(RADIATOR) Profiles problems
Hi List,
I cannot get the radius server to return the profile while using
the following configuration:
--START-
LogStdout c:/radiator/stdout.txt
LogDir c:/radiator
DbDir c:/radiator.
Client DEFAULT
Secret !removed for my protection!
DupInterval 0
/Client
Realm DEFAULT
AuthByPolicy ContinueAlways
AuthBy SQL
Identifier ACCT1
DBSource dbi:ODBC:!removed for my protection!
DBUsername !removed for my protection!
DBAuth !removed for my protection!
AuthSelect
AccountingTable radacct1
AcctColumnDef UserName,User-Name
AcctColumnDef LogDateTime,Timestamp,integer-date
AcctColumnDef AcctStatusType,Acct-Status-Type
AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef AcctInputPackets,Acct-Input-Packets,integer
AcctColumnDef AcctOutputPackets,Acct-Output-Packets,integer
AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause
AcctColumnDef NasIPAddress,NAS-IP-Address
AcctColumnDef NasIdentifier,NAS-Identifier
AcctColumnDef NasPortId,NAS-Port,integer
AcctColumnDef NasPortType,NAS-Port-Type,integer
AcctColumnDef ConnectInfo,Connect-Info
AcctColumnDef ServiceType,Service-Type
AcctColumnDef FramedProtocol,Framed-Protocol
AcctColumnDef FramedAddress,Framed-IP-Address
AcctColumnDef CallingStationId,Calling-Station-Id
/AuthBy
AuthBy SQL
Identifier AUTH1
DBSource dbi:ODBC:!removed for my protection!
DBUsername !removed for my protection!
DBAuth !removed for my protection!
AuthSelect select ClearTextPassword,ServiceType,SessionLimit, \
IdleLimit,StaticIP,IPNetmask,FramedRoute,PortLimit, \
PortLimit,ProfileID from Customers where CustomerID=%0 \
and Disable is null
AuthColumnDef 0,Password,check
AuthColumnDef 1,Service-Type,reply
AuthColumnDef 2,Session-Timeout,reply
AuthColumnDef 3,Idle-Timeout,reply
AuthColumnDef 4,Framed-IP-Address,reply
AuthColumnDef 5,Framed-IP-Netmask,reply
AuthColumnDef 6,Framed-Route,reply
AuthColumnDef 7,Port-Limit,reply
AuthColumnDef 8,Simultaneous-Use,check
AuthColumnDef 9,Profile,reply
/AuthBy
AuthBy SQL
DBSource dbi:ODBC:!removed for my protection!
DBUsername !removed for my protection!
DBAuth !removed for my protection!
AuthSelect SELECT timeofday FROM profiles WHERE \
[profile]='%{Reply:Profile}'
AuthColumnDef 0,TimeOfDay,reply
StripFromReply Profile
/AuthBy
SessionDatabase SDB1
/Realm
SessionDatabase SQL
Identifier SDB1
DBSource dbi:ODBC:!removed for my protection!
DBUsername !removed for my protection!
DBAuth !removed for my protection!
/SessionDatabase
---END
If I change AuthByPolicy ContinueAlways to AuthByPolicy
ContinueWhileAccept then the server always returns Request Denied. Any
input would be greatly appreciated. Note: I have already searched the list
archives, nothing seems to work.
Thank you,
Brandon Lehmann
Network Administrator
Great Lakes Internet Service, LLC.
The Computer Loft, Inc.
