log%Y%m%d.log Trace 4 SnmpgetProg c:/Program Files/Radiator/net-snmp/snmpget.exe #Strip realm RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ # Allow only these chars in the username #UsernameCharset a-zA-Z0-9\.-_@ # You will probably want to change this to suit your site. Client XX.YY.96.128 # Cisco 5300 Ras Identifier DIALUP Secret DupInterval 10 # NasType Cisco IdenticalClients XX.YY.96.5 IdenticalClients XX.YY.96.3 /Client Client XX.YY.ZZ.249 # Scarlet DSL Identifier 2UDSL Secret DupInterval 10 IdenticalClients XX.YY.ZZ.241 /Client Handler Client-Identifier=DIALUP AcctLogFileName %L/%Y%m%d.log AuthByPolicyContinueWhileAccept SessionDatabase DIAL AuthBy SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth AuthSelect select PASSWORD,CHECKATTR, REPLYATTR From SUBSCRIBERS where USERNAME=%0 DefaultSimultaneousUse 1 # Accounting DateFormat %b %e, %Y %H:%M:%S AccountingTable Calls AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef UserName,User-Name AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef FramedAddress,Framed-IP-Address AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer AcctColumnDef ConnectInfo,Connect-Info,string AcctColumnDef CallerID,Calling-Station-Id,string AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctInputOctets,RB-Acct-Input-Octets-64,integer AcctColumnDef AcctOutputOctets,RB-Acct-Output-Octets-64,integer /AuthBy AuthBy FILE Filename %D/Profile.cfg StripFromReply Profile /AuthBy AuthLog FILE FilenameD:/radius/log.Txt LogFailure 1 FailureFormat FAIL:%l:%n:%P:FAIL /AuthLog FILE AuthLog REMOTESYSLOG SysLogHost XX.YY.ZZ.8 LogSuccess 1 LogFailure 1 FailureFormat FAIL:%l:%n:%P:FAIL /AuthLog AuthLog SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth LogSuccess 1 LogFailure 1 /AuthLog /Handler Handler AcctLogFileName %L/%Y%m%d.log AuthByPolicyContinueWhileAccept SessionDatabase ADSL AuthBy SQL DBSourcedbi:ODBC:Radiator DBUsername DBAuth AuthSelect select PASSWORD,CHECKATTR, REPLYATTR From SUBSCRIBERS where USERNAME=%0 DefaultSimultaneousUse 1 # Accounting DateFormat %b %e, %Y %H:%M:%S AccountingTable Calls AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef UserName,User-Name AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
(RADIATOR) Rpm version 3.7 displays 3.6 on startup?
I assume this is just a problem with the message or is the download pointing to an old file? Regards JLM === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) radiators duplicate detection (ClientIP+Identifier+?SourcePort?)
