RE: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN
Hi May i know where can i get Radiator 3.7.1, if i am using evaluation version ? MAN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Monday, October 13, 2003 10:46 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN Hello Man - Thanks for the information. As far as we are aware there should be no problems with the latest Radiator 3.7.1 on any platform. You should upgrade to Radiator 3.7.1. regards Hugh On Monday, Oct 13, 2003, at 11:33 Australia/Melbourne, Man Meng Fei wrote: Hi I intend to use Radiator as radius server to communicate with Quintum VOIP gateway. The Radiator is deployed on Windows 2000 Platform. Currently i am using ActiveState Active Perl 5.8.1. Anything wrong in the platform ? MAN Could you please tell me what hardware/software platform you are running and what versions of Windows and Perl? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Friday, October 10, 2003 9:07 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN Hello Man - You are correct, Radiator will stop while the program specified by the AuthBy EXTERNAL command executes. If the program never exits, then Radiator will wait forever. You should add some print ... statements to the code in the external program to see what it is doing. BTW - you can also use hooks in your Radiator configuration file for running your own code. See the examples in goodies/hooks.txt. And of course you can also write your own AuthBy module as another alternative. Could you please tell me what hardware/software platform you are running and what versions of Windows and Perl? regards Hugh On Friday, Oct 10, 2003, at 10:38 Australia/Melbourne, Man Meng Fei wrote: Hi Previously i did ask a question regarding test run AuthBy External by using sample configuration (external.cfg) and perl script (testcommand.pl) which can be found in the goodies directory. After read thru all the replied emails and relevant document, i tried to execute this sample configuration and perl scrip again. But i still fail to get the correct respond. Hope you can answer the following question. 1.Follwoing are the console screen display of RADIUS server after receive Accept request from the client ---Console Screen- Thu Oct 9 22:54:02 2003: DEBUG: Reading dictionary file 'c:/Program Files/Radia tor/dictionary' Thu Oct 9 22:54:02 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Thu Oct 9 22:54:02 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Thu Oct 9 22:54:02 2003: NOTICE: Server started: Radiator 3.7 on man (EVALUATIO N) Thu Oct 9 22:54:04 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3330 Code: Access-Request Identifier: 199 Authentic: 1234567890123456 Attributes: User-Name = mikem Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 159249:201175\424618889160216}x153 Thu Oct 9 22:54:04 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Oct 9 22:54:04 2003: DEBUG: Deleting session for mikem, 203.63.154.1, 1234 Thu Oct 9 22:54:04 2003: DEBUG: Running command: c:/perl/bin/perl ./goodies/tes tcommand.pl - - - - Above information has shown that radius server received all the attribute value from client, and it called the external program which has been define in AuthBy External. But somehow radius server didn't pass those attributes to external program via STDIN after executed the external program. My question do we need to configure radius configuration file in order to direct radius server pass those attributes to external program via STDIN ? 2.From the above console screen, i also discovered that radius server was halt after calling external program testcommand.pl. I found there is a endless while loop in the testcommand.pl which is shown as following while () { chomp; if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/) { # Quoted value $input{$1} = $2; } elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/) { # Unquoted value $input{$1} = $2; } } : : My question is can it be the root to cause the radius server halt ? thank you MAN MENG FEI while ($counter 4) { print while\n; chomp; if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/) { # Quoted value print Quoted value\n; $input{$1
Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN
Hello Man - You can download the latest evaluation with your existing username and password. I have copied Joanne on this mail so she can help you. regards Hugh On Monday, Oct 13, 2003, at 18:32 Australia/Melbourne, Man Meng Fei wrote: Hi May i know where can i get Radiator 3.7.1, if i am using evaluation version ? MAN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Monday, October 13, 2003 10:46 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN Hello Man - Thanks for the information. As far as we are aware there should be no problems with the latest Radiator 3.7.1 on any platform. You should upgrade to Radiator 3.7.1. regards Hugh On Monday, Oct 13, 2003, at 11:33 Australia/Melbourne, Man Meng Fei wrote: Hi I intend to use Radiator as radius server to communicate with Quintum VOIP gateway. The Radiator is deployed on Windows 2000 Platform. Currently i am using ActiveState Active Perl 5.8.1. Anything wrong in the platform ? MAN Could you please tell me what hardware/software platform you are running and what versions of Windows and Perl? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Friday, October 10, 2003 9:07 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN Hello Man - You are correct, Radiator will stop while the program specified by the AuthBy EXTERNAL command executes. If the program never exits, then Radiator will wait forever. You should add some print ... statements to the code in the external program to see what it is doing. BTW - you can also use hooks in your Radiator configuration file for running your own code. See the examples in goodies/hooks.txt. And of course you can also write your own AuthBy module as another alternative. Could you please tell me what hardware/software platform you are running and what versions of Windows and Perl? regards Hugh On Friday, Oct 10, 2003, at 10:38 Australia/Melbourne, Man Meng Fei wrote: Hi Previously i did ask a question regarding test run AuthBy External by using sample configuration (external.cfg) and perl script (testcommand.pl) which can be found in the goodies directory. After read thru all the replied emails and relevant document, i tried to execute this sample configuration and perl scrip again. But i still fail to get the correct respond. Hope you can answer the following question. 1.Follwoing are the console screen display of RADIUS server after receive Accept request from the client ---Console Screen- Thu Oct 9 22:54:02 2003: DEBUG: Reading dictionary file 'c:/Program Files/Radia tor/dictionary' Thu Oct 9 22:54:02 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Thu Oct 9 22:54:02 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Thu Oct 9 22:54:02 2003: NOTICE: Server started: Radiator 3.7 on man (EVALUATIO N) Thu Oct 9 22:54:04 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3330 Code: Access-Request Identifier: 199 Authentic: 1234567890123456 Attributes: User-Name = mikem Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 159249:201175\424618889160216}x153 Thu Oct 9 22:54:04 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Oct 9 22:54:04 2003: DEBUG: Deleting session for mikem, 203.63.154.1, 1234 Thu Oct 9 22:54:04 2003: DEBUG: Running command: c:/perl/bin/perl ./goodies/tes tcommand.pl - - - - Above information has shown that radius server received all the attribute value from client, and it called the external program which has been define in AuthBy External. But somehow radius server didn't pass those attributes to external program via STDIN after executed the external program. My question do we need to configure radius configuration file in order to direct radius server pass those attributes to external program via STDIN ? 2.From the above console screen, i also discovered that radius server was halt after calling external program testcommand.pl. I found there is a endless while loop in the testcommand.pl which is shown as following while () { chomp; if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/) { # Quoted value $input{$1} = $2; } elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/) { # Unquoted value $input{$1} = $2; } } : : My question is can it be the root to cause the radius server halt ? thank you MAN MENG FEI while ($counter 4) { print while\n; chomp; if ($_ =~ /^\s*([^\s
(RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN
Hi Previously i did ask a question regarding test run AuthBy External by using sample configuration (external.cfg) and perl script (testcommand.pl) which can be found in the goodies directory. After read thru all the replied emails and relevant document, i tried to execute this sample configuration and perl scrip again. But i still fail to get the correct respond. Hope you can answer the following question. 1.Follwoing are the console screen display of RADIUS server after receive Accept request from the client ---Console Screen- Thu Oct 9 22:54:02 2003: DEBUG: Reading dictionary file 'c:/Program Files/Radia tor/dictionary' Thu Oct 9 22:54:02 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Thu Oct 9 22:54:02 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Thu Oct 9 22:54:02 2003: NOTICE: Server started: Radiator 3.7 on man (EVALUATIO N) Thu Oct 9 22:54:04 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3330 Code: Access-Request Identifier: 199 Authentic: 1234567890123456 Attributes: User-Name = mikem Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 159249:201175\424618889160216}x153 Thu Oct 9 22:54:04 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Oct 9 22:54:04 2003: DEBUG: Deleting session for mikem, 203.63.154.1, 1234 Thu Oct 9 22:54:04 2003: DEBUG: Running command: c:/perl/bin/perl ./goodies/tes tcommand.pl Above information has shown that radius server received all the attribute value from client, and it called the external program which has been define in AuthBy External. But somehow radius server didn't pass those attributes to external program via STDIN after executed the external program. My question do we need to configure radius configuration file in order to direct radius server pass those attributes to external program via STDIN ? 2.From the above console screen, i also discovered that radius server was halt after calling external program testcommand.pl. I found there is a endless while loop in the testcommand.pl which is shown as following while () { chomp; if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/) { # Quoted value $input{$1} = $2; } elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/) { # Unquoted value $input{$1} = $2; } } : : My question is can it be the root to cause the radius server halt ? thank you MAN MENG FEI while ($counter 4) { print while\n; chomp; if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/) { # Quoted value print Quoted value\n; $input{$1} = $2; } elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/) { # Unquoted value print Unquoted value\n; $input{$1} = $2; } $counter++; } : : === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN
Hello Man - You are correct, Radiator will stop while the program specified by the AuthBy EXTERNAL command executes. If the program never exits, then Radiator will wait forever. You should add some print ... statements to the code in the external program to see what it is doing. BTW - you can also use hooks in your Radiator configuration file for running your own code. See the examples in goodies/hooks.txt. And of course you can also write your own AuthBy module as another alternative. Could you please tell me what hardware/software platform you are running and what versions of Windows and Perl? regards Hugh On Friday, Oct 10, 2003, at 10:38 Australia/Melbourne, Man Meng Fei wrote: Hi Previously i did ask a question regarding test run AuthBy External by using sample configuration (external.cfg) and perl script (testcommand.pl) which can be found in the goodies directory. After read thru all the replied emails and relevant document, i tried to execute this sample configuration and perl scrip again. But i still fail to get the correct respond. Hope you can answer the following question. 1.Follwoing are the console screen display of RADIUS server after receive Accept request from the client ---Console Screen- Thu Oct 9 22:54:02 2003: DEBUG: Reading dictionary file 'c:/Program Files/Radia tor/dictionary' Thu Oct 9 22:54:02 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Thu Oct 9 22:54:02 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Thu Oct 9 22:54:02 2003: NOTICE: Server started: Radiator 3.7 on man (EVALUATIO N) Thu Oct 9 22:54:04 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3330 Code: Access-Request Identifier: 199 Authentic: 1234567890123456 Attributes: User-Name = mikem Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 159249:201175\424618889160216}x153 Thu Oct 9 22:54:04 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Oct 9 22:54:04 2003: DEBUG: Deleting session for mikem, 203.63.154.1, 1234 Thu Oct 9 22:54:04 2003: DEBUG: Running command: c:/perl/bin/perl ./goodies/tes tcommand.pl --- - Above information has shown that radius server received all the attribute value from client, and it called the external program which has been define in AuthBy External. But somehow radius server didn't pass those attributes to external program via STDIN after executed the external program. My question do we need to configure radius configuration file in order to direct radius server pass those attributes to external program via STDIN ? 2.From the above console screen, i also discovered that radius server was halt after calling external program testcommand.pl. I found there is a endless while loop in the testcommand.pl which is shown as following while () { chomp; if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/) { # Quoted value $input{$1} = $2; } elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/) { # Unquoted value $input{$1} = $2; } } : : My question is can it be the root to cause the radius server halt ? thank you MAN MENG FEI while ($counter 4) { print while\n; chomp; if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/) { # Quoted value print Quoted value\n; $input{$1} = $2; } elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/) { # Unquoted value print Unquoted value\n; $input{$1} = $2; } $counter++; } : : === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy External clause problem
Hi, I'm testing Radiator-3.6 in Windows 2000 advanced server. I'm using AuthBy External clause in handlers. But when external program returns 0 (Access-Accept) radiator understands it as a 3 and responds with Access-Challenge response. External program worked well in FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows above problem occurs. How can I solve this problem? Is it OS issue? or there is something else? I really appreciate if somebody give the right solution. thanks in advance, Ganbold Micom CO.,Ltd -- Trace 4 debug: -- Code: Access-Request Identifier: 149 Authentic: 157201205u249179118255240236W195253x Attributes: User-Name = User-Password = 15919224610228184Z200K1253232162^Tv cisco-h323-conf-id = h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D cisco-avpair = h323-ivr-out=transactionID:114 Calling-Station-Id = 11323224 Called-Station-Id = 002365 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Handling request with Handler 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/' Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Running command: d:\Radiator-3.6\hooks\CalcCreditTime Wed Sep 3 19:36:01 2003: DEBUG: Access challenged for : Wed Sep 3 19:36:01 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 21661 Code: Access-Challenge Identifier: 149 Authentic: 157201205u249179118255240236W195253x Attributes: cisco-h323-return-code = h323-return-code=0 cisco-h323-credit-time = h323-credit-time=1276 Reply-Message = first 5! -- Below is my config: -- #radius.cfg Foreground Trace 4 AuthPort1645 AcctPort1646 LogDir d:\Radiator-3.6\log LogFile %L/logfile.txt DictionaryFile d:\Radiator-3.6\dictionary RewriteUsername s/^\s+// RewriteUsername s/\s+$// RewriteUsername s/\s+//g RewriteUsername tr/[A-Z]/[a-z]/ Client xxx.xxx.xxx.xxx Secret xxx NasType Cisco SNMPCommunity MN-2008 StatusServerShowClientDetails /Client AuthBy SQL DBSourcedbi:mysql:voip_prepaid:localhost DBUsername xxx DBAuth xxx Identifier VoipTerminate AuthSelect AccountingTable voip_termination AccountingStopsOnly AcctColumnDef nasipaddress,NAS-IP-Address AcctColumnDef cisco_nas_port,Cisco-NAS-Port AcctColumnDef username,User-Name AcctColumnDef calledstationid,Called-Station-Id AcctColumnDef callingstationid,Calling-Station-Id AcctColumnDef h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw-id}',locate('=','%{cisco-h323-gw-id}')+1)) AcctColumnDef h323_call_origin,cisco-h323-call-origin,literal,trim(substring('%{cisco-h323-call-origin}',locate('=','%{cisco-h323-call-origin}')+1)) AcctColumnDef h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco-h323-call-type}',locate('=','%{cisco-h323-call-type}')+1)) AcctColumnDef h323_setup_time,cisco-h323-setup-time,literal,trim(substring('%{cisco-h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1)) AcctColumnDef