Re: (RADIATOR) Lenght of Timeout
Hi AbduSami, I think it is dependent on the RAS Equipment used. I remember having this same restriction with Ericsson Tigris Servers but not on Ascend Maxs. Regards, Jaime - Original Message - From: Mohammed AbdusSami [EMAIL PROTECTED] To: 'Hugh Irvine' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 08, 2002 9:17 AM Subject: (RADIATOR) Lenght of Timeout Dear All, Can anybody tell me what is the maximum number of seconds I can use in timeout value. When I am using 360 I am not getting connection. Regards, AbdusSami === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Edit session timeouts via radius
Title: Blank error message Hi All, Is it possible for Radiator to send a disconnect request to a NAS? Also, we are currently implementing session timeouts on our users. Is is possible for Radiator so send something tto the NAS that would either decrease or increase the 'session timeout' counter on the NAS itself? Thanks for your replies.. Jaime - Original Message - From: Le Anh Tuan To: [EMAIL PROTECTED] Sent: Thursday, August 22, 2002 11:34 AM Subject: (RADIATOR) Blank error message -BEGIN PGP SIGNED MESSAGE-Hash: SHA1Hi all,I configured a roaming system between our HQ and Branch office in seperate location using Radiator and AuthBy Radius. But I can not get a reason message each time a authentication reject occur, AuthBy Radius only returns message like 'INFO: Access rejected for user: Proxied' or 'INFO: Access rejected for user:'. Can you help me how to configure Radiator to get a reason message, I need it to put into my AuthLog SQL to help my administration work.Thank you very much.Le Anh TuanRD DepartmentNetnam CorporationInstitute of Information TechnologyEmail: [EMAIL PROTECTED]-BEGIN PGP SIGNATURE-Version: PGP 7.0.4iQA/AwUBPWRb1BLw+KcRUiRLEQJWKgCgrD80FhdzABN9e+etScPsJS3qom0AnRdyDZvo2KmUrDFUOMWRkRntMR5q=ILzK-END PGP SIGNATURE-
(RADIATOR) Efficiency
Hello everyone, I just need some inputs on which config would provide a more efficient running radiator at high loads. Thanks, Jaime CONFIG 1: AuthBy SQL Identifier FIRST /AuthBy AuthBy SQL Identifier SECOND /AuthBy AuthBy SQL Identifier DEFAULT /AuthBy Handler Called-Station-Id=888 Realm first AuthBy FIRST /Realm Realm second AuthBy SECOND /Realm Realm Authby DEFAULT /Realm /Handler Handler Called-Station-Id=555 Realm second AuthBy SECOND /Realm Realm Authby DEFAULT /Realm /Handler OR AuthBy SQL Identifier FIRST /AuthBy AuthBy SQL Identifier SECOND /AuthBy AuthBy SQL Identifier DEFAULT /AuthBy Handler Called-Station-Id=888,Realm=first AuthBy FIRST /Hander Handler Called-Station-Id=888,Realm=second AuthBy SECOND /Hander Handler Called-Station-Id=555,Realm=second AuthBy SECOND /Hander Handler AuthBy DEFAULT /Hander
(RADIATOR) Accounting Start-Stops
Hi Everyone,
We are currently running Radiator 2.18.4 with
MySQL.
I do notice thatwithACCOUNTING, there
are two records generatedfor every user session, one is when the user
connects and the other is when it the user disconnects.In just a small
amount of time, our accounting database has grown to very big, about 200,000
records within two months of operation.Within halfa year, we can
generate as much as 1,000,000 records.I also
noticethatboththe recordspertaining to auser
session is almost identical except for the timestamp, status type and session
time. This means that we are having redundant records.
Is there a way to have the Accounting to insert a
record upon a user's connection and just update that same record upon the user's
disconnection? There will be some modified fields like the Timestamp will
be changed to Time_Start and add another column like Time_Stop.
