[RADIATOR] Capturing log data in database with Radiator-3.14
Support, We are trying to collect the MAC address in our database authlogs. Please advise on custom query. We are also interested in knowing what other data can be collected. -Chris ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Could not load AuthBy module Radius::AuthNTLM
Hi Radiator Gurus, I'm migrating a Win32 solution to a Centos 6.3 x64 solution and need to migrate from AuthBy LSA to AuthBy NTLM. Here is the error I am running into: ERR: Could not load AuthBy module Radius::AuthNTLM: Can't locate Digest/MD4.pm in @INC (@INC contains: . /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/share/perl5/Radius/MSCHAP.pm line 47, CONFIG line 37. Which indicates a missing module. I tried loading it via CPAN cpan[1] install Radius::AuthNTLM without any luck. Do I need to build and install samba to get this to work? I have added the Centos system to the Windows AD domain and am able to: [root@Auth01 Radiator]# ntlm_auth --username=xx --domain= xx.com --password= xx NT_STATUS_OK: Success (0x0) A Google search for Could not load AuthBy module Radius::AuthNTLM results in only one hit, so I've clearly missed an obvious step in the install. Thanks, Chris ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
(RADIATOR) Problem with rewriteusername and chap
Dear all, First, I must say sorry for the log post (and html). Secondly, we have a client sending: username = [EMAIL PROTECTED] via MS-CAHP V2 and the password "password". We are running a simple config.file: RewriteUsername s/[EMAIL PROTECTED]// Client DEFAULT Secret mysecret DupInterval 0 /Client Realm DEFAULT AuthBy FILE Filename /usr/local/etc/users /AuthBy /Realm the users file contains: user User-Password="password", user2 User-Password="password", But the following happens: Yeilds: Wed Jan 7 17:54:21 2004: DEBUG: Reading users file /usr/local/etc/users Wed Jan 7 17:54:21 2004: DEBUG: Finished reading configuration file '/usr/local/etc/simple.cfg' Wed Jan 7 17:54:21 2004: DEBUG: Reading dictionary file '/var/log/radius/dictionary' Wed Jan 7 17:54:21 2004: DEBUG: Creating authentication port 0.0.0.0:1813 Wed Jan 7 17:54:21 2004: DEBUG: Creating accounting port 0.0.0.0:1812 Wed Jan 7 17:54:21 2004: NOTICE: Server started: Radiator 3.8 on dns1 Wed Jan 7 17:54:25 2004: DEBUG: Packet dump: *** Received from 172.16.1.52 port 1814 Code: Access-Request Identifier: 13 Authentic: /s0126143149200R154239244tu_138 Attributes: MS-CHAP-Challenge = "o167k193136128203138262141602301270K" MS-CHAP2-Response = "10145228250/r177"E13148236%25182230Y-1470246129b1815318832021781931654143@249s28X1652162" User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 172.16.1.52 NAS-Identifier = "[EMAIL PROTECTED]/24" Service-Type = Framed-User Framed-Protocol = PPP Proxy-State = 208 Wed Jan 7 17:54:25 2004: DEBUG: Rewrote user name to user Wed Jan 7 17:54:25 2004: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jan 7 17:54:25 2004: DEBUG: Deleting session for [EMAIL PROTECTED], 172.16.1.52, Wed Jan 7 17:54:25 2004: DEBUG: Handling with Radius::AuthFILE: Wed Jan 7 17:54:25 2004: DEBUG: Radius::AuthFILE looks for match with user2 Wed Jan 7 17:54:25 2004: DEBUG: Radius::AuthFILE REJECT: Bad Password Wed Jan 7 17:54:25 2004: INFO: Access rejected for user: Bad Password Wed Jan 7 17:54:25 2004: DEBUG: Packet dump: *** Sending to 172.16.1.52 port 1814 Code: Access-Reject Identifier: 13 Authentic: /s0126143149200R154239244tu_138 Attributes: Reply-Message = "Request Denied" Proxy-State = 208 But if the follwoing is used: radpwtst -user [EMAIL PROTECTED] -password password the output below: *** Received from 127.0.0.1 port 60973 Code: Access-Request Identifier: 215 Authentic: 1234567890123456 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "137234,163v14618889160216}x153" Wed Jan 7 18:05:05 2004: DEBUG: Rewrote user name to user2 Wed Jan 7 18:05:05 2004: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jan 7 18:05:05 2004: DEBUG: Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Wed Jan 7 18:05:05 2004: DEBUG: Handling with Radius::AuthFILE: Wed Jan 7 18:05:05 2004: DEBUG: Radius::AuthFILE looks for match with user2 Wed Jan 7 18:05:05 2004: DEBUG: Radius::AuthFILE ACCEPT: Wed Jan 7 18:05:05 2004: DEBUG: Access accepted for user2 Wed Jan 7 18:05:05 2004: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 60973 Code: Access-Accept Identifier: 215 Authentic: 1234567890123456 Attributes: BUT With rewriteUsername OFF and using MS-CHAP V2, and chaging the user anmes in the users file to [EMAIL PROTECTED] It works. *** Received from 172.16.1.52 port 1814 Code: Access-Request Identifier: 14 Authentic: 20227JyPz8192168183245M252k139j Attributes: MS-CHAP-Challenge = "14l15825209199205a8J137u402146" MS-CHAP2-Response = "10F195ps4160|2502001763q213c2442175224269j180"2203238?157230231206184*192K194203y30" User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 172.16.1.52 NAS-Identifier = "[EMAIL PROTECTED]/24" Service-Type = Framed-User Framed-Protocol = PPP Proxy-State = 80 Wed Jan 7 18:08:21 2004: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jan 7 18:08:21 2004: DEBUG: Deleting session for [EMAIL PROTECTED], 172.16.1.52, Wed Jan 7 18:08:21 2004: DEBUG: Handling with Radius::AuthFILE: Wed Jan 7 18:08:21 2004: DEBUG: Radius::AuthFILE looks for match with [EMAIL PROTECTED] Wed Jan 7 18:08:21 2004: DEBUG: Radius::AuthFILE ACCEPT: Wed Jan 7 18:08:21 2004: DEBUG: Access accepted for [EMAIL PROTECTED] Wed Jan 7 18:08:21 2004: DEBUG: Packet dump: Does anybody have any idea's where we would be going wrong? regards Chris. -- Chris Simmons Network Engineer St Georges Hospital Medical School Tel: 020 8725 0234 mail: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
(RADIATOR) MAX TNT with radiator
Hello, does anyone have a working config with MAX TNT-2DC and radiator? this is what I have in my config Client xxx.xxx.xxx.xxx DefaultRealm DEFAULT NasType Ascend Secret secret DupInterval 2 NoIgnoreDuplicates Access-Request /Client what do I need to setup in MAX TNT to accept ppp PAP authentication? best regards, chris -- Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.203 / Virus Database: 261.3.2 - Release Date: 11/27/2003 This Email is protected by RAV AntiVirus Security Software for SuSE Linux eMail Server === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) ERX RADIUS Attributes
folks, Here is a list of the latest Unisphere ERX attributes # Define additional Unisphere ERX Family Attributes # VENDORATTR 4874 Unisphere-Virtual-Router1 string VENDORATTR 4874 Unisphere-Local-Address-Pool2 string VENDORATTR 4874 Unisphere-Local-Interface 3 string VENDORATTR 4874 Unisphere-Primary-Dns 4 ipaddr VENDORATTR 4874 Unisphere-Secondary-Dns 5 ipaddr VENDORATTR 4874 Unisphere-Primary-Wins 6 ipaddr VENDORATTR 4874 Unisphere-Secondary-Wins7 ipaddr VENDORATTR 4874 Unisphere-Tunnel-Virtual-Router 8 string VENDORATTR 4874 Unisphere-Tunnel-Password 9 string VENDORATTR 4874 Unisphere-Ingress-Policy-Name 10 string VENDORATTR 4874 Unisphere-Egress-Policy-Name11 string VENDORATTR 4874 Unisphere-Ingress-Statistics12 integer VALUE Unisphere-Ingress-Statistics disable 0 VALUE Unisphere-Ingress-Statistics enable 1 VENDORATTR 4874 Unisphere-Egress-Statistics 13 integer VALUE Unisphere-Egress-Statisticsdisable 0 VALUE Unisphere-Egress-Statisticsenable 1 VENDORATTR 4874 Unisphere-Service-Category 14 integer VALUE Unisphere-Service-Category UBR 1 VALUE Unisphere-Service-Category UBRPCR 2 VALUE Unisphere-Service-Category nrtVBR 3 VALUE Unisphere-Service-Category CBR 4 VENDORATTR 4874 Unisphere-pcr 15 integer VENDORATTR 4874 Unisphere-scr-Or-Cbr-Bit-Rate 16 integer VENDORATTR 4874 Unisphere-mbs 17 integer VENDORATTR 4874 Unisphere-Init-CLI-Access-Level 18 string VENDORATTR 4874 Unisphere-Allow-All-VR-Access 19 integer VALUE Unisphere-Allow-All-VR-Access disable 0 VALUE Unisphere-Allow-All-VR-Access enable 1 VENDORATTR 4874 Unisphere-Alt-CLI-Access-Level 20 string VENDORATTR 4874 Unisphere-Alt-CLI-VRouter-Name 21 string VENDORATTR 4874 Unisphere-SA-Validate 22 integer VALUE Unisphere-SA-Validate disable 0 VALUE Unisphere-SA-Validate enable 1 VENDORATTR 4874 Unisphere-Igmp-enable 23 integer VALUE Unisphere-Igmp-enable disable 0 VALUE Unisphere-Igmp-enable enable 1 VENDORATTR 4874 Unisphere-Pppoe-Description 24 string VENDORATTR 4874 Unisphere-Redirect-VR-Name 25 string VENDORATTR 4874 Unisphere-Qos-Profile-Name 26 string VENDORATTR 4874 Unisphere-PppoE-Url 28 string VENDORATTR 4874 Unisphere-Service-Bundle31 string VENDORATTR 4874 Unisphere-Tunnel-Max-Sessions 33 integer VENDORATTR 4874 Unisphere-Framed-Ip-Route-Tag 34 integer VENDORATTR 4874 Unisphere-Tunnel-Dialout-Number 35 string VENDORATTR 4874 Unisphere-Ppp-Username 36 string VENDORATTR 4874 Unisphere-Ppp-Password 37 string VENDORATTR 4874 Unisphere-Ppp-Protocol 38 integer VALUE Unisphere-Ppp-Protocol none 0 VALUE Unisphere-Ppp-Protocol pap 1 VALUE Unisphere-Ppp-Protocol chap 2 VALUE Unisphere-Ppp-Protocol pap-chap 3 VALUE Unisphere-Ppp-Protocol chap-pap 4 VENDORATTR 4874 Unisphere-Tunnel-Min-Bps39 integer VENDORATTR 4874 Unisphere-Tunnel-Max-Bps40 integer VENDORATTR 4874 Unisphere-Tunnel-Bearer-Type41 integer VALUE Unisphere-Tunnel-Bearer-Type none 0 VALUE Unisphere-Tunnel-Bearer-Type analog 1 VALUE Unisphere-Tunnel-Bearer-Type digital 2 VENDORATTR 4874 Unisphere-Input-Gigapackets 42 integer VENDORATTR 4874 Unisphere-Output-Gigapackets43 integer VENDORATTR 4874 Unisphere-Tunnel-Interface-Id 44 string === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) MySQL server has gone away
I was having a similar problem - appears to have been a problem with the mysql settings being too small. Adjusting these settings in /etc/my.cnf (see my-small.cnf/my-medium.cnf etc...) Certainly helped/rectified the problem. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 2 October 2003 5:38 PM To: Bobbejaan van Elst Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) MySQL server has gone away Hello Bobby - It looks like the MySQL server does not like certain requests. You should try to run the same requests by hand to see what happens and you should check the MySQL log files to see what is happening with the database. regards Hugh On Thursday, Oct 2, 2003, at 16:36 Australia/Melbourne, Bobbejaan van Elst wrote: Hi, I see verry often the following errors: Thu Oct 2 06:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065068995': MySQL server has gone away Thu Oct 2 06:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065070795': MySQL server has gone away Thu Oct 2 07:29:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065072595': MySQL server has gone away Thu Oct 2 07:59:55 2003: ERR: do failed for 'update RADPOOL set STATE=0 where STATE!=0 and EXPIRY 1065074395': MySQL server has gone away And here also an error: Code: Access-Request Identifier: 108 Authentic: 1234567890123456 Attributes: User-Name = [EMAIL PROTECTED] NAS-Port = 2030108795 User-Password = 200185l173175\424618889160216}x153 NAS-Identifier = nl-gv-dc2-fsip-gr05-3 Timestamp = 1064997007 Wed Oct 1 10:30:07 2003: DEBUG: Handling request with Handler 'Realm=adsl, Request-Type=Access-Request' Wed Oct 1 10:30:07 2003: DEBUG: mySessionDB Deleting session for [EMAIL PROTECTED], 195.190.240.82, 2030108795 Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'delete from RADONLINE where ACCTSESSIONID=''': Wed Oct 1 10:30:07 2003: ERR: do failed for 'delete from RADONLINE where ACCTSESSIONID=''': MySQL server has gone away Wed Oct 1 10:30:07 2003: DEBUG: Handling with AuthINTERNAL: DefaultAccept Wed Oct 1 10:30:07 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Wed Oct 1 10:30:07 2003: DEBUG: Query is: 'select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='nl-gv-dc2-fsip-gr05-3' and STATE=0 order by TIME_STAMP limit 1': Wed Oct 1 10:30:07 2003: DEBUG: do query is: 'update RADPOOL set STATE=1, TIME_STAMP=1064997007, EXPIRY=1065083407, USERNAME='[EMAIL PROTECTED]' where YIADDR='172.16.178.124' and TIME_STAMP =1064929204': Wed Oct 1 10:30:07 2003: DEBUG: Access accepted for [EMAIL PROTECTED] I am using the following versions: DBD-mysql-2.9002 DBI-1.38 Digest-MD5-2.27 mysql-4.0.14 Radiator-3.6 Has someone an idea? Met vriendelijke groet, Bobbejaan van Elst === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question -- solved I think =)
- Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Chris Garzon [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 7:59 AM Subject: Re: (RADIATOR) question You should test your SQL statements by hand with your database tools first before putting them in the configuration file. Hi I've managed to get things working, thought I might share, thanks for the tips for all those who helped especially to Hugh and Mike I used mysql's UNIX_TIMESTAMP() function. since the VALIDFROM='now' returns a NULL value it was more appropriate to use: VALIDFROM=UNIX_TIMESTAMP(NOW()) cheers! chris --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.502 / Virus Database: 300 - Release Date: 7/18/2003 This Email is protected by RAV AntiVirus Security Software for SuSE Linux eMail Server === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question
Hi,
I've set up my AcctSQLStatement to look like this:
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Ac \
ct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where
USERNAME='%n'
AcctSQLStatement update RADUSERS set VALIDFROM=now where VALIDFROM IS NULL
now the second statement returns this error in the logfile:
Mon Jul 21 18:02:49 2003: ERR: do failed for 'update RADUSERS set
VALIDFROM=now where VALIDFROM=NULL': Unknown column 'now' in 'field list'
-chris
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.502 / Virus Database: 300 - Release Date: 7/18/2003
This Email is protected by RAV AntiVirus Security Software for SuSE Linux eMail Server
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question
You could use an AcctSQLStatement that sets thir expiry date if it is
currently NULL. The the first successful session start will set their
expiry
date to, say the current date + 30 days (or whatever your policy is).
