(RADIATOR) DNS Suffix question ?
Hello, I am trying to send DNS suffix (eg. domain.com) at each users reply. But I was not able to find the attribute on the dictionary. Is there anyway to do that. Regards, Tuncay === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Limiting Realm
Hello, Does anyone know a way to limit number of users on a realm. For example a domain which has 200 users can only have 80 users online. The 81th user will be rejected. Regards, Tuncay Margilic === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RE: Radpwtst in cgi-bin
OK...
I found the reason... I made a mistake when concatinating the reply on the
SQL statement
Now it works as it has to...
Thanks anyway,
Tuncay
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 08, 2000 5:26 PM
To: Tuncay MARGILIC; [EMAIL PROTECTED]
Subject: RE: Radpwtst in cgi-bin
Hello Tuncay -
At 9:30 +0200 8/12/00, Tuncay MARGILIC wrote:
I am writing an authentication cgi. This cgi will authenticate people...
for
example http://faa.foo.com/cgi-bin/auth.cgi?user=fredpassword=fred
the auth.cgi sends these parameters to radpwtst and radpwtst asks the
Radiators if the user is allowed
This part is working id I get OK from the radpwtst results this meand the
user is allowed. I also want to write some attributes from users reply like
Session-Timeout.
This has worked with AUTHBY FILE but AUTHBY SQL is not. I am geting the
attribute with at line 312 of radpwtst;
my $timeout1 = $rp-get_attr('Session-Timeout');
$timeout2 = $timeout1;
but not giving the value for the Session-Timeout as I have in the users
replyattr field.
I have checked that with Trace 4 there is no attr Sesssion-Timeout in the
Access-Accept.
I will need to see the trace 4 to see what is happening.
thanks
Hugh
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Radpwtst in cgi-bin
I am trying to use the radpwtst to authenticate from cgi-bin directory. But I could not get all the Attributes that the user has in replyattr. For example Session-Timeout. It is working when I use AUTHBY FILE. The problem occurs when using with AUTHBY SQL Tuncay === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RE: Radpwtst in cgi-bin
I am writing an authentication cgi. This cgi will authenticate people... for
example http://faa.foo.com/cgi-bin/auth.cgi?user=fredpassword=fred
the auth.cgi sends these parameters to radpwtst and radpwtst asks the
Radiators if the user is allowed
This part is working id I get OK from the radpwtst results this meand the
user is allowed. I also want to write some attributes from users reply like
Session-Timeout.
This has worked with AUTHBY FILE but AUTHBY SQL is not. I am geting the
attribute with at line 312 of radpwtst;
my $timeout1 = $rp-get_attr('Session-Timeout');
$timeout2 = $timeout1;
but not giving the value for the Session-Timeout as I have in the users
replyattr field.
I have checked that with Trace 4 there is no attr Sesssion-Timeout in the
Access-Accept.
Tuncay Margilic
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 07, 2000 10:46 PM
To: Tuncay MARGILIC; [EMAIL PROTECTED]
Subject: RE: Radpwtst in cgi-bin
Hello Tuncay -
I think you will have to explain more clearly, I don't understand
what you are trying to do, nor what the problem is.
thanks
Hugh
At 21:54 +0200 7/12/00, Tuncay MARGILIC wrote:
Did anyone used radpwtst like this. I will not use the radius module of the
webserver. There are some implementation problems...
Tuncay
-Original Message-
From: Tuncay MARGILIC
Sent: Thursday, December 07, 2000 9:44 PM
To: [EMAIL PROTECTED]
Cc: 'Hugh Irvine'
Subject: Radpwtst in cgi-bin
I am trying to use the radpwtst to authenticate from cgi-bin directory. But
I could not get all the Attributes that the user has in replyattr. For
example Session-Timeout.
It is working when I use AUTHBY FILE. The problem occurs when using with
AUTHBY SQL
Tuncay
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) SessionDatabase SQL problem
minimum one of the field is marked unique on the table RADONLINE.
check the table indexes!!!
I do not use unique index on my RADONLINE table...
