Re: (RADIATOR) Bad login count
Hello Chairath -
I apologise, but I don't understand the question. Could you please provide me
with more details and a trace 4 debug showing the problem.
thanks
Hugh
On Tue, 11 Dec 2001 17:51, Chairath K wrote:
Hello Hugh,
Our Nas send a user with realm. And when I set Bad login count to zero , I
can login with user2@test2 also.
Regards,
Chairath
Hello Chairath -
The log message shown below is due to the username user2@test2 not
being found in the database. This is probably because you have not used a
RewriteUsername in the Handler to strip the realm (you should use the
same one that you used in the Realm clause).
regards
Hugh
On Tue, 11 Dec 2001 15:17, Chairath K wrote:
Hello Hugh,
I have got problem about Bad login count. According to section 5.1.9 in
reference manual of RAdmin version 1.4 , it said that if we leave this
field blank, then no bad login limits will be applied. But !! when I
try
,
I can't login . In log file shows a message like these
Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2@test2: No
such user Tue Dec 11 10:53:56 2001: DEBUG: Packet dump:
*** Sending to 10.20.0.2 port 49156
Code: Access-Reject
Identifier: 159
Authentic: 004G001321003100/172
Attributes:
Reply-Message = Request Denied
So how can I fixed it .
Futhermore , how can I expand login limit to more than 5
Regards,
Chairath
P.S. Our system are running with Radiator 2.18 and Radmin 1.4
Foreground
LogStdout
LogDir d:/Radiator-2.18/log
DbDir d:/Radiator-2.18
LogFile %L/logfile-%d-%m-%Y
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
# PreClientHook to add NAS-Port attribute
PreClientHook file:%D/addNASPort
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
#Client DEFAULT
# Secret mysecret
# DupInterval 0
#/Client
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
ClientListSQL
DBSource dbi:ODBC:Radmin
DBUsername xxx
DBAuth
/ClientListSQL
#AuthBy RADIUS
# Identifier ProxyTofunk
# Host 10.2.0.6
# Secret test
#/AuthBy
#Realm funk
# strip Realm
# RewriteUsername s/^([^@]+).*/$1/
# AuthBy ProxyTofunk
#/Realm
AuthBy RADMIN
Identifier RADMINAUTH
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in SessionDatabse SQL below
# so its the same
DBSource dbi:ODBC:Radmin
DBUsername xxx
DBAuth
DateFormat %e %m %Y %T
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef DATE,Timestamp,integer-date
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
/AuthBy
AuthBy GROUP
Identifier WithIdleTimeout
AuthBy RADMINAUTH
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type = Framed-User,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Idle-Timeout = 600,\
Class = %{NAS-Port}
/AuthBy
AuthBy GROUP
Identifier WithOutIdleTimeout
AuthBy RADMINAUTH
# These are the classic things to add to each users
# reply to
(RADIATOR) Bad login count
Hello Hugh,
I have got problem about Bad login
count. According to section 5.1.9 in reference manual of RAdmin version 1.4 , it
said that if we leave this field blank, then no bad login limits will be
applied. But !! when I try , I can't login . In log file shows a message
like these
Tue Dec 11 10:53:56 2001: INFO: Access rejected for
user2@test2: No such userTue Dec 11
10:53:56 2001: DEBUG: Packet dump:*** Sending to 10.20.0.2 port 49156
Code: Access-RejectIdentifier:
159Authentic:
004G001321003100/172Attributes:Reply-Message
= "Request Denied"
So how can I fixed it .
