(RADIATOR) Profiles problems
Hi List, I cannot get the radius server to return the profile while using the following configuration: --START- LogStdout c:/radiator/stdout.txt LogDir c:/radiator DbDir c:/radiator. Client DEFAULT Secret !removed for my protection! DupInterval 0 /Client Realm DEFAULT AuthByPolicy ContinueAlways AuthBy SQL Identifier ACCT1 DBSource dbi:ODBC:!removed for my protection! DBUsername !removed for my protection! DBAuth !removed for my protection! AuthSelect AccountingTable radacct1 AcctColumnDef UserName,User-Name AcctColumnDef LogDateTime,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctInputPackets,Acct-Input-Packets,integer AcctColumnDef AcctOutputPackets,Acct-Output-Packets,integer AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause AcctColumnDef NasIPAddress,NAS-IP-Address AcctColumnDef NasIdentifier,NAS-Identifier AcctColumnDef NasPortId,NAS-Port,integer AcctColumnDef NasPortType,NAS-Port-Type,integer AcctColumnDef ConnectInfo,Connect-Info AcctColumnDef ServiceType,Service-Type AcctColumnDef FramedProtocol,Framed-Protocol AcctColumnDef FramedAddress,Framed-IP-Address AcctColumnDef CallingStationId,Calling-Station-Id /AuthBy AuthBy SQL Identifier AUTH1 DBSource dbi:ODBC:!removed for my protection! DBUsername !removed for my protection! DBAuth !removed for my protection! AuthSelect select ClearTextPassword,ServiceType,SessionLimit, \ IdleLimit,StaticIP,IPNetmask,FramedRoute,PortLimit, \ PortLimit,ProfileID from Customers where CustomerID=%0 \ and Disable is null AuthColumnDef 0,Password,check AuthColumnDef 1,Service-Type,reply AuthColumnDef 2,Session-Timeout,reply AuthColumnDef 3,Idle-Timeout,reply AuthColumnDef 4,Framed-IP-Address,reply AuthColumnDef 5,Framed-IP-Netmask,reply AuthColumnDef 6,Framed-Route,reply AuthColumnDef 7,Port-Limit,reply AuthColumnDef 8,Simultaneous-Use,check AuthColumnDef 9,Profile,reply /AuthBy AuthBy SQL DBSource dbi:ODBC:!removed for my protection! DBUsername !removed for my protection! DBAuth !removed for my protection! AuthSelect SELECT timeofday FROM profiles WHERE \ [profile]='%{Reply:Profile}' AuthColumnDef 0,TimeOfDay,reply StripFromReply Profile /AuthBy SessionDatabase SDB1 /Realm SessionDatabase SQL Identifier SDB1 DBSource dbi:ODBC:!removed for my protection! DBUsername !removed for my protection! DBAuth !removed for my protection! /SessionDatabase ---END If I change AuthByPolicy ContinueAlways to AuthByPolicy ContinueWhileAccept then the server always returns Request Denied. Any input would be greatly appreciated. Note: I have already searched the list archives, nothing seems to work. Thank you, Brandon Lehmann Network Administrator Great Lakes Internet Service, LLC. The Computer Loft, Inc. 218 Justice St Fremont, Ohio 43420 419.332.3553 [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Profiles problems
Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 81 Authentic: 201KV189Ao213235254322zh2394 Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 82 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 82 Authentic: 237157221248311235207167t226SVQ227 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 83 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 83 Authentic: 4\212g'`25221423246A]136172174 Attributes: OK END- Removing the Authby clause for the profile timeofday returns this (with ContinueWhileAccept): START-- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 251 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 251 Authentic: 2I24 1807222164151k21322O15255N Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 252 Authentic
Re: (RADIATOR) Profiles problems
Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 81 Authentic: 201KV189Ao213235254322zh2394 Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 82 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 82 Authentic: 237157221248311235207167t226SVQ227 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 83 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 83 Authentic: 4\212g'`25221423246A]136172174 Attributes: OK END- Removing the Authby clause for the profile timeofday returns this (with ContinueWhileAccept): START-- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 251 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address
Re: (RADIATOR) Profiles problems