Tuncay
-Original Message-
From: Andy De Petter [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 24, 2000 10:49 AM
To: Radiator Mailing
Subject: RE: (RADIATOR) SessionDatabase SQL problem
snip
Thu Nov 23 20:18:50 2000: ERR: do failed for 'insert into
RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID,
TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
('[EMAIL PROTECTED]', '10.10.10.1', 45, '0414', 975010730,
'10.10.140.233', 'Async', 'Framed-User')': Duplicate entry
'10.10.140.1-45' for key 1
I have to remove those by hand from the table...
The above look like accounting records with no access request
prior to them
arriving.
Any way of preventing this to happen??
-Andy
--
..
::
: Andy De Petter [EMAIL PROTECTED] :
:Skynet NV/SASystem Engineer :
::
: Kol. Bourgstraat 124 _,'|_.-''``-...___..--'; :
:1140 Brussels/, \'. _..-' , ,--...--''' :
: \ .`--''' ` /|:
: Tel +32 (0)2 7061311 `-,;' ; ; ;:
: Fax +32 (0)2 7061312__...--'' __...--_..' .;.':
:(,__''' (,..--'' :
: http://www.skynet.be :
..
The opinions expressed are personal.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) SessionDatabase SQL problem
Then you can count your unique users on the table with 'SELECT DISTINCT
USERNAME FROM TABLE;'
and you will have the correct number of users.
But if you have the corect configuration you schould not have multiple users
inserted on the same table (If the MaxSession is 1).
Tuncay
-Original Message-
From: Andy De Petter [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 24, 2000 2:20 PM
To: Radiator Mailing
Subject: RE: (RADIATOR) SessionDatabase SQL problem
I'm pretty sure that if you don't use unique indeces on your session table,
that it isn't confirm to the reality .. eg, your table will say more users
are online, while they aren't.
-A
-Original Message-
From: Tuncay MARGILIC [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 24, 2000 1:07 PM
To: Andy De Petter; Radiator Mailing
Subject: RE: (RADIATOR) SessionDatabase SQL problem
minimum one of the field is marked unique on the table RADONLINE.
check the table indexes!!!
I do not use unique index on my RADONLINE table...
Tuncay
-Original Message-
From: Andy De Petter [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 24, 2000 10:49 AM
To: Radiator Mailing
Subject: RE: (RADIATOR) SessionDatabase SQL problem
snip
Thu Nov 23 20:18:50 2000: ERR: do failed for 'insert into
RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID,
TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
('[EMAIL PROTECTED]', '10.10.10.1', 45, '0414', 975010730,
'10.10.140.233', 'Async', 'Framed-User')': Duplicate entry
'10.10.140.1-45' for key 1
I have to remove those by hand from the table...
The above look like accounting records with no access request
prior to them
arriving.
Any way of preventing this to happen??
-Andy
--
..
::
: Andy De Petter [EMAIL PROTECTED] :
:Skynet NV/SASystem Engineer :
::
: Kol. Bourgstraat 124 _,'|_.-''``-...___..--'; :
:1140 Brussels/, \'. _..-' , ,--...--''' :
: \ .`--''' ` /|:
: Tel +32 (0)2 7061311 `-,;' ; ; ;:
: Fax +32 (0)2 7061312__...--'' __...--_..' .;.':
:(,__''' (,..--'' :
: http://www.skynet.be :
..
The opinions expressed are personal.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) process sequence???
Hi there, When is the record on the radonline table is deleted when the Raiator recieves a stop record of a users disconnection. Does this record on radonline still alive if the Radiator recieves the second or third stop record from the NAS. (I mean multiple accounting problem) Tuncay === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SQL Timeout!
Title: SQL Timeout! Hi all, I am facing the SQL Timeout problem. We user Oracle 8i as the DB , Radiator 2.15. Hugh can you send me the conditions that Radiator sends SQL Tiemout message. Also I need a debug patch that will give me a level 5 trace that will be activated when the SQL Timeout is happened. Because I cannot use the trace 5 all the time. This effects the service performance. Is that possible? Tuncay
(RADIATOR) Perl script question
Title: Perl script question
Hi there,
I found this script at the Radiator faq docs. Why do we multiply the $total and $accttotal values by 8. Any idea?
Tuncay Margilic
System Adm.
