(RADIATOR) Cisco IOS aaa ??
Since updating a 7200 on the weekend, we are now not getting port-id from the cisco. anyone seen this before and maybe have a fix ? Gary . === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How to restrict the Dial Up on Bandwith.
We use a bandwidth manager http;//www.etinc.com On Sun, 22 Jun 2003 11:47:33 +1000, [EMAIL PROTECTED] wrote: Yes but with radius alive packets how would you have content that doesn't count to your download total because radius alive counts everything. Michael saunders - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, June 22, 2003 11:37 AM Subject: Re: (RADIATOR) How to restrict the Dial Up on Bandwith. Hello Mick - This is usually done with IP filters and traffic shaping on the router. The accounting is done with periodic radius Alive requests. I don't know of any off-the-shelf product that does this. regards Hugh On Sunday, Jun 22, 2003, at 08:58 Australia/Melbourne, [EMAIL PROTECTED] wrote: Dear list, I am not sure if this soultion is done with Radiator or not. I have noticed many ISP's offering ADSL connections with free traffic to certain web sites. They are also speed limiting customers when they run passed their download limit but not counting the traffic to the free websites. Anyone know how the radius accounting is done. Or does anyone know what product they are using to do this. Michael Saunders === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. . === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Trace level 3 changes ?
Hi folks, we are slowly moving over to sql. so far we have the online and the users over. but I have noticed that the radiatorl log trace level of 3 no longer reports errors as before. if a check attribute was wrong it was reported but now is just says bad password... so what have I stuffe ?? Gary --- Trace 3 DbDir /usr/local/raddb/ LogFile /var/log/radius/%Y%mradiator.log AuthPort 1645 AcctPort 1646 include /usr/local/raddb/clients AuthBy SQL Identifier SQLUsers DBSource dbi:mysql:radius DBUsername xxx DBAuth yyy AuthSelect select PASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS \ where USERNAME='%n' AddToReplyIfNotExistService-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-Compression = None,\ Framed-IP-Address = 255.255.255.254,\ Session-Timeout = 10800,\ Idle-Timeout = 900 DefaultSimultaneousUse 1 /AuthBy AuthBy FILE Identifier NormalUsers Filename/usr/local/raddb/users AddToReplyIfNotExistService-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-Compression = None,\ Framed-IP-Address = 255.255.255.254,\ Session-Timeout = 10800,\ Idle-Timeout = 900 DefaultSimultaneousUse 1 /AuthBy Realm DEFAULT AuthBy FILE Filename/usr/local/raddb/rejectusers DefaultReplyService-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Address = 255.255.255.254,\ Session-Timeout = 25,\ Idle-Timeout = 20 /AuthBy AcctLogFileName /var/log/radius/%Y%mdetail.log PasswordLogFileName /var/log/radius/%Y%mpassword.log /Realm SessionDatabase SQL DBSource dbi:mysql:radius DBUsername zz DBAuth ttt /SessionDatabase --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Perl ??
We just upgraded to perl v5.005 we also upgrade to libdbi-perl 1.13 (on a debian system) the only problem since is the radwho.cgi no longer works says can't find the online file. we have made no other changes. any ideas ?? Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems with Radiator and Tigris...