218 Justice St
Fremont, Ohio 43420
419.332.3553
[EMAIL PROTECTED]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Profiles problems
Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 81 Authentic: 201KV189Ao213235254322zh2394 Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 82 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 82 Authentic: 237157221248311235207167t226SVQ227 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 83 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 83 Authentic: 4\212g'`25221423246A]136172174 Attributes: OK END- Removing the Authby clause for the profile timeofday returns this (with ContinueWhileAccept): START-- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 251 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 251 Authentic: 2I24 1807222164151k21322O15255N Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 252 Authentic
Re: (RADIATOR) Profiles problems
Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 81 Authentic: 201KV189Ao213235254322zh2394 Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 82 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 82 Authentic: 237157221248311235207167t226SVQ227 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 83 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 83 Authentic: 4\212g'`25221423246A]136172174 Attributes: OK END- Removing the Authby clause for the profile timeofday returns this (with ContinueWhileAccept): START-- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 251 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address
Re: (RADIATOR) Profiles problems
Hugh, Sorry. I'm a fool somedays. The problem is I don't get a response if i change the sql column to say... SessionLimit and define the session-limit through the profile either. I'll give it another try and check the dictionary. Maybe I'm just going crazy but this will be day 6. I'll let you know if I get it to work. Brandon - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:20 PM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - Thanks for your mail. Unfortunately I meant a trace 4 debug from Radiator (not a trace 4 debug from radpwtst). In any event, I suspect that at the very least the TimeOfDay radius attribute is not defined in your Radiator dictionary. regards Hugh On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote: Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 81 Authentic: 201KV189Ao213235254322zh2394 Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 82 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 82 Authentic: 237157221248311235207167t226SVQ227 Attributes: OK sending Accounting-Request Stop... Packet dump
Re: (RADIATOR) Profiles problems
Hugh, I just took a look around. Changed it to Time set it correctly in the SQL database, made it a check item. Set to ContinueWhileAccept. Trace -4 reveals that Authentication is Disabled I'm confused... Brandon - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:20 PM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - Thanks for your mail. Unfortunately I meant a trace 4 debug from Radiator (not a trace 4 debug from radpwtst). In any event, I suspect that at the very least the TimeOfDay radius attribute is not defined in your Radiator dictionary. regards Hugh On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote: Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 Packet dump: *** Received from 63.148.117.3 port 1645 Code: Access-Reject Identifier: 81 Authentic: 201KV189Ao213235254322zh2394 Attributes: Reply-Message = Request Denied Rejected: Request Denied sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 82 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 82 Authentic: 237157221248311235207167t226SVQ227 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 83 Authentic:
Re: (RADIATOR) Profiles problems
Hugh, I have solved my problem... I totally forgot about SQL join statements... I have no clue why I was making this so hard... From my original config (authbypolicy ContinueAlways) I changed the following in my AuthSelect Column Definitions (and of course removed my second AuthSelect AuthBy grouping)...: --START-- AuthSelect select ClearTextPassword,ServiceType,SessionLimit,IdleLimit,StaticIP, \ IPNetmask,FramedRoute,PortLimit,PortLimit,profiles.timeofday,profiles.sessio ntimeout \ from Customers left join profiles on customers.profileid = profiles.profile where \ CustomerID=%0 and Disable is null AuthColumnDef 0,Password,check AuthColumnDef 1,Service-Type,reply AuthColumnDef 2,Session-Timeout,reply AuthColumnDef 3,Idle-Timeout,reply AuthColumnDef 4,Framed-IP-Address,reply AuthColumnDef 5,Framed-IP-Netmask,reply AuthColumnDef 6,Framed-Route,reply AuthColumnDef 7,Port-Limit,reply AuthColumnDef 8,Simultaneous-Use,check AuthColumnDef 9,Time,check AuthColumnDef 10,Session-Timeout,reply --END--- Assuming that the DEFAULT profile has a blank TimeofDay field and blank SessionTimeout field. The profile I wanted to limit has the following values; Al0730-1530 and until Time respectively. This now works flawlessly. No more Authentication Disabled messages. I'm sure I'll add a General field somewhere down the line for other attributes such as IP filters but this is enough for the last 6 days. Thanks for the help, Brandon Lehmann - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:20 PM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - Thanks for your mail. Unfortunately I meant a trace 4 debug from Radiator (not a trace 4 debug from radpwtst). In any event, I suspect that at the very least the TimeOfDay radius attribute is not defined in your Radiator dictionary. regards Hugh On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote: Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 81 Authentic: 1234567890123456 Attributes: User-Name = brandon Service