Siemens Business Services
#!/usr/bin/perl
$total = 0;
$accttotal = 0;
open(FD, /usr/bin/snmpwalk host secret .1.3.6.1.3.79.1.1.1.6.1.4 |) or die;
while(FD)
{
$total += $1 if (/.* = (\d+)/);
}
close(FD);
open(FD, /usr/bin/snmpwalk host secret .1.3.6.1.3.79.1.1.1.6.1.12 |) or die;
while(FD)
{
$accttotal += $1 if (/.* = (\d+)/);
}
close(FD);
* $total *= 8;
* $accttotal *= 8;
open(FD, /stats/radius.stats);
print FD $total\n$total\n;
close(FD);
open(FD, /stats/radiusacct.stats);
print FD $accttotal\n$accttotal\n;
close(FD);
exit 0;
RE: (RADIATOR) Perl script question
Title: RE: (RADIATOR) Perl script question
But the values which in $total and $accttotal are number of access and accounting requests...they are not bytes per second
Tuncay
-Original Message-
From: Jason J. Horton [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 07, 2000 8:19 PM
To: Tuncay MARGILIC
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Perl script question
I would assume because the logged values are bytes, and teh script wants the
value in bits.
Tuncay MARGILIC wrote:
I found this script at the Radiator faq docs. Why do we multiply the $total
and $accttotal values by 8. Any idea?
Tuncay Margilic
System Adm.
Siemens Business Services
#!/usr/bin/perl
$total = 0;
$accttotal = 0;
open(FD, /usr/bin/snmpwalk host secret .1.3.6.1.3.79.1.1.1.6.1.4 |) or
die;
while(FD)
{
$total += $1 if (/.* = (\d+)/);
}
close(FD);
open(FD, /usr/bin/snmpwalk host secret .1.3.6.1.3.79.1.1.1.6.1.12 |) or
die;
while(FD)
{
$accttotal += $1 if (/.* = (\d+)/);
}
close(FD);
* $total *= 8;
* $accttotal *= 8;
open(FD, /stats/radius.stats);
print FD $total\n$total\n;
close(FD);
open(FD, /stats/radiusacct.stats);
print FD $accttotal\n$accttotal\n;
close(FD);
exit 0;
--
-Jason J. Horton [EMAIL PROTECTED]
Fat Man in a Little Coat
Intercom Online Inc.
212.376.7440 | http://www.intercom.com
(RADIATOR) Authentication for ftpd
Title: Authentication for ftpd Hi there, I am planning to setup an ftp server that will handle 3k users. I heard that it is possible to make the authentication on radius. but I don't know how. Does anyone have informaion about it. Any documents or faq. The Operating system will be Linux or Solaris. Tuncay Margilic
(RADIATOR) Accounting question
Title: Accounting question Hello, I want to insert the IP or the name of the radius server to the accounting table. how can I describe this with AcctColumnDef? Tuncay
(RADIATOR) Switching accounting logs
Title: Switching accounting logs Hello, I am inserting all the accounting informations to an oracle database table named acct%Y%m and this is switching on the 1st dayd of every month. Now I use AccountingStopOnly. Next month I am planning to use start-stop and this will grow the accounting table size (Also the number of the Access Servers are increasing). There is a unique index on this table. Because of the uniquenes the performance of this table is slowing down. Is there any possibility to name the accounting table to switch on every week of the year (like acct%Y%week). Tuncay Margilic Siemens Business Services System Administrator +90 216 459 27 44
RE: (RADIATOR) Authentication through MySQL database
Title: RE: (RADIATOR) Authentication through MySQL database Hello, I am planning to add TNT Max boxes to my network. I still have Cisco 5300 on the network. The question is how can I go on checking the simultanius use of the users. Max-User is set to 1 and I check (Radiator does) the 5300 box with SNMP but the TNT boxes have to be used with finger. What should I do. Is there anyway like creating a client table on radius database and give the attributes of each NAS and make the radiator use different types of user avaliability checking. Or make the TNT boxes accessible via SNMP (But the vendor ID's are different) Tuncay Margilic Tel:+90 216 459 27 44 SIEMENS BUSINESS SERVICES -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Friday, April 21, 2000 1:02 AM To: Administrator; radiator Subject: Re: (RADIATOR) Authentication through MySQL database Hello Vidur - On Thu, 20 Apr 2000, Administrator wrote: Have an IRIX machine with Radiator RADIUS running - I want to authenticate/account users through a MySQL database - Am looking for any kind of info. on ths subject. There are a number of SQL examples, including mySQL in the goodies directory of the distribution. Also have a look at section 6.24 in the Radiator 2.15 reference manual where you will find a very complete description of all the AuthBy SQL parameters. The goodies directory also contains a mySQL creation script that will build the tables used in the example. You will need to install the DBI perl module together with the mySQL DBD module and of course install and configure mySQL. The Perl modules are available from CPAN: http://www.cpan.org/modules/by-module/DBI/DBI-1.13.tar.gz and http://www.cpan.org/modules/by-module/DBD/Msql-Mysql-modules-1.2213.tar.gz regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Static-IP problem with CVX 1800
Title: Static-IP problem with CVX 1800 Hi there, I am having problems with having a predefined IP-Addr defined on the ReplyAttr. The same configuration is used and worked well with TNT Max and Cisco 5300 Boxes. The Nortel people told me that there was no problem with the CVX on giving static IP-Addr. Does anyone has any idea about this? Tuncay Margilic Siemens Business Services System Administrator +90 216 459 27 44
(RADIATOR) rewrite question...
