Re: [RADIATOR] Radiator and Load Balancer
This may be the case now, but pretty sure we went down this road YEARS ago and even with BindAddress, packets were still being sourced from the main IP address. In the mailing list archives this argument may exist. I vaguely remember being told by Hugh that it was not possible in Perl at the time to choose the source address to respond from. Again, not arguing that now; just saying what we ran into in the past. -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu > On Jul 29, 2016, at 6:17 AM, Heikki Vatiainenwrote: > > When BindAddress is configured, a socket is created and bound for each > address defined by BindAddress. In this case the source address of a > reply is the specific non-wildcard address the socket was bound to. > > In short: BindAddress can be useful on multi homed hosts. However, if IP > addresses are added and removed dynamically, this can cause problems > because the addresses are now part of the Radiator configuration too. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator and Load Balancer
In my experience this is not the case. It will LISTEN on those addresses for sure. But it’s return packets are always sourced from the primary IP address of the outgoing interface. DSR will work, but the clients will receive a response from an IP address that is not of the configure RADIUS server. This may (but should not) work for various clients. This may of changed, in recent years. YMMV. -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu > On Jul 29, 2016, at 5:19 AM, Hartmaier Alexander >wrote: > > When you configure the VIP as loopback on every radiator server and bind > radiator to this ip the reply packets should be sent from it. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator and Load Balancer
DSR load balancing assumes the real servers know about the load balanced VIP and is generally configured on a loopback. The problem with this I think is that Radiator responds with a source address of where the packet leaves. (at least that’s been my experience). Most clients will probably ignore the response as it’s coming from a different address. With Radiator being Perl, I don’t think you can force Radiator to answer from a specific source address on the server. NAT will work via the F5, you just have to make sure that the response traffic goes back out to the load balancer it came in on. -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu > On Jul 27, 2016, at 1:38 PM, shaun gibsonwrote: > > i've used direct server return for radius and it seemed to work well : > > http://blog.haproxy.com/2011/07/29/layer-4-load-balancing-direct-server-return-mode/ > https://devcentral.f5.com/articles/the-disadvantages-of-dsr-direct-server-return > > using the f5 for inbound and outbound traffic nat will also work, just > depends what your requirements are ... ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] AuthBy NTLM busted under 4.7?
Installed 4.7 today and upon launching it, I get: Can't locate object method new via package Radius::AuthNTLM at Radius/Configurable.pm line 450, CONFIG line 136. This worked fine under 4.2... so I simply rolled back to 4.2 and all is fine again. This is perl, v5.8.9 built for i386-freebsd-64int -- Robert Blayzor INOC, LLC rblay...@inoc.net http://www.inoc.net/~rblayzor/ ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy NTLM busted under 4.7?
On Aug 11, 2010, at 5:50 PM, Hugh Irvine wrote: Can you please send me a copy of the configuration file and a complete trace 4 debug from a terminal session like this: cd /your/Radiator-4.7/source perl radiusd -foreground -log_stdout -trace 4 -config_file /your/Radiator/configuration …. Use you local pathnames in the above. many thanks Hugh, it's a compile time error in perl, so it doesn't get to far, but it shows the problem. I didn't have the MD4 perl module installed, which wasn't required before, it appears to be now. I installed it, and it's running now under 4.7. [qix:/usr/local/radius/Radiator-4.7] perl radiusd -foreground -log_stdout -trace 4 -config_file /usr/local/radius/radius.cfg Wed Aug 11 23:53:14 2010: ERR: Could not load AuthBy module Radius::AuthNTLM: Can't locate Digest/MD4.pm in @INC (@INC contains: . /usr/local/lib/perl5/5.8.9/BSDPAN /usr/local/lib/perl5/site_perl/5.8.9/mach /usr/local/lib/perl5/site_perl/5.8.9 /usr/local/lib/perl5/5.8.9/mach /usr/local/lib/perl5/5.8.9 .) at Radius/MSCHAP.pm line 47, CONFIG line 129. BEGIN failed--compilation aborted at Radius/MSCHAP.pm line 47, CONFIG line 129. Compilation failed in require at Radius/AuthNTLM.pm line 20, CONFIG line 129. BEGIN failed--compilation aborted at Radius/AuthNTLM.pm line 20, CONFIG line 129. Compilation failed in require at (eval 48) line 3, CONFIG line 129. Wed Aug 11 23:53:14 2010: ERR: Unknown object 'AuthBy' in /usr/local/radius/radius.cfg line 129 Can't locate object method new via package Radius::AuthNTLM at Radius/Configurable.pm line 450, CONFIG line 136. -- Robert Blayzor INOC, LLC rblay...@inoc.net http://www.inoc.net/~rblayzor/ ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: (RADIATOR) Shutdown in a Hook