h323_connect_time,cisco-h323-connect-time,literal,trim(substring('%{cisco-h323-connect-time}',locate('=','%{cisco-h323-connect-time}')+1)) AcctColumnDef h323_disconnect_time,cisco-h323-disconnect-time,literal,trim(substring('%{cisco-h323-disconnect-time}',locate('=','%{cisco-h323-disconnect-time}')+1)) AcctColumnDef h323_disconnect_cause,cisco-h323-disconnect-cause,literal,trim(substring('%{cisco-h323-disconnect-cause}',locate('=','%{cisco-h323-disconnect-cause}')+1)) AcctColumnDef h323_voice_quality,cisco-h323-voice-quality,literal,trim(substring('%{cisco-h323-voice-quality}',locate('=','%{cisco-h323-voice-quality}')+1)) AcctColumnDef h323_remote_address,cisco-h323-remote-address,literal,trim(substring('%{cisco-h323-remote-address}',locate('=','%{cisco-h323-remote-address}')+1)) AcctColumnDef acctstatustype,Acct-Status-Type AcctColumnDef acctdelaytime,Acct-Delay-Time,integer AcctColumnDef acctsessionid,Acct-Session-Id AcctColumnDef acctinputoctets,Acct-Input-Octets,integer AcctColumnDef
Re: (RADIATOR) AuthBy External clause problem
Hello Ganbold - It is possible that you may need to use ResultInOutput in this environment. Have a look at the code in Radius/AuthEXTERNAL.pm and maybe add some print statements so you can see what is happening. And please let us know what you find. regards Hugh On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote: Hi, I'm testing Radiator-3.6 in Windows 2000 advanced server. I'm using AuthBy External clause in handlers. But when external program returns 0 (Access-Accept) radiator understands it as a 3 and responds with Access-Challenge response. External program worked well in FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows above problem occurs. How can I solve this problem? Is it OS issue? or there is something else? I really appreciate if somebody give the right solution. thanks in advance, Ganbold Micom CO.,Ltd --- --- Trace 4 debug: --- --- Code: Access-Request Identifier: 149 Authentic: 157201205u249179118255240236W195253x Attributes: User-Name = User-Password = 15919224610228184Z200K1253232162^Tv cisco-h323-conf-id = h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D cisco-avpair = h323-ivr-out=transactionID:114 Calling-Station-Id = 11323224 Called-Station-Id = 002365 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Handling request with Handler 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/' Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Running command: d:\Radiator-3.6\hooks\CalcCreditTime Wed Sep 3 19:36:01 2003: DEBUG: Access challenged for : Wed Sep 3 19:36:01 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 21661 Code: Access-Challenge Identifier: 149 Authentic: 157201205u249179118255240236W195253x Attributes: cisco-h323-return-code = h323-return-code=0 cisco-h323-credit-time = h323-credit-time=1276 Reply-Message = first 5! --- --- Below is my config: --- --- #radius.cfg Foreground Trace 4 AuthPort1645 AcctPort1646 LogDir d:\Radiator-3.6\log LogFile %L/logfile.txt DictionaryFile d:\Radiator-3.6\dictionary RewriteUsername s/^\s+// RewriteUsername s/\s+$// RewriteUsername s/\s+//g RewriteUsername tr/[A-Z]/[a-z]/ Client xxx.xxx.xxx.xxx Secret xxx NasType Cisco SNMPCommunity MN-2008 StatusServerShowClientDetails /Client AuthBy SQL DBSourcedbi:mysql:voip_prepaid:localhost DBUsername xxx DBAuth xxx Identifier VoipTerminate AuthSelect AccountingTable voip_termination AccountingStopsOnly AcctColumnDef nasipaddress,NAS-IP-Address AcctColumnDef cisco_nas_port,Cisco-NAS-Port AcctColumnDef username,User-Name AcctColumnDef calledstationid,Called-Station-Id AcctColumnDef callingstationid,Calling-Station-Id AcctColumnDef h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw- id}',locate('=','%{cisco-h323-gw-id}')+1)) AcctColumnDef h323_call_origin,cisco-h323-call- origin,literal,trim(substring('%{cisco-h323-call- origin}',locate('=','%{cisco-h323-call-origin}')+1)) AcctColumnDef h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco- h323-call-type}',locate('=','%{cisco-h323-call-type}')+1)) AcctColumnDef h323_setup_time,cisco-h323-setup-time,literal,trim(substring('%{cisco- h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1)) AcctColumnDef h323_connect_time,cisco-h323-connect- time,literal,trim(substring('%{cisco-h323-connect- time}',locate('=','%{cisco-h323-connect-time}')+1)) AcctColumnDef h323_disconnect_time,cisco-h323-disconnect- time,literal,trim(substring('%{cisco-h323-disconnect- time}',locate('=','%{cisco-h323-disconnect-time}')+1)) AcctColumnDef h323_disconnect_cause,cisco-h323-disconnect- cause,literal,trim(substring('%{cisco-h323-disconnect- cause}',locate('=','%{cisco-h323-disconnect-cause}')+1)) AcctColumnDef h323_voice_quality,cisco-h323-voice- quality,literal,trim(substring('%{cisco-h323-voice- quality}',locate('=','%{cisco-h323-voice-quality}')+1)) AcctColumnDef h323_remote_address,cisco-h323-remote- address,literal,trim(substring('%{cisco-h323-remote-
Re: (RADIATOR) AuthBy External clause problem