thanks mike should I be safe then if I add this to my AcctSQLStatement to
update my VALIDFROM table:
AcctSQLStatement update RADUSERS set VALIDFROM=now where VALIDFROM='0',
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} etc.
thanks,
Chris
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.501 / Virus Database: 299 - Release Date: 7/14/2003
This Email is protected by RAV AntiVirus Security Software for SuSE Linux eMail Server
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question
AcctSQLStatement update RADUSERS set VALIDFROM=now where VALIDFROM IS NULL and Oh, ok thanks I get it, now how can my Radmin database set VALIDFROM initially to NULL, I tried to test it using radmin editUser.pl web script and it gave out this error: Not updated because: Invalid date/time format in 'Valid from' thanks, chris --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.501 / Virus Database: 299 - Release Date: 7/14/2003 This Email is protected by RAV AntiVirus Security Software for SuSE Linux eMail Server === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) question
This Email is protected by RAV AntiVirus Security Software for SuSE Linux eMail Server
(RADIATOR) Problems with GlobalVars in client handler
Hi Hugh,
Radiator doesn't seem to like
Client %{GlobalVar:name}
though seems to work fine in other places.
Could this be fixed?
Here is a sample config and logs
---test.cfg---
LogDir /usr/local/radiator/logs
DbDir /usr/local/radiator/
Trace 6
LogFile %L/%{GlobalVar:ServerLog}
Client %{GlobalVar:RemoteClient}
Secret X
Identifier dialin
#DupInterval 10
/Client
Handler Client-Identifier=dialin
AuthBy RADIUS
Retries 1
RetryTimeout 4
FailureBackoffTime 10
Host %{GlobalVar:LocalServer}
Secret X
AuthPort 1651
AcctPort 1652
/Host
/AuthBy
/Handler
bash# radiusd -pid_file /tmp/test_radius.pid -config_file conf/test.cfg
RemoteClient=60.60.60.60 LocalServer=10.10.10.10 ServerLog=test.log
---Logfile--
Wed Jul 9 12:34:00 2003: ERR: Could not resolve an address for Client
%{GlobalVar:RemoteClient}
Wed Jul 9 12:34:00 2003: DEBUG: Finished reading configuration file
'conf/test.cfg'
Wed Jul 9 12:34:00 2003: DEBUG: Reading dictionary file
'/usr/local/radiator//dictionary'
Wed Jul 9 12:34:00 2003: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Jul 9 12:34:00 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Jul 9 12:34:00 2003: NOTICE: Server started: Radiator 3.6 on XXX
Cheers,
Chris
--
+Chris Myers ~ [EMAIL PROTECTED]
. Information Technology Services - Software Infrastructure
. Ph: +61 7 3365 4017 - Mobile: 0413-009-482 - Room: 42-412
. The Prentice Building - The University of Queensland 4072
. http://www.uq.edu.au/~uqcmyers - http://www.its.uq.edu.au
+ http://www.mpc.org.au/
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radiator Radar conflict
Has any additional information become available on this I have requested that our people, restrict their use of radar, until further notice Cheers Chris. -Original Message-From: Hugh Irvine [mailto:[EMAIL PROTECTED]Sent: Friday, 20 June 2003 9:57 AMTo: Dave Birkbeck; [EMAIL PROTECTED]Cc: 'Herman verschooten'; [EMAIL PROTECTED]Subject: Re: (RADIATOR) Radiator Radar conflict Hello Dave, Hello Herman - Could you both please send us more details including Radiator version hardware/software platform, Perl version and any other debugging information that you have available. The output from Perl when the crash occurs would also be very helpful. I have copied Mike on this mail as we would like to fix whatever is wrong. thanks and regards Hugh On Friday, Jun 20, 2003, at 07:19 Australia/Melbourne, Dave Birkbeck wrote: Ive noticed the same problem. Sometimes it will crash within just a couple minutes of debugging and other times it takes longer. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf OfHerman verschooten Sent: Thursday, June 19, 2003 11:18 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) Radiator Radar conflict Hi, I have noticed that keeping Radar open all the time on debug-logging sometimes freezes Radiator... Has anyone else noticed this? Just closing Radar start everything up again. Herman NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) Dictionary problem with mysql
I have installed, and appear to have running Radiator (3.6-1) with mysql (3.23.56-1.80) on Redhat 8.0 When i try and restart the radiator daemon, i get the following message: Starting Radiator: Coulsdn't create dictionary from './dictionary'. Check log for more information: Inappropriate ioctl for device at /usr/bin/radiusd line 374. Wed Apr 23 09:58:18 2003: ERR: Could not open dictionary file './dictionary': No such file or directory [FAILED] Any ideas?? *** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager. Any offending contents are to be forwarded to the Webmaster: [EMAIL PROTECTED] *** === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RewriteUser in AuthBy?
On Thu, 20 Feb 2003 14:17:15 +1100 Hugh Irvine wrote: +-- | Hello Chris - | | If you can recognise the different usernames, you can do this: | +-- The auth request comes in as, for example, User-Name = cfedde. Handler Called-Station-Id = /4242$/ AuthByPolicy ContinueUntilAccept AuthBy LDAP2 ... /AuthBy AuthBy RADIUS ... /AuthBy /Handler But for the AuthBy LDAP2 clause I need RewriteUsername s/^/foo#/ and for the AuthBy RADIUS I need RewriteUsername s/^them#// RewriteUsername s/$[EMAIL PROTECTED]/ I'm not sure if I can make your recomendation do that. Am I just overlooking something obvious? Thanks -- chris fedde === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RewriteUser in AuthBy?
I am transitioning a bunch of dialup users from one authserver to another. I want to first check the new AuthBy LDAP2 and then check the old AuthBy RADIUS. My problem is that the LDAP2 directory uses a different username encoding scheme than the legacy server. Is ther a way to RewriteUser inside an AuthBy clause or can I set up two Handlers with the same selection conditions but different RewriteUser statements? Thanks -- Chris Fedde === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting Question
Is there a way to do this with 2 arguments EG Handler NAS-IP-Address = XXX.XXX.XXX.XXX Something = Something -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine Sent: Friday, 24 January 2003 4:08 PM To: Chris Kay Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Accounting Question Hello Chris - The simplest way to do this is with Handlers: Handler NAS-IP-Address = XXX.XXX.XXX.XXX . /Handler Handler . . /Handler Note that you should not mix Realms and Handlers in the same configuration file. regards Hugh On Friday, Jan 24, 2003, at 13:12 Australia/Melbourne, Chris Kay wrote: Question I have is this I am wanting to know if there is a hook or something that could be made to ignore account from a certain NAS-IP With a supplier I have accounting records coming from the NAS and a Proxy, I would just like to keep the accounting records from the Proxy.. So if IP address does not equal XXX.XXX.XXX.XXX I would like it to ignore accounting records only Can this be done - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Accounting Question
Question I have is this I am wanting to know if there is a hook or something that could be made to ignore account from a certain NAS-IP With a supplier I have accounting records coming from the NAS and a Proxy, I would just like to keep the accounting records from the Proxy.. So if IP address does not equal XXX.XXX.XXX.XXX I would like it to ignore accounting records only Can this be done - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator
I am having a issue installed the latest version of radiator I can not install Class::DBI:mysql DBD::mysql I have obtained the following from the archives and wondering if this is my problem Error I am getting is Perhaps the DBD::mysql perl module hasn't been fully installed, or perhaps the capitalisation of 'mysql' isn't right. Available drivers: CSV, ExampleP, File, Proxy. at t/mysql.t line 14 Use of uninitialized value in concatenation (.) or string at t/mysql.t line 149. Can't call method do on an undefined value at t/mysql.t line 149. END failed--call queue aborted. # No tests run! t/mysqldubious quote Turns out, there is a problem with the MySQL module compiling on my system. From the docs in the tarball, the error I am seeing has something to do with Perl and MySQL not being comiled with the same comiler. Mysql was compile using GCC. I know because I installed MySQL from the tarball. Perl, on the other hand, was installed from a binary RPM...the one that came with RedHat 5.2. /quote quote It's an old problem and I don't know other solution. You must to compile all the perl and mysql stuff in the same system and with the same compiler. If not, you can have problems not only with mysql, but also with any other perl modules. /quote Would the above quotes indicate that is my problems... if not would any one have any idea as to what it could be - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Handler
Hould would I do something like this I would like to use a handler online if handler 1 Client-Identifer = Comindico NAS-IP-Address = 203.194.30.244 /handler handler 2 Client-Identifer = Comindico NAS-IP-Address != 203.194.30.244 NAS-IP-Address != 203.222.153.14 /handler handler 3 Client-Identifer = Max NAS-IP-Address = 203.222.153.14 /handler I have the handlers for each but am now lost as to how you use multiple clauses in a handler or even if you can... - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Configuration example neeed, SQL+NT Domain
I'm looking at setting up Radiator for authentication for a Cisco 2600 series router for dialin access. We would like to configure this so that users are authenticated against the domain but before that check is done we want to verify the username they provide is authorized for dialup, most likely via a simple SQL table. The reasoning is that we will need to enable/disable dialin access on a per account basis and using the NT dialin flag isn't an option. How do I configure this multi-tier setup? First checking username/flag in the SQL database and if that is permitted then check the username/password via the domain. -- Chris A. Epler | Voice: (302) 994-2521x7164 Delaware Park Racetrack and Slots | FAX: (302) 633-2377 MIS: Systems - Network Engineer| === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator with DHCP
Hi all, I am wanting to use the DHCP address allocator but I don't want to run as root. I'm happy to start radiator as root then drop down to user 'radius' after the bind, but the User option in the server conf doesn't seem to do this. So, is it possible, and if not can this be a feature in later radiator versions? Cheers, Chris -- +Chris Myers ~ [EMAIL PROTECTED] . Information Technology Services - Software Infrastructure . Ph: +61 7 3365 4017 - Mobile: 0413-009-482 - Room: 42-412 . The Prentice Building - The University of Queensland 4072 + http://www.uq.edu.au/~uqcmyers - http://www.its.uq.edu.au === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Error Message
Is there a way to manipulate error message that the customer see on The clients side, I knows these are windows error messages just not sure If I can change these EG: I have a port limit set for groups of users and each limit is different, and I Would like to see if I could display a message like No more connections from your group is permitted, please visit http://blah, For assistance. Can this be done? Regards Chris Kay Techex Communications Pty Ltd === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Release notes?
Are there release notes describing the differences between radiator releases? I'm upgrading from 2.18 to 3.3.1 and am interested in what might be different between these two version. -- Chris Fedde === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Session Limit Question
Hugh is there a way i can use the results from Identifier CheckUser, in Identifier CheckGroup ect... So in the first authby if the user has a group of Techex can i use Techex in the Identifier CheckGroup authby EG: select * from online where group = $group (where $group = the result of the first authby) Regards Chris Kay Techex Communications Pty Ltd -Original Message- From: Hugh Irvine [mailto:hugh;open.com.au] Sent: Tue 5/11/2002 5:50 PM To: Chris Kay Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Session Limit Question Hello Chris - I think you could probably do what you describe with a sequence of AuthBy clauses. Something like this: # define AuthBy clauses AuthBy SQL Identifier CheckUser . /AuthBy AuthBy SQL Identifier CheckGroup . /AuthBy AuthBy SQL Identifier CheckLimit . /AuthBy . # define Realms or Handlers Handler . AuthByPolicy ContinueWhileAccept AuthBy CheckUser AuthBy CheckGroup AuthBy CheckLimit .. /Handler The best way to learn about hooks is to look at the file goodies/hooks.txt and to study the Radiator source code. regards Hugh On Tuesday, November 5, 2002, at 12:17 PM, Chris Kay wrote: Ok here goes I wish to check a username to make sure it is in the database, if it is I would then like it to check it again a group to see if its inside a certain group of users, if it is I would then like it to check how many users of that group are currently logged on and using a stored limit in the database, I would like it to log on if under that limit or else fail. I need a portlimitcheck for a group of users not all users. But still needs to act as a normal server for normal users not belonging to a group, also I cant change the username to a user@host type username, Because the group is already to large. I have so far gathered that a pre hook would be the best way to do this but I know nothing about hooks. Would I be able to like have it execute a PHP script to do all the checking and if returns 1 continue and if returns 2 fail? If that's not possible could someone point me to a place I could learn the above Thanks in regards - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: (02) 9970 5788 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question
Questions is... I wish to pull some information for a db while auth and then set that Information in the session db Would I set this then pull it and enter it, or can I make it global or something? Any help is grateful - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: (02) 9970 5788 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Setting a Attribute
I have set a Attribute-Name for
X-GroupName = TETRE
How would I call this into the online session database query?
I have tried %{X-GroupName} ect... but no go..
I am setting it like below
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, Idle-Timeout, reply
AuthColumnDef 2, Framed-IP-Address, reply
AuthColumnDef 3, Framed-IP-Netmask, reply
AuthColumnDef 4, Framed-Route, reply
AuthColumnDef 5, Session-Timeout, reply
AuthColumnDef 6, X-GroupName, reply
This is a sniplet from the log
Framed-IP-Address = 203.123.123.123
Idle-Timeout = 0
Framed-IP-Netmask = 255.255.255.255
Session-Timeout = 0
X-GroupName = TETRE
Ascend-Client-Primary-DNS = 203.000.000.000
Ascend-Client-Secondary-DNS = 203.00.00.00
Ascend-Client-Assign-DNS = DNS-Assign-Yes
Framed-Protocol = PPP
Service-Type = Framed-User
It looks to set it, but I cant call it to add it to the session
database.