Hugh, Sorry. I'm a fool somedays. The problem is I don't get a response if i change the sql column to say... SessionLimit and define the session-limit through the profile either. I'll give it another try and check the dictionary. Maybe I'm just going crazy but this will be day 6. I'll let you know if I get it to work. Brandon - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:20 PM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - Thanks for your mail. Unfortunately I meant a trace 4 debug from Radiator (not a trace 4 debug from radpwtst). In any event, I suspect that at the very least the TimeOfDay radius attribute is not defined in your Radiator dictionary. regards Hugh On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote: Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 81 Authentic: 201KV189Ao213235254322zh2394 Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 82 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 82 Authentic: 237157221248311235207167t226SVQ227 Attributes: OK sending Accounting-Request Stop... Packet dump
Re: (RADIATOR) Profiles problems
Hugh, I just took a look around. Changed it to Time set it correctly in the SQL database, made it a check item. Set to ContinueWhileAccept. Trace -4 reveals that Authentication is Disabled I'm confused... Brandon - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:20 PM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - Thanks for your mail. Unfortunately I meant a trace 4 debug from Radiator (not a trace 4 debug from radpwtst). In any event, I suspect that at the very least the TimeOfDay radius attribute is not defined in your Radiator dictionary. regards Hugh On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote: Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 81 Authentic: 201KV189Ao213235254322zh2394 Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 82 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 82 Authentic: 237157221248311235207167t226SVQ227 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 83 Authentic:
Re: (RADIATOR) Profiles problems
Hugh, I have solved my problem... I totally forgot about SQL join statements... I have no clue why I was making this so hard... From my original config (authbypolicy ContinueAlways) I changed the following in my AuthSelect Column Definitions (and of course removed my second AuthSelect AuthBy grouping)...: --START-- AuthSelect select ClearTextPassword,ServiceType,SessionLimit,IdleLimit,StaticIP, \ IPNetmask,FramedRoute,PortLimit,PortLimit,profiles.timeofday,profiles.sessio ntimeout \ from Customers left join profiles on customers.profileid = profiles.profile where \ CustomerID=%0 and Disable is null AuthColumnDef 0,Password,check AuthColumnDef 1,Service-Type,reply AuthColumnDef 2,Session-Timeout,reply AuthColumnDef 3,Idle-Timeout,reply AuthColumnDef 4,Framed-IP-Address,reply AuthColumnDef 5,Framed-IP-Netmask,reply AuthColumnDef 6,Framed-Route,reply AuthColumnDef 7,Port-Limit,reply AuthColumnDef 8,Simultaneous-Use,check AuthColumnDef 9,Time,check AuthColumnDef 10,Session-Timeout,reply --END--- Assuming that the DEFAULT profile has a blank TimeofDay field and blank SessionTimeout field. The profile I wanted to limit has the following values; Al0730-1530 and until Time respectively. This now works flawlessly. No more Authentication Disabled messages. I'm sure I'll add a General field somewhere down the line for other attributes such as IP filters but this is enough for the last 6 days. Thanks for the help, Brandon Lehmann - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:20 PM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - Thanks for your mail. Unfortunately I meant a trace 4 debug from Radiator (not a trace 4 debug from radpwtst). In any event, I suspect that at the very least the TimeOfDay radius attribute is not defined in your Radiator dictionary. regards Hugh On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote: Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service
Re: (RADIATOR) Profiles problems
Hugh, As a reply to this, though I just sent out my last message to you and the list saying that I fixed it, this was the base hawki.cfg file included with the Radiator distrobution. As I'm sure you know, its in the goodies folder. However, I will keep your message for future reference. Thanks, Brandon - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, November 13, 2003 1:31 AM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - You have set the AuthByPolicy ContinueWhileAccept, but your first AuthBy clause has AuthSelect to disable authentication. Why do you have different AuthBy clauses for authentication and accounting? If you want to keep this structure, you will need to use an AuthBy GROUP and alter the AuthByPolicy inside it: Realm DEFAULT . # AuthByPolicy to do both accounting and authentication AuthByPolicy ContinueAlways AuthBy SQL . # disable authentication AuthSelect # do accounting . /AuthBy #define AuthBy GROUP # use different AuthByPolicy AuthBy GROUP AuthByPolicy ContinueWhileAccept AuthBy SQL # do authentication . /AuthBy AuthBy SQL # check time . /AuthBy /AuthBy /Realm regards Hugh On 13/11/2003, at 5:03 PM, Brandon Lehmann wrote: Hugh, I just took a look around. Changed it to Time set it correctly in the SQL database, made it a check item. Set to ContinueWhileAccept. Trace -4 reveals that Authentication is Disabled I'm confused... Brandon - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:20 PM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - Thanks for your mail. Unfortunately I meant a trace 4 debug from Radiator (not a trace 4 debug from radpwtst). In any event, I suspect that at the very least the TimeOfDay radius attribute is not defined in your Radiator dictionary. regards Hugh On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote: Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port
Re: (RADIATOR) Issue with Duplicate Key when Adding a Session
I would recommend using an INSERT IGNORE instead of an INSERT. This is a mysql issue, it means that you have a unique key (primary key) defined in your mysql table and your are trying to add another entry with the same unique key. *** Brandon Mullenberg Dialup USA, Inc. Tel: 888-460-2286 ext 202 Fax: 866-627-8808 Email: [EMAIL PROTECTED] ** - Original Message - From: Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 6:49 PM Subject: (RADIATOR) Issue with Duplicate Key when Adding a Session Hi All, We are using Radiator 3.6 with latest patches but we are seeing an issue when a new session is added. We're getting Duplicate key which appears to be coming from the internal handler code rather than MySQL itself. Below is the error when it occurs. We've modified our delete from RADONLINE query to match the details more accurately and we don't appear to be having any problems with this, it's just Adding session for %s is where it seems to go astray. Thu Jul 24 20:57:37 2003: DEBUG: Adding session for [EMAIL PROTECTED], 1.2.3.4, 6256 Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='1.2.3.4' and NASPORT=6256 and ACCTSESSIONID = '00062398'': Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'INSERT INTO RADONLINE (USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY, ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID,targetid, DOWNLOADRATE, UPLOADRATE, ORIGUSER) VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async',' Framed-User','0312345678','03912345678', '6F419DF2', '2185','346903','2410144','61', '15', '45333', '26400', '[EMAIL PROTECTED]')': Thu Jul 24 20:57:37 2003: ERR: do failed for 'INSERT INTO RADONLINE (USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY, ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID, targetid, DOWNLOADRATE, UPLOADRATE, ORIGUSER) VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async',' Framed-User','0312345678','03912345678', '6F419DF2', '2185','346903','2410144','61', '15', '45333', '26400', '[EMAIL PROTECTED]')': Duplicate entry '1.2.3.4-6256' for key 1 If you have any ideas that'd be great. Thanks Regards, Paul Rivoli [EMAIL PROTECTED] K B S I N T E R N E T === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Issue with Duplicate Key when Adding a Session
An INSERT IGNORE will just make it so you dont see the error message. It basically means ignore the error message. It will still try to do the insert, it won't add a 2nd row, and it wont give an error message. From the mysql manual: If you specify the keyword IGNORE in an INSERT with many rows, any rows that duplicate an existing PRIMARY or UNIQUE key in the table are ignored and are not inserted. *** Brandon Mullenberg Dialup USA, Inc. Tel: 888-460-2286 ext 202 Fax: 866-627-8808 Email: [EMAIL PROTECTED] ** - Original Message - From: Brian Morris [EMAIL PROTECTED] To: Brandon [EMAIL PROTECTED]; Paul [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 8:29 PM Subject: Re: (RADIATOR) Issue with Duplicate Key when Adding a Session Hmm... What are the implications of an Insert Ignore? Will it override the primary key constraint thus giving you two rows with the same primary key or will it simply not do the insert? Regards, Brian. (The reason I ask is that I get them too) - Original Message - From: Brandon [EMAIL PROTECTED] To: Paul [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 25, 2003 1:07 PM Subject: Re: (RADIATOR) Issue with Duplicate Key when Adding a Session I would recommend using an INSERT IGNORE instead of an INSERT. This is a mysql issue, it