Hi Hugh, I added following lines in AuthEXTERNAL.pm and tested radiator. - . . . . . . my $exit = $?; # added lines # print exit code $self-log($main::LOG_DEBUG, first Exit: $exit,$p); print first Exit: $exit\n; # This usually sets $? close READER; # Sometimes need to do this too. $exit = $? if waitpid($pid, 0); # added lines # print exit code $self-log($main::LOG_DEBUG, Exit: $exit,$p); print Exit: $exit\n; . . . . . . - External program returns exit status 0, but radiator somehow understands it as 768 which is 3 (768/256) and sends Access-Challenge. I also tested external program with following simple perl program, where test.txt contains access-requests. It also gets return value as 768. - #!/usr/local/pin/perl $x = system(cat test.txt | calccredittime); print return is: $x\n; exit 0; - I wrote simple C program which gets command line argument and returns that argument as a exit status. Small perl program gets restult of program as it supposed to. Very strange. I don't know what should do, I'll try ResultInOutput switch in radius config and let's see what happens. Following is debug: Code: Access-Request Identifier: 9 Authentic: 209230]209158179p28G180210*tZ176@ Attributes: User-Name = User-Password = 28_171Tm9183211$~173l151190Y! cisco-h323-conf-id = h323-conf-id=07D022A7 DDB911D7 8008E236 347AF897 cisco-avpair = h323-ivr-out=transactionID:8 Calling-Station-Id = 11323224 Called-Station-Id = 0011236 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Handling request with Handler 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/' Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Running command: d:\Radiator-3.6\hooks\CalcCreditTime Thu Sep 4 10:50:24 2003: DEBUG: first Exit: 1604 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Exit: 768 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Access challenged for : Thu Sep 4 10:50:24 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 21645 Code: Access-Challenge Identifier: 9 Authentic: 209230]209158179p28G180210*tZ176@ Attributes: cisco-h323-return-code = h323-return-code=0 cisco-h323-credit-time = h323-credit-time=2516 Reply-Message = first 5! At 09:54 PM 9/3/2003 +1000, you wrote: Hello Ganbold - It is possible that you may need to use ResultInOutput in this environment. Have a look at the code in Radius/AuthEXTERNAL.pm and maybe add some print statements so you can see what is happening. And please let us know what you find. regards Hugh On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote: Hi, I'm testing Radiator-3.6 in Windows 2000 advanced server. I'm using AuthBy External clause in handlers. But when external program returns 0 (Access-Accept) radiator understands it as a 3 and responds with Access-Challenge response. External program worked well in FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows above problem occurs. How can I solve this problem? Is it OS issue? or there is something else? I really appreciate if somebody give the right solution. thanks in advance, Ganbold Micom CO.,Ltd --- --- Trace 4 debug: --- --- Code: Access-Request Identifier: 149 Authentic: 157201205u249179118255240236W195253x Attributes: User-Name = User-Password = 15919224610228184Z200K1253232162^Tv cisco-h323-conf-id = h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D cisco-avpair = h323-ivr-out=transactionID:114 Calling-Station-Id = 11323224 Called-Station-Id = 002365 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote
Re: (RADIATOR) AuthBy External clause problem
Hello Ganbold - Please let me know how you go with ResultInOutput. regards Hugh On Thursday, Sep 4, 2003, at 12:10 Australia/Melbourne, Ganbold wrote: Hi Hugh, I added following lines in AuthEXTERNAL.pm and tested radiator. --- -- . . . . . . my $exit = $?; # added lines # print exit code $self-log($main::LOG_DEBUG, first Exit: $exit,$p); print first Exit: $exit\n; # This usually sets $? close READER; # Sometimes need to do this too. $exit = $? if waitpid($pid, 0); # added lines # print exit code $self-log($main::LOG_DEBUG, Exit: $exit,$p); print Exit: $exit\n; . . . . . . --- -- External program returns exit status 0, but radiator somehow understands it as 768 which is 3 (768/256) and sends Access-Challenge. I also tested external program with following simple perl program, where test.txt contains access-requests. It also gets return value as 768. --- -- #!/usr/local/pin/perl $x = system(cat test.txt | calccredittime); print return is: $x\n; exit 0; --- -- I wrote simple C program which gets command line argument and returns that argument as a exit status. Small perl program gets restult of program as it supposed to. Very strange. I don't know what should do, I'll try ResultInOutput switch in radius config and let's see what happens. Following is debug: Code: Access-Request Identifier: 9 Authentic: 209230]209158179p28G180210*tZ176@ Attributes: User-Name = User-Password = 28_171Tm9183211$~173l151190Y! cisco-h323-conf-id = h323-conf-id=07D022A7 DDB911D7 8008E236 347AF897 cisco-avpair = h323-ivr-out=transactionID:8 Calling-Station-Id = 11323224 Called-Station-Id = 0011236 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Handling request with Handler 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/' Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Running command: d:\Radiator-3.6\hooks\CalcCreditTime Thu Sep 4 10:50:24 2003: DEBUG: first Exit: 1604 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Exit: 768 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Access challenged for : Thu Sep 4 10:50:24 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 21645 Code: Access-Challenge Identifier: 9 Authentic: 209230]209158179p28G180210*tZ176@ Attributes: cisco-h323-return-code = h323-return-code=0 cisco-h323-credit-time = h323-credit-time=2516 Reply-Message = first 5! At 09:54 PM 9/3/2003 +1000, you wrote: Hello Ganbold - It is possible that you may need to use ResultInOutput in this environment. Have a look at the code in Radius/AuthEXTERNAL.pm and maybe add some print statements so you can see what is happening. And please let us know what you find. regards Hugh On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote: Hi, I'm testing Radiator-3.6 in Windows 2000 advanced server. I'm using AuthBy External clause in handlers. But when external program returns 0 (Access-Accept) radiator understands it as a 3 and responds with Access-Challenge response. External program worked well in FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows above problem occurs. How can I solve this problem? Is it OS issue? or there is something else? I really appreciate if somebody give the right solution. thanks in advance, Ganbold Micom CO.,Ltd - -- --- Trace 4 debug: - -- --- Code: Access-Request Identifier: 149 Authentic: 157201205u249179118255240236W195253x Attributes: User-Name = User-Password = 15919224610228184Z200K1253232162^Tv cisco-h323-conf-id = h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D cisco-avpair = h323-ivr-out=transactionID:114 Calling-Station-Id = 11323224 Called-Station-Id = 002365 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Wed Sep 3 19:36:01 2003: DEBUG: Rewrote