Any idea's
-
Chris Kay (Systems Development)
Techex Communications
Website: www.techex.com.au Email: [EMAIL PROTECTED]
Telephone: 1300 88 111 2 - Fax: (02) 9970 5788
-
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Session Limit Question
Ok here goes I wish to check a username to make sure it is in the database, if it is I would then like it to check it again a group to see if its inside a certain group of users, if it is I would then like it to check how many users of that group are currently logged on and using a stored limit in the database, I would like it to log on if under that limit or else fail. I need a portlimitcheck for a group of users not all users. But still needs to act as a normal server for normal users not belonging to a group, also I cant change the username to a user@host type username, Because the group is already to large. I have so far gathered that a pre hook would be the best way to do this but I know nothing about hooks. Would I be able to like have it execute a PHP script to do all the checking and if returns 1 continue and if returns 2 fail? If that's not possible could someone point me to a place I could learn the above Thanks in regards - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: (02) 9970 5788 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) dictionary problem
I keep getting this error message: Attribute number 151 is not defined in your dictionary But it does appear to be in the dictionary file: # grep 151 dic* dictionary:VALUE Ascend-Disconnect-Cause localAdmin 151 Any ideas what I should be looking for to find this issue? This is a Radiator 2.19 installation. Thanks, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Auth Question
In regards to AuthSelect, Any one have a sites that I could learn hooks. I am wanting to impement a system where there can be like 50 dialup accounts each with different usernames password. But only 15 of those 50 users can be connected together.. Would anyone have any thoughts on how it would be best to do this. Thanks in advance - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: (02) 9970 5788 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Version 3.3 install
Hi Mike, Pavel, The patched Makefile.PL on SPARC Solaris 8 was installing the .pm files in /usr/local/lib/perl5/site_perl instead of /usr/local/lib/perl5/site_perl/5.005 where perl expected it. Cheers, Chris Pavel A Crasotin wrote: Hi, Mike. The same problem is on SPARC Solaris 8. I dont test new Makefile.PL yet. MM Hello all, MM a number of people have reported problems with the install process in version MM 3.3. On Suse and FreeBSD, 'make install' will try to install library files MM into /lib instead of the more usual /usr/lib. MM We have uploaded a new Makefile.PL to the 3.3 patches area that should fix MM this problem. MM http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL MM Any further reports to me please. MM Cheers. With respect, Pavel A Crasotin OJSC SeverTransCom 159 Moskovsky pr, Yaroslavl, 150048, Russia Tel/Fax: +7 (0852) 49-57-57, 49-58-88 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- +Chris Myers ~ [EMAIL PROTECTED] . Information Technology Services - Software Infrastructure . Ph: +61 7 3365 4017 - Mobile: 0413-009-482 - Room: 42-412 . The Prentice Building - The University of Queensland 4072 + PGP Public key available @ http://www.uq.edu.au/~uqcmyers === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Unisphere ERX Vendor 4874 Attribute 24
Brian, This is the MAC address of the device requesting a pppoe connection. VENDORATTR 4874 Unisphere-Pppoe-Description 24 string Cheers Chris. -Original Message- From: Brian Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 27 August 2002 9:17 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) Unisphere ERX Vendor 4874 Attribute 24 Unisphere ERX Vendor 4874 Attribute 24 Hi All, This attribute number (24) does not appear in the latest dictionary file. Does anyone know what it should be - we only just started receiveing them after an ERX upgrade. Regards, Brian Morris NetSpeed. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. Unless otherwise stated, this e-mail does not represent the views of TransACT Communications Pty Limited. This text and any attachments of this e-mail are confidential and may be legally privileged. This email is for the use of the intended recipient only. If you are not the intended recipient do not take any action in relation to this email, other than to notify TransACT Communications by replying to this e-mail and destroying the original communication. Except as required by law, TransACT Communications does not represent that this transmission is free of errors, viruses or interference.
(RADIATOR) CalledStationId question
I'm trying to do something in my config file to intercept people that are dialing a certain number, and rejecting their authentication attempts completely. I have a multi-realm config, but I'm using CalledStationId.pm like this in one of the realms as a test: Realm goplaces.net CalledStationId 212555 # Log accounting for the misguided users AcctLogFileName /var/log/radius/peopleThatShouldNotBeDialingThisNumber.txt /CalledStationId # keep going through all AuthBy clauses AuthByPolicy ContinueUntilAccept . The AuthBy clauses for the realm follow these lines. Anyway, I really have no clue what I'm doing here, but I do know that this isn't working. In a Trace 4 I never see anything interesting happening, and the peopleThatShouldNotBeDialingThisNumber.txt file doesn't get created, so no one is traversing this section apparently. Does anyone see what I'm doing wrong? In essence, anyone calling 212555 I want to be denied but any other number they dial it should go ahead and try to AuthBy them, etc. Thanks, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous Request handling
Generally speaking our authentication method is really quick, so it would be a performance hamper if we forked for every request. It's just these 'rare' cases that mess us around - ie. kerberos server decides to take 2 minutes to return for some unknown reason. But squid is not multi-threaded either, though it can handle a *large* amount of concurrent requests - nor does it fork. Hugh Irvine wrote: Hello Chris - No - Radiator is single-threaded at this time. BTW - why don't you want to use Fork? regards Hugh On Thu, 11 Jul 2002 13:06, Chris Myers wrote: Hugh, I'm wondering if Radiator can handle simultaneous requests without forking, in the same way that squid does. (i.e. one process - no multithreading). I know that it has been mentioned before on the list that the best way to do this was with multithreading but perl multithreading is non- production. Can this be done with a select loop? My problem is that if a request starts to block for an unexpected amount of time I would like to be able to handle other incoming requests. Naturally loadbalancing can minimize this problem but it does not solve it. Cheers, Chris -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. -- +Chris Myers ~ [EMAIL PROTECTED] . Information Technology Services - Software Infrastructure . Ph: +61 7 3365 4017 - Mobile: 0413-009-482 - Room: 42-412 . The Prentice Building - The University of Queensland 4072 + PGP Public key available @ http://www.uq.edu.au/~uqcmyers === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User auths if in the users file only?
This was where the problem was.thier setup did not follow this standard and was trying to assign 255.255.255.254 as the IP *sigh* This leads me to a questions. I have a mix of nas servers that I need to use on the same radius server. One needs the Framed-IP-Address = 255.255.255.254 attribute and one needs *nothing* sent. I have each nas setup seperate in client clauses. How can I choose to send the attribute out to only the nas servers that need it? -Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Simultaneous Request handling
Hugh, I'm wondering if Radiator can handle simultaneous requests without forking, in the same way that squid does. (i.e. one process - no multithreading). I know that it has been mentioned before on the list that the best way to do this was with multithreading but perl multithreading is non- production. Can this be done with a select loop? My problem is that if a request starts to block for an unexpected amount of time I would like to be able to handle other incoming requests. Naturally loadbalancing can minimize this problem but it does not solve it. Cheers, Chris -- +Chris Myers ~ [EMAIL PROTECTED] . Information Technology Services - Software Infrastructure . Ph: +61 7 3365 4017 - Mobile: 0413-009-482 - Room: 42-412 . The Prentice Building - The University of Queensland 4072 + PGP Public key available @ http://www.uq.edu.au/~uqcmyers === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) User auths if in the users file only?
I am having the weirdest issue. If I add a user into the users file with the simple line test123 Auth-Type = System They can authenticate and go on thier merry way If the user is not in there and gets caught by the default DEFAULT Auth-Type = System Port-Limit = 2, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1800, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500 They still auth ok(I see the user/pass combo pass the test), but it does weird things that wont let the user complete logon. What *seems* to be happening is that it is not throwing back an IP for the end user. Anyone seen this happen before? I do not want to have to add every user to the users file. TIA Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User auths if in the users file only?
There is whitespace in there, its an email glitch - Original Message - From: Karl Gaissmaier [EMAIL PROTECTED] To: chris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, July 08, 2002 3:57 PM Subject: Re: (RADIATOR) User auths if in the users file only? Hi Chris, chris schrieb: I am having the weirdest issue. If I add a user into the users file with the simple line test123 Auth-Type = System They can authenticate and go on thier merry way If the user is not in there and gets caught by the default DEFAULT Auth-Type = System Port-Limit = 2, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1800, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500 They still auth ok(I see the user/pass combo pass the test), but it does weird things that wont let the user complete logon. What *seems* to be happening is that it is not throwing back an IP for the end user. Anyone seen this happen before? I do not want to have to add every user to the users file. Really, you don't have to do this for every user. If it is not a typo in your e-mail then it is in your users file. You MUST have whitespace in front of your Reply Items. Please always turn debug on and send it as partt of the questions. In the debug we could see what reply items are sent back to the NAS. Regards Charly P.S. is this really a working example with this Framed-IP-Address? -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User auths if in the users file only?
P.S. is this really a working example with this Framed-IP-Address? Yes, this is the DEFAULT selection, which is my understanding that is follows some rfc that states this address should be converted to one from a dynamic pool. This was where the problem was.thier setup did not follow this standard and was trying to assign 255.255.255.254 as the IP *sigh* Problem solved. Thanks, Chris P.S.Sorry about the whitespace confusion. -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Fw: (RADIATOR) Authentication via proxy
Ok, after hounding the provider, they found a misconfigureation on thier end. In the shared secret I am guessing, but none-the-less they *finally* fixed it up. Thanks for all he help Hugh! You are *the* radiator king! Chris - Original Message - From: chris [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, July 02, 2002 10:36 AM Subject: Re: (RADIATOR) Authentication via proxy I have added a client clause for every nas, and every proxy. I still get the same results. Is there anyway to verify that the shared secrets indeed do no match? The radpwtst from localhost returns an OK for the user Thanks, Chris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: chris [EMAIL PROTECTED] Sent: Monday, July 01, 2002 4:18 PM Subject: Re: (RADIATOR) Authentication via proxy Hello Chris - I am still quite sure that the problem is shared secrets. You should probably add a Client clause for the proxy: # define Client clause for proxy Client 64.66.192.32 Secret .. . /Client It is fairly easy to verify this by using radpwtst locally against the Client localhost to make sure the user record is checked correctly. regards Hugh On Tue, 2 Jul 2002 04:00, chris wrote: I have verified shared secret, even tried setting to a simple number like 11 to rule out CaSe issues. I am still having the same issues I am not sure how much it matters, but the setup is like this.. Our clients dial into PacWest NAS(Cisco)...Thier NAS talks to thier radius proxy that hands off to us. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: chris [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, June 24, 2002 4:21 PM Subject: Re: (RADIATOR) Authentication via proxy Hello Chris - This is almost always due to incorrect shared secrets. If you still have problems, please send me a copy of your configuration file and a copy of the user record from the users file, as well as a trace 4 debug. regards Hugh On Tue, 25 Jun 2002 03:51, chris wrote: I am trying to setup a managed modem system with a local clec. They answer the calls and proxy to my radius. I am trying to figgure our where the problem is in authentication. It brings the username over ok, but the password is garbled into non-printables Here is a L5trace of one such session, am I overlooking something obvious? Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: *** Received from 64.66.192.33 port 34998 Packet length = 100 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 00 00 00 00 Code: Access-Request Identifier: 7 Authentic: _1933sF|er184?254]165255mP Attributes: User-Name = testme Password = 2322131164168q24919Y6b197)227218 NAS-IP-Address = 63.93.57.35 NAS-Port = 18646 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = 7024410063 Calling-Station-Id = 2099263677 NAS-Port-Type = Async NAS-Port-Type = Async Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme Mon Jun 24 10:18:35 2002: DEBUG: Deleting session for testme, 63.93.57.35, 1864 6 Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE Mon Jun 24 10:18:35 2002: DEBUG: Reading users file /usr/local/etc/raddb/users Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for match with testme Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password Mon Jun 24 10:18:36 2002: INFO: Access rejected for testme: Bad Password Mon Jun 24 10:18:36 2002: DEBUG: Packet dump: *** Sending to 64.66.192.33 port 34998 Code: Access-Reject Identifier: 7 Authentic: _1933sF|er184?254]165255mP Attributes: Reply-Message = Request Denied Reply-Message = Bad Password Thanks, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere
Re: (RADIATOR) Authentication via proxy
On sending you the infomation earlier, I thought about the situation some more. This radius server is and has been working for several PM3's. I have made sure I am using the proper configs and dictionary now. The PM3's users are still authenticating great. I think the problem is with the way they are handing it off to me. Thier NAS goes through a proxy to get to me. Although they claim its a transparent proxy that doesnt do anything with the data, except pass it long. Just wanted to let you know that the radius server itself *is* functioning to an extent. Thanks Chris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: chris [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, June 28, 2002 9:41 PM Subject: Re: (RADIATOR) Authentication via proxy Hello Chris - I suspect you are not using the latest dictionary file either. This is from the standard Radiator 3.1 dictionary: ATTRIBUTE EAP-Message 79 binary regards Hugh On Sat, 29 Jun 2002 02:38, chris wrote: Hello Chris - This sounds like you are not running the 3.1 version of radiusd, which has a call to Radius::Util::get_port , not Radius::Radius::get_port. Doh! I was in such a rush yesterday that I didnt notice it installs the radiusd into a different location. This server is being upgraded from 2.16. Anyways, that was exactly the problem. I am seeing this in the error log now though... Fri Jun 28 09:12:53 2002: ERR: Attribute number 79 is not defined in your dictionary Which seems to correspond with this 79 ICL / Fujitsu Computers / TeamWARE Group Tony Gale [EMAIL PROTECTED] Although I use all Lucent PM3's in that location. It doesnt seem to be affecting service in any way Thanks, Chris. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Can Handler.pm be modified to catch the Calling-Station-Id?
Hello, Is the variable that carries the Calling-Station-Id passed to the Handler.pm or can it easily be? I would like to use it for a small change I am making in a script I am running. TIA Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Can Handler.pm be modified to catch the Calling-Station-Id?
What I have done is modified Handler.pm as shown by the diff output below.
The gist of it is the line
system /usr/local/bin/badboy.email, $user, $submitted_pw;
I would just like to be able to pass the calling-station-id to this script
along with the username and password, as the users attempt to login.