On 1/5/04 1:49 PM, Frank Danielson [EMAIL PROTECTED] wrote: How about using- kill '1',$$ or if you are in a hurry- kill '9',$$ Actually if you are in that much a hurry why bother with kill when you can just exit(); -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 If the automobile had followed the same development cycle as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside. - Robert X. Cringely === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) authentication
On 11/10/03 6:03 PM, Dan Boucaut [EMAIL PROTECTED] wrote: Is it possible to use different authentication methods based on username. ie usernameA authenticates to serverA and usernameB authenticates to serverB ?? Sure with Radiator, almost anything is possible! ;-) Handler Username = /A$/ AuthBy ... /AuthBy /Handler Handler Username = /B$/ AuthBy ... /AuthBy /Handler -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Any sufficiently advanced bug is indistinguishable from a feature. - Kulawiec === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Help with Ascend Max and RADIUS performance
We have recently acquired several Ascent MAX 6000 boxes and are having a problem with a lot of duplicate RADIUS accounting packets. The problem seems to be that the MAX's are overly aggressive when sending RADIUS requests. They seem to send requests every second until the timeout seconds is reached, which seems a little extreme. When you are doing multi-hop RADIUS proxy, some accounting requests usually take a second or more. I'm wondering if there is any way to tweak the MAX's RADIUS behavior like you can in a Cisco AS5x00 series. Normally on a Cisco you can specify the RADIUS timeout, which is the value between retry packets, the number of retries, and then the server deadtime. I really want to step the MAX's down to about 3 seconds between retries because of the hops involved. Right now we're seeing 2-3 duplicate accounting records because the MAX's are sending requests every second until the requests are ack'd. Seems overly aggressive to me. If this can be tweaked, where, and what settings should I use? Ideally I'm looking for 3 seconds between requests with 3-5 retries until it should go to the next server. Thanks in advance to anyone that can help. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Calm down -- it's only ones and zeroes. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) CachePasswords not available in AuthBy ROUNDROBIN
I have a Radiator farm setup which I'm trying to AuthBy ROUNDROBIN to... It doesn't appear that CachePasswords works for this AuthBy. Looking at my trace, auths are always sent to the clients and never lookedup in the cache even though I've authed several times.. Here is the handler I have: Handler UsernameCharset [EMAIL PROTECTED] RewriteUsername tr/A-Z/a-z/ RewriteUsername s/\s+//g RewriteUsername s/[EMAIL PROTECTED]/\?/g AuthBy ROUNDROBIN FailureBackoffTime 300 Secret Retries 3 RetryTimeout10 AuthPort1812 AcctPort1813 Host 1.1.1.1 /Host Host 2.2.2.2 /Host CachePasswords RejectEmptyPassword NoDefault /AuthBy SessionDatabase NoneDB /Handler Shouldn't CachePasswords be supported in this AuthBy? It is in AuthBy RADIUS... -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 If at first you don't succeed, call it version 1.0 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) CachePasswords not available in AuthBy ROUNDROBIN
On 10/2/03 1:01 PM, Robert Blayzor [EMAIL PROTECTED] wrote: I have a Radiator farm setup which I'm trying to AuthBy ROUNDROBIN to... It doesn't appear that CachePasswords works for this AuthBy. Looking at my trace, auths are always sent to the clients and never lookedup in the cache even though I've authed several times.. I got this one figured out. Helps to consult the manual first, mine was a little out of date on print. Anyway, changing the default handling of this was the fix. I do have one question for Hugh however. How can one completely drop or reject any request coming in at the client level based on attributes received (or NOT received for that matter). For example, say I want to ignore or drop any accounting requests from a client with the User-Name attribute missing, or empty string. I see this problem a lot on Ascent maxes. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 A Life? Cool! Where can I download one of those from? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Small bug in 3.7 on FreeBSD
I don't know if this effects other OS's, but on FreeBSD, when sending a SIG HUP to Radiator the monitor port stops working... Mon Sep 29 11:55:17 2003: NOTICE: SIGHUP received: restarting Mon Sep 29 11:55:17 2003: ERR: Could not bind Monitor socket: Address already in use Mon Sep 29 11:55:17 2003: NOTICE: Server started: Radiator 3.7 on foo Once this happens it seems like it's still answering connections on port 9048, but then accepts no commands. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 You are in a dark room with a compiler, vi, an internet connection, and a thermos of coffee. :Your Move ? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Discard queries based on attribute values