(RADIATOR) AuthBy External cascading accounting requests
According to the radiator documentation The exit status of the external command determines what type of reply is to be sent in response to the request: 0 Means reply with an acceptance. For Access-Requests, an Access-Accept will be sent. For Accounting-Requests, an Accounting-Response will be sent. 1 Means reply with a rejection. For Access-Requests, an Access-Reject is sent. For Accounting-Requests, no response is sent. 2 Means don't send any reply. This will also make the Realm fall through to the next AuthBy module if you specified more than one for this Realm (but see also AuthByPolicy). I have two programs . My understanding is that prog1 is called for all requests. In prog1 if a certain condition is met it returns a value of 2 otherwise it returns a value of zero My problem is that even when it returns 0 prog2 is still run. My config file looks like this Realm DEFAULT AuthByPolicy ContinueWhileIgnore AuthBy FILE IgnoreAccounting Filename %D/users /AuthBy # Log accounting to a detail file AuthBy EXTERNAL IgnoreAuthentication Command /home/joshua/work/newapp/prog1 /AuthBy AuthBy EXTERNAL IgnoreAuthentication Command /home/joshua/work/newapp/prog2 /AuthBy AcctLogFileName %L/detail/Realm
Re: (RADIATOR) AuthBy External cascading accounting requests
Hello Joshua - I will need to see a trace 4 debug from Radiator showing what is happening. And it would also be useful to see any debug messages from your external programs showing what the exit status is. BTW - it is often easier to use Handlers and/or hooks for this sort of thing. # define Handlers Handler Request-Type = Accounting-Request> # deal with accounting requests /Handler> Handler> # deal with authentication . /Handler> You will find some example hooks in the file goodies/hooks.txt. regards Hugh On Thursday, Mar 27, 2003, at 21:01 Australia/Melbourne, Joshua Masiko wrote: According to the radiator documentation ? The exit status of the external command determines what type of reply is to be sent in response to the request: 0 Means reply with an acceptance. For Access-Requests, an Access-Accept will be sent. For Accounting-Requests, an Accounting-Response will be sent. 1 Means reply with a rejection. For Access-Requests, an Access-Reject is sent. For Accounting-Requests, no response is sent. 2 Means don't send any reply. This will also make the Realm fall through to the next AuthBy module if you specified more than one for this Realm (but see also AuthByPolicy). ? I have two programs . My understanding is that prog1 is called for all requests. In prog1 if a certain condition is met it returns a value of 2 otherwise it returns a value of zero My problem is that even when it returns 0 prog2 is still run. ? My config file looks like this ? Realm DEFAULT> ??? AuthByPolicy ContinueWhileIgnore ??? AuthBy FILE> ??? IgnoreAccounting ??? Filename %D/users ??? /AuthBy> ??? # Log accounting to a detail file ??? AuthBy EXTERNAL> ??? IgnoreAuthentication ??? Command /home/joshua/work/newapp/prog1 ??? ??? /AuthBy> ?? AuthBy EXTERNAL> ?? IgnoreAuthentication ?? Command /home/joshua/work/newapp/prog2 ?? /AuthBy> ??? AcctLogFileName %L/detail /Realm> NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) AuthBy External Reply-Message Duplication
Heya, I've got an AuthBy External block that's running an external program that, if the login fails, returns a Reply-Message indicating why it failed (lowbalance, nouser, etc). Somewhere in the process of sending the response back from radiator to the requesting server, another Reply-Message of Request Denied appears to be being added. Assuming this is correct, how would I get Radiator to supress the second Reply-Message? It's causing problems for the other end, which is getting confused as to which Reply-Message to use, and consequently not displaying reason for failure properly. KevinL -- Senior Consultant Obsidian Consulting Group Phone: +613 9355 7844Fax: +613 9350 4097 http://www.obsidian.com.au/[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy External Reply-Message Duplication
Hi Kevin - Nice to hear from you. Yes, Radiator adds the Reply-Message when a reject occurs. You can try using a StripFromReply Reply-Message to see which one is removed. You can also try using RejectHasReason in the Realm or Handler. regards Hugh On Thursday, Feb 20, 2003, at 10:08 Australia/Melbourne, KevinL wrote: Heya, I've got an AuthBy External block that's running an external program that, if the login fails, returns a Reply-Message indicating why it failed (lowbalance, nouser, etc). Somewhere in the process of sending the response back from radiator to the requesting server, another Reply-Message of Request Denied appears to be being added. Assuming this is correct, how would I get Radiator to supress the second Reply-Message? It's causing problems for the other end, which is getting confused as to which Reply-Message to use, and consequently not displaying reason for failure properly. KevinL -- Senior Consultant Obsidian Consulting Group Phone: +613 9355 7844Fax: +613 9350 4097 http://www.obsidian.com.au/[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy EXTERNAL not working ?