Thanks,
Chris
*** Handler.pm.31 Fri Jun 28 12:38:00 2002
--- Handler.pm Mon Jul 1 12:41:00 2002
***
*** 578,587
my $time = time;
my $ctime = localtime($time);
my $r = $result ? 'PASS' : 'FAIL';
Radius::Util::append
($filename,
! $ctime:$time:$user:$submitted_pw:correct_pw:$r\n)
|| $self-log($main::LOG_ERR, Could not append password log file
'$filename': $!, $p);
}
}
--- 578,598
my $time = time;
my $ctime = localtime($time);
my $r = $result ? 'PASS' : 'FAIL';
+ if ($r eq 'FAIL')
+ {
Radius::Util::append
($filename,
! $ctime:$time:$user:$submitted_pw:$r\n)
|| $self-log($main::LOG_ERR, Could not append password log file
'$filename': $!, $p);
+ system /usr/local/bin/badboy.email, $user, $submitted_pw;
+ }
+ else
+ {
+ Radius::Util::append
+ ($filename,
+ $ctime:$time:$user:CORRECT!:$r\n)
+ || $self-log($main::LOG_ERR, Could not append password log file
'$filename': $!, $p);
+ }
}
}
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: chris [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, July 01, 2002 5:06 PM
Subject: Re: (RADIATOR) Can Handler.pm be modified to catch the
Calling-Station-Id?
Hello Chris -
You have access to all the attributes in the radius request.
If you are talking about a hook, there are some example hooks in the file
goodies/hooks.txt in the Radiator distribution.
regards
Hugh
On Tue, 2 Jul 2002 09:41, chris wrote:
Hello,
Is the variable that carries the Calling-Station-Id passed to the
Handler.pm or can it easily be?
I would like to use it for a small change I am making in a script I am
running.
TIA
Chris
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) qwest and stop packets
I've started seeing this too, extremely intermittently (though not from Qwest). I'd be interested in knowing how people clean RADIUS accounting logs to remove stuff like this to avoid coloring results. Sure, we'd want to find and fix the problem if possible as to why those are getting in there, but it seems like preemptively trying to be defensive and detecting or cleaning those out of the ACCOUNTING table would be a good idea and a best practice. As in, what do you do, some kind of DISTINCT statement in your accounting queries to select a bunch of records and INSERT them into a new scratch table, then DELETE all the original records and move the records from the scratch table back into the regular table? In other words, how would you go about doing this maintenance of cleaning the table to remove the spurious entries? Chris At 09:57 AM 5/20/2002 -0700, you wrote: Hello, I've got a radiator (2.19) running on a linux box with about 20 proxy realms. When one of our proxy users disconnects, Qwests seems to send about 6 Stop packets all at once. It's almost round-robin, except that radiator notes that all the packets arrive within a second or two. Radiator logs each of these packets in sequence and as a result our proxy users appear to have been online anywhere from 2 to 6 more than they really have. What I'm trying to figure out is, is radiator doing what it's supposed to do (ie. forwarding every stop packet it gets even if 6 in a row are for the same session id)? Or more specifically, is the problem with qwest's borked nas's sending 6 stop packets at once? I can send trace4 log exerpts as well as sql logs if you want. Thanks for your help. -Peter -- Peter Moody Systems Administrator [EMAIL PROTECTED] :wq === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ascend-Data-Filter...
This works: Realm unlimitedDUP RewriteUsername s/^([^@]+).*/$1/ AuthBy FILE Filename /etc/raddb/users.unlimited.dup DefaultReply Service-Type=Framed-User,\ Framed-Protocol=PPP,\ Framed-IP-Address=255.255.255.254,\ Framed-IP-Netmask=255.255.255.255,\ Ascend-Data-Filter=ip in forward tcp est,\ Ascend-DataFilter=ip in forward dstip 216.127.146.0/24,\ Ascend-DataFilter=ip in forward dstip 63.80.49.5,\ Ascend-DataFilter=ip in forward dstip 65.89.75.10,\ Ascend-Data-Filter=ip in drop tcp dstport = 25,\ Ascend-Data-Filter=ip in forward /AuthBy AcctLogFileName %L/%N.dup/detail /Realm ...but the following didn't: Realm unlimitedDUP RewriteUsername s/^([^@]+).*/$1/ AuthBy FILE Filename /etc/raddb/users.unlimited.dup DefaultReply Service-Type=Framed-User,\ Framed-Protocol=PPP,\ Framed-IP-Address=255.255.255.254,\ Framed-IP-Netmask=255.255.255.255 AddToReply Ascend-Data-Filter=ip in forward tcp est,\ Ascend-DataFilter=ip in forward dstip 216.127.146.0/24,\ Ascend-DataFilter=ip in forward dstip 63.80.49.5,\ Ascend-DataFilter=ip in forward dstip 65.89.75.10,\ Ascend-Data-Filter=ip in drop tcp dstport = 25,\ Ascend-Data-Filter=ip in forward /AuthBy AcctLogFileName %L/%N.dup/detail /Realm Thanks again. Chris Craft, Postmaster/NOC Meister SpringSips.com On Wednesday 01 May 2002 02:46, Hugh Irvine wrote: Hello Chris - Could you send me a copy of what works and what doesn't so I can check it? thanks Hugh (who also loves Radiator) Uh oh... first day on the list, and already I'm doing the answering my own post faux-pas! For some reason, nothing in my AddToReply directives is being added. When I added the stuff under AddToReply to the DefaultReply directive, all was good in the world. Go figure. Thanks for being there. (I just love Radiator! :) Chris Craft, Postmaster/NOC Meister SpringSips.com CHOP === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin question
I am trying to figure out how to create my own database entries so I can create some custom columns (in a table analogous to SUBSCRIBERS in Radiator) so I can add special authentication features. I am a little confused by how I would go about adding columns to the SUBSCRIBERS table (or whatever Radmin has) with MySQL. I am used to creating a .sql script that I feed to mysql like: mysql -u mysqluser -p TheScript.sql Anyway, anyone have any hints on how I extend the column definition of the SQL database that Radmin uses to add my own goofy features? What I'd like to do is figure out a way to figure out what client the request is coming from and then check the new column to see if their request is coming from an allowed client based on the values in the column. So, in effect, checking Client IP against a range of allowed values stored in the SUBSCRIBERS table of the database to see if this user is allowed to come in from this list of client IPs. Thanks, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) How to run two instances of Radiator
I have been reading the manual and of course working with Radiator for awhile. I've been pretty happy with my config for the most part and haven't had the urge to change much. I guess now I have the urge. What I'd like to do is create two instances of Radiator, one that monitors the accounting port and one that monitors the authentication port. I'm trying to figure out how to split the config file into two config files and run two instances of Radiator, one on 1645 and one on 1646. It seems like I'd want to split it up along these lines: Auth Instance Clients- definitions of clients and their secrets AuthBy SQL - authentication against SQL database SessionDatabase Acct Instance AuthBy SQL - accounting into SQL database SessionDatabase In other words, the SessionDatabase I believe needs to be referenced by both authentication and accounting instances, but the AuthBy SQL clauses for accounting and authentication would be split among the two instances. Can anyone think of anything else I'd need to do? The motivation for splitting these isn't really just availability. I've noticed that in a single instance run of Radiator, that when people in billing do large queries of the accounting data it hangs the authentication process. When I turned on Trace 4 and tail -f'ed the raw Radiator log I noticed that while a large accounting query is running authentications would continually time out. This seemed very weird to me, so I was also wondering if anyone could think of a reason why MySQL would appear to be hanging this way? It seems like the queries to the database would be pipelined, but I'm no expert on MySQL internals. Would this behavior go away if I chose a different database? Thanks for the tips, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Outgoing traffic IP on multi-homed host
At 09:01 PM 3/18/2002 -0500, you wrote: On Mon, 18 Mar 2002, Hugh Irvine wrote: Does anyone know of a way to get Radiator to respond back on the IP something came in on on a multihomed host, without apparently running a separate copy of radiator bound to each IP address? Or am I just stupid and missing something simple? =) This is with Radiator 2.19 on RH Linux 7.2. You are correct when you say the only way to do this is by running separate instances of Radiator on different IP addresses (and possibly different port numbers as well). The source IP address used for the reply packet is usually determined by the operating system, rather than Radiator. I don't know how the radius protocol might be affected by this, but there are tricks you can utilize on a Linux system with multiple IPs to cause outgoing packets to have the source address of your choice. Suppose you have a system with eth0 10.0.0.10 and a number of IP aliases on eth0:XX, and a default gw of 10.0.0.1 i.e. ifconfig eth0 10.0.0.10 ... ifconfig eth0:0 10.0.0.2 ... ifconfig eth0:1 10.0.0.3 ... route add default gw 10.0.0.1 If you want to talk to 10.2.0.1 as 10.0.0.2 and talk to 10.3.0.1 as 10.0.0.3, do the following: route add -host 10.2.0.1 gw 10.0.0.1 dev eth0:0 route add -host 10.3.0.1 gw 10.0.0.1 dev eth0:1 Packets leaving the system will use the source address of the interface (or alias interface) you specify in the dev portion of the route. -- -- Jon Lewis *[EMAIL PROTECTED]* Those are cool tricks. One thing you can do on the other end (with many NASes like the Ciscos) is use an alias command in the radius config, so the NAS will accept packets from multiple IPs. Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Fwd: no subject
Helo Emad: Check the logs (turn on tracing message with Trace 4) Read the manual Read the archives for similar configs Check out the goodies/ directory for sample configs There has to be a lot more detail here and evidence that you've RTFM'ed before anyone will be much help. If someone is installing this and has a lot of familiarity with Perl that will help. Chris From: Mike McCauley [EMAIL PROTECTED] Organization: Open System Consultants Date: Wed, 6 Mar 2002 09:49:33 +1100 To: [EMAIL PROTECTED] Subject: (RADIATOR) Fwd: no subject -- Forwarded Message -- Subject: Date: Wed, 6 Mar 2002 01:37:01 +0300 From: Emad Gamea [EMAIL PROTECTED] To: Owner-Radiator [EMAIL PROTECTED] Dear All I am trying since 2 weeks back to configure our installed radiator with guest account and assign Access-list in the router to this account without any luck can any one advice Best Regards --- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthRADIUS (non)forking problem
From what I have seen with my own (meager) experiments with Perl threading, it appears to behave radically different on different OSes, presumably because every OS treats threading differently. This may be the reason for the non-production-quality aspect. Chris From: Hugh Irvine [EMAIL PROTECTED] Organization: Open System Consultants Reply-To: [EMAIL PROTECTED] Date: Thu, 28 Feb 2002 11:17:15 +1100 To: Damir Dzeko [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthRADIUS (non)forking problem Hello Damir - Mike and I have discussed this issue at length over a long period of time, and indeed the topic has also been discussed on the mailing list several times as well. Basically, it is our intention to extend Radiator to use multi-threading so that each request runs in a separate thread, which we feel is the best approach for dealing with all these sorts of problems (not just with AuthBy RADIUS clauses). The only reason that this has not been done yet is due to the fact that although there is experimental support for multi-threading in Perl now, it is specifically stated that it is not to be considered production-quality code. This being the case, we have opted to wait until there is a solid multi-threading release of Perl first before spending more time on it. regards Hugh On Wed, 27 Feb 2002 19:55, Damir Dzeko wrote: Hugh Irvine [EMAIL PROTECTED] writes: Hello Damir - As always, many thanks for your very valuable contributions. Mike will apply the fixes for the next release. My coleagues I are discussing an interesting idea. Would it be possible to handle slow AuthRADIUS proxy requests in a single process (forked out of main radiusd)? That process would have a communication line with main radius daemon through some socket (or whatever) and handle all slow requests in one big select loop (instead of forking an extra process to do the job for less then a few packets). That would make more efficient use of system resources. -d -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Enforcing Proxied Framed-Route
How would you enforce IP addresses assigned via Proxy? In other words, if I proxy someone's realm over to their RADIUS server (which is some other brand of radius software) and trust them to assign the right subnet, that's *OK* but not great. Is there a way to enforce or limit addresses that are assigned by the proxy? Not just single IPs but subnets too...? Thanks Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco NAS boxen trouble
I was having trouble getting Framed-IP-Address to update in the Session database and couldn't figure out why. I got the following response from Cisco and thought I'd post it in case it helps anyone else. Chris - I see that you are having difficulty with the aaa accounting on PPP connections. The problem you describe is the result of ther router sending the accounting START record BEFORE the IPCP negotiation is complete. There are two ways to change this. The recommended way is to tell the router to send accounting UPDATEs when there is new information. This will accomplish what you are after -- getting the Framed-IP-Address sent to the Radius server. This is accomplished through this global configuration mode: aaa accounting update newinfo If, however, your accounting software cannot deal with START, UPDATE, and STOP records, there is another option, though it is officially not supported: aaa accounting delay-start Either of these should accomplish what you are after === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Packet of Disconnect problem.