Futhermore , how can I expand
login limit to more than 5
Regards,
Chairath
P.S. Our system are running with
Radiator 2.18 and Radmin 1.4
ForegroundLogStdoutLogDird:/Radiator-2.18/logDbDird:/Radiator-2.18LogFile
%L/logfile-%d-%m-%Y
# Dont turn this up too high, since all log
messages are logged# to the RADMESSAGES table in the database. 3 will give
you everything# except debugging messagesTrace 4
# PreClientHook to add NAS-Port attributePreClientHook
file:"%D/addNASPort"
# You will probably want to change this to suit your site.# You should
list all the clients you have, and their secrets# If you are using the
Radmin Clients table, you wil probably# want to disable this.#Client
DEFAULT#Secretmysecret#DupInterval
0#/Client
# You can put additonal (or all) client details in your Radmin#
database table# and get their details from there with something like
this:# You can then use the Radmin 'Add Radius Client' to add new
clients.ClientListSQLDBSourcedbi:ODBC:RadminDBUsernamexxx
DBAuth
/ClientListSQL
#AuthBy RADIUS#Identifier ProxyTofunk#Host
10.2.0.6#Secret test#/AuthBy
#Realm funk# strip Realm#RewriteUsername
s/^([^@]+).*/$1/#AuthBy ProxyTofunk#/Realm
AuthBy RADMINIdentifier RADMINAUTH# Change
DBSource, DBUsername, DBAuth for your database# See the reference
manual. You will also have to # change the one in SessionDatabse
SQL below# so its the
sameDBSourcedbi:ODBC:RadminDBUsernamexxxDBAuthDateFormat
%e %m %Y %T# You can add to or change these if you want, but
you# will probably want to change the database schema
firstAccountingTableRADUSAGEAcctColumnDefUSERNAME,User-NameAcctColumnDefTIME_STAMP,Timestamp,integerAcctColumnDefACCTSTATUSTYPE,Acct-Status-Type,integerAcctColumnDefACCTDELAYTIME,Acct-Delay-Time,integerAcctColumnDefACCTINPUTOCTETS,Acct-Input-Octets,integerAcctColumnDefACCTOUTPUTOCTETS,Acct-Output-Octets,integerAcctColumnDefACCTSESSIONID,Acct-Session-IdAcctColumnDefACCTSESSIONTIME,Acct-Session-Time,integerAcctColumnDefACCTTERMINATECAUSE,Acct-Terminate-Cause,integerAcctColumnDefFRAMEDIPADDRESS,Framed-IP-AddressAcctColumnDefNASIDENTIFIER,NAS-IdentifierAcctColumnDefNASIDENTIFIER,NAS-IP-AddressAcctColumnDefNASPORT,NAS-Port,integerAcctColumnDefDNIS,Called-Station-IdAcctColumnDefDATE,Timestamp,integer-date#
This updates the time and octets left# for this
userAcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
/AuthBy
AuthBy GROUP Identifier WithIdleTimeout AuthBy
RADMINAUTH# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be # different
for your NAS. This will add some # reply items to everyone's
replyAddToReply Framed-Protocol = PPP,\ Service-Type =
Framed-User,\
Framed-IP-Netmask =
255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\ Framed-Compression =
Van-Jacobson-TCP-IP,\ Idle-Timeout = 600,\ Class =
%{NAS-Port}/AuthBy
AuthBy GROUP Identifier WithOutIdleTimeout
AuthBy RADMINAUTH# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be # different
for your NAS. This will add some # reply items to everyone's
replyAddToReply Framed-Protocol = PPP,\ Service-Type =
Framed-User,\
Framed-IP-Netmask =
255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\ Framed-Compression =
Van-Jacobson-TCP-IP,\ Class = %{NAS-Port}/AuthBy
AuthBy FILEIdentifier TimeZoneFilename
%D/adsl.users/AuthBy
Handler Request-Type=Accounting-RequestAuthBy
RADMINAUTH/Handler
Handler Realm=test1AuthBy
TimeZone/Handler
Handler Realm=test2AuthBy
WithOutIdleTimeout/Handler
HandlerAuthBy WithIdleTimeout/Handler
# Handle User with NO Realm with
RADMIN#Realm#AuthBy RADMINAUTH#/Realm
# Handle everyone with RADMIN#Realm DEFAULT#AuthBy
RADMINAUTH#/Realm
SessionDatabase SQL# This database spec usually should be
exactly the same# as in AuthBy RADMIN
aboveDBSourcedbi:ODBC:RadminDBUsernameDBAuthClearNasQuery/SessionDatabase
Re: (RADIATOR) Bad login count
Hello Chairath -
The log message shown below is due to the username user2@test2 not being
found in the database. This is probably because you have not used a
RewriteUsername in the Handler to strip the realm (you should use the same
one that you used in the Realm clause).
regards
Hugh
On Tue, 11 Dec 2001 15:17, Chairath K wrote:
Hello Hugh,
I have got problem about Bad login count. According to section 5.1.9 in
reference manual of RAdmin version 1.4 , it said that if we leave this
field blank, then no bad login limits will be applied. But !! when I try ,
I can't login . In log file shows a message like these
Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2@test2: No such
user Tue Dec 11 10:53:56 2001: DEBUG: Packet dump:
*** Sending to 10.20.0.2 port 49156
Code: Access-Reject
Identifier: 159
Authentic: 004G001321003100/172
Attributes:
Reply-Message = Request Denied
So how can I fixed it .