Re: (RADIATOR) Profiles problems
Hugh, As a reply to this, though I just sent out my last message to you and the list saying that I fixed it, this was the base hawki.cfg file included with the Radiator distrobution. As I'm sure you know, its in the goodies folder. However, I will keep your message for future reference. Thanks, Brandon - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, November 13, 2003 1:31 AM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - You have set the AuthByPolicy ContinueWhileAccept, but your first AuthBy clause has AuthSelect to disable authentication. Why do you have different AuthBy clauses for authentication and accounting? If you want to keep this structure, you will need to use an AuthBy GROUP and alter the AuthByPolicy inside it: Realm DEFAULT . # AuthByPolicy to do both accounting and authentication AuthByPolicy ContinueAlways AuthBy SQL . # disable authentication AuthSelect # do accounting . /AuthBy #define AuthBy GROUP # use different AuthByPolicy AuthBy GROUP AuthByPolicy ContinueWhileAccept AuthBy SQL # do authentication . /AuthBy AuthBy SQL # check time . /AuthBy /AuthBy /Realm regards Hugh On 13/11/2003, at 5:03 PM, Brandon Lehmann wrote: Hugh, I just took a look around. Changed it to Time set it correctly in the SQL database, made it a check item. Set to ContinueWhileAccept. Trace -4 reveals that Authentication is Disabled I'm confused... Brandon - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brandon Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:20 PM Subject: Re: (RADIATOR) Profiles problems Hello Brandon - Thanks for your mail. Unfortunately I meant a trace 4 debug from Radiator (not a trace 4 debug from radpwtst). In any event, I suspect that at the very least the TimeOfDay radius attribute is not defined in your Radiator dictionary. regards Hugh On 13/11/2003, at 9:45 AM, Brandon Lehmann wrote: Hugh, Note: I don't care that I left my ip address in there or the encrypted password. This is a test server with test data. Brandon - Original Message - From: Brandon Lehmann [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems Hugh, Trace 4 with the config in my original message shows: --- START Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port 1645 Code: Access-Request Identifier: 120 Authentic: 1234567890123456 Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = .255x]2052212197219Sj143221224129 No reply sending Accounting-Request Start... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 121 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 121 Authentic: fe#O#156150S239N24023418223229 Attributes: OK sending Accounting-Request Stop... Packet dump: *** Sending to 63.148.117.3 port 1646 Code: Accounting-Request Identifier: 122 Authentic: Attributes: User-Name = brandon Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Stop Called-Station-Id = 123456789 Calling-Station-Id = 987654321 Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Packet dump: *** Received from 63.148.117.3 port 1646 Code: Accounting-Response Identifier: 122 Authentic: 5Y2V137180L2R138vzai248184 Attributes: OK -END Chaning AuthByPolicy to ContinueWhileAccept returns this: -START- Reading dictionary file './dictionary' sending Access-Request... Packet dump: *** Sending to 63.148.117.3 port
Re: (RADIATOR) Issue with Duplicate Key when Adding a Session
I would recommend using an INSERT IGNORE instead of an INSERT.
This is a mysql issue, it means that you have a unique key (primary key)
defined in
your mysql table and your are trying to add another entry with the same
unique key.
***
Brandon Mullenberg
Dialup USA, Inc.
Tel: 888-460-2286 ext 202
Fax: 866-627-8808
Email: [EMAIL PROTECTED]
**
- Original Message -
From: Paul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 6:49 PM
Subject: (RADIATOR) Issue with Duplicate Key when Adding a Session
Hi All,
We are using Radiator 3.6 with latest patches but we are seeing an issue
when a new session is added. We're getting Duplicate key which appears to
be
coming from the internal handler code rather than MySQL itself. Below is
the
error when it occurs. We've modified our delete from RADONLINE query to
match the details more accurately and we don't appear to be having any
problems with this, it's just Adding session for %s is where it seems to
go astray.
