(RADIATOR) Re: (Fwd) BOUNCE radiator@open.com.au: Admin request of type /^\s*config\b/i at line 8
Ok I understand how it works now. Why is there an option for special
characters at all in the addquery if it uses the value passed to accounting
reardless? And is there a way to remove the realm or rewrite the username
*after* the insert into accounting?
Reason I need this is that my billing system needs to know which users log on
with realms for our roaming users (via megapop which forwards radius requests
based on realm supplied from it's pops). This way we can track usage of our
national dailups. However, if the customers login name is x and he logs in as
[EMAIL PROTECTED], then [EMAIL PROTECTED] is put in the session table. The problem with this is the
customer can then login again from another location as [EMAIL PROTECTED] and successfully
login, bypassing simultaneous use limits because the compare is done based on
the user@realm contained in the session table, and of course, [EMAIL PROTECTED] does not
match [EMAIL PROTECTED] and thus they are allowed in.
Steve
Hugh Irvine wrote:
> Hello Steve -
>
> >
> > I'm having a few problems with the sql session database. Below is my
> > config. What I wish to do is have it use '%U' for the username, and as
> > such I put in AddQuery and CountQuery as needed. The username still
> > shows as '%n' in the table however. In order to track the usernames
> > correctly I changed it (temporarily) to '${Class}' which you can see
> > below. This change does work correctly, however what I ultimately need
> > is all authenticated usernames after all rewrites without realms for the
> > session database (I have Class defined for accounting where I do want to
> > track realms for my roaming customers who use Megapop for national
> > access).
> >
> > So it appears that the standard run time special characters are not
> > recognized by AddQuery? Can someone else duplicate and verify this or is
> > it just something with my current configuration? Below is my config
> > file.
> >
>
> As your queries use special characters elsewhere and all of them work, the
> problem cannot be with the special character handling.
>
> However, you have to keep in mind what is happening here. You are doing your
> rewrites *only* for authentication, and as the session database is updated
> *only* by accounting packets, the usernames are not being rewritten for it.
> The reason the Class attribute works is because you are saving the rewritten
> username in that attribute (sent to the NAS), which is being returned
> subsequently by the NAS in the accounting packets.
>
> In general that is exactly how the Class attribute should be used, so I
> suggest you consider using it for all usernames.
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence
S/MIME Cryptographic Signature
Re: (RADIATOR) Freetds and radius
Just a warning, the FreeTDS 5.0 and 5.1 both have given us alot of trouble with memory leaks. We had about 2000 incoming lines and authenticated on mysql, but sent out accounting to a MS SQL 6.5 server using DBD:Sybase 0.23 and FreeTDS (both versions above). Memory leaked such that 4 days run time left us with 50mb in memory for the radiator process. We decided to move accounting to Mysql instead and use a perl script to dump the contents of the accounting table into the MS SQL server on a regular interval. Hugh Irvine wrote: > Hello Greg - > > On Fri, 15 Dec 2000, Greg Kornatowsky wrote: > > We are running SQL Server 7. Will the free Sybase drivers work with version > > 7? We are currently using OpenLink but it keeps crashing, we are looking > > for a backup solution. > > > > Yes. There is a patch for the first release MS-SQL 7 to fix the Sybase > connectivity that was broken initially. > > This topic has been discussed on the list previously and there is something in > the Radiator FAQ as well. > > regards > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Stephen Comoletti - Network Engineer / Systems Administrator Delanet Inc. http://www.delanet.com Frontline Communications Corp. http://www.fcc.net phone: (302) 326-5800 fax: (302) 326-5802 x312 262 Quigley Blvd, New Castle, DE 19720, USA S/MIME Cryptographic Signature