On Fri, 10 Dec 1999 00:13:35 +1100, Tony Frank (EPA) wrote: Hi everyone, I am having trouble when using my Tigris NAS and the Radiator RADIUS server. The problem is (I believe) with the Tigris, but I'm wondering if there are any suggestions based on my RADIUS config to see if I could be doing something wrong here. (Anyone with experience using the Tigris and Radiator can jump in here) My radius.cfg: snipped And the 'defuser' file contains the following: DEFAULT Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = None, Framed-MTU = 1500, Service-Type = Framed-User The issue is that what I am trying to achieve is RADIUS authentication, with no username and password required. In my situation, we have only GSM mobile incoming calls, and we are very happy to use the existing user authentication performed by the mobile network (ie, your number is unique to you, and if you lose it you are going to have your SIM etc cancelled anyway) fine, doesn't only apply to gsm either ! As such, we want to setup the PPP sessions etc with as little requirements as possible. Essentially, if the person's number (Calling-Station-ID) appears in the user database and is active, we want to let them setup a session and give them an IP address without the user needing to go through any additional authentication stages. From my brief research, it seems that this is not an overly common way to do things, and as such it is very difficult to find any information on other people's attempts etc. In order to do this, we are presently trying to use the Tigris VPSM functionality, which generates an Access-Request similar to the following when it detects an incoming call: Attributes: User-Name = "called number" User-Password = "calling number encrypted with secret" NAS-Port = 71 NAS-Port-Type = ISDN Acc-Request-Type = Ring-Indication Called-Station-Id = "x" Calling-Station-Id = "0414576342" NAS-IP-Address = 10.28.30.15 we had this problem, when changing over from Ascend to Tigris solution is multiple Defaults and verification based on calling-station-id. problem is thou, you end up with a heap of funny user names (whatever they have set) and passwords lying around. the problem is actually on the tigris, not radius if you want to use not use the VPSM setting. I did have this as a feedback item with the erricsson, obviously it hasn't been dealt with :-( Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) HURLnET
On Wed, 17 Nov 1999 14:02:51 -0600, Arnold, Josh A. wrote: Is anyone running the HURLnET billing software with Radiator? Thanks. -- Josh Arnold === What we really need it for open systems to write a fully comprehensive billing package and maybe full accounting system to go with radiator. Of course seeing that they have done / are doing such a great job with radiator, such a package would be of equally high quality and they would have a guarranteed user base :-) --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) logging incoming requests
On Thu, 11 Nov 1999 21:07:12 +, Stuart Henderson wrote: Is there any way we can configure Radiator to log an incoming radius request to a flatfile or SQL, say storing username and password (assuming both come thru in cleartext)? PasswordLogFileName passlog.%d%m%Y.txt. === Is there a way of adding calling-station-id to this file as well ?? Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) HOW-TO ??
No joy Hugh... Our setup is basic... can you see the problem ? I test ring in from the office with a proper setup in the normal users file, and it does not act on the rejectusers, and continues to authenticate on the normal users file. -- Trace 3 DbDir /usr/local/raddb/ LogFile /var/log/radius/%Y%mradiator.log AuthPort 1645 AcctPort 1646 include /usr/local/raddb/clients # You will probably want to change this to suit your site. Realm DEFAULT AuthByPolicy ContinueWhileAccept AuthBy FILE AcceptIfMissing Filename/usr/local/raddb/rejectusers Nocache /AuthBy AuthBy FILE Filename/usr/local/raddb/users Nocache /AuthBy AcctLogFileName /var/log/radius/%Y%mdetail.log PasswordLogFileName /var/log/radius/%Y%mpassword.log /Realm -- On Wed, 27 Oct 1999 08:40:05 +1000, Hugh Irvine wrote: Hello Gary - On Tue, 26 Oct 1999, Gary wrote: Is there some way to put users in the user file which only has a Caller-Id as a check item ... No username, no password etc Basically we want to trap certain numbers, assign them to a non-connected partition, give them 10 minute timers (or even just ten seconds) and basically just cost them money for their telephone calls never provide any type of service to them. Yes, you could do this with chained AuthBy's: # Configure an AuthBy FILE to reject calling-station-id's Handler AuthByPolicy ContinueWhileAccept AuthBy FILE AcceptIfMissing Filename %D/reject-calling-station-id /AuthBy AuthBy /AuthBy /Handler And then in the file "reject-calling-station-id": # Users file to reject calling-station-id's DEFAULTCalling-Station-Id = 12345..., Auth-Type = Reject DEFAULTCalling-Station-Id = 7890..., Auth-Type = Reject Of course, instead of Auth-Type = Reject, you could return anything you like including an IP address from a locked-in pool such as you describe. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) HOW-TO ??
No joy Hugh... Our setup is basic... can you see the problem ? I test ring in from the office with a proper setup in the normal users file, and it does not act on the rejectusers, and continues to authenticate on the normal users file. -- Trace 3 DbDir /usr/local/raddb/ LogFile /var/log/radius/%Y%mradiator.log AuthPort 1645 AcctPort 1646 include /usr/local/raddb/clients # You will probably want to change this to suit your site. Realm DEFAULT AuthByPolicy ContinueWhileAccept AuthBy FILE AcceptIfMissing Filename/usr/local/raddb/rejectusers Nocache /AuthBy AuthBy FILE Filename/usr/local/raddb/users Nocache /AuthBy AcctLogFileName /var/log/radius/%Y%mdetail.log PasswordLogFileName /var/log/radius/%Y%mpassword.log /Realm -- On Wed, 27 Oct 1999 08:40:05 +1000, Hugh Irvine wrote: Hello Gary - On Tue, 26 Oct 1999, Gary wrote: Is there some way to put users in the user file which only has a Caller-Id as a check item ... No username, no password etc Basically we want to trap certain numbers, assign them to a non-connected partition, give them 10 minute timers (or even just ten seconds) and basically just cost them money for their telephone calls never provide any type of service to them. Yes, you could do this with chained AuthBy's: # Configure an AuthBy FILE to reject calling-station-id's Handler AuthByPolicy ContinueWhileAccept AuthBy FILE AcceptIfMissing Filename %D/reject-calling-station-id /AuthBy AuthBy /AuthBy /Handler And then in the file "reject-calling-station-id": # Users file to reject calling-station-id's DEFAULTCalling-Station-Id = 12345..., Auth-Type = Reject DEFAULTCalling-Station-Id = 7890..., Auth-Type = Reject Of course, instead of Auth-Type = Reject, you could return anything you like including an IP address from a locked-in pool such as you describe. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) HOW-TO ??