Thu Jul 24 20:57:37 2003: DEBUG: Adding session for [EMAIL PROTECTED],
1.2.3.4, 6256
Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='1.2.3.4' and NASPORT=6256 and ACCTSESSIONID = '00062398'':
Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'INSERT INTO RADONLINE
(USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY,
ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID,targetid, DOWNLOADRATE,
UPLOADRATE, ORIGUSER)
VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async','
Framed-User','0312345678','03912345678', '6F419DF2',
'2185','346903','2410144','61', '15', '45333', '26400',
'[EMAIL PROTECTED]')':
Thu Jul 24 20:57:37 2003: ERR: do failed for 'INSERT INTO RADONLINE
(USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY,
ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID, targetid, DOWNLOADRATE,
UPLOADRATE, ORIGUSER)
VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async','
Framed-User','0312345678','03912345678', '6F419DF2',
'2185','346903','2410144','61', '15', '45333', '26400',
'[EMAIL PROTECTED]')':
Duplicate entry '1.2.3.4-6256' for key 1
If you have any ideas that'd be great. Thanks
Regards,
Paul Rivoli
[EMAIL PROTECTED]
K B S I N T E R N E T
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Issue with Duplicate Key when Adding a Session
An INSERT IGNORE will just make it so you dont see the error message. It
basically
means ignore the error message. It will still try to do the insert, it
won't add a 2nd row,
and it wont give an error message.
From the mysql manual:
If you specify the keyword IGNORE in an INSERT with many rows, any rows that
duplicate
an existing PRIMARY or UNIQUE key in the table are ignored and are not
inserted.
***
Brandon Mullenberg
Dialup USA, Inc.
Tel: 888-460-2286 ext 202
Fax: 866-627-8808
Email: [EMAIL PROTECTED]
**
- Original Message -
From: Brian Morris [EMAIL PROTECTED]
To: Brandon [EMAIL PROTECTED]; Paul [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 8:29 PM
Subject: Re: (RADIATOR) Issue with Duplicate Key when Adding a Session
Hmm... What are the implications of an Insert Ignore?
Will it override the primary key constraint thus giving you two rows with
the same primary key or will it simply not do the insert?
Regards, Brian.
(The reason I ask is that I get them too)
- Original Message -
From: Brandon [EMAIL PROTECTED]
To: Paul [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, July 25, 2003 1:07 PM
Subject: Re: (RADIATOR) Issue with Duplicate Key when Adding a Session
I would recommend using an INSERT IGNORE instead of an INSERT.
This is a mysql issue, it means that you have a unique key (primary key)
defined in
your mysql table and your are trying to add another entry with the same
unique key.
***
Brandon Mullenberg
Dialup USA, Inc.
Tel: 888-460-2286 ext 202
Fax: 866-627-8808
Email: [EMAIL PROTECTED]
**
- Original Message -
From: Paul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 6:49 PM
Subject: (RADIATOR) Issue with Duplicate Key when Adding a Session
Hi All,
We are using Radiator 3.6 with latest patches but we are seeing an
issue
when a new session is added. We're getting Duplicate key which appears
to
be
coming from the internal handler code rather than MySQL itself. Below
is
the
error when it occurs. We've modified our delete from RADONLINE query
to
match the details more accurately and we don't appear to be having any
problems with this, it's just Adding session for %s is where it
seems
to
go astray.