My config file looks something like
this:
ForegroundLogStdoutLogDir
/var/log/radiusLogFile
/var/log/radius/%m/%d%Y-traceFingerProg
/usr/bin/fingerPidFile
/var/run/radius.pidDictionaryFile
/usr/local/etc/dictionary
Trace
4
Client
xxx.xxx.xxx.xxx
Secretyyyxxx DupInterval
3/Client
Realm
DEFAULT AcctLogFileName
/var/log/radius/default/details
PasswordLogFileName
/var/log/radius/Test/%m%d%Y-passlog AuthBy
SQL # Adjust DBSource,
DBUsername, DBAuth to suit your DB
DBSourcedbi:mysql:XXXDb
DBUsernamexx
DBAuth
x
AuthSelect select PASSWORD, TIMELEFT from
SUBSCRIBERS where USERNAME='%n'
AuthColumnDef
0,User-Password,check
AuthColumnDef
1,Session-Timeout,reply
DefaultReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-Routing=None
AccountingTable ACCOUNTING
AcctColumnDef
USERNAME,User-Name
AcctColumnDef
TIMESTAMP,Timestamp,integer
AcctColumnDef
STATUS_TYPE,Acct-Status-Type
AcctColumnDef
SESSION_ID,Acct-Session-Id
AcctColumnDef
SESSION_TIME,Acct-Session-Time,integer
AcctColumnDef
TERMINATE_CAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef NAS_IDENTIFIER,NAS-IP-Address
AcctColumnDef
NAS_PORT,NAS-Port,integer
AcctColumnDef
IP_ADDRESS,Framed-IP-Address
AcctColumnDef
CALLER_ID,Calling-Station-Id
AcctColumnDef
CALLED_STATION,Called-Station-Id
AcctSQLStatement update SUBSCRIBERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \
where USERNAME='%n'
/AuthBy/Realm
I am thinking if it is possible to have two
accounting sequences wherein one would take care of accounting start and the
other would take care of the accounting stops.
AccountingTable ACCOUNTING
AccountingStartsOnly
AcctColumnDef
USERNAME,User-Name
AcctColumnDef
TIMESTART,Timestamp,integer
AcctColumnDef
STATUS_TYPE,Acct-Status-Type
AcctColumnDef
SESSION_ID,Acct-Session-Id
AcctColumnDef
SESSION_TIME,Acct-Session-Time,integer
AcctColumnDef
TERMINATE_CAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef NAS_IDENTIFIER,NAS-IP-Address
AcctColumnDef
NAS_PORT,NAS-Port,integer
AcctColumnDef
IP_ADDRESS,Framed-IP-Address
AcctColumnDef
CALLER_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION,Called-Station-Id
AccountingStopsOnly
AcctColumnDef
USERNAME,User-Name
AcctColumnDef
TIMESTOP,Timestamp,integer
AcctColumnDef
STATUS_TYPE,Acct-Status-Type
AcctColumnDef
SESSION_ID,Acct-Session-Id
AcctColumnDef
SESSION_TIME,Acct-Session-Time,integer
AcctColumnDef
TERMINATE_CAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef NAS_IDENTIFIER,NAS-IP-Address
AcctColumnDef
NAS_PORT,NAS-Port,integer
AcctColumnDef
IP_ADDRESS,Framed-IP-Address
AcctColumnDef
CALLER_ID,Calling-Station-Id
AcctColumnDef
CALLED_STATION,Called-Station-Id
AcctSQLStatement update SUBSCRIBERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \
where USERNAME='%n'
Is there any other means that is more efficient in
dealing about with this type of scenario? Please enlighten me.
Thank you very much,
Jaime Elizaga Jr.