I'm having a problem on our RADIUS cluster with PPPoE clients being way to aggressive. Sometimes when a user is shut off, the PVC in the DSL network isn't turned down for some time and it leaves aggressive PPPoE clients trying to connect at a sometimes ungodly rate. (dozens per minute). This litters our logs and creates a lot of unnecessary IO's to the backend, etc. I'm wondering what the best practice is to be able to discard these requests before they even go to any handler, and to dump the packet/request completely without even logging it. Well not discard these, but send back an instant NAK to the NAS... I assume some PreHandlerHook (or PreClientHook) would be needed, but is there an example how to? ie: Say I have a list of usernames in a file that I want to discard on.. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Stock item: We shipped it once before, and we can do it again, probably. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) formatted TIME_STAMP in AcctSQLStatement
On 9/11/03 7:23 PM, tracker [EMAIL PROTECTED] wrote: Is it possible to use a formatted TIME_STAMP in AcctSQLStatement, like formatted-date,'%e %m %Y %H:%M:%S' Easier way may be to have your SQL server insert the time for you. That is, if your SQL server and your RADIUS server's times are sync'd. (and current date/time is what you want) You can do this several ways depending on your backend, ie: MSSQL - getdate() Or PgSQL - timestamp 'now' More.. INSERT INTO tbl_radacct (recdate) values (timestamp 'now') -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 I'm not sure. Try calling the Internet's head office -- it's in the book. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) formatted TIME_STAMP in AcctSQLStatement
On 9/11/03 7:19 PM, Mike McCauley [EMAIL PROTECTED] wrote: Yes, but you really should take into account the Acct-Delay-Time in accounting requests, which is the amount of time the request has been sitting in the NAS waiting for successful transmission. The Timestamp attrtibute takes this into account, so its best to use that if possible. If that's the case, could you not just use the DateFormat directive from the manual, 6.28.18. ? Since many of us may use stored procedures, AcctColumnDef's don't do a whole lot.. ;-) So lets say I'm using MSSQL... DateFormat %m/%d/%Y %X AcctSQLStatementEXEC sp_acctinsert '%{Acct-S ession-Id}','%{Acct-Status-Type}','%{User-Name}','%{TimeStamp}' Should insert the TimeStamp as '9/11/2003 21:21:21' ??? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 A successful tool is used to do something undreamed of by its author. - Johnson === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) formatted TIME_STAMP in AcctSQLStatement
So lets say I'm using MSSQL... DateFormat %m/%d/%Y %X AcctSQLStatementEXEC sp_acctinsert '%{Acct-S ession-Id}','%{Acct-Status-Type}','%{User-Name}','%{TimeStamp}' Should insert the TimeStamp as '9/11/2003 21:21:21' ??? The only time the DateFormat is used in AuthBy SQL is to format AcctColumnDefs with integer-date types. Timestamp can be got in a number of formats usign special characters like: %b, %o etc. I wonder if a new special character that means 'Timestamp in standard SQL date format' might be useful? Well that being said. How am I able to easily pass in a TimeStamp field in the format I need so that my specific AcctSQLStatement can insert it however I need it. (see above). Since stored procedurs use argument lists instead of direct insert column/value pairs. Given above, I need to get TimeStamp into the format above to pass it in the argument list. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Exclusive: We're the only ones who have the documentation. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) authby radius
On 9/10/03 10:49 PM, tracker [EMAIL PROTECTED] wrote: Is it possible to store the accounting record of a user if my server just acts as proxy? If so, how? Example, below is my config for the realm domain.com Handler Realm = someisp.net AuthByPolicyContinueAlways AuthBy Proxy-Acct AuthBy Proxy-Auth /Handler AuthBy RADIUS Identifier Proxy-Auth Host 1.1.1.1 Secret mysecret AuthPort1812 AcctPort1813 /Host Retries 2 /AuthBy AuthBy SQL Identifier Proxy-Acct DBSourcedbi:MySQL:server=BLAH DBUsername radius DBAuth foo AuthSelect AccountingTable AcctSQLStatementINSERT INTO blah ... /AuthBy At least that's what's worked for me ... -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Life would be much easier if I had the source code. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) CATool Private Certificate Authority software now available
On 9/10/03 5:52 PM, Bon sy [EMAIL PROTECTED] wrote: Is it just me or this happens to others too? I received the following three times. I reply one to Mike directly but did not get reply. Several posting dated Sept 8 I saw two days ago came to my mail folder again the last few hrs. Yep, same thing here. I've seen posts duplicated over the last couple of days... -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Hackers have kernel knowledge. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) authby radius
On 9/11/03 2:42 PM, tracker [EMAIL PROTECTED] wrote: Using this method, how do you enforce that only Accounting Stop records will be stored locally? Add the AccountingStopsOnly directive in your AuthBy SQL section. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Calm down -- it's only ones and zeroes. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) rewrite NAS-Port-type?