means that you have a unique key (primary key) defined in your mysql table and your are trying to add another entry with the same unique key. *** Brandon Mullenberg Dialup USA, Inc. Tel: 888-460-2286 ext 202 Fax: 866-627-8808 Email: [EMAIL PROTECTED] ** - Original Message - From: Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 6:49 PM Subject: (RADIATOR) Issue with Duplicate Key when Adding a Session Hi All, We are using Radiator 3.6 with latest patches but we are seeing an issue when a new session is added. We're getting Duplicate key which appears to be coming from the internal handler code rather than MySQL itself. Below is the error when it occurs. We've modified our delete from RADONLINE query to match the details more accurately and we don't appear to be having any problems with this, it's just Adding session for %s is where it seems to go astray. Thu Jul 24 20:57:37 2003: DEBUG: Adding session for [EMAIL PROTECTED], 1.2.3.4, 6256 Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='1.2.3.4' and NASPORT=6256 and ACCTSESSIONID = '00062398'': Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'INSERT INTO RADONLINE (USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY, ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID,targetid, DOWNLOADRATE, UPLOADRATE, ORIGUSER) VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async',' Framed-User','0312345678','03912345678', '6F419DF2', '2185','346903','2410144','61', '15', '45333', '26400', '[EMAIL PROTECTED]')': Thu Jul 24 20:57:37 2003: ERR: do failed for 'INSERT INTO RADONLINE (USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY, ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID, targetid, DOWNLOADRATE, UPLOADRATE, ORIGUSER) VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async',' Framed-User','0312345678','03912345678', '6F419DF2', '2185','346903','2410144','61', '15', '45333', '26400', '[EMAIL PROTECTED]')': Duplicate entry '1.2.3.4-6256' for key 1 If you have any ideas that'd be great. Thanks Regards, Paul Rivoli [EMAIL PROTECTED] K B S I N T E R N E T === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) trouble with log sql
Is there any known issues with Log SQL working properly? We got it logging to our mysql database, and then we had an SQL timeout and it appears to have knocked it off so it doesn't log ever again. Just for kicks, I tried restarting radius and all of a sudden, it begins working again. And then if we get an SQL timeout and then boom, it doesn't work again. It runs for sometimes 4-5 hours and then will all of a sudden stop. Its like the FailureBackOffTime command is not working and instead its perminately stopping all requests. I am using Radiator 3.3.1 and I had this same issue on Radiator 3.1 when I tested it about 2 months ago.I am doing global SQL logging and here is what is at the top of my config file: Log SQL DBSource dbi:mysql:radiuslogs:X DBUsername XXX DBAuth Timeout 2 FailureBackoffTime 10 Table RADLOG LogQueryinsert into %3 (date, message) values (now(), %2) Trace 3 /Log Unfortunately, a trace 4 debug won't help since it doesn't log the logging to the Log SQL query. *** Brandon Mullenberg Dialup USA, Inc. Tel: 888-460-2286 ext 202 Fax: 866-627-8808 Email: [EMAIL PROTECTED] ** === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Unknown reply received in AuthRADIUS for request
Can anyone see anything wrong with this. Im not sure how to diagnose packet dumps. We are having problems with a customers machine doing pass through to him. He is using Viricom. Nearly 30-40% of the packets he sends back to us are giving errors to the logs when his radius server server sends a response back to ours, before we send it back to the NAS. *** Received from xxx port 1645 Packet length = 173 02 21 00 ad 6a 5d f7 65 b9 3f 4d 09 50 89 20 3d f5 32 b3 99 06 06 00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe 0d 06 00 00 00 01 1c 06 00 00 03 84 1b 06 00 07 a9 54 f2 1c 01 01 01 00 00 00 00 00 00 00 00 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 f2 1c 01 01 01 00 00 00 00 00 3f ae 45 68 00 18 00 00 00 00 00 00 00 00 00 00 00 00 f2 1c 01 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 19 00 02 00 00 00 00 f2 1c 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 05 61 35 63 Code: Access-Accept Identifier: 33 Authentic: j]247e185?M9P137 =2452179153 Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 900 Session-Timeout = 502100 Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip 63.174.69.104/24 Ascend-Data-Filter = ip in drop tcp dstport = 25 Ascend-Data-Filter = ip in forward Class = a5c Thu Sep 19 02:06:57 2002: WARNING: Unknown reply received in AuthRADIUS for request 33 from xx:1645 Thu Sep 19 02:06:57 2002: DEBUG: Packet dump: Thanks Brandon Mullenberg Dialup USA, Inc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Unknown reply received in AuthRADIUS for request