(RADIATOR) Undefined subroutine Radius::Radius::get_port
Hi Everyone! I installed Slackware 8.0 on a new box. Perl5, MySQL and MD5 is installed by default by the Slackware Distro. I did not encounter installing Radiator, it passed all the test. I did a sample config and run radiusd and I got this response.. root# radiusdWed Aug 8 19:15:39 2001: DEBUG: Reading users file /usr/local/etc/blockedUndefined subroutine Radius::Radius::get_port called at /usr/bin/radiusd line 326. My config is simple, just an auth by file.. --- start radius.cfg --- Foreground LogStdoutTrace 4AuthPort 1645AcctPort 1646 #AuthPort 1812#AcctPort 1813 LogDir /var/log/radiusLogFile /var/log/radius/%m/%d%Y-traceFingerProg /usr/bin/fingerPidFile /var/run/radius.pid DictionaryFile /etc/radius/dictionarySnmpgetProg /usr/local/bin/snmpgetHandler MaxSessions 1 AcctLogFileName /var/log/radius/BlockNo/details WtmpFileName /var/log/radius/BlockNo/%u PasswordLogFileName /var/log/radius/BlockNo/%m%d%Y-passlog AuthBy FILE Filename /usr/local/etc/blocked /AuthBy/Handler --- end radius.cfg What could this error mean? Thanks in advance! Jaime
Re: (RADIATOR) cisco av-pair and session-timeout
Hi Hugh, I was searching through google and stumbled upon a message on this mailing list but it seemed to have beed deleted from the starport. Re: (RADIATOR) Session-Timeout AS5200 ... you say, the standard Session-timeout attribute is not ... can define the idle-timeout with the Ascend ... use the new av-pair ( in the Cisco av-pair VSA ) were ... www.starport.net/~radiator/199904/msg00941.html - 6k - Cached - Similar pages I think I can find some valuable information on that thread. Can anyone know where that thread went? thanks, jaime - Original Message - From: "Hugh Irvine" [EMAIL PROTECTED] To: "Jaime Elizaga Jr." [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, March 22, 2001 6:15 AM Subject: Re: (RADIATOR) cisco av-pair and session-timeout Hello Jaime - On Thursday 22 March 2001 04:56, Jaime Elizaga Jr. wrote: Hello again, I've been reading about the session-timeout with cisco by using their av-pair. I anyone kind enough to show me how to implement this av-pair on my radius config file. You help will be deeply appreciated. There are some example cisco-avpair reply attributes in the sample users file (called "users") in the main distribution directory. Also have a look at this item in the FAQ: 59. Whats the story with Session-Timeout and Cisco's hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Help with session timeout over l2tp tunnel
Hi everyone, I'm kind new here and I am having problems with L2TP. My telco provider offers RAS ports via ERICSSON TIGRIS. We've configured a L2TP tunnel from their TIGIRS to my gateway router, a Cisco 3640 via vpdn. All is well, authentication and accounting, but the session timeout does not seem to work. Althought I can see that the Cisco router is accepting the "session-timeout" value from the radius but it doesn't seem to implement it on the tigris. I hope someone can enlighten me. Thanks, Jaime Here is a copy of my radius config.: Handler Called-Station-ID=8350818 MaxSessions 1 #DbDir * AcctLogFileName /var/log/radius/Cards/details WtmpFileName /var/log/radius/Cardusers/%u PasswordLogFileName /var/log/radius/Cardpasswd/%m%d%Y-passlog PreAuthHook file:"hook2xonly" SessionDatabase SDB1 AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:mysql:* DBUsername DBAuth # Authentication ### AuthSelect select password, MAXTIME from SUBSCRIBERS where username='%n' and MAXTIME30 AuthColumnDef 0, User-Password, check AuthColumnDef 1, Ascend-Maximum-Time, reply AccountingTable ACCOUNTING AccountingStopsOnly AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef A_STAT_TYP,Acct-Status-Type AcctColumnDef A_SES_ID,Acct-Session-Id AcctColumnDef A_SES_TIME,Acct-Session-Time,integer AcctColumnDef A_TERM_CAUSE,Ascend-Disconnect-Cause,integer AcctColumnDef NAS_ID,NAS-IP-Address AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef F_IP_ADD,Framed-IP-Address AcctColumnDef CALLER_ID,Calling-Station-Id AcctColumnDef CALLED_STATION,Called-Station-Id AcctColumnDef 1X,tot1x,integer AcctColumnDef 2X,tot2x,integer AcctColumnDef 3X,tot3x,integer AcctColumnDef TIME_START,time-start,integer AcctSQLStatement DefaultReply Service-Type=Framed-User, Framed Protocol=PPP, Framed-Routing=None, Framed-MTU=1500 # Framed-IP-Netmask = 255.255.255.0, Framed-Compression = Van-Jacobson-TCP-IP Timeout 4 /AuthBy /Handler Here is what I have on my Cisco: aaa new-model aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default if-authenticated group radius aaa authorization network default if-authenticated group radius aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius ! vpdn enable ! vpdn-group PLDT accept-dialin protocol l2tp virtual-template 1 terminate-from hostname MAKATI_TIGRIS2 lcp renegotiation always l2tp tunnel password 7 * ! interface Virtual-Template1 description 300-port Manila RAS ip unnumbered FastEthernet0/1 keepalive 30 peer default ip address pool mnl-ras-pool ppp authentication pap ! === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) cisco av-pair and session-timeout
Hello again, I've been reading about the session-timeout with cisco by using their av-pair. I anyone kind enough to show me how to implement this av-pair on my radius config file. You help will be deeply appreciated. Thanks everyone!!! Jiame === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