Title: rewrite question... Hello, I need a rewrite statement to grep the username from '[EMAIL PROTECTED]' for accounting. Some users write their usernames like that but some of them don't. Thanx. Tuncay Margilic Siemens Business Services +90 216 459 27 44
RE: (RADIATOR) Accounting Stop error;
Title: RE: (RADIATOR) Accounting Stop error;
Probably there is a type mismatch for the table field and the cisco attribute. Can you give us the describtion of the table. Like Desc tablename for oracle. I made the same mistake for the terminatecause field and changed the type to integer on radius.cfg
Have a look at the ACCTTERMINATECAUSE NASIDENTIFIER fields. Check the types!!!
Tuncay Margilic
Tel:+90 216 459 27 44
SIEMENS BUSINESS SERVICES
-Original Message-
From: OKAN ARISU [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 13, 2000 5:43 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Accounting Stop error;
Hi Everbody,
We use Cisco 5300 and Radiator 2.14.1. Users are able to authenticate. Radiator writes the start record into the accounting table. But when the connection finished by the remote client it gives an insert error about stop record like below; Should i change my cfg file or can it be another reason causing this problem?
Thanks alot.
Best Regards.
Mon Mar 13 00:01:19 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS)
values
('BRAVEHEART', 952898478, 'Stop', 1, 4754, 1785, '289619229', 124, 'User-Request', 'RAN53', 20127, '212.156.205.242')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:19 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS)
values
('BRAVEHEART', 952898478, 'Stop', 1, 4754, 1785, '289619229', 124, 'User-Request', 'RAN53', 20127, '212.156.205.242')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:49 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASPORT, FRAMEDIPADDRESS)
values
('ikula', 952898509, 'Stop', 0, 649055, 5356976, '1186', 6335, 'Lost-Carrier', 87, '10.10.1.92')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:49 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASPORT, FRAMEDIPADDRESS)
values
('ikula', 952898509, 'Stop', 0, 649055, 5356976, '1186', 6335, 'Lost-Carrier', 87, '10.10.1.92')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Our cfg file is;
**
Foreground
LogStdout
Trace 4
LogDir /software/Radiator-2.14.1/Logfiles/
LogFile %L/%d-%m-%Y-logfile
DbDir .