No joy Hugh... Our setup is basic... can you see the problem ? I test ring in from the office with a proper setup in the normal users file, and it does not act on the rejectusers, and continues to authenticate on the normal users file. -- Trace 3 DbDir /usr/local/raddb/ LogFile /var/log/radius/%Y%mradiator.log AuthPort 1645 AcctPort 1646 include /usr/local/raddb/clients # You will probably want to change this to suit your site. Realm DEFAULT AuthByPolicy ContinueWhileAccept AuthBy FILE AcceptIfMissing Filename/usr/local/raddb/rejectusers Nocache /AuthBy AuthBy FILE Filename/usr/local/raddb/users Nocache /AuthBy AcctLogFileName /var/log/radius/%Y%mdetail.log PasswordLogFileName /var/log/radius/%Y%mpassword.log /Realm -- On Wed, 27 Oct 1999 08:40:05 +1000, Hugh Irvine wrote: Hello Gary - On Tue, 26 Oct 1999, Gary wrote: Is there some way to put users in the user file which only has a Caller-Id as a check item ... No username, no password etc Basically we want to trap certain numbers, assign them to a non-connected partition, give them 10 minute timers (or even just ten seconds) and basically just cost them money for their telephone calls never provide any type of service to them. Yes, you could do this with chained AuthBy's: # Configure an AuthBy FILE to reject calling-station-id's Handler AuthByPolicy ContinueWhileAccept AuthBy FILE AcceptIfMissing Filename %D/reject-calling-station-id /AuthBy AuthBy /AuthBy /Handler And then in the file "reject-calling-station-id": # Users file to reject calling-station-id's DEFAULTCalling-Station-Id = 12345..., Auth-Type = Reject DEFAULTCalling-Station-Id = 7890..., Auth-Type = Reject Of course, instead of Auth-Type = Reject, you could return anything you like including an IP address from a locked-in pool such as you describe. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Ye olde perenial ?
Before switching over to sql authentication I am cleaning up the users file and adding DefaultReply to the various bits . Now the old question... is Service-Type = Framed-User a check or reply item... ?? Page 39 of the manual (hi Hugh :-) indicates its reply item, but I thought it was a check item ? Also I am wondering is there an equivalent DefaultCheck for check items ? (if there is I probably missed it in the manual :-) or should this be a feature request ? Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Fw: LDAP Request
On Fri, 29 Oct 1999 12:37:55 +1000, Hugh Irvine wrote: Hello Steve - On Fri, 29 Oct 1999, Steven E. Ames wrote: Would it be possible to modify the way that AuthLDAP handles reply attributes? Right now they are all listed in a singly replyattr attribute. This is unwieldy for a lot of our tools and increases the complexity of the parsing. A better mechanism would be to handle them the same way as SQL is handled. Under SQL you can put up a statement such as: AuthColumnDef 2, Session-Timeout, reply Following right behind on this topic... What's the best way to set default values for reply attributes and then let a matching user record override these defaults? Mike will have a look at your contribution next week - many thanks! Probably the best way to do this is with the following patch (http://www.open.com.au/radiator/downloads/patches-2.14.1/patches.README) 6/9/99 Rolled the AddToReplyIfNotExist.patch into the base code. This code was contributed by Vincent Gillet [EMAIL PROTECTED], and implemnets the AddToReplyIfNotExist parameter, which will append an attribute to a reply if and only if it the attribute is not already present. Download AuthGeneric.pm and AttrVal.pm from here. Clarification Please ?? I am trying to strip down the reply items in the user file ... IF instead of using DefaultReply I use AddToReplyIfNotExist, will this mean that the reply attributes individually are checked against the users file ?? eg: If say I have one of the AddToReplyIfNotExist items as Idle-Timeout = 900, but in the users there is a Idle-Timeout = 0 the user file attribute will override ? I am trying to have in the users file ONLY those reply attributes which are different from the defaults, rather than have to put ALL the reply attributes if any are different from the default. Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) suitable accounting package
On Wed, 27 Oct 1999 15:57:30 -0500, John Gray wrote: Hi, I am trying to select a suitable accounting package to use with Radiator . Three I am considering are Optigold Plus, ISP Easy amd NT Paymaster. The first two use Filemaker Pro as the database and the last one uses mSQL. Does any one know if they will work with Radiator and/or which one works well? Thanks, John Gray === I know that Optigold will work with radiator, but after some very close examination here (in Australia) and discussion of just a few very small issues with it, I could not recomend it for any Australian ISP as the programmers WILL NOT make any modifications so it will comply with Australian Taxation Law good business practises. Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) HOW-TO ??