Hi Rainer, As stated in the changelog for 3.6, Radiator no longer indexes on UDP port. This is illustrated by the following code from Client.pm : # its not a dup, save the id for later dup checking $self-{RecentIdentifiers}-{$p-{RecvFromAddress}}-{$code . $p-identifier} = $p-{RecvTime}; Seems like the comment block was not changed to reflect this new, not RFC compliant, duplicate checking. wkr Arjan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Tuesday, September 30, 2003 12:36 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) radiators duplicate detection (ClientIP+Identifier+?SourcePort?) Hello Rainer - Here is the comment block from Radius/Client.pm: # In order to detect duplicate arrivals, we keep an array # of arrivals ($self-{RecentIdentifiers})indexed by # the IP address of the host that sent the request, # the UDP port number (some hosts like Lucent TNT have multiple ID space # on different port numbers), the Radius packet identifier (8 bits), # concatenated with the packet type code. # (The packet code is used because some NASs use different packet # sequences for different request types) # The value stored in each element of the array is the time # we last received a packet with that identifier from this client. # If the time interval is less than DupInterval, the packet is assumed to be # duplicate, and is ignored Does this answer your question? regards Hugh On Tuesday, Sep 30, 2003, at 07:16 Australia/Melbourne, Rainer Huber wrote: Hi! I've seen that radiator detects duplicate records depending only on the identifier and the client IP: If more than 1 Radius request from this Client with the same Radius Identifier are received within DupInterval seconds, the 2nd and subsequent are ignored. Shouldn't be the Identifier, the ClientIP and the SourcePort the keys for duplicates? The RFC 2865 says: Identifier: The Identifier field is one octet, and aids in matching requests and replies. The RADIUS server can detect a duplicate request if it has the same client source IP address and source UDP port and Identifier within a short span of time. Is it a mistake in the refmanual? Regards, Rainer === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. __ This inbound message to KPN has been checked for all known viruses by KPN MailScan (IV-Scan), powered by MessageLabs. For further information visit: http://www.veiliginternet.nl __ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) CachePasswords not available in AuthBy ROUNDROBIN
I have a Radiator farm setup which I'm trying to AuthBy ROUNDROBIN to... It doesn't appear that CachePasswords works for this AuthBy. Looking at my trace, auths are always sent to the clients and never lookedup in the cache even though I've authed several times.. Here is the handler I have: Handler UsernameCharset [EMAIL PROTECTED] RewriteUsername tr/A-Z/a-z/ RewriteUsername s/\s+//g RewriteUsername s/[EMAIL PROTECTED]/\?/g AuthBy ROUNDROBIN FailureBackoffTime 300 Secret Retries 3 RetryTimeout10 AuthPort1812 AcctPort1813 Host 1.1.1.1 /Host Host 2.2.2.2 /Host CachePasswords RejectEmptyPassword NoDefault /AuthBy SessionDatabase NoneDB /Handler Shouldn't CachePasswords be supported in this AuthBy? It is in AuthBy RADIUS... -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 If at first you don't succeed, call it version 1.0 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) CachePasswords not available in AuthBy ROUNDROBIN
Just a guess from the last time I looked into AuthBy ROUNDROBIN but I believe the CachePasswords directive is specific to a host if it works at all. Try this and see if it works: Handler UsernameCharset [EMAIL PROTECTED] RewriteUsername tr/A-Z/a-z/ RewriteUsername s/\s+//g RewriteUsername s/[EMAIL PROTECTED]/\?/g AuthBy ROUNDROBIN FailureBackoffTime 300 Secret Retries 3 RetryTimeout10 AuthPort1812 AcctPort1813 Host 1.1.1.1 CachePasswords /Host Host 2.2.2.2 CachePasswords /Host RejectEmptyPassword NoDefault /AuthBy SessionDatabase NoneDB /Handler -Original Message- From: Robert Blayzor [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 1:01 PM To: Radiator Subject: (RADIATOR) CachePasswords not available in AuthBy ROUNDROBIN I have a Radiator farm setup which I'm trying to AuthBy ROUNDROBIN to... It doesn't appear that CachePasswords works for this AuthBy. Looking at my trace, auths are always sent to the clients and never lookedup in the cache even though I've authed several times.. Here is the handler I have: Handler UsernameCharset [EMAIL PROTECTED] RewriteUsername tr/A-Z/a-z/ RewriteUsername s/\s+//g RewriteUsername s/[EMAIL PROTECTED]/\?/g AuthBy ROUNDROBIN FailureBackoffTime 300 Secret Retries 3 RetryTimeout10 AuthPort1812 AcctPort1813 Host 1.1.1.1 /Host Host 2.2.2.2 /Host CachePasswords RejectEmptyPassword NoDefault /AuthBy SessionDatabase NoneDB /Handler Shouldn't CachePasswords be supported in this AuthBy? It is in AuthBy RADIUS... -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 If at first you don't succeed, call it version 1.0 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) DHCP configuration questions