Adrian - Could you please tell me what version of Radiator you are running, and what version of Perl and what hardware/software platform? It would also be useful to see the complete configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. Could you also run your external program by hand so I can see how it behaves. regards Hugh Hi, I'm trying to use an external program to check that users have a valid shell on my server before they are authenticated. I've written the program that extracts the username from the attributes and looks up the shell and exits with 1 or 2, but I can't get Radiator to use the exit status correctly. I've created several programs (in C, perl, bourne) that simply run and then exit (with 1), but Radiator always seems to accept it and keep going. Here is my Radiator config snipit: AuthBy EXTERNAL Identifier CheckValidShell Command /usr/local/etc/radius/valid_shell /AuthBy AuthBy GROUP Identifier CheckUsers AuthByPolicy ContinueUntilAccept AuthBy CheckValidShell AuthBy CheckSystem /AuthBy I'd very much appreciate any suggestions, Thanks, Adrian. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy EXTERNAL not working ?
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Adrian [EMAIL PROTECTED]] Date: Sun, 9 Feb 2003 18:30:26 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Sun Feb 9 18:30:26 2003 Received: from power.connexus.net.au (power.connexus.net.au [203.12.22.20]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id h1A0UPx02751 for [EMAIL PROTECTED]; Sun, 9 Feb 2003 18:30:25 -0600 Received: from NOTEBOOK.connexus.net.au (as13.Melbourne.interNex.net.au [203.12.22.37]) by power.connexus.net.au (8.12.4/8.11.6) with ESMTP id h1A5OrtB088168 for [EMAIL PROTECTED]; Mon, 10 Feb 2003 16:24:54 +1100 (EST) (envelope-from [EMAIL PROTECTED]) XAntiVirus: This e-mail has been scanned for viruses via the Connexus Internet Service Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Mon, 10 Feb 2003 16:27:24 +1000 To: [EMAIL PROTECTED] From: Adrian [EMAIL PROTECTED] Subject: AuthBy EXTERNAL not working ? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Hi, I'm trying to use an external program to check that users have a valid shell on my server before they are authenticated. I've written the program that extracts the username from the attributes and looks up the shell and exits with 1 or 2, but I can't get Radiator to use the exit status correctly. I've created several programs (in C, perl, bourne) that simply run and then exit (with 1), but Radiator always seems to accept it and keep going. Here is my Radiator config snipit: AuthBy EXTERNAL Identifier CheckValidShell Command /usr/local/etc/radius/valid_shell /AuthBy AuthBy GROUP Identifier CheckUsers AuthByPolicy ContinueUntilAccept AuthBy CheckValidShell AuthBy CheckSystem /AuthBy I'd very much appreciate any suggestions, Thanks, Adrian. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
AW: (RADIATOR) AuthBy External und CHAP
Hello Hugh, we use an API in our external modul to access a SQL-Server Database. The passwords are encrypted in this DB. But we have to put a cleartext password as input to this API (a dll). The API handles the decryption of the cleartext password. I think, the authgeneric.pm handles the encryption of a CHAP password. But is does not work and no error occurs in the logfiles trace level 4. How can we configure, that RADIATOR only accept PAP Athentication? Thanks Burkhard. -Ursprüngliche Nachricht- Von: Hugh Irvine [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 4. April 2002 01:10 An: Burkhard Bartelt; '[EMAIL PROTECTED]' Betreff: Re: (RADIATOR) AuthBy External und CHAP Hello Burkhard - This is a problem, because you cannot decrypt CHAP passwords. You must have your user passwords stored as cleartext in your database to be able to use CHAP. regards Hugh On Thu, 4 Apr 2002 04:14, Burkhard Bartelt wrote: Hello, we are using AuthBy EXTERNAL since several years to authenticate PAP Users and to decrypt with the special parameter Decrypt Password. Currently we are moving to a new provider. His Radius is sending us as Standard first a CHAP Authentification. If CHAP fails he should send a PAP Authentification.This is currently not working in our new Providers Radius (MCI Worldcom). Therefore we need now to decrypt the CHAP Passsword. We couldn't find how to do this in AuthBy EXTERNAL Could you please help. FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl 5.1.6.630 Thanks a lot. Burkhard Bartelt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: AW: (RADIATOR) AuthBy External und CHAP
Hello Burkhard - Radiator handles both PAP and CHAP automatically. The difference is that PAP passwords can be decrypted and the resulting cleartext password is used to perform the same encryption as the encrypted password in the database and the two are compared. If there is a match, the passwords are the same. With CHAP however, only the encryption is sent and Radiator must perform the same encryption on the cleartext password from the database and again, if there is a mathc then the passwords must be the same. It is the NAS that must be configured for either PAP or CHAP. regards Hugh On Thu, 4 Apr 2002 20:18, Burkhard Bartelt wrote: Hello Hugh, we use an API in our external modul to access a SQL-Server Database. The passwords are encrypted in this DB. But we have to put a cleartext password as input to this API (a dll). The API handles the decryption of the cleartext password. I think, the authgeneric.pm handles the encryption of a CHAP password. But is does not work and no error occurs in the logfiles trace level 4. How can we configure, that RADIATOR