Is there some way to put users in the user file which only has a Caller-Id as a check item ... No username, no password etc Basically we want to trap certain numbers, assign them to a non-connected partition, give them 10 minute timers (or even just ten seconds) and basically just cost them money for their telephone calls never provide any type of service to them. Hey they just pirates !! Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Feature request ?
In the radiator log file for trace level 3 it would be nice if on a failed connect the caller-id is also logged to the radiator.log file :-) Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radacct.cgi
On Mon, 18 Oct 99 22:24:51 +1000, Gary wrote: Ok, I'm the first to admit that I am not a programmer ! We run a fairly basic setup with flat files and no sql etc... I finally got around to getting radwho.cgi radacct.cgi working today and once I overcame my many oversites got both working except radacct.cgi will not display any session-id 's and thus we cant examine individual sessions. Have I overlooked something ?? Gary Gee, times are bad when you answer your own questions :-) Mike, you might like to note that Acct-Session-Id on a Tigris also includes a "." in it (several actually). Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple session limits....
On Wed, 13 Oct 1999 16:30:36 +1000, Hugh Irvine wrote: Hello Gary - On Wed, 13 Oct 1999, Gary wrote: So far I can reduce multiple sessions down to one logon, but how do I enable it to allow MPP sessions to bring up more than one channel. The only way now is to run MP and bring both sessions up at the same time, ok 3 seconds apart, which is fast enough to make radiator barf an error and let the 2nd session come up :-) You should set the Simultaneous-Use check attribute for those users that require MPPP. If you wish to use strict sim-use checking you should also configure a SessionDatabase together with Nas-Type in your Clients. Mmm, cant seem to find that attribute in the dictionary, got a number ? Currently I have maxsessions 1 in the .cfg presumably this attribute will overide it See Section 13.1.12 in the Radiator 2.14.1 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Multiple session limits....
So far I can reduce multiple sessions down to one logon, but how do I enable it to allow MPP sessions to bring up more than one channel. The only way now is to run MP and bring both sessions up at the same time, ok 3 seconds apart, which is fast enough to make radiator barf an error and let the 2nd session come up :-) Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Is this correct ??
After much playing, I just want to confirm... # test1 Password = "***", Calling-Station-Id = /740+/, Expiration = "Dec 31 2000", Called-Station-Id = /4044718+/, Time = "WkSa0830-2300", Service-Type = Framed-User Framed-Protocol = PPP, Framed-IP-Address = 203.56.136.7, Session-Timeout = until 1800, Idle-Timeout = 0 # Basically, the check items end at the line "Service-Type" as there is no comma on the end and the rest will be reply items. Yeah I know its simple, but we have been playing around with different options and one line got too long. Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Auto-logoff at specific time i.e 18:00
On Sun, 29 Aug 1999 13:00:31 +1000, tom minchin wrote: On Sun, Aug 29, 1999 at 12:15:41PM +1000, Michael Dunne wrote: I would like to know if radiator can be set to accept connections from a specific time i.e 08:00 and then log those connections off at a specific time as well, i.e 18:00. I would prefer to do this via SQL, but if not, any other way would be acceptable. Also I would prefer this to be done by a seperate users section. The only way I can do this at the moment is by writing a cron'ed perl script to do all this, but if Radiator could do this for me I would like to know how. After reading the manual that is bundled with the distribution I could not see anything clearly that would allow me to do this. If your NAS can limit sessions to a certain time, when people login your database can decide how long they go for and set the appropriate session time (eg Session-Timeout or Ascend-Maximum-Time). Note that this is a RADIUS feature and your NAS may well not support it (the NAS does the actual disconnection - not Radiator). Otherwise, just stick with the perl script. [EMAIL PROTECTED] I think what Michael is asking is whether there is an easy way to calculate Session-Time according to the time of day. eg: normal max session is 3 hours (10800) but this user is restricted to to having their connection complete by say 18:00 and they ring in at 17:45 so their Session-time should now be equal to 15 minutes = 900 seconds In Michael's case the NAS does support session time or I suppose he wouldn't be asking :-) I think Ascend and tigris is the answer. --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple instances of the same username ??
