RE: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN
Hi
May i know where can i get Radiator 3.7.1, if i am using evaluation
version ?
MAN
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Monday, October 13, 2003 10:46 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute
to external program via STDIN
Hello Man -
Thanks for the information.
As far as we are aware there should be no problems with the latest
Radiator 3.7.1 on any platform.
You should upgrade to Radiator 3.7.1.
regards
Hugh
On Monday, Oct 13, 2003, at 11:33 Australia/Melbourne, Man Meng Fei
wrote:
Hi
I intend to use Radiator as radius server to communicate with Quintum
VOIP gateway. The Radiator is deployed on Windows 2000 Platform.
Currently i am using ActiveState Active Perl 5.8.1. Anything wrong in
the platform ?
MAN
Could you please tell me what hardware/software platform you are
running and what versions of Windows and Perl?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Hugh Irvine
Sent: Friday, October 10, 2003 9:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) AuthBy EXTERNAL Can't pass received
attribute to external program via STDIN
Hello Man -
You are correct, Radiator will stop while the program specified by the
AuthBy EXTERNAL command executes. If the program never exits, then
Radiator will wait forever. You should add some print ... statements
to the code in the external program to see what it is doing.
BTW - you can also use hooks in your Radiator configuration file for
running your own code. See the examples in goodies/hooks.txt. And of
course you can also write your own AuthBy module as another
alternative.
Could you please tell me what hardware/software platform you are
running and what versions of Windows and Perl?
regards
Hugh
On Friday, Oct 10, 2003, at 10:38 Australia/Melbourne, Man Meng Fei
wrote:
Hi
Previously i did ask a question regarding test run AuthBy External
by using sample configuration (external.cfg) and perl script
(testcommand.pl) which can be found in the goodies directory.
After read thru all the replied emails and relevant document, i tried
to execute this sample configuration and perl scrip again. But i
still fail
to get the correct respond.
Hope you can answer the following question.
1.Follwoing are the console screen display of RADIUS server after
receive Accept request from the client
---Console Screen- Thu Oct 9
22:54:02 2003: DEBUG: Reading dictionary file 'c:/Program Files/Radia
tor/dictionary' Thu Oct 9 22:54:02 2003: DEBUG: Creating
authentication port 0.0.0.0:1645
Thu Oct 9 22:54:02 2003: DEBUG: Creating accounting port
0.0.0.0:1646
Thu Oct 9 22:54:02 2003: NOTICE: Server started: Radiator 3.7 on man
(EVALUATIO
N)
Thu Oct 9 22:54:04 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3330
Code: Access-Request
Identifier: 199
Authentic: 1234567890123456
Attributes:
User-Name = mikem
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = 123456789
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password =
159249:201175\424618889160216}x153
Thu Oct 9 22:54:04 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT' Thu Oct 9 22:54:04 2003: DEBUG: Deleting session
for
mikem, 203.63.154.1, 1234
Thu Oct 9 22:54:04 2003: DEBUG: Running command: c:/perl/bin/perl
./goodies/tes tcommand.pl
-
-
-
-
Above information has shown that radius server received all the
attribute value from client, and it called the external program which
has been define in AuthBy External. But somehow radius server
didn't
pass those attributes to external program via STDIN after executed
the
external program.
My question do we need to configure radius configuration file in
order
to direct radius server pass those attributes to external program via
STDIN ?
2.From the above console screen, i also discovered that radius server
was halt after calling external program testcommand.pl. I found there
is a endless while loop in the testcommand.pl which is shown as
following
while ()
{
chomp;
if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/)
{
# Quoted value
$input{$1} = $2;
}
elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/)
{
# Unquoted value
$input{$1} = $2;
}
}
:
:
My question is can it be the root to cause the radius server halt ?
thank you
MAN MENG FEI
while ($counter 4)
{
print while\n;
chomp;
if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/)
{
# Quoted value
print Quoted value\n;
$input{$1
Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN
Hello Man -
You can download the latest evaluation with your existing username and
password.
I have copied Joanne on this mail so she can help you.
regards
Hugh
On Monday, Oct 13, 2003, at 18:32 Australia/Melbourne, Man Meng Fei
wrote:
Hi
May i know where can i get Radiator 3.7.1, if i am using evaluation
version ?