Thu Jul 24 20:57:37 2003: DEBUG: Adding session for [EMAIL PROTECTED],
1.2.3.4, 6256
Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'delete from RADONLINE
where
NASIDENTIFIER='1.2.3.4' and NASPORT=6256 and ACCTSESSIONID =
'00062398'':
Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'INSERT INTO RADONLINE
(USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY,
ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID,targetid,
DOWNLOADRATE,
UPLOADRATE, ORIGUSER)
VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async','
Framed-User','0312345678','03912345678', '6F419DF2',
'2185','346903','2410144','61', '15', '45333', '26400',
'[EMAIL PROTECTED]')':
Thu Jul 24 20:57:37 2003: ERR: do failed for 'INSERT INTO RADONLINE
(USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY,
ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID, targetid,
DOWNLOADRATE,
UPLOADRATE, ORIGUSER)
VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async','
Framed-User','0312345678','03912345678', '6F419DF2',
'2185','346903','2410144','61', '15', '45333', '26400',
'[EMAIL PROTECTED]')':
Duplicate entry '1.2.3.4-6256' for key 1
If you have any ideas that'd be great. Thanks
Regards,
Paul Rivoli
[EMAIL PROTECTED]
K B S I N T E R N E T
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) trouble with log sql
Is there any known issues with Log SQL working properly? We got it logging to our mysql database, and then we had an SQL timeout and it appears to have knocked it off so it doesn't log ever again. Just for kicks, I tried restarting radius and all of a sudden, it begins working again. And then if we get an SQL timeout and then boom, it doesn't work again. It runs for sometimes 4-5 hours and then will all of a sudden stop. Its like the FailureBackOffTime command is not working and instead its perminately stopping all requests. I am using Radiator 3.3.1 and I had this same issue on Radiator 3.1 when I tested it about 2 months ago.I am doing global SQL logging and here is what is at the top of my config file: Log SQL DBSource dbi:mysql:radiuslogs:X DBUsername XXX DBAuth Timeout 2 FailureBackoffTime 10 Table RADLOG LogQueryinsert into %3 (date, message) values (now(), %2) Trace 3 /Log Unfortunately, a trace 4 debug won't help since it doesn't log the logging to the Log SQL query. *** Brandon Mullenberg Dialup USA, Inc. Tel: 888-460-2286 ext 202 Fax: 866-627-8808 Email: [EMAIL PROTECTED] ** === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Unknown reply received in AuthRADIUS for request
Can anyone see anything wrong with this. Im not sure how to diagnose packet dumps. We are having problems with a customers machine doing pass through to him. He is using Viricom. Nearly 30-40% of the packets he sends back to us are giving errors to the logs when his radius server server sends a response back to ours, before we send it back to the NAS. *** Received from xxx port 1645 Packet length = 173 02 21 00 ad 6a 5d f7 65 b9 3f 4d 09 50 89 20 3d f5 32 b3 99 06 06 00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe 0d 06 00 00 00 01 1c 06 00 00 03 84 1b 06 00 07 a9 54 f2 1c 01 01 01 00 00 00 00 00 00 00 00 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 f2 1c 01 01 01 00 00 00 00 00 3f ae 45 68 00 18 00 00 00 00 00 00 00 00 00 00 00 00 f2 1c 01 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 19 00 02 00 00 00 00 f2 1c 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 05 61 35 63 Code: Access-Accept Identifier: 33 Authentic: j]247e185?M9P137 =2452179153 Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 900 Session-Timeout = 502100 Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip 63.174.69.104/24 Ascend-Data-Filter = ip in drop tcp dstport = 25 Ascend-Data-Filter = ip in forward Class = a5c Thu Sep 19 02:06:57 2002: WARNING: Unknown reply received in AuthRADIUS for request 33 from xx:1645 Thu Sep 19 02:06:57 2002: DEBUG: Packet dump: Thanks Brandon Mullenberg Dialup USA, Inc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Unknown reply received in AuthRADIUS for request