We're using the latest Radiator and ISC DHCP servers under Solaris. I've scoured the Radiator documentation, the archives of this mailing list, and the archives of the ISC mailing list, and haven't been able to piece together enough useful information to answer the following: 1) We'd like to have a series of groups, each with different configuration options -- session timeout, dynamic address IP range, password for accessing that group, etc. How do we define those, both in the radius.cfg and the syntax of the file itself? 2) For each of those groups, we'd like to call upon an ISC DHCP server on another host to assign an address appropriate to the group definition. What's that config look like, both in radius and in dhcpd.conf? I've experimented with ISC's class definitions, to no avail, primarily because I can't figure out how to get Radiator to a) get the necessary per-user config from an external file or files and b) pass it along to the DHCP server in the proper format. Has anyone done this? Does anyone have any examples to share? Wyman Miles Manager of Infrastructure, Rice University, Texas. (713) 348-5827, e-mail:[EMAIL PROTECTED], pager:[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) CachePasswords not available in AuthBy ROUNDROBIN
On 10/2/03 1:01 PM, Robert Blayzor [EMAIL PROTECTED] wrote: I have a Radiator farm setup which I'm trying to AuthBy ROUNDROBIN to... It doesn't appear that CachePasswords works for this AuthBy. Looking at my trace, auths are always sent to the clients and never lookedup in the cache even though I've authed several times.. I got this one figured out. Helps to consult the manual first, mine was a little out of date on print. Anyway, changing the default handling of this was the fix. I do have one question for Hugh however. How can one completely drop or reject any request coming in at the client level based on attributes received (or NOT received for that matter). For example, say I want to ignore or drop any accounting requests from a client with the User-Name attribute missing, or empty string. I see this problem a lot on Ascent maxes. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 A Life? Cool! Where can I download one of those from? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) DHCP configuration questions
Hi Wyman, We tried the DHCP approach for dynamic ip assignments but gave up because of performance issues (dhcpd was overrun when the number of requests exceeded a certain limit). We are currently using a MySQL table for ip assignments. You can use radiators built in logic to separate your users into groups and just use an authby inside a handler for assignments each time specifying a separate pool. You can also have multiple AddressAllocator clauses if you want to set different timeout values. Hope this helps. Ingvar AuthBy DYNADDRESS AddressAllocator adsldhcpallocator PoolHint XDSL1 MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint /AuthBy # Assignment of addresses from SQL server pool # AddressAllocator SQL Identifier xdsldhcpallocator DBSourcedbi:mysql:radius:192.168.10.10 DBUsername xx DBAuth xx Timeout 10 FailureBackoffTime 120 DefaultLeasePeriod 864 LeaseReclaimInterval 864 FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='%0' and STATE=0 order by TIME_STAMP LIMIT 1 AllocateQuery update RADPOOL set STATE=1,TIME_STAMP=%0, EXPIRY=%1, USERNAME='%U' where YIADDR='%3' and STATE=0 and TIME_STAMP %4 ReclaimQuery select database() AddressPool XDSL1 Subnetmask 255.255.255.255 Range 157.157.124.1 157.157.124.254 Range 157.157.125.1 157.157.125.254 /AddressPool AddressPool XDSL2 Subnetmask 255.255.255.255 Range 157.157.124.1 157.157.124.254 Range 157.157.125.1 157.157.125.254 /AddressPool /AddressAllocator mysql describe RADPOOL; ++--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | ++--+--+-+-+---+ | STATE | int(11) | | | 0 | | | TIME_STAMP | int(11) | YES | | NULL | | | EXPIRY | int(11) | YES | | NULL | | | USERNAME | char(50) | YES | MUL | NULL | | | POOL | char(50) | | | | | | YIADDR | char(50) | | PRI | | | | SUBNETMASK | char(50) | | | | | | DNSSERVER | char(50) | YES | | NULL | | ++--+--+-+-+---+ 8 rows in set (0.00 sec) - Original Message - From: Wyman Eric Miles [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 02, 2003 6:33 PM Subject: (RADIATOR) DHCP configuration questions We're using the latest Radiator and ISC DHCP servers under Solaris. I've scoured the Radiator documentation, the archives of this mailing list, and the archives of the ISC mailing list, and haven't been able to piece together enough useful information to answer the following: 1) We'd like to have a series of groups, each with different configuration options -- session timeout, dynamic address IP range, password for accessing that group, etc. How do we define those, both in the radius.cfg and the syntax of the file itself? 2) For each of those groups, we'd like to call upon an ISC DHCP server on another host to assign an address appropriate to the group definition. What's that config look like, both in radius and in dhcpd.conf? I've experimented with ISC's class definitions, to no avail, primarily because I can't figure out how to get Radiator to a) get the necessary per-user config from an external file or files and b) pass it along to the DHCP server in the proper format. Has anyone done this? Does anyone have any examples to share? Wyman Miles Manager of Infrastructure, Rice University, Texas. (713) 348-5827, e-mail:[EMAIL PROTECTED], pager:[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Mem Leaks in PERL 5.8.0 - Radiator effected?