MAN
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Monday, October 13, 2003 10:46 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute
to external program via STDIN
Hello Man -
Thanks for the information.
As far as we are aware there should be no problems with the latest
Radiator 3.7.1 on any platform.
You should upgrade to Radiator 3.7.1.
regards
Hugh
On Monday, Oct 13, 2003, at 11:33 Australia/Melbourne, Man Meng Fei
wrote:
Hi
I intend to use Radiator as radius server to communicate with Quintum
VOIP gateway. The Radiator is deployed on Windows 2000 Platform.
Currently i am using ActiveState Active Perl 5.8.1. Anything wrong in
the platform ?
MAN
Could you please tell me what hardware/software platform you are
running and what versions of Windows and Perl?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Hugh Irvine
Sent: Friday, October 10, 2003 9:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) AuthBy EXTERNAL Can't pass received
attribute to external program via STDIN
Hello Man -
You are correct, Radiator will stop while the program specified by the
AuthBy EXTERNAL command executes. If the program never exits, then
Radiator will wait forever. You should add some print ... statements
to the code in the external program to see what it is doing.
BTW - you can also use hooks in your Radiator configuration file for
running your own code. See the examples in goodies/hooks.txt. And of
course you can also write your own AuthBy module as another
alternative.
Could you please tell me what hardware/software platform you are
running and what versions of Windows and Perl?
regards
Hugh
On Friday, Oct 10, 2003, at 10:38 Australia/Melbourne, Man Meng Fei
wrote:
Hi
Previously i did ask a question regarding test run AuthBy External
by using sample configuration (external.cfg) and perl script
(testcommand.pl) which can be found in the goodies directory.
After read thru all the replied emails and relevant document, i tried
to execute this sample configuration and perl scrip again. But i
still fail
to get the correct respond.
Hope you can answer the following question.
1.Follwoing are the console screen display of RADIUS server after
receive Accept request from the client
---Console Screen- Thu Oct 9
22:54:02 2003: DEBUG: Reading dictionary file 'c:/Program Files/Radia
tor/dictionary' Thu Oct 9 22:54:02 2003: DEBUG: Creating
authentication port 0.0.0.0:1645
Thu Oct 9 22:54:02 2003: DEBUG: Creating accounting port
0.0.0.0:1646
Thu Oct 9 22:54:02 2003: NOTICE: Server started: Radiator 3.7 on man
(EVALUATIO
N)
Thu Oct 9 22:54:04 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3330
Code: Access-Request
Identifier: 199
Authentic: 1234567890123456
Attributes:
User-Name = mikem
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = 123456789
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password =
159249:201175\424618889160216}x153
Thu Oct 9 22:54:04 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT' Thu Oct 9 22:54:04 2003: DEBUG: Deleting session
for
mikem, 203.63.154.1, 1234
Thu Oct 9 22:54:04 2003: DEBUG: Running command: c:/perl/bin/perl
./goodies/tes tcommand.pl
-
-
-
-
Above information has shown that radius server received all the
attribute value from client, and it called the external program which
has been define in AuthBy External. But somehow radius server
didn't
pass those attributes to external program via STDIN after executed
the
external program.
My question do we need to configure radius configuration file in
order
to direct radius server pass those attributes to external program via
STDIN ?
2.From the above console screen, i also discovered that radius server
was halt after calling external program testcommand.pl. I found there
is a endless while loop in the testcommand.pl which is shown as
following
while ()
{
chomp;
if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/)
{
# Quoted value
$input{$1} = $2;
}
elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/)
{
# Unquoted value
$input{$1} = $2;
}
}
:
:
My question is can it be the root to cause the radius server halt ?
thank you
MAN MENG FEI
while ($counter 4)
{
print while\n;
chomp;
if ($_ =~ /^\s*([^\s
(RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN
Hi
Previously i did ask a question regarding test run AuthBy External by
using sample configuration (external.cfg) and perl script
(testcommand.pl) which can be found in the goodies directory.
After read thru all the replied emails and relevant document, i tried to
execute this sample configuration and perl scrip again. But i still fail
to get the correct respond.
Hope you can answer the following question.