On 6/17/03 12:29 PM, Craig Gittens [EMAIL PROTECTED] wrote: I am trying to implement a VPN solution using linux pppd and it is sending the port type as Async. The problem is I don't want dialup customers able to use this service as well. I was wondering if you could rewqrite NAS port type before authentication in the CLIENT? Try something like this: Client x.x.x.x Identifier VPN-Client Secret foobar PreHandlerHook file:vpn-port-rewrite.pl /Client Then in vpn-port-rewrite.pl do this: sub { ${$_[0]}-delete_attr('NAS-Port-Type'); ${$_[0]}-add_attr('NAS-Port-Type', 'VPN'); } -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Design: The activity of preparing for a design review. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) how to setup disconnection cause attribute
On 6/15/03 8:13 AM, Muhammad Talha [EMAIL PROTECTED] wrote: Dear all i want to setup disconnection cause attribute to know y users are disconnected from RAS ( AS5300 and Max 6000 ) i am using Radiator-2.18 on solaris 9 . what changes are required to achieve this ?? None that I'm aware of. I know that at least on the AS5300's they send a termination reason in with every stop record. Just search the RADIUS dictionary for terminate it's in there.. Once you find that attribute you can deal with it in your accounting policy. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 I'm sorry a pentium won't do, you need an SGI to connect with us. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Run Stored Proc for Stop-records
On 6/13/03 7:16 AM, Herman verschooten [EMAIL PROTECTED] wrote: I would like to run a stored procedure on MS-SQL for stop-records. But I want to keep the normal inserts of the Start/Update/Stop-records too. How can I most easily do this? An extra AuthBy SQL? Can I use the AcctInsertQuery to run the stored proc? I would very much like the functionality to be able to select a value from different values depending on their availability in the radius-packet. Yes, you can just pass your accounting query to a stored procedure. What you do with the data from there is totally up to you. With Radiator you can specify the exact accounting query to your backend with as many or as little RADIUS attribs as you want -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Real programmers don't document. If it was hard to write, it should be hard to understand. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Apache authentication problem
I want to authenticate the apache users with Radiator, I've installed: Radiator 3.1 mod_auth_radius-1.5.2 apache1.3.19-5 when I try to connect to my web site, apache show me the popup for the radius authentication, I fill a valid radius username but the authentication failed, on the radius log there is a bad password error, but the password is right. Someone have any idea ??? I just looked at this and wanted to check it out for myself, so I managed to download it, install it and get it to work for the first time. The main thing I would look at in your case is to make sure that the secrets match in your httpd.conf and in your Radiator configuration for the client. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] State-of-the-art: What we could do with enough money. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Telnet, SMTP and port 25
Sounds like you do not have a default gateway set, or your subnet mask is wrong. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] If the automobile had followed the same development cycle as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside. - Robert X. Cringely -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ayotunde Itayemi Sent: Wednesday, August 21, 2002 2:11 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Fw: (RADIATOR) Telnet, SMTP and port 25 - Original Message - From: Ayotunde Itayemi To: Hugh Irvine Sent: Wednesday, August 21, 2002 6:23 PM Subject: Re: (RADIATOR) Telnet, SMTP and port 25 Hi Hugh, Traceroute gets to the destination. Pings are replied (reaches destination). Also telnet to myself (mail server) on port 25 (from the same box) works i.e, telnet 127.0.0.1 25 This also works:telnet mail 25 BUT this does not:telnet any-internet-mailserver 25 Regards, Tunde I. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 21, 2002 5:37 PM Subject: Re: (RADIATOR) Telnet, SMTP and port 25 Hello Tunde - The error message clearly states No route to host. Try a traceroute to see what is amiss. regards Hugh On Wednesday, August 21, 2002, at 06:12 PM, Ayotunde Itayemi wrote: Hi Hugh, Hi all, Okay this is not a RADIUS question, but excuse me anyway. I have a RedHat 6.2 Linux system that has been configured as a mail server for a real Internet domain. Users can receive their mails but nothing (mails) can be sent out. After a lot of troubleshooting I made out the following: 1. The system can't send mails out because you cannot initiate a telnet session from it to any other system on port 25 e.g., [root@mail itayemi]# telnet 10.0.4.4 25 Trying 10.0.4.4... telnet: Unable to connect to remote host: No route to host This is the same message that keeps being written to the mail log (/var/log/maillog) by sendmail. Any ideas? You can telnet to it on port 25 from other systems. I have looked at all the common causes I can think of (DNS, inetd, routing, sendmail etc) Nothing seems to work. The system is not configured as a firewall and the port is not blocked by the router or any other device. Regards, Tunde I. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Pre Handler hook help...