Folks, I know this maybe a vendor problem, but I thought I'd try here first to see if anyone else has had this problem. Basically when sending a POD to our Cisco AS5300 I'm getting an illegal authenticator message. I thought this meant the secret was wrong on one end, but no, they are the same. Is there something I'm missing? prompt% radpwtst -s NASADDRESS -noacct -auth_port 1700 -acct_port 1700 -noauth -secret x -code Disconnect-Request User-Name=cchris Framed-IP-Address=172.22.5.34 Acct-Session-Id=0002 Cisco AS5300: 1w0d: POD: 130.102.x.x request queued 1w0d: POD: Illegal authenticator in POD from 130.102.x.x 1w0d: POD: 130.102.x.x user cchris 172.22.5.34 sessid 0x2 key 0x0 DROPPED 1w0d: POD: Sending NAK to 130.102.x.x/61186 TIA, Chris -- +Chris Myers ~ [EMAIL PROTECTED] . Information Technology Services - Software Infrastructure . Ph: +61 7 3365 4017 - Mobile: 0413-009-482 - Room: 42-412 . The Prentice Building - The University of Queensland 4072 + PGP Public key available @ http://www.uq.edu.au/~uqcmyers === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
FW: (RADIATOR) HydraRADIUS
Check out foundry networks, they make a nice product to do this. http://www.foundrynetworks.com/ -Original Message- From: Mike McCauley [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 18, 2001 3:18 PM To: [EMAIL PROTECTED] Subject: Re: (RADIATOR) HydraRADIUS -- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [David M. Lloyd [EMAIL PROTECTED]] Date: Fri, 16 Nov 2001 07:40:08 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Fri Nov 16 07:40:08 2001 Received: from lowblow.svc.tds.net (lowblow.svc.tds.net [204.246.1.39]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id fAGDe8300652 for [EMAIL PROTECTED]; Fri, 16 Nov 2001 07:40:08 -0600 Received: from homebody.freemm.org ([216.170.141.248]) by lowblow.svc.tds.net with ESMTP id [EMAIL PROTECTED]; Fri, 16 Nov 2001 09:21:39 -0600 Date: Fri, 16 Nov 2001 09:29:21 -0600 (CST) From: David M. Lloyd [EMAIL PROTECTED] X-X-Sender: [EMAIL PROTECTED] To: Ricardo D. Albano [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) HydraRADIUS In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Thu, 15 Nov 2001, Ricardo D. Albano wrote: Any know HydraRADIUS ? I'm searching for a radius load balancer (I have 20 radiators), I read about HydraRADIUS in the Radiator Manual, but I can't contact with this company. The web page (http://www.hydraweb.com/products/hydraradius/index.asp) is down (and the DNS too)... :( HydraWeb is the company that made those things. We got a couple of them right before HydraWeb went out of business... what a nightmare. They were the worst pieces of hardware I've ever had the displeasure of dealing with. Not only that, but people we were trying to contact kept getting laid off. The only reason we got our money back is because one of my coworkers finagled the cellphone number of the VP out of someone. If you want a good loadbalancing appliance, look at F5's BigIP product. That's what most of the big ISPs use. It costs about the same as the Hydras did, but it actually *works*. I would recommend to Hugh/Mike/etc that you drop reference to Hydra since they don't seem to exist anymore. - D [EMAIL PROTECTED] --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: Fwd: RE: (RADIATOR) Connect to MS SQL Server 2000 from Linux
A good solution for this is the Merant drivers (Which allow a direct ODBC
connection from most Unixes to Microsoft SQL Server 2000).
We are running all our radius servers on Linux with this driver directly
connected to SQL server with no problems.
Keep in mind, the drivers are not free (Except JDBC).
-Original Message-
From: Mike McCauley [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 09, 2001 6:03 PM
To: Le Anh Tuan
Cc: [EMAIL PROTECTED]
Subject: Re: Fwd: RE: (RADIATOR) Connect to MS SQL Server 2000 from
Linux
Hello,
after some investigation, I have confirmed that DBD-Sybase and the Syabase
client libraries do not interoperate with MS-SQL 2000. Microsoft have
abandoned Sybase compatibility in MS-SQL. Therfore, the only way I know
right
now to get to MS-SQL 2000 from Unix is via DBD-Proxy.
Thanks for raising this with us.
Cheers.
On Thu, 8 Nov 2001 20:02, you wrote:
Hi Mike and Hugh,
What I mentioned here is MS SQL version 2000 (8.0), not 7.0
Le Anh Tuan
RD Department
Netnam Corporation
Institute of Information Technology
Email: [EMAIL PROTECTED]
-Original Message-
From: Mike McCauley [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 08, 2001 3:49 PM
To: Le.Anh.Tuan
Cc: [EMAIL PROTECTED]
Subject: Re: Fwd: RE: (RADIATOR) Connect to MS SQL Server
2000 from Linux
Hello,
On Wed, 7 Nov 2001 23:04, Hugh Irvine wrote:
Hugh
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id
fA71Fn331202
for [EMAIL PROTECTED]; Tue, 6 Nov 2001 19:15:50 -0600
From: Le Anh Tuan [EMAIL PROTECTED]
To: 'Hugh Irvine' [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Connect to MS SQL Server 2000 from Linux
Date: Wed, 7 Nov 2001 10:00:01 +0700
X-Priority: 3 (Normal)
Importance: Normal
Hi Hugh,
I'm using Sybase-OpenClient 11.1.1-3, DBD-Sybase 0.93 on
RedHat 7.1.
My interfaces file like this:
radius
master tcp ether 203.160.0.11 1433
query tcp ether 203.160.0.11 1433
In which: 203.160.0.11 is my database server running MSSQL
2000 on W2K
Advance.
Then I tried to connect to MSSQL with my test script :
use DBI;
$dbh=DBI-connect(dbi:Sybase:server=radius,myacct,mypass);
$sth=$dbh-prepare(select username from users);
$sth-execute();
while (@row=$sth-fetchrow_array)
{
print @row\n;
}
But script failed and generated a error:
DBI-connect(server=radius) failed: OpenClient
message: LAYER = (5)
ORIGIN = (3) SEVERITY = (5) NUMBER = (6)
Message String: ct_connect(): network packet layer:
internal net library
error: Net-Library operation terminated due to disconnect
I looked add SQL error log and see it said that:
Connection opened but
invalid login packet(s) sent. Connection closed.
I searched on Microsoft website and found this bug on article
http://support.microsoft.com/support/kb/articles/q239/8/83.as
p, I quote
some of their saying:
Therefore, a change has been introduced in SQL 7.0 that
allows SYBASE
TDS 5.0 clients to connect. However, this does not mean the
configuration is officially supported by Microsoft. TDS
4.2 is the only
level of compatibility that is supported for SYBASE TDS
based clients.
TDS 5.0 is a SYBASE specification and it is not supported
by Microsoft.
NOTE: Microsoft will not include these changes in future
versions of
Microsoft SQL Server. These changes will remain during the
lifetime of
the SQL 7.0 product, including service packs. Limited
testing has been
performed by Microsoft regarding the functionality of
SYBASE TDS 5.0
clients with this change. Only basic connectivity is ensured.
That's why I suggest that Microsoft does not support
Sybase client and
TDS liked softwares such as FreeTDS with SQL 2000. If you
can do that,
please let me know how? And I think many people on this
list will have
the same problem like me.
We have tested MS-SQL 7.0 with DBD-Sybase and it works fine,
but you _must_
have the latest MS-SQL service pack installed (I think it was
MS-SQL SP2 that
fixed Sybase conpatibility, but check the MS web site). It
sounds very much
like you dont have that SP installed.
Cheers.
Thank you very much.
Le Anh Tuan
RD Department
Netnam Corporation
Institute of Information Technology
Email: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine
Sent: Tuesday, November 06, 2001 4:40 PM
To: Le Anh Tuan; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Connect to MS SQL Server 2000 from Linux
Hello Le Anh Tuan -
At 11:59 +0700 01/11/6, Le Anh Tuan wrote:
Hi All,
Does anyone successfully connect to MS SQL Server 2000
from RedHat
(RADIATOR) Multiple IP address binds
Hi all, Can a single instance of radiator bind to more than one IP address? I.e. more than one interface? Cheers, Chris -- +Chris Myers ~ [EMAIL PROTECTED] . Information Technology Services - Software Infrastructure . Ph: +61 7 3365 4017 - Mobile: 0413-009-482 - Room: 42-412 . The Prentice Building - The University of Queensland 4072 + PGP Public key available @ http://www.uq.edu.au/~uqcmyers === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) and core files
Apparently (?) Radiator 2.18.2 is dumping its core. Anyone know how to inspect the core to see what exception occurred? Chris -rw---1 root root 28639232 Jul 19 20:51 core === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Log Syslog not working on HPUX 11i =/
Hi Hugh,
It's good to hear from you.
I'm on Linux RH 7.1.
The problem I am having with logging is that I had a known good config on
one machine and (you may remember all the problems I was having) I decided
to create a brand new box that was Redhat 7.1 and run Radiator on that.
The only new feature I added was taking the text of the clients out and
putting it in a SQL database RADCLIENTLIST. All other features stayed the
same in Radiator the way I was using it.
But when I switched to the new box, and started Radiator, Trace 4 messages
would appear in the log when I started Radiator but then would quit after
the RADCLIENTLIST was built (I'd see the messages from the SQL query and
then no more Trace 4 stuff appears in the raw logs).
The Syslog stuff I can't get to work but I don't think that is related to
the Trace 4 stuff quitting sometime after Radiator is started.
I'm not really sure what to look at. There is a lot of fire and brimstone
coming down around me at the moment but I'd be happy to try looking at some
things.
Chris
From: Hugh Irvine [EMAIL PROTECTED]
Organization: Open System Consultants
Reply-To: [EMAIL PROTECTED]
Date: Fri, 13 Jul 2001 16:31:09 +1000
To: Jon Nistor [EMAIL PROTECTED], Chris M [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Log Syslog not working on HPUX 11i =/
Hello John, Hello Chris -
What platform are you running on? Note that some syslog systems need to be
run with the -r flag.
From http://www.open.com.au/radiator/faq.html#66:
Recent versions of Linux syslogd do not by default listen to the UDP port
that the Perl Sys::Syslog module uses. In order to let Radiator and other
Perl sysloggers work, you need to restart syslogd with the -r flag.
Check the documentation for syslogd on your system.
hth
Hugh
On Friday 13 July 2001 07:59, Jon Nistor wrote:
[nistor@outpost2] /opt/radiator/bin: ./radiusd -v
This is Radiator 2.18 on outpost2
Copyright Open System Consultants
http://www.open.com.au/radiator
On Thu, 12 Jul 2001, Chris M wrote:
:::Is this 2.18.2? If so, I think I am having the same or similar issues.
:::
:::Chris
:::
::: From: Jon Nistor [EMAIL PROTECTED]
::: Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
::: To: [EMAIL PROTECTED]
::: Subject: (RADIATOR) Log Syslog not working on HPUX 11i =/
:::
::: Hey all,
:::
::: I've checked through the mail archives, and tried everything listed,
::: but I still can't get syslog to work for the life of me =/
:::
::: This is whats in the config:
::: Log SYSLOG
::: FacilityINFO
::: Trace 4
::: /Log
:::
::: I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a
::: syslog.ph file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
:::
::: Nothing comes through on syslog, when I test it out using Sys::Syslog,
:::
::: start
::: #!/opt/perl5/bin/perl
::: use Sys::Syslog;
::: openlog($ident,$logopt,$facility);
::: syslog('info', 'this is another test');
::: syslog('mail', 'this is a better test: %d', time);
::: closelog();
::: syslog('debug', 'this is the last test');
:::
::: end
:::
::: All that works fine .. Anyone have any insight? =/
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Log Syslog not working on HPUX 11i =/
Is this 2.18.2? If so, I think I am having the same or similar issues.
Chris
From: Jon Nistor [EMAIL PROTECTED]
Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Log Syslog not working on HPUX 11i =/
Hey all,
I've checked through the mail archives, and tried everything listed, but I
still can't get syslog to work for the life of me =/
This is whats in the config:
Log SYSLOG
FacilityINFO
Trace 4
/Log
I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a syslog.ph
file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
Nothing comes through on syslog, when I test it out using Sys::Syslog,
start
#!/opt/perl5/bin/perl
use Sys::Syslog;
openlog($ident,$logopt,$facility);
syslog('info', 'this is another test');
syslog('mail', 'this is a better test: %d', time);
closelog();
syslog('debug', 'this is the last test');
end
All that works fine .. Anyone have any insight? =/
--
..+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.!
Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada.
Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED]
cell. (416) 294-7780 Internet Services Group
..EOF
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) SQL Server 2000
Yes, it does. Try the driver at www.merant.com (This driver is not free, but its not a proxy driver like most others either) -Original Message- From: Daud Yusof [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 7:01 AM To: Radiator Subject: (RADIATOR) SQL Server 2000 Hi there, I know that radiator works with MSSQL Server 7 but what about SQL Server 2000 ? Has anybody tried this config ? No reason it should not, right ? Thanks === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Linux and 2.18.2
I'm running Radiator on a new (meaning clean RedHat 7.1 install) box and have some annoying things happening. When Radiator starts it logs a few messages to the Trace 4 log,.then stops! It just quits logging to the %d log file. I went to the Download page and didn't see any new patches there (although it alludes to some, all I can seem to download is the 2.18.2 distribution). The log portion of the config looks like this right now: # Set this to the directory where your logfile and details file are to go LogDir /home/radius/raw LogFile /home/radius/raw/%d-radius.log #Log SYSLOG # Facility radius #/Log Trace 4 Log SQL DBSource dbi:mysql:raddude DBUsername mysql DBAuth yeah yeah some password Trace 3 /Log Chris --- what is in the raw log file, just some stuff from the startup then it quits # more 08-radius.log Sun Jul 8 22:19:47 2001: DEBUG: Adding Clients from SQL database Sun Jul 8 22:19:47 2001: DEBUG: Query is: select NASIDENTIFIER, SECRET, IGNOREACCTSIGNATURE, DUPINTERVAL, DEFAULTREALM, NASTYPE, SNMPCOMMUNITY, LIVINGSTONOFFS, LIVINGSTONHOLE, FRAMEDGROUPBASEADDRESS, FRAMEDGROUPMAXPORTSPERCLASSC, REWRITEUSERNAME, NOIGNOREDUPLICATES, PREHANDLERHOOK from RADCLIENTLIST Sun Jul 8 22:19:48 2001: DEBUG: Reading group file /etc/group Sun Jul 8 22:19:55 2001: DEBUG: Adding Clients from SQL database Sun Jul 8 22:19:55 2001: DEBUG: Query is: select NASIDENTIFIER, SECRET, IGNOREACCTSIGNATURE, DUPINTERVAL, DEFAULTREALM, NASTYPE, SNMPCOMMUNITY, LIVINGSTONOFFS, LIVINGSTONHOLE, FRAMEDGROUPBASEADDRESS, FRAMEDGROUPMAXPORTSPERCLASSC, REWRITEUSERNAME, NOIGNOREDUPLICATES, PREHANDLERHOOK from RADCLIENTLIST Sun Jul 8 22:19:56 2001: DEBUG: Reading group file /etc/group Sun Jul 8 22:20:00 2001: DEBUG: Adding Clients from SQL database Sun Jul 8 22:20:00 2001: DEBUG: Query is: select NASIDENTIFIER, SECRET, IGNOREACCTSIGNATURE, DUPINTERVAL, DEFAULTREALM, NASTYPE, SNMPCOMMUNITY, LIVINGSTONOFFS, LIVINGSTONHOLE, FRAMEDGROUPBASEADDRESS, FRAMEDGROUPMAXPORTSPERCLASSC, REWRITEUSERNAME, NOIGNOREDUPLICATES, PREHANDLERHOOK from RADCLIENTLIST Sun Jul 8 22:20:01 2001: DEBUG: Reading group file /etc/group === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple SessionDatabases per Handler?