1.Follwoing are the console screen display of RADIUS server after
receive Accept request from the client
---Console Screen-
Thu Oct 9 22:54:02 2003: DEBUG: Reading dictionary file 'c:/Program
Files/Radia
tor/dictionary'
Thu Oct 9 22:54:02 2003: DEBUG: Creating authentication port
0.0.0.0:1645
Thu Oct 9 22:54:02 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Thu Oct 9 22:54:02 2003: NOTICE: Server started: Radiator 3.7 on man
(EVALUATIO
N)
Thu Oct 9 22:54:04 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3330
Code: Access-Request
Identifier: 199
Authentic: 1234567890123456
Attributes:
User-Name = mikem
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = 123456789
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password =
159249:201175\424618889160216}x153
Thu Oct 9 22:54:04 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Oct 9 22:54:04 2003: DEBUG: Deleting session for mikem,
203.63.154.1, 1234
Thu Oct 9 22:54:04 2003: DEBUG: Running command: c:/perl/bin/perl
./goodies/tes
tcommand.pl
Above information has shown that radius server received all the
attribute value from client, and it called the external program which
has been define in AuthBy External. But somehow radius server didn't
pass those attributes to external program via STDIN after executed the
external program.
My question do we need to configure radius configuration file in order
to direct radius server pass those attributes to external program via
STDIN ?
2.From the above console screen, i also discovered that radius server
was halt after calling external program testcommand.pl. I found there is
a endless while loop in the testcommand.pl which is shown as following
while ()
{
chomp;
if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/)
{
# Quoted value
$input{$1} = $2;
}
elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/)
{
# Unquoted value
$input{$1} = $2;
}
}
:
:
My question is can it be the root to cause the radius server halt ?
thank you
MAN MENG FEI
while ($counter 4)
{
print while\n;
chomp;
if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/)
{
# Quoted value
print Quoted value\n;
$input{$1} = $2;
}
elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/)
{
# Unquoted value
print Unquoted value\n;
$input{$1} = $2;
}
$counter++;
}
:
:
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy EXTERNAL Can't pass received attribute to external program via STDIN
Hello Man -
You are correct, Radiator will stop while the program specified by the
AuthBy EXTERNAL command executes. If the program never exits, then
Radiator will wait forever. You should add some print ... statements
to the code in the external program to see what it is doing.
BTW - you can also use hooks in your Radiator configuration file for
running your own code. See the examples in goodies/hooks.txt. And of
course you can also write your own AuthBy module as another alternative.
Could you please tell me what hardware/software platform you are
running and what versions of Windows and Perl?
regards
Hugh
On Friday, Oct 10, 2003, at 10:38 Australia/Melbourne, Man Meng Fei
wrote:
Hi
Previously i did ask a question regarding test run AuthBy External by
using sample configuration (external.cfg) and perl script
(testcommand.pl) which can be found in the goodies directory.
After read thru all the replied emails and relevant document, i tried
to
execute this sample configuration and perl scrip again. But i still
fail
to get the correct respond.
Hope you can answer the following question.
1.Follwoing are the console screen display of RADIUS server after
receive Accept request from the client
---Console Screen-
Thu Oct 9 22:54:02 2003: DEBUG: Reading dictionary file 'c:/Program
Files/Radia
tor/dictionary'
Thu Oct 9 22:54:02 2003: DEBUG: Creating authentication port
0.0.0.0:1645
Thu Oct 9 22:54:02 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Thu Oct 9 22:54:02 2003: NOTICE: Server started: Radiator 3.7 on man
(EVALUATIO
N)
Thu Oct 9 22:54:04 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 3330
Code: Access-Request
Identifier: 199
Authentic: 1234567890123456
Attributes:
User-Name = mikem
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = 123456789
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password =
159249:201175\424618889160216}x153
Thu Oct 9 22:54:04 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Oct 9 22:54:04 2003: DEBUG: Deleting session for mikem,
203.63.154.1, 1234
Thu Oct 9 22:54:04 2003: DEBUG: Running command: c:/perl/bin/perl
./goodies/tes
tcommand.pl
---
-
Above information has shown that radius server received all the
attribute value from client, and it called the external program which
has been define in AuthBy External. But somehow radius server didn't
pass those attributes to external program via STDIN after executed the
external program.
My question do we need to configure radius configuration file in order
to direct radius server pass those attributes to external program via
STDIN ?