Hugh, I did as you suggested, appears to be a bug with Radiator and the PERL oct() function. For some reason Radiator has broken oct() fucntion. My Sub I included: sub { print oct() Test: . oct(0b01011000) . \n; } Output from Ratiator: oct() Test: 0 Output from PERL (any other program or right from perl -e): [shell:~] perl -e 'print oct(0b01011000).\n;' 1408 What gives? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Advanced design: Upper management doesn't understand it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine Sent: Friday, July 12, 2002 6:12 PM To: [EMAIL PROTECTED]; Robert Blayzor; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Pre Handler hook help... Hello Robert - I suggest you do two things: 1. put the hook code in a file so it is easier to edit - something like this: PreHandlerHook file:%D/nasport.pl 2. unwind the code a bit and add print statements between the statements so you can see what is going on Then you can run radiusd from the command line and you will see the print output in the terminal window where you are running it - like this: radiusd -foreground -log_stdout -config_file . regards Hugh On Sat, 13 Jul 2002 06:21, Robert Blayzor wrote: We have an handler which uses the following hook: Client 64.246.152.18 Identifier DSL1 Secret s DupInterval 2 NasType ignore PreHandlerHook sub { ${$_[0]}-add_attr('NAS-Port-Type', 'SDSL'); my $i_p = ${$_[0]\ }-get_attr('RB-NAS-Real-Port'); my $i_a = sprintf(%s/%s/%s.%s, map oct(0b$_), unpack(\ B32, pack(N, $i_p)) =~ /(.{5})(.{3})(.{8})(.*)/); ${$_[0]}-add_attr('Calling-Station-Id\ ', $i_a);} /Client In a nutshell the Hander basically adds a NAS-Port-Type and is to take a 32bit integer representation of DSL ports and put them in the 'Calling-Station-Id' attribute. The output should come out to be soething like: 5/0/0/233, etc. However everything comes out at 0/0/0.0, like $i_p is null, but it's not because the following code (if I reverse things) works fine... PreHandlerHook sub { ${$_[0]}-add_attr('NAS-Port-Type', 'SDSL'); my $i_p = ${$_[0]\ }-get_attr('RB-NAS-Real-Port'); ${$_[0]}-add_attr('Calling-Station-Id', $i_p);} Output the following code right from PERL works fine too: perl -e 'print sprintf(%s/%s/%s.%s, map(oct(0b$_), unpack(B32, pack(N, 671088873)) =~ /(.{5})(.{3})(.{8})(.*)/)) .\n;' 5/0/0.233 Any ideas? I really need to get this to work. Thanks! -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Pre Handler hook help...
Hi, You can also do it like this: $p-add_attr( 'Calling-Station-Id',(($p-get_attr( 'RB-NAS-Real-Port') 0xff) 16) .\ .. ($p-get_attr( 'RB-NAS-Real-Port') 0x)); \ Right. We figured that out also, with all the attribs, after fussing around with the oct which was not needed as the bit shifting is much faster anyway. Thanks. my $i_id = ($i_port 0xf800) 27 ./. ($i_port 0x0700) 24 ./. ($i_port 0xff) 16 ... ($i_port 0x); -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] That function is not currently supported, but Bill Gates assures us it will be featured in the next upgrade. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Strange unknown attributes
I've been noticing some strnage errors in our Radiator log files. I believe this is coming from a badly behaving Ascend Max. I'm wondering if anyone has seen this before? Sun Jun 2 07:27:17 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 07:27:17 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 07:27:17 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined in your dictionary Sun Jun 2 07:27:17 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined in your dictionary Sun Jun 2 07:29:27 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 07:29:27 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 07:29:27 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined in your dictionary Sun Jun 2 07:29:27 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined in your dictionary Sun Jun 2 20:32:36 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 20:32:36 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 20:32:36 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined in your dictionary Sun Jun 2 20:32:36 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined in your dictionary Sun Jun 2 20:32:36 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 20:32:36 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 20:32:36 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined in your dictionary Sun Jun 2 20:32:36 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined in your dictionary Sun Jun 2 20:32:38 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary Sun Jun 2 20:32:38 2002: ERR: Attribute number 99 (vendor 1399813490) is not defined in your dictionary -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] If at first you don't succeed, call it version 1.0 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthLog questions