I assume that specifying multiple databases means that both would be written/updated at the appropriate times, and that you wouldn't have to figure out how to replicate them in any way Chris From: Hugh Irvine [EMAIL PROTECTED] Date: Fri, 6 Jul 2001 19:34:20 +1000 To: Janet N del Mundo [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) Multiple SessionDatabases per Handler? Hello Janet - You can specify multiple database targets in a single SessionDatabase SQL. # define multiple databases SessionDatabase SQL Identifier DSL-SessionCheck DBSource .. DBSource .. .. /SessionDatabase hth Hugh At 15:24 +1000 01/7/6, Janet N del Mundo wrote: Hi, Is it possible to have more than one SessionDatabase (for SQL fallback purposes) within one Handler? If not, how do I go about handling my SessionDatabase SQL when the SQL cannot be reached? I tried to add a SessionDatabase NULL for a fallback from my SessionDatabase SQL, but I received error messages when I restarted Radiator. Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in radius_dsl.cfg line 394 Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in radius_dsl.cfg line 395 # Handle DSL users logging into the Shasta # Handler NAS-IP-Address = /xxx.xxx.xx.x|xxx.xxx.xx.x/ AuthBy GROUP AuthByPolicy ContinueWhileIgnore SessionDatabase DSL-SessionCheck SessionDatabase NULL /AuthBy AuthByPolicy ContinueWhileAccept AuthBy Check-DSL-Users AuthBy Check-SQL-DSLUSERS AuthBy DoAccounting /Handler Any suggestions or comments? Thanks, Janet -- _ Janet del Mundo Internet Administrator, Startec Global Communications 135 Chalan Santo Papa Agana, Guam 96910 Email: [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Feature Request
Im not sure how radiator internally works, but I was wondering if it would be possible to send a batch of all the current authentication requests waiting up to a database server (Using XML) and return a result set of there attributes. Something like this Auth Query : EXEC some_radius_authentication_procedure @UsersXML='xmlUsersUser Username=user1 Password=pass1 /User Username=user2 Password=pass2 //Users/xml' Response from database server would be a result set with info for all users it could find in @UsersXML, im not sure how many database servers support sending XML into a query like this, but Microsoft SQL Server 2000 does. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Dual accounting
I am running Radiator on BSDI4.1. I have the accounting logging to a file via AcctLogFileName in the cfg. We use a billmax billing system that needs this information sent to it, to be added to its db. Can I fork the accounting so thatitwill send the info to Billmax AND keep logging to my files? Thanks, Chris
Re: (RADIATOR) 128k isdn dialup
Hi, The original company name is Argonet/Argo interactive/VTI limites/Vertical Twist Interactive. It should be one of those but unfortunatley I cant lay my hands on the radiator licence atm so I cant be more definate about which one it is. Cheers, Chris Rockett, Systems Engineer. Freedom 2 Limited, http://www.freedom2.com On Tue, 19 Jun 2001, Hugh Irvine wrote: Hello Chris - As I can't find you in our customer database, could you please send me the name of the registered company that purchased this copy of Radiator? Please reply to me directly. regards Hugh At 11:38 AM + 6/19/01, Chris Rockett wrote: Hi, Im a bit of a newbie at radiator configuration. I have radiator running and authenticating correctly for 64k isdn but cant seem to get a bonded channel for 128k isdn. Using win2k the dialup works and auths but only works at 64k still, any ideas of where to look for information or what the possible cause could be? Many Thanks. Chris Rockett. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) 128k isdn dialup
= 0 Acct-Session-Id = 010619.105231.010789 Acc-Dial-Port-Index = 203 Connect-Info = 64000 Acc-Connect-Tx-Speed = 64000 Acc-Connect-Rx-Speed = 64000 Acct-Multi-Session-Id = 010619.105136.010787 Acct-Link-Count = 3 Acct-Authentic = RADIUS Acc-Service-Profile = tigris Acct-Session-Time = 361 Acct-Input-Octets = 29716 Acct-Output-Octets = 536 Acct-Input-Packets = 483 Acct-Output-Packets = 41 Acc-Input-Errors = 0 Acc-Output-Errors = 0 Acct-Termination-Cause = User-Request Acc-Reason-Code = Requested-By-User Framed-IP-Address = 213.161.67.223 Idle-Timeout = 300 Framed-MTU = 1500 Timestamp = 992944065 Tue Jun 19 10:47:46 2001 User-Name = testuser NAS-Port = 6 NAS-Port-Type = ISDN-Synchronous Acc-Request-Type = User-Accounting Service-Type = Framed Framed-Protocol = PPP Called-Station-Id = 179700 Calling-Station-Id = 1243776030 NAS-Identifier = 08:00:03:04:06:BC Acct-Status-Type = Stop Acct-Delay-Time = 0 Acct-Session-Id = 010619.105137.010788 Acc-Dial-Port-Index = 204 Connect-Info = 64000 Acc-Connect-Tx-Speed = 64000 Acc-Connect-Rx-Speed = 64000 Acct-Multi-Session-Id = 010619.105136.010787 Acct-Link-Count = 3 Acct-Authentic = RADIUS Acc-Service-Profile = tigris Acct-Session-Time = 415 Acct-Input-Octets = 35198 Acct-Output-Octets = 1304878 Acct-Input-Packets = 560 Acct-Output-Packets = 1031 Acc-Input-Errors = 0 Acc-Output-Errors = 0 Acct-Termination-Cause = User-Request Acc-Reason-Code = Requested-By-User Framed-IP-Address = 213.161.67.223 Idle-Timeout = 300 Framed-MTU = 1500 Timestamp = 992944066 The ISDN TA is a BT speedway which is a rebadged AVM berliner USB TA. AFAIK the adaptor itself has MPPP capabilities under standard win98/2k os . Many thanks for your help in all this. Cheers, Chris Rockett, Systems Engineer. Freedom 2 Limited, http://www.freedom2.com On Tue, 19 Jun 2001, Hugh Irvine wrote: Hello Chris - Thanks for the information. I am not sure whether the problem is with the PC, the NAS, or with Radiator. I can help you with the Radiator part if you send me a copy of the Radiator configuration file (no secrets) together with a trace 4 debug from Radiator showing what happens with the first channel as well as the second channel. For the PC and the NAS, you will have to check with the vendor of the ISDN card (ie. does it support MPPP? and if so how?). cheers Hugh At 12:27 PM + 6/19/01, Chris Rockett wrote: Hi, The original company name is Argonet/Argo interactive/VTI limites/Vertical Twist Interactive. It should be one of those but unfortunatley I cant lay my hands on the radiator licence atm so I cant be more definate about which one it is. Cheers, Chris Rockett, Systems Engineer. Freedom 2 Limited, http://www.freedom2.com On Tue, 19 Jun 2001, Hugh Irvine wrote: Hello Chris - As I can't find you in our customer database, could you please send me the name of the registered company that purchased this copy of Radiator? Please reply to me directly. regards Hugh At 11:38 AM + 6/19/01, Chris Rockett wrote: Hi, Im a bit of a newbie at radiator configuration. I have radiator running and authenticating correctly for 64k isdn but cant seem to get a bonded channel for 128k isdn. Using win2k the dialup works and auths but only works at 64k still, any ideas of where to look for information or what the possible cause could be? Many Thanks. Chris Rockett. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radius process dying
Hello everyone, are there any known issues with the latest release of radiator dying for any reason? We have ran radiator fine for months at a time in the past and now after only 13 days of uptime the radius daemon died? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator quits reading the config file
Here is the top of a config file:
#
# radius.cfg
#
# these are the variables for the database server names
# refer to them like %{GlobalVar:database1}
DefineGlobalVar database1 hostname1.mydomain.com
DefineGlobalVar database2 hostname2.mydomain.com
# Set this to the directory where your logfile and details file are to go
LogDir /home/radius/raw
LogFile %L/%d-radius.log
#Log SYSLOG
# Facility radius
#/Log
Trace 4
Log SQL
DBSource dbi:mysql:raddb
DBUsername mysql
DBAuth some_password
Trace 3
/Log
... more config file snipped
Following is the end of my perl debug session on Radiator. What's going on
is that it reads DBAuth, Trace 3 and then Radiator decides it has had enough
and calls close(CONFIG); but there are several hundred more lines in the
config file! What's going on?
Chris
DB33 s
Radius::Configurable::match_keyword(/usr/lib/perl5/5.6.0/Radius/Configurable
.pm:
211):
211:my $type = $ktable{$keyword} || return 0;
DB33 p $keyword
DBUsername
DB34 s
Radius::ServerConfig::keyword(/usr/lib/perl5/5.6.0/Radius/ServerConfig.pm:18
8):
188:if ($keyword eq 'DefineGlobalVar')
189:{
DB34 n
Radius::ServerConfig::keyword(/usr/lib/perl5/5.6.0/Radius/ServerConfig.pm:19
6):
196:return $self-SUPER::keyword($file, $keyword, $value);
DB34 p $file
*main::CONFIG
DB35 p $keyword
DBUsername
DB36 p $value
mysql
DB37 s
Radius::Configurable::keyword(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:18
1):
181:my ($self, $file, $keyword, $value) = @_;
DB37 s
Radius::Configurable::keyword(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:18
3):
183:if (lc $keyword eq 'include')
184:{
DB37 n
Radius::Configurable::keyword(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:19
7):
197:return $self-match_keyword($keyword, $value,
198:'Identifier' = 'string',
199:'Description' = 'string');
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:150)
:
150:main::log($main::LOG_ERR, Unknown keyword '$1' in
$fil
ename line $.);
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:158)
:
158:$line = '';
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:78):
78: while (FILE)
79: {
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:81):
81: chomp;
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:83):
83: s/^\s*//;
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:84):
84: s/\s*$//;
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:87):
87: next if $_ eq '' || /^#/;
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:89):
89: $line .= $_;
DB37 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:90):
90: next if ($line =~ s/\\$//); # Line continuation
DB37 p $line
DBAuth some_password
DB38 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:93):
93: last if ($line =~ /^\/([^]*)/);
DB38
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:95):
95: if ($line =~ /^\s*(\S*)\s*(.*)/)
96: {
DB38
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:122)
:
122:my ($keyword, $value) = ($1, $2);
DB38 s
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:128)
:
128:if ($value =~ /^file:\(.*)\$/)
129:{
DB38 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:148)
:
148:if (!$self-keyword(*FILE, $keyword, $value))
149:{
DB38 p $keyword
DBAuth
DB39 p $value
some_password
DB40 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:150)
:
150:main::log($main::LOG_ERR, Unknown keyword '$1' in
$fil
ename line $.);
DB40 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:158)
:
158:$line = '';
DB40 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:78):
78: while (FILE)
79: {
DB40 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:81):
81: chomp;
DB40 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:83):
83: s/^\s*//;
DB40 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:84):
84: s/\s*$//;
DB40 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:87):
87: next if $_ eq '' || /^#/;
DB40 n
Radius::Configurable::parse(/usr/lib/perl5/5.6.0/Radius/Configurable.pm:81):
81: chomp
RE: (RADIATOR) AuthyByPolicy
Thanks for the good reply Hugh. Chris -Original Message- From: Hugh Irvine [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, May 16, 2001 2:59 PM To: Chris Cronje - MWeb; '[EMAIL PROTECTED]' Subject: Re: (RADIATOR) AuthyByPolicy Hello Chris - You cannot chain AuthBy RADIUS clauses like this, due to the way the AuthBy RADIUS clause operates - ie. it is asynchronous. There are two ways of dealing with this: first is use the CachePasswords option which will tell the clause to cache recent requests and responses and use the cached entry in case the proxy does not respond. Otherwise you can use a NoReplyHook (there is an example in the file goodies/hooks.txt). Probably a better approach in any case is to define multiple targets for the proxy and have Radiator fail over automatically. There are several such modules in Radiator 2.18.1 (RADIUS, ROUNDROBIN, VOLUMEBALANCE, LOADBALANCE). hth Hugh At 21:54 +0200 15/5/01, Chris Cronje - MWeb wrote: Hi There I was wondering if anyone has done this before ? I'm using Radiator to authenticate off another Radiator server, like a proxy. If the radius server fails, I want my proxy to mark the server dead for 10 minutes and then continue to the next Authby clause, which is AuthBy FILE. What happens in practise is that if my proxy receives a timeout, it retransmits once, marks the server dead for 10 minutes and then says: Tue May 15 21:53:41 2001: INFO: AuthRADIUS could not find a working host to forward to. Ignoring But, it never goes to the next AuthBy statement. Am I doing something wrong in my config here ? Realm DEFAULT AuthByPolicy ContinueUntilIgnore AuthBy RADIUS Host x.x.x.x Retries 1 RetryTimeout 3 FailureBackoffTime 600 Secret M@x$3$$!0n$ /AuthBy AuthBy FILE Filename users AcceptIfMissing /AuthBy /Realm === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthyByPolicy
Hi There I was wondering if anyone has done this before ? I'm using Radiator to authenticate off another Radiator server, like a proxy. If the radius server fails, I want my proxy to mark the server dead for 10 minutes and then continue to the next Authby clause, which is AuthBy FILE. What happens in practise is that if my proxy receives a timeout, it retransmits once, marks the server dead for 10 minutes and then says: Tue May 15 21:53:41 2001: INFO: AuthRADIUS could not find a working host to forward to. Ignoring But, it never goes to the next AuthBy statement. Am I doing something wrong in my config here ? Realm DEFAULT AuthByPolicy ContinueUntilIgnore AuthBy RADIUS Host x.x.x.x Retries 1 RetryTimeout 3 FailureBackoffTime 600 Secret M@x$3$$!0n$ /AuthBy AuthBy FILE Filename users AcceptIfMissing /AuthBy /Realm === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Database Failover
you can do this on the NAS itself. Mir Atir Right, except you can't do this with the session database, that one has to have high-availability if you need it for sim use checking, etc. Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Apache and Radiator
I'd be interested in hearing from anyone that implemented Radiator password-style access to pay-per-view or secure content on their Apache web server. Did you get it to work with just the stock mod_auth_radius.c file or did you have to write a bunch of other routines to get things going? The accountability and authorization features of Radius make this appealing, and the fact that htpasswd authentication isn't that reliable compared to RADIUS is another reason. Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SessionDatabase question
The only problem I forsee is, how do I make the SessionDatabase high-availability? In other words, is there a way to replicate the DB INSERTs and DELETEs so that auth or acct radiator processes talking to MySQL can have entries simultaneously made in SessionDatabases on two different machines? Since MySQL doesn't have any replication features built in, how do people accomplish this syncing? The simplest thing to do is just use a single SQL host, but use a high-availability multi-processor machine with hot-swap RAID disks. This is usually *much* easier to do than trying to replicate databases. hth Hugh I certainly agree and do this, however, there is always going to be the need to reboot the machine. Linux and other Unices still require reboots once a month. I just noticed that MySQL 3.23 has some kind of replication feature in it now, anyone used this that can give this a review? Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) ClientListSQL question
Is it possible to have multiple ClientListSQL tags in a config file? I'd like to maintain the client lists in separate tables for separate cities (it simplifies some SQL queries later). Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) ClientListSQL question
Cool, so...