I think I figured it out. I think it is becuase the customers radius server has a huge lag time and is responding back to us after we 2nd the request to their secondary box. If we send the request to the secondary, and then their primary responds, this will cause this error, because the server is looking for the response from the secondary, am I correct? Brandon - Original Message - From: Brandon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 7:17 PM Subject: (RADIATOR) Unknown reply received in AuthRADIUS for request Can anyone see anything wrong with this. Im not sure how to diagnose packet dumps. We are having problems with a customers machine doing pass through to him. He is using Viricom. Nearly 30-40% of the packets he sends back to us are giving errors to the logs when his radius server server sends a response back to ours, before we send it back to the NAS. *** Received from xxx port 1645 Packet length = 173 02 21 00 ad 6a 5d f7 65 b9 3f 4d 09 50 89 20 3d f5 32 b3 99 06 06 00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe 0d 06 00 00 00 01 1c 06 00 00 03 84 1b 06 00 07 a9 54 f2 1c 01 01 01 00 00 00 00 00 00 00 00 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 f2 1c 01 01 01 00 00 00 00 00 3f ae 45 68 00 18 00 00 00 00 00 00 00 00 00 00 00 00 f2 1c 01 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 19 00 02 00 00 00 00 f2 1c 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 05 61 35 63 Code: Access-Accept Identifier: 33 Authentic: j]247e185?M9P137 =2452179153 Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 900 Session-Timeout = 502100 Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip 63.174.69.104/24 Ascend-Data-Filter = ip in drop tcp dstport = 25 Ascend-Data-Filter = ip in forward Class = a5c Thu Sep 19 02:06:57 2002: WARNING: Unknown reply received in AuthRADIUS for request 33 from xx:1645 Thu Sep 19 02:06:57 2002: DEBUG: Packet dump: Thanks Brandon Mullenberg Dialup USA, Inc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question
Here are UU.nets instructions, does anyone know how to change the length from 28 to 26?? Hi! I wanted to let you know of some clarifications on the anti-spam filter we've received from engineering. The only one that we will need to start keeping an eye out for that we weren't specifically watching before is the length field of each line in the 242 filter: The maximum length for each line is 26. Here's the summary of the clarications we received that I wanted to pass to you immediately: 1. New realms must have a [242] length of 26. 2. New realms must have 10 or less [242] filter lines. 3. Existing realms must have a [242] length of 26 before we can make any proxy changes. 4. Existing realms must have 10 or less [242] filter lines before we can make any proxy changes. Please note in some of the realms we tested that the lengths were varying lengths some up to 34. Here is one line from the filter to show you where the length len field is indicating 26: attr: type Ascend-Data-Filter [242], len 26 data = 01 01 01 00 00 00 00 00 00 00 00 00 00 00 06 01 00 00 00 00 00 00 00 00 - Original Message - From: Brandon [EMAIL PROTECTED] To: Pascal Robert [EMAIL PROTECTED] Sent: Monday, July 23, 2001 10:28 AM Subject: Re: (RADIATOR) question Same here. Can anyone help us out? Brandon - Original Message - From: Pascal Robert [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED]; Brandon [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, July 23, 2001 7:57 AM Subject: Re: (RADIATOR) question We are connecting with Uunet and they are asking for the same thing. They want the length of Ascend-Data-Filter to be 26 instead of 28. Hello Brandon - If UUnet is mandating this, they must have a specification of what they mean. You will have to check with UUnet directly. regards Hugh At 3:09 AM -0700 6/26/01, Brandon wrote: Wish I knew too. I tried emailing the list and know one seemed to know. The only response I got back was that it was possible in PostAuthHooks. UU.net is now requiring this to use their system. Brandon - Original Message - From: mailto:[EMAIL PROTECTED]admin To: mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Sent: Tuesday, June 26, 2001 2:14 PM Subject: (RADIATOR) question I need to reduce my Ascend-Data-Filter from length 28 to 26 Any ideas how? Thanks Eric -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Attribute Length