Hello Robert, On Fri, 3 Oct 2003 01:57 am, Robert Blayzor wrote: http://rt.perl.org/rt2//Ticket/Display.html?id=18038 Do we know if Radiator-3.7 is effected by this bug in PERL 5.8.0 ? Radiator does not use IO::ScalarArray directly, and tests here with 5.8.0 do not show leaks. Cheers. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Satisfaction Guaranteed: We'll send you another copy if it fails. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) MySQL server has gone away
I was having a similar problem - appears to have been a problem with the mysql settings being too small. Adjusting these settings in /etc/my.cnf (see my-small.cnf/my-medium.cnf etc...) Certainly helped/rectified the problem. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 2 October 2003 5:38 PM To: Bobbejaan van Elst Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) MySQL server has gone away Hello Bobby - It looks like the MySQL server does not like certain requests. You should try to run the same requests by hand to see what happens and you should check the MySQL log files to see what is happening with the database. regards Hugh On Thursday, Oct 2, 2003, at 16:36 Australia/Melbourne, Bobbejaan van Elst wrote: Hi, I see verry often the following errors: Thu Oct 2 06:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065068995': MySQL server has gone away Thu Oct 2 06:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065070795': MySQL server has gone away Thu Oct 2 07:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065072595': MySQL server has gone away Thu Oct 2 07:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065074395': MySQL server has gone away And here also an error: Code: Access-Request Identifier: 108 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] NAS-Port = 2030108795 User-Password = 200185l173175\424618889160216}x153 NAS-Identifier = nl-gv-dc2-fsip-gr05-3 Timestamp = 1064997007 Wed Oct 1 10:30:07 2003: DEBUG: Handling request with Handler 'Realm=adsl, Request-Type=Access-Request' Wed Oct 1 10:30:07 2003: DEBUG: mySessionDB Deleting session for [EMAIL PROTECTED], 195.190.240.82, 2030108795 Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'delete from RADONLINE where ACCTSESSIONID=''': Wed Oct 1 10:30:07 2003: ERR: do failed for 'delete from RADONLINE where ACCTSESSIONID=''': MySQL server has gone away Wed Oct 1 10:30:07 2003: DEBUG: Handling with AuthINTERNAL: DefaultAccept Wed Oct 1 10:30:07 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Wed Oct 1 10:30:07 2003: DEBUG: Query is: 'select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='nl-gv-dc2-fsip-gr05-3' and STATE=0 order by TIME_STAMP limit 1': Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'update RADPOOL set STATE=1, TIME_STAMP=1064997007, EXPIRY=1065083407, USERNAME='[EMAIL PROTECTED]' where YIADDR='172.16.178.124' and TIME_STAMP =1064929204': Wed Oct 1 10:30:07 2003: DEBUG: Access accepted for [EMAIL PROTECTED] I am using the following versions: DBD-mysql-2.9002 DBI-1.38 Digest-MD5-2.27 mysql-4.0.14 Radiator-3.6 Has someone an idea? Met vriendelijke groet, Bobbejaan van Elst === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) CachePasswords not available in AuthBy ROUNDROBIN
Hello Robert - On your first point, the behaviour of CachePasswords was extended some time ago to support the mode of operation that you are describing - hence the change in the manual. For your second point, it is usually easier to set up your Handlers with specific matches for everything you want to deal with and finish with a default Handler that simply rejects everything else. Ie: Handler . /Handler Handler . /Handler . Handler AuthBy INTERNAL DefaultResult REJECT /AuthBy /Handler regards Hugh On Friday, Oct 3, 2003, at 06:19 Australia/Melbourne, Robert Blayzor wrote: On 10/2/03 1:01 PM, Robert Blayzor [EMAIL