2.From the above console screen, i also discovered that radius server
was halt after calling external program testcommand.pl. I found there
is
a endless while loop in the testcommand.pl which is shown as following
while ()
{
chomp;
if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/)
{
# Quoted value
$input{$1} = $2;
}
elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/)
{
# Unquoted value
$input{$1} = $2;
}
}
:
:
My question is can it be the root to cause the radius server halt ?
thank you
MAN MENG FEI
while ($counter 4)
{
print while\n;
chomp;
if ($_ =~ /^\s*([^\s=]+)\s*=\s*((\\|[^])*)/)
{
# Quoted value
print Quoted value\n;
$input{$1} = $2;
}
elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/)
{
# Unquoted value
print Unquoted value\n;
$input{$1} = $2;
}
$counter++;
}
:
:
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy External clause problem
Hi,
I'm testing Radiator-3.6 in Windows 2000 advanced server.
I'm using AuthBy External clause in handlers. But when external program
returns 0 (Access-Accept) radiator understands it as a 3 and responds
with Access-Challenge response. External program worked well in
FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows
above problem occurs.
How can I solve this problem? Is it OS issue? or there is something else?
I really appreciate if somebody give the right solution.
thanks in advance,
Ganbold
Micom CO.,Ltd
--
Trace 4 debug:
--
Code: Access-Request
Identifier: 149
Authentic: 157201205u249179118255240236W195253x
Attributes:
User-Name =
User-Password = 15919224610228184Z200K1253232162^Tv
cisco-h323-conf-id = h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D
cisco-avpair = h323-ivr-out=transactionID:114
Calling-Station-Id = 11323224
Called-Station-Id = 002365
Service-Type = Login-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Handling request with Handler 'User-Name =
/^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Running command:
d:\Radiator-3.6\hooks\CalcCreditTime
Wed Sep 3 19:36:01 2003: DEBUG: Access challenged for :
Wed Sep 3 19:36:01 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 21661
Code: Access-Challenge
Identifier: 149
Authentic: 157201205u249179118255240236W195253x
Attributes:
cisco-h323-return-code = h323-return-code=0
cisco-h323-credit-time = h323-credit-time=1276
Reply-Message = first 5!
--
Below is my config:
--
#radius.cfg
Foreground
Trace 4
AuthPort1645
AcctPort1646
LogDir d:\Radiator-3.6\log
LogFile %L/logfile.txt
DictionaryFile d:\Radiator-3.6\dictionary
RewriteUsername s/^\s+//
RewriteUsername s/\s+$//
RewriteUsername s/\s+//g
RewriteUsername tr/[A-Z]/[a-z]/
Client xxx.xxx.xxx.xxx
Secret xxx
NasType Cisco
SNMPCommunity MN-2008
StatusServerShowClientDetails
/Client
AuthBy SQL
DBSourcedbi:mysql:voip_prepaid:localhost
DBUsername xxx
DBAuth xxx
Identifier VoipTerminate
AuthSelect
AccountingTable voip_termination
AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address
AcctColumnDef cisco_nas_port,Cisco-NAS-Port
AcctColumnDef username,User-Name
AcctColumnDef calledstationid,Called-Station-Id
AcctColumnDef callingstationid,Calling-Station-Id
AcctColumnDef
h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw-id}',locate('=','%{cisco-h323-gw-id}')+1))
AcctColumnDef
h323_call_origin,cisco-h323-call-origin,literal,trim(substring('%{cisco-h323-call-origin}',locate('=','%{cisco-h323-call-origin}')+1))
AcctColumnDef
h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco-h323-call-type}',locate('=','%{cisco-h323-call-type}')+1))
AcctColumnDef
h323_setup_time,cisco-h323-setup-time,literal,trim(substring('%{cisco-h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1))
AcctColumnDef
h323_connect_time,cisco-h323-connect-time,literal,trim(substring('%{cisco-h323-connect-time}',locate('=','%{cisco-h323-connect-time}')+1))
AcctColumnDef
h323_disconnect_time,cisco-h323-disconnect-time,literal,trim(substring('%{cisco-h323-disconnect-time}',locate('=','%{cisco-h323-disconnect-time}')+1))
AcctColumnDef
h323_disconnect_cause,cisco-h323-disconnect-cause,literal,trim(substring('%{cisco-h323-disconnect-cause}',locate('=','%{cisco-h323-disconnect-cause}')+1))
AcctColumnDef
h323_voice_quality,cisco-h323-voice-quality,literal,trim(substring('%{cisco-h323-voice-quality}',locate('=','%{cisco-h323-voice-quality}')+1))
AcctColumnDef
h323_remote_address,cisco-h323-remote-address,literal,trim(substring('%{cisco-h323-remote-address}',locate('=','%{cisco-h323-remote-address}')+1))
AcctColumnDef acctstatustype,Acct-Status-Type
AcctColumnDef acctdelaytime,Acct-Delay-Time,integer
AcctColumnDef acctsessionid,Acct-Session-Id
AcctColumnDef acctinputoctets,Acct-Input-Octets,integer
AcctColumnDef
Re: (RADIATOR) AuthBy External clause problem
Hello Ganbold -
It is possible that you may need to use ResultInOutput in this
environment.