I think I figured it out. I think it is becuase the customers radius server has a huge lag time and is responding back to us after we 2nd the request to their secondary box. If we send the request to the secondary, and then their primary responds, this will cause this error, because the server is looking for the response from the secondary, am I correct? Brandon - Original Message - From: Brandon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 7:17 PM Subject: (RADIATOR) Unknown reply received in AuthRADIUS for request Can anyone see anything wrong with this. Im not sure how to diagnose packet dumps. We are having problems with a customers machine doing pass through to him. He is using Viricom. Nearly 30-40% of the packets he sends back to us are giving errors to the logs when his radius server server sends a response back to ours, before we send it back to the NAS. *** Received from xxx port 1645 Packet length = 173 02 21 00 ad 6a 5d f7 65 b9 3f 4d 09 50 89 20 3d f5 32 b3 99 06 06 00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe 0d 06 00 00 00 01 1c 06 00 00 03 84 1b 06 00 07 a9 54 f2 1c 01 01 01 00 00 00 00 00 00 00 00 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 f2 1c 01 01 01 00 00 00 00 00 3f ae 45 68 00 18 00 00 00 00 00 00 00 00 00 00 00 00 f2 1c 01 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 19 00 02 00 00 00 00 f2 1c 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 05 61 35 63 Code: Access-Accept Identifier: 33 Authentic: j]247e185?M9P137 =2452179153 Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 900 Session-Timeout = 502100 Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip 63.174.69.104/24 Ascend-Data-Filter = ip in drop tcp dstport = 25 Ascend-Data-Filter = ip in forward Class = a5c Thu Sep 19 02:06:57 2002: WARNING: Unknown reply received in AuthRADIUS for request 33 from xx:1645 Thu Sep 19 02:06:57 2002: DEBUG: Packet dump: Thanks Brandon Mullenberg Dialup USA, Inc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question
Here are UU.nets instructions, does anyone know how to change the length from 28 to 26?? Hi! I wanted to let you know of some clarifications on the anti-spam filter we've received from engineering. The only one that we will need to start keeping an eye out for that we weren't specifically watching before is the length field of each line in the 242 filter: The maximum length for each line is 26. Here's the summary of the clarications we received that I wanted to pass to you immediately: 1. New realms must have a [242] length of 26. 2. New realms must have 10 or less [242] filter lines. 3. Existing realms must have a [242] length of 26 before we can make any proxy changes. 4. Existing realms must have 10 or less [242] filter lines before we can make any proxy changes. Please note in some of the realms we tested that the lengths were varying lengths some up to 34. Here is one line from the filter to show you where the length len field is indicating 26: attr: type Ascend-Data-Filter [242], len 26 data = 01 01 01 00 00 00 00 00 00 00 00 00 00 00 06 01 00 00 00 00 00 00 00 00 - Original Message - From: Brandon [EMAIL PROTECTED] To: Pascal Robert [EMAIL PROTECTED] Sent: Monday, July 23, 2001 10:28 AM Subject: Re: (RADIATOR) question Same here. Can anyone help us out? Brandon - Original Message - From: Pascal Robert [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED]; Brandon [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, July 23, 2001 7:57 AM Subject: Re: (RADIATOR) question We are connecting with Uunet and they are asking for the same thing. They want the length of Ascend-Data-Filter to be 26 instead of 28. Hello Brandon - If UUnet is mandating this, they must have a specification of what they mean. You will have to check with UUnet directly. regards Hugh At 3:09 AM -0700 6/26/01, Brandon wrote: Wish I knew too. I tried emailing the list and know one seemed to know. The only response I got back was that it was possible in PostAuthHooks. UU.net is now requiring this to use their system. Brandon - Original Message - From: mailto:[EMAIL PROTECTED]admin To: mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Sent: Tuesday, June 26, 2001 2:14 PM Subject: (RADIATOR) question I need to reduce my Ascend-Data-Filter from length 28 to 26 Any ideas how? Thanks Eric -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Attribute Length
Title: Re: (RADIATOR) Attribute Length
I checked there but didn't find an example that I
could use. Im worried that if I do a:
$rp-delete_attr('Proxy-State');
That it will strip all the proxy-state attributes
and not just the one sent by the last pass through customer.
And also, I saw nothing in their about attribute
length or any examples. Do you think you can give me an
example on how to change attribute 242 (Ascend Data
Filter) from 28 to 26 characters.
Brandon
- Original Message -
From:
Hugh Irvine
To: Brandon ; [EMAIL PROTECTED]
Sent: Friday, June 22, 2001 12:35
AM
Subject: Re: (RADIATOR) Attribute
Length
Hello Brandon -
You can do both these things in a PostAuthHook.