Futhermore , how can I expand login limit to more than 5
Regards,
Chairath
P.S. Our system are running with Radiator 2.18 and Radmin 1.4
Foreground
LogStdout
LogDir d:/Radiator-2.18/log
DbDir d:/Radiator-2.18
LogFile %L/logfile-%d-%m-%Y
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
# PreClientHook to add NAS-Port attribute
PreClientHook file:%D/addNASPort
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
#Client DEFAULT
# Secret mysecret
# DupInterval 0
#/Client
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
ClientListSQL
DBSource dbi:ODBC:Radmin
DBUsername xxx
DBAuth
/ClientListSQL
#AuthBy RADIUS
# Identifier ProxyTofunk
# Host 10.2.0.6
# Secret test
#/AuthBy
#Realm funk
# strip Realm
# RewriteUsername s/^([^@]+).*/$1/
# AuthBy ProxyTofunk
#/Realm
AuthBy RADMIN
Identifier RADMINAUTH
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in SessionDatabse SQL below
# so its the same
DBSource dbi:ODBC:Radmin
DBUsername xxx
DBAuth
DateFormat %e %m %Y %T
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef DATE,Timestamp,integer-date
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
/AuthBy
AuthBy GROUP
Identifier WithIdleTimeout
AuthBy RADMINAUTH
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type = Framed-User,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Idle-Timeout = 600,\
Class = %{NAS-Port}
/AuthBy
AuthBy GROUP
Identifier WithOutIdleTimeout
AuthBy RADMINAUTH
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type = Framed-User,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Class = %{NAS-Port}
/AuthBy
AuthBy FILE
Identifier TimeZone
Filename %D/adsl.users
/AuthBy
Handler Request-Type=Accounting-Request
AuthBy RADMINAUTH
/Handler
Handler Realm=test1
AuthBy TimeZone
/Handler
Handler Realm=test2
AuthBy WithOutIdleTimeout
/Handler
Handler
Re: (RADIATOR) Bad login count
Hello Hugh,
Our Nas send a user with realm. And when I set Bad login count to zero , I
can login with user2@test2 also.
Regards,
Chairath
Hello Chairath -
The log message shown below is due to the username user2@test2 not being
found in the database. This is probably because you have not used a
RewriteUsername in the Handler to strip the realm (you should use the same
one that you used in the Realm clause).
regards
Hugh
On Tue, 11 Dec 2001 15:17, Chairath K wrote:
Hello Hugh,
I have got problem about Bad login count. According to section 5.1.9 in
reference manual of RAdmin version 1.4 , it said that if we leave this
field blank, then no bad login limits will be applied. But !! when I try
,
I can't login . In log file shows a message like these
Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2@test2: No such
user Tue Dec 11 10:53:56 2001: DEBUG: Packet dump:
*** Sending to 10.20.0.2 port 49156
Code: Access-Reject
Identifier: 159
Authentic: 004G001321003100/172
Attributes:
Reply-Message = Request Denied
So how can I fixed it .
Futhermore , how can I expand login limit to more than 5
Regards,
Chairath
P.S. Our system are running with Radiator 2.18 and Radmin 1.4
Foreground
LogStdout
LogDir d:/Radiator-2.18/log
DbDir d:/Radiator-2.18
LogFile %L/logfile-%d-%m-%Y
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
# PreClientHook to add NAS-Port attribute
PreClientHook file:%D/addNASPort
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
#Client DEFAULT
# Secret mysecret
# DupInterval 0
#/Client
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
ClientListSQL
DBSource dbi:ODBC:Radmin
DBUsername xxx
DBAuth
/ClientListSQL
#AuthBy RADIUS
# Identifier ProxyTofunk
# Host 10.2.0.6
# Secret test
#/AuthBy
#Realm funk
# strip Realm
# RewriteUsername s/^([^@]+).*/$1/
# AuthBy ProxyTofunk
#/Realm
AuthBy RADMIN
Identifier RADMINAUTH
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in SessionDatabse SQL below
# so its the same
DBSource dbi:ODBC:Radmin
DBUsername xxx
DBAuth
DateFormat %e %m %Y %T
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef DATE,Timestamp,integer-date
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
/AuthBy
AuthBy GROUP
Identifier WithIdleTimeout
AuthBy RADMINAUTH
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type = Framed-User,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Idle-Timeout = 600,\
Class = %{NAS-Port}
/AuthBy
AuthBy GROUP
Identifier WithOutIdleTimeout
AuthBy RADMINAUTH
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type = Framed-User,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Class =