PROTECTED] wrote: I have a Radiator farm setup which I'm trying to AuthBy ROUNDROBIN to... It doesn't appear that CachePasswords works for this AuthBy. Looking at my trace, auths are always sent to the clients and never lookedup in the cache even though I've authed several times.. I got this one figured out. Helps to consult the manual first, mine was a little out of date on print. Anyway, changing the default handling of this was the fix. I do have one question for Hugh however. How can one completely drop or reject any request coming in at the client level based on attributes received (or NOT received for that matter). For example, say I want to ignore or drop any accounting requests from a client with the User-Name attribute missing, or empty string. I see this problem a lot on Ascent maxes. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 A Life? Cool! Where can I download one of those from? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Perssitent ldap connections in AuthLDAP2
Hello Joao Pedro - The normal AuthBy LDAP2 should not keep a persistent connection (unless HoldServerConnection is enabled in the configuration file). This is because some LDAP servers do not like persistent connections. regards Hugh On Friday, Oct 3, 2003, at 04:57 Australia/Melbourne, Joao Pedro Goncalves wrote: Hi, is it possible to turn off persistent connections in AuthLDAP2, or to define a number of requests per persistent connection, enforcing a reconnect after? Thank you very much João Pedro Gonçalves -- João Pedro Gonçalves http://www.sapo.pt/ - Portugal Online === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) DHCP configuration questions
Hello Wyman - I have already replied to this mail at least once. Perhaps you have some mail filtering that is dropping mail from me (using my home office server)? I am sending this mail through a different mail server, so please let me know if you receive it. There is an example configuration file in the Radiator 3.7.1 distribution (and earlier versions) in the file goodies/addressallocatordhcp.cfg which shows how to configure and use DHCP for IP address allocation. See also section 3.57 in the Radiator 3.7.1 reference manual (doc/ref.html). I will be happy to answer any further questions. regards Hugh On Friday, Oct 3, 2003, at 04:33 Australia/Melbourne, Wyman Eric Miles wrote: We're using the latest Radiator and ISC DHCP servers under Solaris. I've scoured the Radiator documentation, the archives of this mailing list, and the archives of the ISC mailing list, and haven't been able to piece together enough useful information to answer the following: 1) We'd like to have a series of groups, each with different configuration options -- session timeout, dynamic address IP range, password for accessing that group, etc. How do we define those, both in the radius.cfg and the syntax of the file itself? 2) For each of those groups, we'd like to call upon an ISC DHCP server on another host to assign an address appropriate to the group definition. What's that config look like, both in radius and in dhcpd.conf? I've experimented with ISC's class definitions, to no avail, primarily because I can't figure out how to get Radiator to a) get the necessary per-user config from an external file or files and b) pass it along to the DHCP server in the proper format. Has anyone done this? Does anyone have any examples to share? Wyman Miles Manager of Infrastructure, Rice University, Texas. (713) 348-5827, e-mail:[EMAIL PROTECTED], pager:[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Question in AuthBy EXTERNAL