Title: Re: (RADIATOR) Attribute Length I checked there but didn't find an example that I could use. Im worried that if I do a: $rp-delete_attr('Proxy-State'); That it will strip all the proxy-state attributes and not just the one sent by the last pass through customer. And also, I saw nothing in their about attribute length or any examples. Do you think you can give me an example on how to change attribute 242 (Ascend Data Filter) from 28 to 26 characters. Brandon - Original Message - From: Hugh Irvine To: Brandon ; [EMAIL PROTECTED] Sent: Friday, June 22, 2001 12:35 AM Subject: Re: (RADIATOR) Attribute Length Hello Brandon - You can do both these things in a PostAuthHook. There are some examples in the file "goodies/hooks.txt". hth Hugh At 1:54 AM -0700 6/21/01, Brandon wrote: Ive had a request to reduce attribute 242 (Ascend Data Filter) from 28 to 26 characters. Anyone have any idea how to do this? Also, any idea how to strip off the 2nd proxy-state attribute when a request is proxied mutiple levels? BrandonDialup USA, Inc. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS serveranywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
(RADIATOR) Attribute Length
Ive had a request to reduce attribute 242 (Ascend Data Filter) from 28 to 26 characters. Anyone have any idea how to do this? Also, any idea how to strip off the 2nd proxy-state attribute when a request is proxied mutiple levels? BrandonDialup USA, Inc.
(RADIATOR) How do I
How do I use a "ReplyHook" to turn an Access-Accept into an Access-Reject ? So that it will reject the user. Thanks Brandon === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) saving a global variable.
How do you save a variable global in a StartupHook so that you can reference it in a PreHandlerHook. Here is a simple example: StartupHook sub {\ $variable = 1;\ } Client xxx.xxx.xxx.xxx PreHandlerHook sub {\ if ($variable = 1) { do something }\ } /Client Problem is, that whenever I try to reference the $variable in the PreHandlerHook it does not remember it from the startup hook. Any ideas? === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) getting the password for a hook
I am trying to get the plain text password that is being passed in a PAP authentication. Currently I am using the my $password = ${$_[0]}-decode_password(${$_[0]}-{Client}-{Secret});\ line in a hook to do this. However I notice that in my logs over 50% of the logged customers are coming through with blank passwords. Is their a better function that I can use to obtain the users password that will work more effectively. Brandon Dialup USA, Inc. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) referencing the authby identifier
Anyone Know? How do you reference the AuthBy identifier via a hook? Example: AuthBy RADIUS Identifier customer1 ReplyHook file: "%D/realm.cfg" /AuthBy Now in the realm.cfg How would I reference the customer1 value. I have tried... my $customer = ${$_[2]}-{AuthBy}-{Identifier} and it doens't seem to work. Thanks Brandon === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) would this work?
Would this work... Is ... my $network = $request-{AuthBy}-{Identifier};\ a valid expression? If not, is there a way to do this? Handler AuthBy RADIUS Identifier option1 ReplyHook {\ my $value = $request-{AuthBy}-{Identifier};\ } /AuthBy /Handler === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) postauthhook
When doing a postauthhook, or reply handler hook... how do you get the username before the "stripping" of the realm takes place. Currently I am doing . my $username = $p-getUserName(); and it seems to be giving me the username after the rewrite takes place. Thanks Brandon
(RADIATOR) authby external
I am running an identical radius.cfg file and external perl program in radius 2.13 and radius 2.15 and my results are quite different. In radius 2.13 it functions properly and denies all access... however in radius 2.15 it is accepting all access. I checked the log file and it is giving an Mon Apr 3 04:13:30 2000: DEBUG: Running command: /usr/bin/perl /usr/local/etc/$Mon Apr 3 04:13:30 2000: ERR: Bad attribute=value pair: 1Mon Apr 3 04:13:30 2000: DEBUG: Access accepted for usa1000@usa The Handler is below: Handler Called-Station-Id=/3099028/ AuthBy EXTERNAL Command /usr/bin/perl /usr/local/etc/raddb/removal.pl %{User-Name} %{Called-Station-Id} /AuthBy/Handler I made a simple removal.pl for this example and here is what it says: #!/usr/bin/perl print "1"; # this should deny access exit; Any ideas? Brandon Dialup USA, Inc.