There are some examples in the file "goodies/hooks.txt".
hth
Hugh
At 1:54 AM -0700 6/21/01, Brandon wrote:
Ive had a request to
reduce attribute 242 (Ascend Data Filter) from 28 to 26
characters.
Anyone have any idea
how to do this?
Also, any idea how to
strip off the 2nd proxy-state attribute when a request is proxied mutiple
levels?
BrandonDialup USA,
Inc.
--
NB: I am
travelling this week, so there may be delays in our
correspondence.
Radiator:
the most portable, flexible and configurable RADIUS serveranywhere. SQL,
proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,Platypus, Freeside,
Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD,
Windows 95/98/2000, NT, MacOS X.
(RADIATOR) Attribute Length
Ive had a request to reduce attribute 242 (Ascend Data Filter) from 28 to 26 characters. Anyone have any idea how to do this? Also, any idea how to strip off the 2nd proxy-state attribute when a request is proxied mutiple levels? BrandonDialup USA, Inc.
(RADIATOR) How do I
How do I use a "ReplyHook" to turn an Access-Accept into an Access-Reject ? So that it will reject the user. Thanks Brandon === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) saving a global variable.
How do you save a variable global in a StartupHook so that
you can reference it in a PreHandlerHook.
Here is a simple example:
StartupHook sub {\
$variable = 1;\
}
Client xxx.xxx.xxx.xxx
PreHandlerHook sub {\
if ($variable = 1) { do something }\
}
/Client
Problem is, that whenever I try to reference the $variable in the
PreHandlerHook it does not remember it from the
startup hook. Any ideas?
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) getting the password for a hook
I am trying to get the plain text password that is being passed in a PAP
authentication. Currently I am using the
my $password = ${$_[0]}-decode_password(${$_[0]}-{Client}-{Secret});\
line in a hook to do this. However I notice that in my logs over 50% of the
logged customers are coming through with blank passwords. Is their a
better function that I can use to obtain the users password that will work
more effectively.
Brandon
Dialup USA, Inc.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) referencing the authby identifier
Anyone Know? How do you reference the AuthBy identifier via a hook?
Example:
AuthBy RADIUS
Identifier customer1
ReplyHook file: "%D/realm.cfg"
/AuthBy
Now in the realm.cfg
How would I reference the customer1 value.
I have tried...
my $customer = ${$_[2]}-{AuthBy}-{Identifier}
and it doens't seem to work.
Thanks
Brandon
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) would this work?
Would this work...
Is ... my $network = $request-{AuthBy}-{Identifier};\
a valid expression?
If not, is there a way to do this?
Handler
AuthBy RADIUS
Identifier option1
ReplyHook {\
my $value = $request-{AuthBy}-{Identifier};\
}
/AuthBy
/Handler
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) postauthhook
When doing a postauthhook, or reply handler hook... how do you get the username before the "stripping" of the realm takes place. Currently I am doing . my $username = $p-getUserName(); and it seems to be giving me the username after the rewrite takes place. Thanks Brandon
(RADIATOR) authby external
I am running an identical radius.cfg file and
external perl program in radius 2.13 and radius 2.15 and my results are quite
different. In radius 2.13 it functions properly and denies all
access... however in radius 2.15 it is accepting all access. I
checked the log file and it is giving an
Mon Apr 3 04:13:30 2000: DEBUG: Running
command: /usr/bin/perl /usr/local/etc/$Mon Apr 3 04:13:30 2000: ERR:
Bad attribute=value pair: 1Mon Apr 3 04:13:30 2000: DEBUG: Access
accepted for usa1000@usa
The Handler is below:
Handler
Called-Station-Id=/3099028/
AuthBy EXTERNAL Command
/usr/bin/perl /usr/local/etc/raddb/removal.pl %{User-Name}
%{Called-Station-Id}
/AuthBy/Handler
I made a simple removal.pl for this example and
here is what it says:
#!/usr/bin/perl
print "1"; # this should deny
access
exit;
Any ideas?
Brandon
Dialup USA, Inc.