I've followed the Radiator manual for AuthLog SQL Here are my config entries: AuthLog SQL Identifier SQL-AuthLog1 FailureQueryEXEC sp_RadiusAuthLog '%{GlobalVar:ServerID}','%n','%{Class}','%N','%{Called-Station-Id}','%{C alling-Station-Id}','%1' LogSuccess 0 LogFailure 1 /AuthLog Handler RewriteUsername s/^(P|C|S)// RewriteUsername tr/A-Z/a-z/ RewriteUsername s/\s+//g AuthByPolicyContinueAlways AuthBy Acct-SQL AuthBy Auth-NAS AuthLog SQL-AuthLog1 SessionDatabase Null-SDB /Handler My questions is, how does AuthLog SQL know which database source to use? Or will it assume to use the same source as the AuthBy? Or does it accept DBSource, etc? The manual does not state so. All the manual states is: 6.50 AuthLog SQL The clause indicates to log authentication successes and failures to an SQL database. You can define as many AuthLog SQL clauses as you wish at the top level or within Realm or Handler clauses. Each clause can specify different logging conditions and a different log database. As well as the generic parameters described in Section 6.48 , AuthLog SQL understands the following parameters: Please advise. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] If the automobile had followed the same development cycle as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside. - Robert X. Cringely === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problems with AuthLog SQL
Hi Hugh, I have a small problem with AuthLog SQL. I posted a previous message and just assumed to try putting the connect information in the config file. It appears to work. I get the results placed in the database, and trace 4 shows no errors... Thu May 30 09:56:34 2002: DEBUG: Radius::AuthSQL looks for match with kdelaet Thu May 30 09:56:34 2002: DEBUG: Radius::AuthSQL REJECT: Bad Password Thu May 30 09:56:34 2002: INFO: Access rejected for kdelaet: Bad Password Thu May 30 09:56:34 2002: DEBUG: do query is: EXEC sp_RadiusAuthLog '0','kdelaet','kdelaet','64.246.152.18','','','Bad Password' Thu May 30 09:56:34 2002: DEBUG: Packet dump: *** Sending to 64.246.152.18 port 1812 But, I'm getting these messages printed in the console I have run Radiator from, quite frequently: AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 1 Bad Password Radius::Radius=HASH(0x857924c) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 0 Radius::Radius=HASH(0x854949c) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 1 Bad Password Radius::Radius=HASH(0x8571c24) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 0 Radius::Radius=HASH(0x8549784) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 0 Radius::Radius=HASH(0x8571c90) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 1 Bad Password Radius::Radius=HASH(0x85711bc) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 1 Bad Password Radius::Radius=HASH(0x85474d8) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 0 Radius::Radius=HASH(0x8571fb4) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 0 Radius::Radius=HASH(0x8571d20) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 1 Bad Password Radius::Radius=HASH(0x8547430) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 1 Bad Password Radius::Radius=HASH(0x857a03c) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 1 Bad Password Radius::Radius=HASH(0x854dfcc) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 0 Radius::Radius=HASH(0x85474d8) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 0 Radius::Radius=HASH(0x8571d98) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 1 Bad Password Radius::Radius=HASH(0x8571f6c) AuthLogSQL log Radius::AuthLogSQL=HASH(0x83152b8) 0 Radius::Radius=HASH(0x85711f8) My config section seems fine. If I comment out the use of my AuthLog, these errors disappear. AuthLog SQL DBSourcedbi:Sybase:server=SQL DBUsername DBAuth Identifier SQL-AuthLog1 FailureQueryEXEC sp_RadiusAuthLog '%{GlobalVar:ServerID}','%n','%{Class}','%N','%{Called-Station-Id}','%{C alling-Station-Id}',%1 LogSuccess 0 LogFailure 1 /AuthLog -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Meets quality standards: Compiles without errors. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) AuthBy SQL and Passwords ..