Would this work to query 3 different clients tables in the database to
populate the client list?
ClientListSQL
DBSource %{GlobalVar:database2}
DBUsername username
DBAuth somepasswd
GetClientQuery NASIDENTIFIER,SECRET,NASTYPE,SNMPCOMMUNITY, \
LIVINGSTONOFFS,LIVINGSTONHOLE,DUPINTERVAL \
from LOCALCLIENTLIST,NEXTCLIENTLIST,MORECLIENTLIST
/ClientListSQL
Chris
From: Hugh Irvine [EMAIL PROTECTED]
Organization: Open System Consultants
Reply-To: [EMAIL PROTECTED]
Date: Mon, 19 Mar 2001 16:06:10 +1100
To: Chris M [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: (RADIATOR) ClientListSQL question
Hello Chris -
On Monday 19 March 2001 15:13, Chris M wrote:
Is it possible to have multiple ClientListSQL tags in a config file? I'd
like to maintain the client lists in separate tables for separate cities
(it simplifies some SQL queries later).
No. ClientListSQL is a global definition.
You can however specify whatever SQL query you need in the GetClientQuery
parameter, or you can call a stored procedure (if your database supports
them).
Alternatively, you could write a StartupHook to do whatever is needed, in
addition to the ClientListSQL clause.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) [RADIATOR] SessionDatabase question
Awright this is probably obvious but my brain is crystallized on this topic, I'm not getting anywhere anymore. I am trying to figure out how to: Create config files that separate auth and acct into different instances of Radiator. To do this it looks like I can create a radacct.cfg (1646) and a radauth.cfg (1645), giving the Auth config access to the SessionDatabase and the Auth database (both SQL), and having the Acct config access the Auth DB and SessionDatabase. The only problem I forsee is, how do I make the SessionDatabase high-availability? In other words, is there a way to replicate the DB INSERTs and DELETEs so that auth or acct radiator processes talking to MySQL can have entries simultaneously made in SessionDatabases on two different machines? Since MySQL doesn't have any replication features built in, how do people accomplish this syncing? Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Oracle on Sun or Linux?
Our radius servers running Linux MySQL / Linux Connecting to MSSQL have up to 300 days uptime, and would have more if it wasn't for a power outage before we had a generator. -Original Message- From: Jeremy Burton [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 07, 2001 5:00 AM To: Sudjiwo Husodo Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Oracle on Sun or Linux? Our situation is we are using Radiator running on a couple of Solaris/x86 machines, with Oracle running on the others. When set up correctly, with enough hardware thrown at it, I much prefer the reliability of Solairs - our db server has only crashed once in two years. It *averages* 120 days uptime, with most reboots being due to scheduled maintainence (or power failure). Our best effort with a Linux box in terms of stability on a loaded server before it started behaving badly was about an average of 60 days. However this was with older kernels - YMMV... Jeremy On Wed, Mar 07, 2001 at 05:09:46PM +0700, Sudjiwo Husodo wrote: Hi all !! We are moving our Radiator on mysql/linux to Oracle due to our billing systems that is developed on Oracle. We are debating whether to use Oracle/Linux or Oracle/Sun. Can anybody comment as to which platform is better for Radiator? We currently have 27 pops (35,000 subscribers) and considering to have a copy of the local pops subscribers on each pop using Oracle replication (and of course a local pop radiator). The needs is due to bw savings more than infrastructure stability in Indonesia. Currently with mysql/linux a centralized radiator works just fine. Can anybody comment on this approach? Regards, Sudjiwo === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Jeremy Burton Database Administrator, Netspace Online Systems [EMAIL PROTECTED] [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) multi-realm AuthBy question
Here is a snippet of my config. What I am doing is authenticating multiple realms, with an empty AuthSelect (since I am pulling passwords out of the shadow file, not the DB). What happens at Trace 4 is that for realm1.com it authenticates and stuffs them into the online SessionDatabase SQL (defined globally) as well as the accounting table. So realm1.com is cool. But realm2 users don't make it into the SessionDatabase or the accounting table. At Trace 4 I don't even see the INSERT statements happening. So I obviously have some kind of structural problem with the way I have arranged the realm blocks with the AuthBy clauases inside them in here. Can anyone give me a hint? Thanks, Chris Realm realm1.com # keep going through all AuthBy clauses AuthByPolicy ContinueAlways # strip realm, etc in here (missing for brevity) AuthBy SQL DefaultSimultaneousUse 1 # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSource dbi:mysql:radiator_db DBUsername mydbuser DBAuth BiteMe Timeout 60 FailureBackoffTime 600 AuthSelect AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef PORTTYPE,NAS-Port-Type AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASIP,NAS-IP-Address AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CONNECTINFO,Connect-Info AcctColumnDef CALLINGSTATION,Calling-Station-Id AcctColumnDef CALLEDSTATION,Called-Station-Id AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,integer AcctColumnDef ASCENDDISCONNECT,Ascend-Disconnect-Cause AcctColumnDef USERREALM,User-Realm AcctColumnDef LIVINGSTON,Livingston AcctColumnDef NASIDENTIFIER,NAS-Identifier /AuthBy AuthBy DBFILE Filename %D/users /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/detail /Realm Realm realm2.com # keep going through all AuthBy clauses AuthByPolicy ContinueAlways # strip realm, etc in here (missing for brevity) AuthBy SQL DefaultSimultaneousUse 1 # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSource dbi:mysql:radiator_db DBUsername mydbuser DBAuth BiteMe Timeout 60 FailureBackoffTime 600 AuthSelect AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef PORTTYPE,NAS-Port-Type AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASIP,NAS-IP-Address AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CONNECTINFO,Connect-Info AcctColumnDef CALLINGSTATION,Calling-Station-Id AcctColumnDef CALLEDSTATION,Called-Station-Id AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,integer AcctColumnDef ASCENDDISCONNECT,Ascend-Disconnect-Cause AcctColumnDef USERREALM,User-Realm AcctColumnDef LIVINGSTON,Livingston AcctColumnDef NASIDENTIFIER,NAS-Identifier /AuthBy AuthBy DBFILE Filename %D/users /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/detail /Realm === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED
(RADIATOR) SQL time used and allowed NAS boxen
I'm trying to figure out how to do a couple new things with Radiator that are well beyond what I've done before. One thing I'd like to do is a SQL query during the authentication process. What it would do is add up all the past time records to see if they have exceeded their monthly limit (100 hours or whatever). This would be in addition to all the normal simultaneous use checking, etc. I'd also like to detect that they attempted a login when they have exceeded their use, so that tech support can be alerted to this. So from the reading I've done, I believe that doing this in the PreProcessingHook is the best place, no? This would also allow me to write out a message to the log that could be detected, or perhaps I should instead do this in the PostAuthHook where I can munge the request to Access-Reject and also be able to have the database handle from AuthBy SQL available to write to the RADLOG messages log? In the same piece of code I'll want to query the database, knowing the Client-Id (the NAS box that they came from) and also decide whether they can log in. I'd appreciate any ideas on these things. Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Setting time blocks and account expirations
Yes, if your using SQL set the SessionTimeout to the amount of time they bought, and restrict the login limit to one. After that is done you can use a stored procedure to hook to decrement the SessionTimeout each time the user disconnects and you get the Account-Session-Stop packet. This would be easy to accomplish using MS SQL Server or Sybase ASE -Original Message- From: Wyness Casama [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 06, 2001 1:12 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Setting time blocks and account expirations Hi all, I've been working on a particular project for a couple of days now, but I haven't found the missing key that lets everything fit together... I am trying to accomplish a setup where users will buy a block of time (for instance 2 days (48 hours))... What I want to happen is that the user will be able to authenticate as many times as they want to the NAS/RADIUS system within that 48 hour period, but as soon as the specified 48 hours is over, the server will disconnect the user AND stop the user from authenticating again with the expired account. Any ideas? -- Wyness Casama === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Lost entries in RADONLINE table via SQL
You can use SNMP, or when you get too big for that to work I would suggest having your NOC delete from the RADONLINE table all entries for that NAS IP Address when you reboot a card. -Original Message- From: Sergio Gonzalez [mailto:[EMAIL PROTECTED]] Sent: Monday, January 29, 2001 11:20 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) Lost entries in RADONLINE table via SQL *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi, I got a little problem. Recently I had to reboot one of my Hiper DSP cards (3com chassis), but I couldn't hangup all the users that were online on that PRI. I (saddly) had to hard reset the DSP. The problem is that some of the entries on the RADONLINE table of my radiator doesn't fit the reality. For example, I lost some of the users that were online, and others just look to be online, but obviously they're not!. Now i have some users that can't log in because the DefaultSimultaneousUse 1 I use in muy radius.cfg file, and others (the worst part) can log in more than once! How can I make radiator to re-check the online users on my NASes, to make the RADONLINE table reflects the real online users? Thanks in advance!! /Sergio Sergio Gonzalez Director Operativo SkyNet de Colombia S.A. 57 (+1) 6422020 57 (+3) 2277871 57 (+3) 7285094 === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MD5 crypt()..
Hi folks, I'm a little unclear about encrypted passwords in a Radiator database. I would like to MD5 encrypt all our user passwords. I've been experimenting with Digest::MD5 and Crypt::PasswordMD5, and so far only Crypt::PasswordMD5 gives me what i see as a 'true' MD5 password. (The salt beginning with '$1$'). I'm a little confused as to the standards regarding the salt, and if Radiator will understand the MD5 hashed passwords i create. Am i going about the issue the wrong way? How can i store well-encrypted passwords in my database to be used for authentication? Thanks, Chris. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) [RADIATOR] won't start
I get this Any ideas? # /usr/bin/perl /etc/raddb/radiusd -config_file /etc/raddb/radius.cfg Out of memory! Callback called exit. END failed--call queue aborted at /etc/raddb/radiusd line 12. Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) [RADIATOR] MySQL Errors
DBD::mysql::db do failed: Duplicate entry '192.168.1.1-24' for key 1 at /usr/l ocal/lib/perl5/site_perl/5.6.0/Radius/SqlDb.pm line 230. Any ideas on what might be the problems? Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Disabling SessionDatabase on a per client level
How can I disable the SessionDatabase on a per Client level? === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) [RADIATOR] ComOS 3.9.1 and Simultaneous-Use
Before upgrading to ComOS 3.9.1 this radius profile used to keep people from logging in twice: spooge Simultaneous-Use = 1, Auth-Type = System, NAS-Port-Type = Async Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Filter-Id = "dialupstd", Framed-MTU = 1500, Port-Limit = 1, Idle-Timeout = 900 Now it doesn't seem to though, it will allow them to log in twice. Anyone else seeing this? Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Managing multiple realms.
Hi folks, I am configuring my Radiator systems (2.16.1) with many realms as i have different "business units" i want to authenticate from the same database. (Oracle). (I also have many different Client clauses, whereby i want certain realms logging in from a certain place, to only have successfull access, bearing in mind all NASs are registered Client's and i want to avoid someone hopping onto another network using their login to access other networks they may not be supposed to). I am using usernames of [EMAIL PROTECTED] and i have handlers configured to authenticate the user when a 'hit' occurs on one of my handler statements. I would like the added security of dictating which NAS the user connects from before i will give an Access-Accept response, otherwise generate an Access-Reject. I've got "NAS-IP-Address = 1.2.3.4" in my Handler , which i havent tested yet, but i assume will do what i want. What i am wondering is, would i have to do this if i have 50 NASs, all in the Handler line? Looking through the docs there is the Identifier keyword, but that says it's not supported in the standard Radiator code, only in hooks, so i cant 'group' them and refer to them by a keyword. I guess this begs the question, if i can have multiline Handlers, and if so, what would be the correct syntax for them? Commas/Newline and/or backslashes? Also, out of curiosity, how would i specify a wildcard in a handler statement? Does it have the smarts to parse a network/bitmask? (or a derivative thereof) Thanks in advance, Chris. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Load Balancing Radiator
I tried this, so also to listen only on that ip, however this also did not
appear to work possibly because the ip is bound to the loopback (it has to
be bound to the loopback because of the method of load balancing the
Summit 7i is doing.
So when I did this, radiator only responded to requests on 1.2.3.4 (which
is configured on the loopback) but replied to those requests with the
ethernet ip.
I'm setting up a packet sniffer to confirm this wednesday AM so I don't
have to rely on lucent debug.
Chris
In the main global section
BindAddress 10.0.0.1
Thats the one for the normal auth/accounting information to listen and
respond with.
Make it whichever ip bound to the nic, you want it to use and reload.
- Original Message -
From: "Chris" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 16, 2000 1:18 PM
Subject: (RADIATOR) Load Balancing Radiator
I'm trying to load balance radiator across three seperate servers
with an Extreme Summit 7i switch. All servers respond correctly to
requests out of the server farm. However when put in the server farm they
respond to the authentication request with the ethernet ip even though the
request was sent to an ip on the loopback. Because it is responding with
a different ip than what the request was sent to, my portmasters are
ignoring the response. I noticed the 6.27.11 LocalAddress tag but seems
to only work with AuthBy Radius. Is there a way to have radiator respond
with the ip that the request was sent to with AuthBy Unix? The manual
implies that this is default but it doesn't seem to be doing it. (perhaps
because the address is on the loopback?)
Has anyone run into the same problem?