(RADIATOR) Errors on DB connect failure
Noticed the following errors in my logs when one of my servers started radiusd before mysql was running. I understand the connect failure and backing off. What I am questioning is the 'Undefined subroutine' errors. I'm not suffering any problems that I can see from it (when I startup properly) however if it's a bug in Radiator I figured someone more familiar with it than myself should verify so that it can be fixed if necessary. Error as follows: Thu Dec 7 10:40:16 2000: ERR: Could not connect to SQL database with DBI->connect dbi:mysql:server=localhost;database=radius, xx, xx: Thu Dec 7 10:40:16 2000: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 600 seconds Thu Dec 7 10:44:46 2000: ERR: Could not connect to SQL database with DBI->connect dbi:mysql:server=localhost;database=radius, xx, xx: Undefined subroutine &DBD::mysql::db::_login called at /usr/local/lib/perl5/site_perl/5.005/i386-freebsd/DBD/mysql.pm line 131. (in cleanup) Driver has not implemented DESTROY for DBI::db=HASH(0x86b915c) at /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 146 Thu Dec 7 10:44:46 2000: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 600 seconds Thu Dec 7 10:44:46 2000: ERR: Could not connect to SQL database with DBI->connect dbi:mysql:server=localhost;database=radius, xx, xx: Undefined subroutine &DBD::mysql::db::_login called at /usr/local/lib/perl5/site_perl/5.005/i386-freebsd/DBD/mysql.pm line 131. (in cleanup) Driver has not implemented DESTROY for DBI::db=HASH(0x86b967c) at /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 146 Regards, -- Stephen Comoletti - Network Engineer / Systems Administrator Delanet Inc. http://www.delanet.com Frontline Communications Corp. http://www.fcc.net phone: (302) 326-5800 fax: (302) 326-5802 x312 262 Quigley Blvd, New Castle, DE 19720, USA S/MIME Cryptographic Signature
(RADIATOR) AuthByPolicy questions
I currently have radiator set up with 4 fall throughs in an AuthBy group with a AuthBypolicy of ContinueUntilAccept. My only issue with this is that if a customer exceeds their simultaneous use limit it continues to fall through the checks till the last one fails before rejecting the customer as 'No such user' or invalid password. I am wondering if there is a way to have a valid username/pass match that fails because of exceeding simultaneous use to reject with a reason at that point instead of continuing to the next fall through, but still allow invalid username/pass to continue through each fall through as normal till it accepts or rejects on the last fall through as normal. Thanks in advance, -- Stephen Comoletti - Network Engineer / Systems Administrator Delanet Inc. http://www.delanet.com Frontline Communications Corp. http://www.fcc.net phone: (302) 326-5800 fax: (302) 326-5802 x312 262 Quigley Blvd, New Castle, DE 19720, USA S/MIME Cryptographic Signature
(RADIATOR) Problems with SessionDatabase SQL
I've made a few changes to my sessiondatabase section and radiator does
not seem to honor all of them. In paticular, the username seems to be
returned as the plain value returned by the NAS (%u) despite my having
changed it to %n. I have it declared as follows:
DBSource dbi:mysql:radius
DBUsername xxx
DBAuth xx
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,
NASPortDNIS, CallerID, ConnectInfo) values ('%n', '%N', 0%{NAS-Port},
'%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}',
'%{NAS-Port-Type}',
'%{Service-Type}','%{Called-Station-Id}','%{Calling-Station-Id}','%{Connect-Info}')
I know it does see my changes as the addition of the caller source and
destination as well as connect-info does work. Only the username refuses
to change. I'm hoping this is not normal? And is there a way around this
as it is necessary for me to change.
I'm using Radiator 2.16.3 on FreeBSD 4.1.0r with MySQL 3.23.26b.