On Wed, 21 Jul 1999 16:06:09 -0500, Mike McCauley wrote: Hi Gary, On Jul 21, 1:49pm, Gary wrote: Subject: (RADIATOR) Multiple instances of the same username ?? Many thanks to those that are helping me on the Tigris issue... Now is it possible to have multiple instances of the same username but different "passwords in radius ?? username Calling-Station-Id=12345678 username Calling-Station-Id=45678899 Or will radius just see the first if its the second and just bomb out authenticating on the second ?? The username is a unique key, so its not possible to have 2 user entries with teh same username. As Tom Minchin pointed out, if these are really the same user, you can have a regexp in the check items: username Calling-Station-Id=/12345678|232323232/ Cheers. Thats great, but if they are actually two different users with the same name, say one requiring a static ip, seems radius only seems the first username in the file and will give a rejected authorisation. Is there maybe a way to change this behaviour ? Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Multiple instances of the same username ??
Many thanks to those that are helping me on the Tigris issue... Now is it possible to have multiple instances of the same username but different "passwords in radius ?? usernameCalling-Station-Id=12345678 usernameCalling-Station-Id=45678899 Or will radius just see the first if its the second and just bomb out authenticating on the second ?? Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple instances of the same username ??
On Wed, 21 Jul 1999 12:45:38 +1000, tom minchin wrote: On Wed, Jul 21, 1999 at 01:49:39PM +1000, Gary wrote: Many thanks to those that are helping me on the Tigris issue... Now is it possible to have multiple instances of the same username but different "passwords in radius ?? username Calling-Station-Id=12345678 username Calling-Station-Id=45678899 Or will radius just see the first if its the second and just bomb out authenticating on the second ?? It'll continue on until it gets an accept or falls off the end of the file. Can also have: username Calling-Station-Id=/123456|7654321/ Saves you a line. [EMAIL PROTECTED] Ah, but thats harder to track plus wont give the user name for accounting I will actually try separate setups for each one, but it is an easy way to give a user 2 numbers to dial in from thanks... The biggest pain in all this is the different requirements for different dialin boxes... methinks, my ascend gear will be sale, I like the tigris too much :-) Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) CLID only authentication ?
I have just installed radiator for the first time. I also have just installed a new tigris. Has anyone managed to get a CLID authorisation only session going on a tigris ?? Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) CLID only authentication ?
On Mon, 19 Jul 1999 22:46:35 +1000, tom minchin wrote: On Mon, Jul 19, 1999 at 11:52:08PM +1000, Gary wrote: I have just installed radiator for the first time. I also have just installed a new tigris. Has anyone managed to get a CLID authorisation only session going on a tigris ?? You can use the Calling-Station-Id RADIUS check item, eg: fred Password = "mypasswd", Calling-Station-Id = "3454563453" This is standard RADIUS, and your Tigris will need to send the CLID when it authenticates against your RADIUS server. [EMAIL PROTECTED] On Mon, 19 Jul 1999 22:46:35 +1000, tom minchin wrote: On Mon, Jul 19, 1999 at 11:52:08PM +1000, Gary wrote: I have just installed radiator for the first time. I also have just installed a new tigris. Has anyone managed to get a CLID authorisation only session going on a tigris ?? You can use the Calling-Station-Id RADIUS check item, eg: fred Password = "mypasswd", Calling-Station-Id = "3454563453" This is standard RADIUS, and your Tigris will need to send the CLID when it authenticates against your RADIUS server. [EMAIL PROTECTED] Not actually what I want I have been using with the ascend radius Ascend MAX's # 740xx Password = "Ascend-CLID" User-Service = Dialout-Framed-User, User-Name = "username", Ascend-Data-Svc = Switched-modem, Framed-Protocol = PPP, Framed-Routing = None, Ascend-Assign-IP-Pool = 1, Framed-Compression = Van-Jacobsen-TCP-IP, Ascend-Maximum-Time = 14400, Ascend-Idle-Limit = 900 # The Max will generate an authentication request JUST on the telephone number, before the modems even sync and the ascend radius will authenticate the caller JUST BASED on the caller-id received. I actually think the problem might be how to get the Tigris to act in a similar manner to the Ascend. Gary --- Ausmail Your virtual home on the net. Email, News Home pages. --- Coming soon !! === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