Here is my config:
Foreground
LogStdout #THIS LINE IS FOR TESTING, OUTPUT GOES TO SCREEN
LogDir /var/log/radiator
DbDir /etc/raddb
PidFile /var/run/radiusd.pid
DictionaryFile /etc/raddb/dictionary.livingston
AuthPort1812
AcctPort1813
SnmpgetProg /usr/local/bin/snmpget
Trace 4
SocketQueueLength 10
Client 1.2.3.4
Secretx
DefaultRealm xxx
/Client
Client 2.3.4.5
Secretx
DefaultRealm xxx
/Client
Client 3.4.5.6
Secretx
/Client
Client 7.8.9.1
Secretxx
/Client
Client DEFAULT
Secretxx
DupInterval 2
NasType Livingston
SNMPCommunity frii
LivingstonOffs22
LivingstonHole1
/Client
AuthBy GROUP
Identifier Frii
AuthByPolicy ContinueWhileReject
AuthBy SQL
AuthSelect
AccountingStopsOnly
DBSource x
DBUsernamex
DBAuthxx
AcctSQLStatement insert into data values ('%n',%t,%{Acct
/AuthBy
AuthBy GROUP
AuthByPolicy ContinueUntilReject
AuthBy FILE
Filename /etc/raddb/users-pop
/AuthBy
AuthBy FILE
Filename /etc/raddb/users
/AuthBy
/AuthBy
/AuthBy
AuthBy UNIX
Identifier FriiSystem
Filename /etc/mypasswd
/AuthBy
SessionDatabase SQL
Identifier FriiSessions
DBSource
DBUsernamex
DBAuthxx
AddQuery replace into Sessions values.
CountQuery select NASIDENTIFIER
DeleteQuery delete from Sessions where .
/SessionDatabase
Realm /realm1/i
RewriteUsername s/^([^@]+).*/$1/
AuthBy Frii
SessionDatabase FriiSessions
/Realm
Realm /realm2/i
RewriteUsername s/^([^@]+).*/$1/
AuthBy Frii
SessionDatabase FriiSessions
/Realm
Handler
AuthBy Frii
SessionDatabase FriiSessions
/Handler
Chris Bissell| Front Range Internet, Inc.
[EMAIL PROTECTED]| www.frii.com [EMAIL PROTECTED]
Technical Operations | 970-224-3668 800-935-6527
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Chris Bissell| Front Range Internet, Inc.
[EMAIL PROTECTED]| www.frii.com [EMAIL PROTECTED]
Technical Operations | 970-224-3668 800-935-6527
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) (Oracle) SQL Timeouts..
David Lloyd wrote: I was just about to post the fix to this problem; we are using Solaris/Oracle. The problem I think is in the way Solaris does alarm(0). The solution is this: Thanks for this David. Merged your changes into my tree and it looks good, i'll leave it a while longer just to make sure it stays up, but it definately hasn't been timing out like it used to. I want to thank Mike Hugh as well for recognizing the bug and attempting to fix it on the same day, even without having my setup locally. Great work guys! :) Thanks again, Chris. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) FreeTDS
More than likely what's happening is you don't have SYBASE exported correctly. FreeTDS will say 'failed to connect to 0.0.0.0:0 in its error log if it can't find the DSN name in a interfaces file (because SYBASE isn't exported to /usr/local/freetds/) -Original Message- From: Dean Brandt [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 28, 2000 12:39 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) FreeTDS Hi, I have this as part of my radius.cfg file: Realm xxx.com.au RewriteUsername s/^([^@]+).*/$1/ AuthBy PLATYPUS DBSourcedbi:FreeTDS:plat DBUsername xxx DBAuth xxx /AuthBy But I am getting cannot connect to SQL database errors in my log file. Am I calling it correctly in the cfg? I installed the FreeTDS snapshot file perl module) as per the FAQ, and installed FreeTDS stating the version number as 4.2 (to connect to MS SQL 7.0), I also have an interfaces file that looks like this: plat query tcp ether 203.44.37.26 1433 master tcp ether 203.44.37.26 1433 Am I missing anything here? Thanks -- Dean Brandt Technical Director Cain Internet Services Pty Ltd ACN 091949405 Ph 61-3-95231065 Distributor of Patton RAS equipment www.cain.com.au === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) (Oracle) SQL Timeouts..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I am having a rather peculiar timeout problem with Radiator authenticating from an Oracle SQL database.. Firstly, the details.. Solaris 2.6 (sparc) OS Radiator 2.16.3 Oracle 8.0.5 (sparc) perl 5.005_03 Digest-MD5 2.12 DBI 1.14 DBD Oracle 1.06 TimeDate 1.10 Install went fine, a 'make test' gave all OK's, Radiator starts up fine, and everything hums along.. However, when i use the radpwtest utility to throw a Radius request at it, (even a few requests in succession), it gives me an Accept or Reject response (based on if i gave it a correct or incorrect password), but about a minute after that, the radiusd process dies with "timeout at Radius/SqlDb.pm line 265." (Inside sub getOneRow). A sample session (Trace 5, Sensitive information obfuscated): # radpwtst -s x.x.x.x -secret mysecret -user test -password test1 -noacct sending Access-Request... Fri Sep 29 14:37:36 2000: DEBUG: Packet dump: *** Received from x.x.x.x port 32838 Packet length = 70 [...snipped] Code: Access-Request Identifier: 156 Authentic: 1234567890123456 Attributes: User-Name = "test" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "[222h1591933022214254172209234(127J" Fri Sep 29 14:37:36 2000: DEBUG: Check if Handler should be used to handle this request Fri Sep 29 14:37:36 2000: DEBUG: Handling request with Handler '' Fri Sep 29 14:37:36 2000: DEBUG: Deleting session for test, x.x.x.x, 1234 Fri Sep 29 14:37:36 2000: DEBUG: Handling with Radius::AuthSQL Fri Sep 29 14:37:36 2000: DEBUG: Handling with Radius::AuthSQL Fri Sep 29 14:37:36 2000: DEBUG: Query is: select password from subscribers where username='test' Fri Sep 29 14:37:36 2000: DEBUG: Radius::AuthSQL looks for match with test Fri Sep 29 14:37:36 2000: DEBUG: Radius::AuthSQL ACCEPT: Fri Sep 29 14:37:36 2000: DEBUG: Access accepted for test Fri Sep 29 14:37:36 2000: DEBUG: Packet dump: *** Sending to x.x.x.x port 32838 Code: Access-Accept Identifier: 156 Authentic: 1234567890123456 Attributes: OK [...after about 1 minute...] timeout at Radius/SqlDb.pm line 265. I've used ansiCreate.sql to build the tables in Oracle, and this Radius server simply does pure authentication (as it's currently in testing, it's not doing any accounting or authorization).. The database runs on the same machine as Radiator and uses IPC to communicate, tnsping shows ~0-10ms and that the database is alive.. The established session counter increments indicating connections by Radiator. Here is the sample config i am currently using: Foreground LogStdout LogDir /logs DbDir . # User a lower trace level in production systems: Trace 5 # You will probably want to change this to suit your site. Client DEFAULT Secret mysecret DupInterval 0 /Client Handler AuthBy SQL DBSourcedbi:Oracle:mydb DBUsername blah DBAuth blahblah AccountingTable AuthSelect select password from subscribers where username='%n' /AuthBy /Handler I've tried different Timeout settings in the .cfg (i've set it up to 120), but i suspect this is a DBI problem and that the Timeout setting will have no effect.. I've almost got it working, any help will be greatfully received! :) Regards, Chris. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com iQA/AwUBOdT2lCEx0akmf5vwEQK1iwCg58vlt/RwWa1dnMn/sSWaPL+YfT4AoMA4 GRKJOZAweuRclk1gbJY97lZR =3dcj -END PGP SIGNATURE- === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Stop Responding
Have you considered a diffrent database? We run 5 radius servers off one database with no issues. -Original Message- From: Ron Hensley [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 26, 2000 7:38 AM To: Hugh Irvine Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Stop Responding Hugh, Think i keyed onto the problem already, so im goign to hold off. The one change that has been made was to start limited simultaneous usage, with DBM and with BayFinger as the NasTYPE. I believe the fingers were backing up, or slow to respond and were the culprit. After switching to Bay, (snmp version), its run consitantly overnight and thismorning on the problem server. The one other possibilty is the 10bT link between the 2 radius servers, sharinf an NFS link to the SessionDatabase file, perhaps a file locking problem. The computer having the problems is the one with the actual local file however, so i wouldnt think its nfs access time problems, as that would show on the other serer that actually has to write to the file over the network. If it continues to behave strangely ill send over the configs requested. Thanks much. -- Ron Hensley ([EMAIL PROTECTED]) CCNA #10082337 Network Administrator - ICNet Internet Services -- On Tue, 26 Sep 2000, Hugh Irvine wrote: Hello Ron - On Tue, 26 Sep 2000, Ron Hensley wrote: Ive had a strange occurance today on one of my radius servers. It just stops responding though its still running after being up no more then 5 minutes. Stopped/Started many times, a few times with trace level 4 for heavy debug info. Nothing... just stops apparantly in the middle of logging someone in. Its been working fine for the week ive been using it. At one point i noticed my server getting slow as well, and TOP showed the radiusd taking up 25% CPU resources. Any hints on how to track down what could be making it hang? Could you please send me what version of Perl you are using, what version of Radiator, and what hardware and software platform you are running on. I will also need to see a copy of your configuration file (no secrets), together with the trace 4 debug. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco NAS weirdity
It works fine for PM3's though, those errors appear to be coming from the Cisco boxen queries, and I think the source of trouble is that 20019 which seems to be a Port number (at least that is what radwho thinks): usernamesome IP address 20019 0754Tue Aug 15 08:14:33 20000 00:04:30 ISDNFramed-User 5248's don't have 2 ports in them, just 48 :) So something weird is afoot. I'll look at this second issue later today. Chris, The 20019 value is the numerical port. You can change this behaviour in your config (on 11.3 and greater IOS). You're probably expecting the Textual one similar to 'Async24' or 'vty24' etc. Im not sure what the above numerical line number translates to, ill ask around here (one of the CCIE's should know) and reply back later with that. try the following config statement: aaa nas port extended Regards, Robert Moss. Hi Robert, Oh cool, with your help I found this page, looks like I can get lost in here for awhile and emerge with the answer. Thanks! http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgc r/secur_r/srprt2/srrad.htm Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radiator + Oracle + FreeBSD
Howdy, I've heard - but haven't tested - that the following works: You install Radiator on FreeBSD, and ensure that DBD::Proxy is also installed. You then use DBD::Proxy to talk to DBD::Oracle on your Linux / Solaris box, which in turn talks to Oracle. A quick read through the CPAN descriptions for the Perl modules suggests that this is possible. Don't know how well it would work in reality though. Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lachlan Fletcher Sent: Wednesday, 16 August 2000 18:56 To: [EMAIL PROTECTED] Subject: (RADIATOR) Radiator + Oracle + FreeBSD Hi, We currently have Oracle servers running on both Linux and Solaris, but all our other servers are FreeBSD. Is there any way we can run our Radius server on a FreeBSD server (to keep our network guys happy) accessing the Oracle servers running on either Linux or Solaris? I know we could do it using proxy radius servers, but this does not really seem like a very attractive option. Is/Has anyone does this already? Lachlan. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Mysql vs PostgreSQL
I had a lot of trouble with PG but MySQL has been fine. I know for a fact it is faster, but it may lack some features of importance to you. I'm hardly a database expert, but I *have* looked at both of these. Chris From: Robin Gruyters [EMAIL PROTECTED] Date: Thu, 17 Aug 2000 00:12:28 +0200 To: Radiator mailing [EMAIL PROTECTED] Subject: (RADIATOR) Mysql vs PostgreSQL Hi, Just one question, which is better for accounting, MySQL or PostgreSQL... -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.nl - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: because of network lag due to too many people playing deathmatch === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco NAS weirdity
Hello Chris - The first problem is due to your SNMP program - try running the query by hand to verify its operation and make sure you have set SnmpgetProg to the correct location. It works fine for PM3's though, those errors appear to be coming from the Cisco boxen queries, and I think the source of trouble is that 20019 which seems to be a Port number (at least that is what radwho thinks): usernamesome IP address 20019 0754Tue Aug 15 08:14:33 20000 00:04:30 ISDNFramed-User 5248's don't have 2 ports in them, just 48 :) So something weird is afoot. I'll look at this second issue later today. Chris The second problem is likely a Cisco configuration issue. Run Radiator with a trace 4 debug to see what attributes are actually present in the radius packets. You may need to add something to the Cisco configuration to get this additional information reported in the Radius accounting packets. hth Hugh At 7:49 PM -0600 14/8/00, Chris M wrote: I'm having trouble with AS5248's that have the NasType set to Cisco. I get errors on the console, not in the log: Error in packet Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: enterprises.9.2.9.2.1.18.20019 I also don't get a Framed-IP-Address and Connect-Info showing up in the SessionDatabase for the Cisco boxen, but PM3 boxen seem to work OK as viewed with Radwho. Any ideas where to start looking for these issues? Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
FW: (RADIATOR) looking for radiator
No, you have to buy it. Don't know about anyone else but this was the best $1K I ever spent. Hands down. I'm trying to figure out how to give these guys more money as we speak :) Chris From: Iris Silva [EMAIL PROTECTED] Date: Mon, 14 Aug 2000 10:53:30 -0600 (CST) To: [EMAIL PROTECTED] Subject: (RADIATOR) looking for radiator Hello all, I would like to find some free or beta radiator version, anybody knows if there is some available to download?? Thank you a lot. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco NAS weirdity
I'm having trouble with AS5248's that have the NasType set to Cisco. I get errors on the console, not in the log: Error in packet Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: enterprises.9.2.9.2.1.18.20019 I also don't get a Framed-IP-Address and Connect-Info showing up in the SessionDatabase for the Cisco boxen, but PM3 boxen seem to work OK as viewed with Radwho. Any ideas where to start looking for these issues? Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MaxSessions and Simultaneous-Use
username Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Simultaneous-Use = 2, Port-Limit = 2, Framed-MTU = 1500 With this user profile in Radiator and MaxSessions set to 1 in the Realm portion of the config I get these messages in the log at Trace 4 Sun Aug 13 00:19:53 2000: DEBUG: Checking if user is still online: Livingston, username, 207.174.103.7, 8, 46005EE2 199.165.157.1 Sun Aug 13 00:19:53 2000: DEBUG: Running command `/usr/bin/snmpget 207.174.103.7 username .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.2.5` I'm using NasType of Livingston on Radiator 2.16.1 This seems like I have it set up right, but the second ISDN channel does not want to come up and stay up. What might I have mistaken here Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) feature enhancement with Realms
I had a problem where a user tried "[EMAIL PROTECTED] " instead of "[EMAIL PROTECTED]" (a trailing space). What happens in this case is that Radiator looks for a "someplace.com " realm and in fact won't even enter the default Realm clause because it wants to find that realm with a trailing space on it. So they don't get in. What are other people doing to get around this problem? Is it necessary to first intercept everything before the Realm processing begins and trim spaces on the realm name? Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