Hi Mke and Hugh May i know how should i pass the parameter into the perl script when i execute AUTH EXTERNAL and how can get the result after execute the perl script ? Thank MAN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Man Meng Fei Sent: Thursday, October 02, 2003 1:58 PM To: 'Mike McCauley'; 'Hugh Irvine' Cc: [EMAIL PROTECTED] Subject: RE: (RADIATOR) Question in AuthBy EXTERNAL Hi Do i need to pass any parameter to testcommand.pl ? MAN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike McCauley Sent: Thursday, October 02, 2003 12:36 PM To: Hugh Irvine; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Question in AuthBy EXTERNAL Hi Hugh, If you look at godies/external.cfg, you will see he needs something like this: Command c:/perl/bin/perl ./goodies/testcommand.pl DOS does not know how to interpret #!/usr/bin/perl so it cant run C:\Perl\bin\testcommand.pl without some cluues. Cheers. On Thu, 2 Oct 2003 12:23 pm, Hugh Irvine wrote: Hello Man Meng Fei - I suspect that Radiator is not able to run the external command. What happens when you run the following in a MS-DOS window: C:\Perl\bin\testcommand.pl There is probably something wrong with either the path or the contents of the file. regards Hugh On Thursday, Oct 2, 2003, at 03:56 Australia/Melbourne, Man Meng Fei wrote: Hi Currently i am using a sample configuration (external.cfg) and perl script (testcommand.pl) which can be retrieved from goodies directory to understand the implementation of AuthBy EXTERNAL. But after i executed it, i can't get the expected test result. I got No Reply at Radius client. I hope someone can help me to make this AuthBy EXTERNAL sample working. Lastly i attached Radius Configration file which i used for the testing and Radius Server and Radius Client's output result Man Meng Fei --radius.cfg--- # external.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # EXTERNAL authentication. # # There is an example external program called testcommand.pl # in the goodies directory, whichthe example below uses. It # will accept the request if the username is fred otherwise reject # it. # # So if you run Radiator with this config file, then do # radpwtst -noacct -trace -user fred # you will see something like: # sending Access-Request... # OK # Code: Access-Accept # Identifier: 109 # Authentic: 12_B2152=149140kBM13022110.S # Attributes: # Reply-Message = you are fred # # # And if you do: # radpwtst -noacct -trace -user someoneelse # you will see something like: # sending Access-Request... # Rejected # Code: Access-Reject # Identifier: 70 # Authentic: 165206RiJ208139245129@17013623s2423 # Attributes: # Reply-Message = you are NOT fred, you are 'someoneelse' # Reply-Message = Request Denied # # You should consider this file to be a starting point only # $Id: external.cfg,v 1.3 2003/09/22 23:30:56 mikem Exp $ Foreground LogStdout LogDir c:/Program Files/Radiator DbDir c:/Program Files/Radiator Trace 4 # You will probably want to change this to suit your site. Client DEFAULT Secret mysecret DupInterval 0 /Client Realm DEFAULT AuthBy EXTERNAL # For NT, you might want something like this Command C:\Perl\bin\testcommand.pl # For Unix, maybe something like this # #Command ./goodies/testcommand.pl # This will cause the User-Password # to be decrypted before being passed to the # external program DecryptPassword # You might prefer use this to tell AuthBy EXTERNAL # to get the result from the first line of the # output. The permitted values are ACCEPT, REJECT # IGNORE CHALLENGE or REJECT_IMMEDIATE. ON Win98 # its the only way to get it to work. # We recommend you use this method ResultInOutput /AuthBy /Realm ---Radius Server Output-- Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\Documents and Settings\man\DesktopPERL c:\perl\bin\radiusd Thu Oct 2 01:16:58 2003: DEBUG: Finished reading configuration file 'C:\Program Files\Radiator\radius.cfg' This Radiator license will expire on 2004-02-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED] Thu Oct 2 01:16:58 2003: DEBUG: Reading dictionary file
Re: (RADIATOR) Rpm version 3.7 displays 3.6 on startup?