Re: (RADIATOR) Bad Password
EBUG: Accounting accepted Wed Mar 29 01:48:34 2000: DEBUG: Packet dump: *** Sending to 216.127.139.250 port 2253 Code: Accounting-Response Identifier: 6 Authentic: 165_[m15624249128h169206182B132202d Attributes: ----- Original Message - From: "Hugh Irvine" [EMAIL PROTECTED] To: "Brandon" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 28, 2000 11:47 PM Subject: Re: (RADIATOR) Bad Password Hello Brandon - You can see what the tests are by having a look at the file test.pl in the main Radiator distribution directory. From the description there I am guessing that you are running on FreeBSD? If so, have you just moved across to this platform? In any case, I am guessing that the password encryption on this platform is different to what you were using before. Could you let me know what platform you are using and include your configuration file (no secrets) together with a trace 4 debug showing what is going on. thanks Hugh NB - I'm travelling for a couple of weeks ... -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. - Original Message - From: "Brandon" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 29, 2000 5:10 PM Subject: (RADIATOR) Bad Password I recently attempted to upgrade from version 2.13 to 2.15 but when I did so all of a sudden all users are being denied access. In the logfile with a trace set to 4 I get the following: Radius::AuthUNIX REJECT: Bad Encrypted password I know the encrypted password is correct, because on my secondary server it has a duplicate of this file and it works just fine. Through some hacking of the util.pm and authgeneric.pm file I added the following lines to the file main::log($main::LOG_WARNING, "password variable"); to attempt to find out why the encrypted password was giving an incorrect result. It appears that the util.pm file is giving a response of Wed Mar 29 01:49:34 2000: WARNING: $1$$1$$oHccQDVZhB/NxZSd7dTxA.$4q9edq2DPjkjehGxsSI8G and trying to compare this password below with it in the authengeneric.pm file. Wed Mar 29 01:49:34 2000: WARNING: $1$$oHccQDVZhB/NxZSd7dTxA. Of course the two don't match...I am wondering if anyone has any clue as to why this is occuring. I tried both Radiator 2.14.1 and Radiator 2.15 and on both got a BAD ENCRYPTED PASSWORD error in the logfile for a password that I know is 100% correct. One thing that may be the cause of the problem (unsure) is that when I did a "make test" it came up with the following results however because I don't know what the tests are... I am unsure as to why they are stating "not ok". not ok 2r not ok 2t not ok 2v Please let me know of any suggestions that you have. I have already tried reinstalling perl and MD5 and it did not help. Brandon === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Bad Password
I recently attempted to upgrade from version 2.13 to 2.15 but when I did so all of a sudden all users are being denied access.In the logfile with a trace set to 4 I get the following: Radius::AuthUNIX REJECT: Bad Encrypted password I know the encrypted password is correct, because on my secondary server it has a duplicate of this file and it works just fine. Through some hacking of the util.pm and authgeneric.pm file I added the following lines to the file main::log($main::LOG_WARNING, "password variable"); to attempt to find out why the encrypted password was giving an incorrect result. It appears that the util.pm file is giving a response of Wed Mar 29 01:49:34 2000: WARNING: $1$$1$$oHccQDVZhB/NxZSd7dTxA.$4q9edq2DPjkjehGxsSI8G and trying to compare this password below with it in the authengeneric.pm file. Wed Mar 29 01:49:34 2000: WARNING: $1$$oHccQDVZhB/NxZSd7dTxA. Of course the two don't match... I am wondering if anyone has any clue as to why this is occuring. I tried both Radiator 2.14.1 and Radiator 2.15 and on both got a BAD ENCRYPTED PASSWORD error in the logfile for a password that I know is 100% correct. One thing that may be the cause of the problem (unsure) is that when I did a "make test" it came up with the following results however because I don't know what the tests are... I am unsure as to why they are stating "not ok". not ok 2rnot ok 2tnot ok 2v Please let me know of any suggestions that you have. I have already tried reinstalling perl and MD5 and it did not help. Brandon