only accept PAP Athentication? Thanks Burkhard. -Ursprüngliche Nachricht- Von: Hugh Irvine [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 4. April 2002 01:10 An: Burkhard Bartelt; '[EMAIL PROTECTED]' Betreff: Re: (RADIATOR) AuthBy External und CHAP Hello Burkhard - This is a problem, because you cannot decrypt CHAP passwords. You must have your user passwords stored as cleartext in your database to be able to use CHAP. regards Hugh On Thu, 4 Apr 2002 04:14, Burkhard Bartelt wrote: Hello, we are using AuthBy EXTERNAL since several years to authenticate PAP Users and to decrypt with the special parameter Decrypt Password. Currently we are moving to a new provider. His Radius is sending us as Standard first a CHAP Authentification. If CHAP fails he should send a PAP Authentification.This is currently not working in our new Providers Radius (MCI Worldcom). Therefore we need now to decrypt the CHAP Passsword. We couldn't find how to do this in AuthBy EXTERNAL Could you please help. FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl 5.1.6.630 Thanks a lot. Burkhard Bartelt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy External und CHAP
Hello, we are using AuthBy EXTERNAL since several years to authenticate PAP Users and to decrypt with the special parameter "Decrypt Password". Currently we are moving to a new provider. His Radius is sending us as Standard first a CHAP Authentification. If CHAP fails he should send a PAP Authentification.This is currently not working in our new Providers Radius (MCI Worldcom). Therefore we need now to decrypt the CHAP Passsword. We couldn't find how to do this in AuthBy EXTERNAL Could you please help. FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl 5.1.6.630 Thanks a lot. Burkhard Bartelt
Re: (RADIATOR) AuthBy External und CHAP
Hello Burkhard - This is a problem, because you cannot decrypt CHAP passwords. You must have your user passwords stored as cleartext in your database to be able to use CHAP. regards Hugh On Thu, 4 Apr 2002 04:14, Burkhard Bartelt wrote: Hello, we are using AuthBy EXTERNAL since several years to authenticate PAP Users and to decrypt with the special parameter Decrypt Password. Currently we are moving to a new provider. His Radius is sending us as Standard first a CHAP Authentification. If CHAP fails he should send a PAP Authentification.This is currently not working in our new Providers Radius (MCI Worldcom). Therefore we need now to decrypt the CHAP Passsword. We couldn't find how to do this in AuthBy EXTERNAL Could you please help. FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl 5.1.6.630 Thanks a lot. Burkhard Bartelt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy EXTERNAL
Hi Everyone, i am new to Radiator, so please be patient :) i wrote a perl-script that checks a (telephone)number for a legal area-code. So my Question is now, how does this AuthBy EXTERNAL-thing work? I want that the CallingStationId is transefered to my small script. I read Section 6.26... but it didnt help me. Are there maybe some examples? with regards, Georg Lehmann === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy EXTERNAL
Hello Georg - On Monday 08 October 2001 22:54, Georg Lehmann wrote: Hi Everyone, i am new to Radiator, so please be patient :) i wrote a perl-script that checks a (telephone)number for a legal area-code. So my Question is now, how does this AuthBy EXTERNAL-thing work? I want that the CallingStationId is transefered to my small script. I read Section 6.26... but it didnt help me. Are there maybe some examples? You would probably be better off using a Hook to do this. There are some example hooks in the file goodies/hooks.txt. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) authby external
I am running an identical radius.cfg file and external perl program in radius 2.13 and radius 2.15 and my results are quite different. In radius 2.13 it functions properly and denies all access... however in radius 2.15 it is accepting all access. I checked the log file and it is giving an Mon Apr 3 04:13:30 2000: DEBUG: Running command: /usr/bin/perl /usr/local/etc/$Mon Apr 3 04:13:30 2000: ERR: Bad attribute=value pair: 1Mon Apr 3 04:13:30 2000: DEBUG: Access accepted for usa1000@usa The Handler is below: Handler Called-Station-Id=/3099028/ AuthBy EXTERNAL Command /usr/bin/perl /usr/local/etc/raddb/removal.pl %{User-Name} %{Called-Station-Id} /AuthBy/Handler I made a simple removal.pl for this example and here is what it says: #!/usr/bin/perl print "1"; # this should deny access exit; Any ideas? Brandon Dialup USA, Inc.
Re: (RADIATOR) AuthBy EXTERNAL using Perl script
Hi Charl - On Wed, 25 Aug 1999, charl wrote: Hi all, When I try and use AuthBy EXTERNAL with the following: AuthBy EXTERNAL Command /usr/bin/perl /usr/local/bin/auth.pl %U %R # Pass password as Plain Text to script DecryptPassword /AuthBy I get the following out put: sending Access-Request... No reply sending Accounting-Request Start... No reply sending Accounting-Request Stop... No reply Here is the source of the perl script: #1/usr/bin/perl -w Try this (replace "1" with "!"): #!/usr/bin/perl -w use strict; use IO::File; # create a new IO::File object my $fh = new IO::File " /tmp/temp_file"; # write the command-line options I have been given to the file if (defined $fh) { my $element = ''; foreach $element (@ARGV) { print $fh "$element\n"; } $fh-close; } # hard code the exit to success for now exit 0; Does anyone have any clues as to why I am not getting a success returned from the script? I have made the correction above and it works for me. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.