Thanks in advance,
--
Stephen Comoletti - Network Engineer / Systems Administrator
Delanet Inc. http://www.delanet.com
Frontline Communications Corp. http://www.fcc.net
phone: (302) 326-5800 fax: (302) 326-5802 x312
262 Quigley Blvd, New Castle, DE 19720, USA
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Rewriting usernames - adding text to a username
I'm trying to rewrite a username such that a predefined portion of text is added before authentication takes place. The text will most likely be one word preceded by a hyphen "-delanet" for instance. Main reason is that due to a large number of acquisitions of other ISP and hosting companies, we now have 5 mike's, 7 jane's, 4 john's etc. etc. I'm not about to tell several thousand customers to change login names in the 'aol' style with numbers on the end. I use one central database (Platypus) for user data. Each acquisition gets imported with "-domain" appended on the user logins to prevent dupes. I planned to authenticate the initial login name first. On failure, fall through to another authby which will rewrite the user name and append whatever text on the end I specify and try to authenticate again, etc. etc. My only problem now is getting the rewrite correct I believe. If anyone can give an example I'd greatly appreciate it. Regards, -- Stephen Comoletti - Network Engineer / Systems Administrator Delanet Inc. http://www.delanet.com Frontline Communications Corp. http://www.fcc.net phone: (302) 326-5800 fax: (302) 326-5802 x312 262 Quigley Blvd., New Castle, DE 19720, USA S/MIME Cryptographic Signature
(RADIATOR) Update table with check/reply attributes from perl script
I'm trying to write a script that pulls in reply attributes from a MSSQL
(Platypus) database and inserts them into an existing SUBSCRIBERS table
on a MySQL database. I've got everything working fine down to one part..
The UPDATE statement fails to put the correct data in, and instead cuts
short at the '=' every time. I'm using perl with dbi and the mysql-msql
dbd modules. I can update the table for other values with no problem.
Only data with an '=' in it fails and I've tried everything I can think
of to get the data in there.
Current code is as follows:
$update = $dbh2->prepare("UPDATE SUBSCRIBERS SET
REPLYATTR='$new_attrib',TimeStamp='$cus_timestamp' WHERE (AccountID like
'$sub_plat_id')");
die "Prepare failed for Update 2 : $update\n" unless defined
$update;
if (not $update->execute) {
die "Execute failed -- $DBI::errstr\n";
}
Where new_attrib is a attribute pair such as
'Framed-Address=xxx.xxx.xxx.xxx' at the least, sometimes multiple pairs
comma seperated. The correct values do print to console fine, so I know
new_attrib has the correct data in it and is not malformed. If I place
any other data without an '=' it updates correctly into the REPLYATTR
field as well.
Any assistance would be appreciated.
--
Stephen Comoletti - Network Engineer / Systems Administrator
Delanet Inc. http://www.delanet.com
Frontline Communications Corp. http://www.fcc.net
phone: (302) 326-5800 fax: (302) 326-5802 x312
262 Quigley Blvd, New Castle, DE 19720, USA
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) FreeTDS
Dean, Your DBSource line is incorrect. Form as follows: DBSource dbi:FreeTDS:database=radius;host=your.host.com;port=1433 Also, I'm not sure if using a version of 4.2 will work or not on MS SQL 7.0, however I am using a version of 7.0 on my FreeTDS with no problems as yet. It is a test server and not production though. Regards, Stephen Comoletti - Network Engineer / Systems Administrator Delanet Inc. http://www.delanet.com Frontline Communications Corp. http://www.fcc.net phone: (302) 326-5800 fax: (302) 326-5802 x312 262 Quigley Blvd, New Castle, DE 19720, USA Dean Brandt wrote: > Hi, > > I have this as part of my radius.cfg file: > > > RewriteUsername s/^([^@]+).*/$1/ > > > DBSourcedbi:FreeTDS:plat > DBUsername xxx > DBAuth xxx > > > > But I am getting cannot connect to SQL database errors in my log > file. > > Am I calling it correctly in the cfg? > > I installed the FreeTDS snapshot file perl module) as per the FAQ, > and installed FreeTDS stating the version number as 4.2 (to connect to MS > SQL 7.0), I also have an interfaces file that looks like this: > > plat > query tcp ether 203.44.37.26 1433 > master tcp ether 203.44.37.26 1433 > > Am I missing anything here? > > Thanks > > -- > > Dean Brandt > > Technical Director > Cain Internet Services Pty Ltd > ACN 091949405 > Ph 61-3-95231065 > Distributor of Patton RAS equipment > www.cain.com.au > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- S/MIME Cryptographic Signature