Client xx.xx.xx.xx
Secret mysecret
# Her bir RAS client icin baska bir havuz yapilabilir
FramedGroupBaseAddress xx.xx.xx.xx
FramedGroupBaseAddress xx.xx.xx.xx
NasType Cisco
DupInterval 2
/Client
ClientListSQL
DBSource dbi:Oracle:basari.world
DBUsername gizli
DBAuth gizli123
/ClientListSQL
SessionDatabase SQL
DBSource dbi:Oracle:basari.world
DBUsername
DBAuth
/SessionDatabase
Realm
PasswordLogFileName %L/%d-%m-%Y-password.log
AuthByPolicy ContinueWhileReject
AuthBy SQL
AddToReply Service-Type = Framed-User,
DefaultSimultaneousUse 1
FramedGroup 0
# Adjust DBSource, DBUsername, DBAuth to suit your DB
DBSource dbi:Oracle:basari.world
DBUsername
DBAuth
# You may want to tailor these for your ACCOUNTING table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
/AuthBy
AuthBy FILE
FramedGroup 0
Filename ./userlistbasar
DefaultSimultaneousUse 3
/AuthBy
/Realm
*
==Archive at http://www.starport.net/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting Stop error;
Title: RE: (RADIATOR) Accounting Stop error;
sorry just for ACCTTERMINATECAUSE :))
-Original Message-
From: Tuncay MARGILIC
Sent: Monday, March 13, 2000 8:46 PM
To: 'OKAN ARISU'; [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Accounting Stop error;
Probably there is a type mismatch for the table field and the cisco attribute. Can you give us the describtion of the table. Like Desc tablename for oracle. I made the same mistake for the terminatecause field and changed the type to integer on radius.cfg
Have a look at the ACCTTERMINATECAUSE NASIDENTIFIER fields. Check the types!!!
Tuncay Margilic
Tel:+90 216 459 27 44
SIEMENS BUSINESS SERVICES
-Original Message-
From: OKAN ARISU [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 13, 2000 5:43 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Accounting Stop error;
Hi Everbody,
We use Cisco 5300 and Radiator 2.14.1. Users are able to authenticate. Radiator writes the start record into the accounting table. But when the connection finished by the remote client it gives an insert error about stop record like below; Should i change my cfg file or can it be another reason causing this problem?
Thanks alot.
Best Regards.
Mon Mar 13 00:01:19 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS)
values
('BRAVEHEART', 952898478, 'Stop', 1, 4754, 1785, '289619229', 124, 'User-Request', 'RAN53', 20127, '212.156.205.242')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:19 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS)
values
('BRAVEHEART', 952898478, 'Stop', 1, 4754, 1785, '289619229', 124, 'User-Request', 'RAN53', 20127, '212.156.205.242')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:49 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASPORT, FRAMEDIPADDRESS)
values
('ikula', 952898509, 'Stop', 0, 649055, 5356976, '1186', 6335, 'Lost-Carrier', 87, '10.10.1.92')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:49 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASPORT, FRAMEDIPADDRESS)
values
('ikula', 952898509, 'Stop', 0, 649055, 5356976, '1186', 6335, 'Lost-Carrier', 87, '10.10.1.92')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Our cfg file is;
**
Foreground
LogStdout
Trace 4
LogDir /software/Radiator-2.14.1/Logfiles/
LogFile %L/%d-%m-%Y-logfile
DbDir .
Client xx.xx.xx.xx
Secret mysecret
# Her bir RAS client icin baska bir havuz yapilabilir
FramedGroupBaseAddress xx.xx.xx.xx
FramedGroupBaseAddress xx.xx.xx.xx
NasType Cisco
DupInterval 2
/Client
ClientListSQL
DBSource dbi:Oracle:basari.world
DBUsername gizli
DBAuth gizli123
/ClientListSQL
SessionDatabase SQL
DBSource dbi:Oracle:basari.world
DBUsername
DBAuth
/SessionDatabase
Realm
PasswordLogFileName %L/%d-%m-%Y-password.log
AuthByPolicy ContinueWhileReject
AuthBy SQL
AddToReply Service-Type = Framed-User,
DefaultSimultaneousUse 1
FramedGroup 0
# Adjust DBSource, DBUsername, DBAuth to suit your DB
DBSource dbi:Oracle:basari.world
DBUsername
DBAuth
# You may want to tailor these for your ACCOUNTING table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
/AuthBy
AuthBy FILE
FramedGroup 0
Filename ./userlistbasar
DefaultSimultaneousUse 3
/AuthBy
/Realm
*
==Archive at http://www.starport.net/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) SNMP session check for Cisco ISDN (Sync PPP) users