So I got the bright idea to add a AND PASS='%{Password}' to the AuthSelect line. But the query ends up AND PASS='' (nothing is put in there.) So, obviously RADIUS either 1) can't pass it like that or 2) can but I'm doing it wrong. Perhaps you want AND PASS='%P' ??? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PasswordLogFile contents
I'm curious to know if it's possible to do either of the following: 1) Change the format of what is included in the PasswordLogFile Or 2) Omit the PASSED password entries and log only the FAIL's -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Document code? Why do you think they call it code? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) SQL Accounting / Radius Attribute Values only
Correct... If you are using the standard accounting INSERT But how would you do it if you need to use: AcctSQLStatementEXEC sp_RadiusAcctInsert '0','%{Acct-Session-Id}','%{Acct-Status- Type}','%{User-Name}','%{Called-Station-Id}','%{Calling-Station-Id}','%c ','%{NAS-Port}','%{NAS-Po rt-Type}','%{Service-Type}','%{Framed-Protocol}','%{Framed-IP-Address}', '%{Connect-Info}','%{Acct -Terminate-Cause}','%{Acct-Input-Octets}','%{Acct-Output-Octets}','%{Acc t-Session-Time}' A more advanced SQL statement? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 11:38 PM To: [EMAIL PROTECTED]; Robert Blayzor Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) SQL Accounting / Radius Attribute Values only Hello Robert - You can do this with AcctColumnDef's: AcctColumnDef NASPORT,NAS-Port,integer Have a look at section 6.28.13 in the Radiator 2.19 reference manual. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) NAS-IP-Address
This usually happens if your NAS is multihomed or has a loopback interface set. You have to tell the NAS the interface you want the NAS-IP to be identified as. If this is a Cisco NAS, then you might want to check your Loopback interface (if you have one set) If the box is simply multihomed, then you can force the NAS source from by using something like ip radius source-interface whatever. If you're multihomed, it's probably a good idea to set a loopback interface as common, then source and send requests from it that way you don't have to setup two different client connections to RADIUS. Then again, this may not solve your problem as you haven't provided enough information about your NAS. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Artificial Intelligence: Making computers behave like they do in the movies. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike McCauley Sent: Friday, January 04, 2002 7:02 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) NAS-IP-Address -- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Alex Fritz [EMAIL PROTECTED]] Date: Fri, 4 Jan 2002 16:10:11 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Fri Jan 4 16:10:10 2002 Received: from ncninternet.com (ns1.ncninternet.com [63.252.251.123]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g04MA5318629 for [EMAIL PROTECTED]; Fri, 4 Jan 2002 16:10:10 -0600 Received: from cc529972a [65.81.72.44] by ncninternet.com (SMTPD32-7.04) id A0BF380106; Fri, 04 Jan 2002 17:54:39 -0600 From: Alex Fritz [EMAIL PROTECTED] To: Radiator NewsGroup [EMAIL PROTECTED] Subject: NAS-IP-Address Date: Fri, 4 Jan 2002 17:45:22 -0600 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. We noticed something that has caused a little difficulty for us.. In the Radius text logs, when set to Trace 4, it displays the Clients correct IP address at the top of the packet, but later in the packet next to Nas-Ip-Address it displays some other IP address. How can we get the Clients correct IP address in to the database then for queries? Please help... below is a copy of the log and I place around the places needing attention.. Thanks, Alex Fritz NCN Internet Fri Jan 4 07:39:15 2002: INFO: Server started: Radiator 2.18.2 on thor Fri Jan 4 07:39:15 2002: DEBUG: Packet dump: *** Received from 216.127.139.10 port 3949 .--- This IP (The NAS's) Code: Accounting-Request Identifier: 153 Authentic: 26189d209S253F0[164#1836249}M Attributes: User-Name = [EMAIL PROTECTED] NAS-IP-Address = 67.208.224.53 --- doesn't match this NAS-Port = 182 NAS-Port-Type = Async Service-Type = Framed-User Acct-Status-Type = Stop --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.307 / Virus Database: 168 - Release Date: 12/11/2001 --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MSCHAP and MPPE
I am trying to replace M$ IAS with Radiator to authenticate VPN connections from a PIX firewall via PPTP and MPPE. If I use the IAS with Win2K server, all is fine. If I cut over to Radiator, Radiator accepts the connections, but the Windows client (Win2K VPN client) rejects the connection because it does not use encryption. Here is a clip our of my users file: joeuser User-Password = mypass, Service-Type = Framed-User Framed-IP-Address = 255.255.255.254, MS-MPPE-Encryption-Policy = Encryption-Required, MS-MPPE-Encryption-Types = Encryption-40, MS-MPPE-Send-Key = mysendkey, MS-MPPE-Recv-Key = myrecvkey, Tunnel-Type = PPTP Radiator trace shows: Thu Jan 3 12:01:42 2002: DEBUG: Check if Handler Client-Identifier = PIX-FW should be used to ha ndle this request Thu Jan 3 12:01:42 2002: DEBUG: Handling