Re: (RADIATOR) Bad Password
EBUG: Accounting accepted Wed Mar 29 01:48:34 2000: DEBUG: Packet dump: *** Sending to 216.127.139.250 port 2253 Code: Accounting-Response Identifier: 6 Authentic: 165_[m15624249128h169206182B132202d Attributes: ----- Original Message - From: "Hugh Irvine" [EMAIL PROTECTED] To: "Brandon" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 28, 2000 11:47 PM Subject: Re: (RADIATOR) Bad Password Hello Brandon - You can see what the tests are by having a look at the file test.pl in the main Radiator distribution directory. From the description there I am guessing that you are running on FreeBSD? If so, have you just moved across to this platform? In any case, I am guessing that the password encryption on this platform is different to what you were using before. Could you let me know what platform you are using and include your configuration file (no secrets) together with a trace 4 debug showing what is going on. thanks Hugh NB - I'm travelling for a couple of weeks ... -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. - Original Message - From: "Brandon" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 29, 2000 5:10 PM Subject: (RADIATOR) Bad Password I recently attempted to upgrade from version 2.13 to 2.15 but when I did so all of a sudden all users are being denied access. In the logfile with a trace set to 4 I get the following: Radius::AuthUNIX REJECT: Bad Encrypted password I know the encrypted password is correct, because on my secondary server it has a duplicate of this file and it works just fine. Through some hacking of the util.pm and authgeneric.pm file I added the following lines to the file main::log($main::LOG_WARNING, "password variable"); to attempt to find out why the encrypted password was giving an incorrect result. It appears that the util.pm file is giving a response of Wed Mar 29 01:49:34 2000: WARNING: $1$$1$$oHccQDVZhB/NxZSd7dTxA.$4q9edq2DPjkjehGxsSI8G and trying to compare this password below with it in the authengeneric.pm file. Wed Mar 29 01:49:34 2000: WARNING: $1$$oHccQDVZhB/NxZSd7dTxA. Of course the two don't match...I am wondering if anyone has any clue as to why this is occuring. I tried both Radiator 2.14.1 and Radiator 2.15 and on both got a BAD ENCRYPTED PASSWORD error in the logfile for a password that I know is 100% correct. One thing that may be the cause of the problem (unsure) is that when I did a "make test" it came up with the following results however because I don't know what the tests are... I am unsure as to why they are stating "not ok". not ok 2r not ok 2t not ok 2v Please let me know of any suggestions that you have. I have already tried reinstalling perl and MD5 and it did not help. Brandon === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Bad Password
I recently attempted to upgrade from version 2.13 to 2.15 but when I did so all of a sudden all users are being denied access.In the logfile with a trace set to 4 I get the following: Radius::AuthUNIX REJECT: Bad Encrypted password I know the encrypted password is correct, because on my secondary server it has a duplicate of this file and it works just fine. Through some hacking of the util.pm and authgeneric.pm file I added the following lines to the file main::log($main::LOG_WARNING, "password variable"); to attempt to find out why the encrypted password was giving an incorrect result. It appears that the util.pm file is giving a response of Wed Mar 29 01:49:34 2000: WARNING: $1$$1$$oHccQDVZhB/NxZSd7dTxA.$4q9edq2DPjkjehGxsSI8G and trying to compare this password below with it in the authengeneric.pm file. Wed Mar 29 01:49:34 2000: WARNING: $1$$oHccQDVZhB/NxZSd7dTxA. Of course the two don't match... I am wondering if anyone has any clue as to why this is occuring. I tried both Radiator 2.14.1 and Radiator 2.15 and on both got a BAD ENCRYPTED PASSWORD error in the logfile for a password that I know is 100% correct. One thing that may be the cause of the problem (unsure) is that when I did a "make test" it came up with the following results however because I don't know what the tests are... I am unsure as to why they are stating "not ok". not ok 2rnot ok 2tnot ok 2v Please let me know of any suggestions that you have. I have already tried reinstalling perl and MD5 and it did not help. Brandon