Hello John - Can you send us a copy of the message that is displayed? BTW - latest version is Radiator 3.7.1. regards Hugh On Thursday, Oct 2, 2003, at 23:29 Australia/Melbourne, John McFadden wrote: I assume this is just a problem with the message or is the download pointing to an old file? Regards JLM === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Question in AuthBy EXTERNAL
Hello MAN - All of the attributes in the current radius request are passed to the external command on standard input, and the results are returned on standard output. Please refer to section 6.26 in the Radiator manual (doc/ref.html). If you want to add any parameters to be passed to the external program you should add them as attributes to the current request before calling the AuthBy EXTERNAL clause. You should also look at the source code in the file Radius/AuthEXTERNAL.pm to see exactly what happens. regards Hugh On Friday, Oct 3, 2003, at 11:22 Australia/Melbourne, Man Meng Fei wrote: Hi Mke and Hugh May i know how should i pass the parameter into the perl script when i execute AUTH EXTERNAL and how can get the result after execute the perl script ? Thank MAN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Man Meng Fei Sent: Thursday, October 02, 2003 1:58 PM To: 'Mike McCauley'; 'Hugh Irvine' Cc: [EMAIL PROTECTED] Subject: RE: (RADIATOR) Question in AuthBy EXTERNAL Hi Do i need to pass any parameter to testcommand.pl ? MAN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike McCauley Sent: Thursday, October 02, 2003 12:36 PM To: Hugh Irvine; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Question in AuthBy EXTERNAL Hi Hugh, If you look at godies/external.cfg, you will see he needs something like this: Command c:/perl/bin/perl ./goodies/testcommand.pl DOS does not know how to interpret #!/usr/bin/perl so it cant run C:\Perl\bin\testcommand.pl without some cluues. Cheers. On Thu, 2 Oct 2003 12:23 pm, Hugh Irvine wrote: Hello Man Meng Fei - I suspect that Radiator is not able to run the external command. What happens when you run the following in a MS-DOS window: C:\Perl\bin\testcommand.pl There is probably something wrong with either the path or the contents of the file. regards Hugh On Thursday, Oct 2, 2003, at 03:56 Australia/Melbourne, Man Meng Fei wrote: Hi Currently i am using a sample configuration (external.cfg) and perl script (testcommand.pl) which can be retrieved from goodies directory to understand the implementation of AuthBy EXTERNAL. But after i executed it, i can't get the expected test result. I got No Reply at Radius client. I hope someone can help me to make this AuthBy EXTERNAL sample working. Lastly i attached Radius Configration file which i used for the testing and Radius Server and Radius Client's output result Man Meng Fei --radius.cfg--- # external.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # EXTERNAL authentication. # # There is an example external program called testcommand.pl # in the goodies directory, whichthe example below uses. It # will accept the request if the username is fred otherwise reject # it. # # So if you run Radiator with this config file, then do # radpwtst -noacct -trace -user fred # you will see something like: # sending Access-Request... # OK # Code: Access-Accept # Identifier: 109 # Authentic: 12_B2152=149140kBM13022110.S # Attributes: # Reply-Message = you are fred # # # And if you do: # radpwtst -noacct -trace -user someoneelse # you will see something like: # sending Access-Request... # Rejected # Code: Access-Reject # Identifier: 70 # Authentic: 165206RiJ208139245129@17013623s2423 # Attributes: # Reply-Message = you are NOT fred, you are 'someoneelse' # Reply-Message = Request Denied # # You should consider this file to be a starting point only # $Id: external.cfg,v 1.3 2003/09/22 23:30:56 mikem Exp $ Foreground LogStdout LogDir c:/Program Files/Radiator DbDir c:/Program Files/Radiator Trace 4 # You will probably want to change this to suit your site. Client DEFAULT Secret mysecret DupInterval 0 /Client Realm DEFAULT AuthBy EXTERNAL # For NT, you might want something like this Command C:\Perl\bin\testcommand.pl # For Unix, maybe something like this # #Command ./goodies/testcommand.pl # This will cause the User-Password # to be decrypted before being passed to the # external program DecryptPassword # You might prefer use this to tell AuthBy EXTERNAL # to get the result from the first line of the # output. The permitted values are ACCEPT, REJECT # IGNORE CHALLENGE or REJECT_IMMEDIATE. ON Win98 # its the only way to get it to work. # We recommend you use this method ResultInOutput /AuthBy /Realm ---Radius Server Output-- Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\Documents and Settings\man\DesktopPERL c:\perl\bin\radiusd Thu Oct 2 01:16:58