request with Handler 'Client-Identifier = PIX-FW' Thu Jan 3 12:01:42 2002: DEBUG: Handling with Radius::AuthFILE: Thu Jan 3 12:01:42 2002: DEBUG: Reading users file /radius/vpn-users Thu Jan 3 12:01:42 2002: DEBUG: Radius::AuthFILE looks for match with joeuser Thu Jan 3 12:01:42 2002: DEBUG: Radius::AuthFILE ACCEPT: Thu Jan 3 12:01:42 2002: DEBUG: Access accepted for joeuser Thu Jan 3 12:01:42 2002: DEBUG: Packet dump: *** Sending to 10.0.0.1 port 1812 Code: Access-Accept Identifier: 138 Authentic: 136!F74]210163160Y3025520421*27 Attributes: Framed-IP-Address = 255.255.255.254 Service-Type = Framed-User MS-MPPE-Encryption-Policy = Encryption-Required MS-MPPE-Encryption-Types = Encryption-40 MS-MPPE-Send-Key = removed MS-MPPE-Recv-Key = removed Tunnel-Type = PPTP -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Esc key to reboot Universe, or any other key to continue... === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SQL Accounting / Radius Attribute Values only
We have a very high number of accounting records that get stored on our SQL servers, our goal is to reduce space consumption a bit. Is there a way to have Radiator store the actual value of the RADIUS accounting attributes and not the dictionary definitions? Ie: EXEC sp_RadiusAcctInsert '0', '0015', 'Stop', 'joeuser', '6894448', '5184329030', '64.246.132.1','12', 'Async', 'Framed-User', 'PPP', '64.246.132.11', '', 'User-Request', '2194', '1138', '63' Instead Stop, value would be integer 2. NAS-Port-Type, Framed-Protocol, etc, all are integers and use much less space to store than their text meanings. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Earth is 98% full...please delete anyone you can. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) SQL Accounting / Radius Attribute Values only
My first inclination would be to archive the accounting data on a periodic basis (every day, every week, every month, whatever). One easy way to do this is to set up a different table for each month (week, day, whatever) for example and then use the Radiator special characters in your AcctSQLStatement to specify the table name. Thank you for your response. We've been through all this. We need to keep at least six months of RADIUS accounting data on-line at all times. Archiving really isn't the issue, but when you have some 20,000+ users, that's a LOT of RADIUS accounting data. We're taking about 25GB+ per month at current rate. If we were able to specify the integer values, it would save us about 30-40% of that space over saving the string values. We can easily inner-join cross reference tables on queries. I really wouldn't suggest storing the integer values as trying to post process the data will be very messy. Well not really post processing, more like pre-processing. The attribute values arrive to Radiator in integer value, why not have the ability to store the integer value. I know I was able to do this with SBR in the past. When it comes to large data warehousing of accounting records, it makes the most sense. Either case, I was just curious as if this could be done in one way or another It would make a nice feature. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Years of development: We finally got one to work. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Multiple Check Attributes
Using AuthBy SQL, how would one return multiples of the same Check Attributes and have Radiator accept the session if the user NAS-Port-Type matched any of those returned. For example, I have a user that can use NAS-Port-Type Async or IDSL, but he cannot use NAS-Port-Type Sync (ISDN). According to the Radiator docs the list of check attributes are compared and ALL must match, if I return say: NAS-Port-Type=Async,NAS-Port-Type=IDSL and the user calls and uses type Async, will the request fail?.. And if so, how can I change it so that any NAS-Port-Type I return from SQL will accept the session so long as one of the attributes matches.. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] Logic: The art of being wrong with confidence... === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MSSQL best connection method
We are currently implementing a couple of Radiator servers in our NOC and we will be using MSSQL stored proceedures to do both authentication lookups and the storing of accounting information. According to the Radiator FAQ, FreeTDS is not the recommended choice for obveious reasons. I'm curious as to how many people may be using MSSQL for their backend but using Unix (in my case FreeBSD 4.4) as the RADIUS server platform. Right now my choices seem to be limited to DBI proxy or FreeTDS. I have FreeTDS working for web applications via PERL, etc. Just wondering how stable FreeTDS would perform in a very active RADIUS server environment. The one quirk I've always noticed is that if the connection breaks between FreeTDS and your MSSQL server, FreeTDS mod seems to bomb out the whole PERL script running. Any work arounds or suggestions? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] It only makes sense that every facet of our daily lives should depend upon the position of celestial bodies hundreds of millions of miles away. - Calvin and Hobbes === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.