Title: RE: (RADIATOR) SNMP session check for Cisco ISDN (Sync PPP) users Hello Hugh, I used to have the same problem and changed the MIB path(.iso.org.dod.internet.private.enterprises.9) to its numerical value (.1.3.6.1.4.1.9) in NAS.pm . I do not get any noSuchName error anymore... But this did not make any sense to me!!! Regards, Tuncay Margilic Siemens Business Sevices System Admin. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 19, 2000 2:39 AM To: Nikos Aslanakis; [EMAIL PROTECTED] Subject: Re: (RADIATOR) SNMP session check for Cisco ISDN (Sync PPP) users Hello Nikos - On Sat, 19 Feb 2000, Nikos Aslanakis wrote: We have a problem when radiator tries to double check a Cisco NAS using SNMP for an ISDN user. While it checks correctly all the NAS ports that are used for Async connections (analog dialup), when it tries to check the ports that are used for ISDN connections (normally ports 2 and up), it fails allowing the same user to be connected twice. When I run snmpget from the command line for the ISDN ports, I get the following response: # /usr/local/bin/snmpget 195.66.100.149 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.20101 EError in packet Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: enterprises.9.2.9.2.1.18.20022 This happens ONLY for the ISDN users. For the PSTN users snmpget works normally, correctly checking the Ciscos for double login attempts. Yes - this is a well-known problem with Cisco's. If anyone can tell us how to correlate the accounting attributes to an SNMP query for ISDN ports (or anything else for that matter) we'll fix it. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) rewrite question
Title: rewrite question Hi there, I use Radiator 2.14.1 with Cisco 5300 boxes. If the user enters a string like faa'foo as a username on the dialup connection the log file writes an ERR for the select statement on radonline (DBD ERROR: OciStmtPrepare). Can you send me a RewriteUser description to solve this problem. I think I shold drop the quote(s) which is/are in the username. Regards, Tuncay Margilic Siemens Business Services System Administrator PS: The database is Oracle 8.0.4!!!
(RADIATOR) Framed-IP-Address on Radonline
Title: Framed-IP-Address on Radonline
Hi there,
I have use the verison 2.14.1 with 5300 Networt Access Servers. Users are able to authanticate. Radiator also writes the stoponly accounting information to the accounting table (including the FRAMED-IP-ADDRESS). But I have a problem with radonline table, the FRAMED-IP-ADDRESS is not sent to the insert statement. And I cannot see the IP adresses of the online users. Do I have to do modifications on cisco side or is there a problem with my Radiator or should I do something on the .cfg file to get every connected users IP with snmpget???
PS: the version of the snmpget is UCD-snmp version:4.0.1
Tuncay Margilic
Siemens Business Services - Turkey
System Administrator
-
SessionDatabase SQL
DBSource dbi:Oracle:radora
DBUsername radius
DBAuth **
AddQuery insert into RADONLINE (USERNAME,NASIDENTIFIER,NASPORT,\
ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,\
SERVICETYPE) values ('%U','%{NAS-IP-Address}',%{NAS-Port},'%{Acct-Session-Id}',\
%{Timestamp},'%{Framed-IP-Address}','%{NAS-Port-Type}','%{Framed-Protocol}')
/SessionDatabase
-
-
AccountingStopsOnly
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time
AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDADDRESS,Framed-IP-Address
AcctColumnDef CALLERID,Calling-Station-Id
AcctColumnDef DATARATE,Ascend-Data-Rate,integer
AcctColumnDef XMITRATE,Ascend-Xmit-Rate,integer
AcctColumnDef CLIENTDNIS,Called-Station-Id
AcctColumnDef LOGDATE,Timestamp,integer-date
-
RE: (RADIATOR) Re: Check item (Time) question for checkattribute
Title: RE: (RADIATOR) Re: Check item (Time) question for checkattribute sure, I am setting the allowed time periods like Time = Al1800-0600,Wk0800-1000 and I also want to add non-allowed time periods like Time = Al1800-0600,Wk0800-1000,(-Al1230-1300,-Al1420-1500) It is just an example the minus sign before the Al is used to make it clear to understand. PS:Minus means non-allowed. Tuncay -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Friday, February 04, 2000 10:26 AM To: Tuncay MARGILIC; [EMAIL PROTECTED]; Radiator Subject: (RADIATOR) Re: Check item (Time) question for checkattribute Hello Tuncay - On Fri, 04 Feb 2000, Tuncay MARGILIC wrote: Hi there, Is it possible to make the Time = ... item containing an exception of Time period. On simple configurations the current method is usefull but I have a confusing configuration fo my users. And the length of the field reaches to a bi amoount of data. If I could add an 'except this period of time) it will be great. Can you give me an example of what you want to do? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