(RADIATOR) [OT] To and CC
Slightly OT message... Is there any reason because the "To:" has the original sender and the ML is only in CC? It happened to me at least 4 times lately to reply in private instead of the ML because I just hit reply instead of "reply to all"... My brain is lazy would be cool if it was the other way (TO: ML and CC: Author), but I know this is not possible, so maybe just To: ML? Good Night (4.29 am here) :-) Andrea
Re: (RADIATOR) NAS-Port and NAS-Port-Type
Hello Andrea - Many thanks for a very informative post. Your solution sounds excellent (that is why we let you change Radiator's default behaviour). :-) I will suggest to Mike that we include your mail as a FAQ item (with your permission of course). regards Hugh On Friday, Oct 3, 2003, at 12:57 Australia/Melbourne, Andrea Brancatelli wrote: Recently I talked with Mike (or maybe with Hugh) in Private Mail (that was one of the cases I was talking about) about an Access Point I have that is currently reporting all the connection as coming from NAS-Port: 9. That is giving problems to the SESSION table because when a second user logs in radiator blindly deletes any user that was on the same NAS-Port on the same AP. Talking with Mike he pointed me that this was a wrong behaviour and that I had to point this out to the manifactour of the AP. I did. Their answer is that the AP works well and has no problem of any kind with the RadiusNT package they use for testing (and this is a pretty lame answer) but also pointed me that that behaviour is not wrong according to RFC 2138 and 2865... see http://www.ietf.org/rfc/rfc2865.txt Basically they said that since NAS-Port-Type is correctly reported as Wireless - IEEE 802.11 (19) the Radius server should be smart enough not to assume that the NAS is able to discriminate among Ports. Wireless Ports surely are not phisical ports (as NAS-Port description refers to) and the RFC clearly says that Either NAS-Port (5) or NAS-Port-Type or both SHOULD be present in an Access-Request packet, if the NAS differentiates among its ports _IF_ the Nas differentiates among its port, don't expect the NAS to be able to do that. (actually I have disassembled their firmware and I must say they have concrete reasons not to implement the real NAS-Port concept... the AP is Linux Embedded and the 9 it is returning refers to the tty assigned to the Wireless Lan Card. They use Radclient to do the Radius Login and it assume the tty number as the NAS-Port - something that would be correct if the NAS was a rack-modem) So, trying to make a long story short what I did was replacing the NAS-Port definition in the SESSION database from Integer to Char 22 and replace the Session Add and Session Delete SQL query to use the remote peer MAC Address to fake out an univoque NAS-Port. It works. My suggestion for you guys is that maybe you can be prepared to work around similar situation and get somewhat deeper in the SESSION table handling, for example including the MAC address of the remote peer (if it is available, of course) as an addedd UNIQUEness field for deleting stuff in the session database Delete Session query... Delete from session where NAS = something, NAS-Port = something and MAC = something. Just an idea... any comment? Hope this is somewhat useful. Andrea NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS-Port and NAS-Port-Type
Hugh Irvine wrote: Many thanks for a very informative post. It's been a pleasure :-) I will suggest to Mike that we include your mail as a FAQ item (with your permission of course). Sure, the only request is that you fix my bad english first... :-) ehehehe... Include it, no probs.