Have a look at the code in Radius/AuthEXTERNAL.pm and maybe add some
print statements so you can see what is happening. And please let us
know what you find.
regards
Hugh
On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote:
Hi,
I'm testing Radiator-3.6 in Windows 2000 advanced server.
I'm using AuthBy External clause in handlers. But when external program
returns 0 (Access-Accept) radiator understands it as a 3 and responds
with Access-Challenge response. External program worked well in
FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows
above problem occurs.
How can I solve this problem? Is it OS issue? or there is something
else?
I really appreciate if somebody give the right solution.
thanks in advance,
Ganbold
Micom CO.,Ltd
---
---
Trace 4 debug:
---
---
Code: Access-Request
Identifier: 149
Authentic:
157201205u249179118255240236W195253x
Attributes:
User-Name =
User-Password =
15919224610228184Z200K1253232162^Tv
cisco-h323-conf-id = h323-conf-id=45135D12 DD3911D7 809F812C
9428BE9D
cisco-avpair = h323-ivr-out=transactionID:114
Calling-Station-Id = 11323224
Called-Station-Id = 002365
Service-Type = Login-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Handling request with Handler
'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Running command:
d:\Radiator-3.6\hooks\CalcCreditTime
Wed Sep 3 19:36:01 2003: DEBUG: Access challenged for :
Wed Sep 3 19:36:01 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 21661
Code: Access-Challenge
Identifier: 149
Authentic:
157201205u249179118255240236W195253x
Attributes:
cisco-h323-return-code = h323-return-code=0
cisco-h323-credit-time = h323-credit-time=1276
Reply-Message = first 5!
---
---
Below is my config:
---
---
#radius.cfg
Foreground
Trace 4
AuthPort1645
AcctPort1646
LogDir d:\Radiator-3.6\log
LogFile %L/logfile.txt
DictionaryFile d:\Radiator-3.6\dictionary
RewriteUsername s/^\s+//
RewriteUsername s/\s+$//
RewriteUsername s/\s+//g
RewriteUsername tr/[A-Z]/[a-z]/
Client xxx.xxx.xxx.xxx
Secret xxx
NasType Cisco
SNMPCommunity MN-2008
StatusServerShowClientDetails
/Client
AuthBy SQL
DBSourcedbi:mysql:voip_prepaid:localhost
DBUsername xxx
DBAuth xxx
Identifier VoipTerminate
AuthSelect
AccountingTable voip_termination
AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address
AcctColumnDef cisco_nas_port,Cisco-NAS-Port
AcctColumnDef username,User-Name
AcctColumnDef calledstationid,Called-Station-Id
AcctColumnDef callingstationid,Calling-Station-Id
AcctColumnDef
h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw-
id}',locate('=','%{cisco-h323-gw-id}')+1))
AcctColumnDef
h323_call_origin,cisco-h323-call-
origin,literal,trim(substring('%{cisco-h323-call-
origin}',locate('=','%{cisco-h323-call-origin}')+1))
AcctColumnDef
h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco-
h323-call-type}',locate('=','%{cisco-h323-call-type}')+1))
AcctColumnDef
h323_setup_time,cisco-h323-setup-time,literal,trim(substring('%{cisco-
h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1))
AcctColumnDef
h323_connect_time,cisco-h323-connect-
time,literal,trim(substring('%{cisco-h323-connect-
time}',locate('=','%{cisco-h323-connect-time}')+1))
AcctColumnDef
h323_disconnect_time,cisco-h323-disconnect-
time,literal,trim(substring('%{cisco-h323-disconnect-
time}',locate('=','%{cisco-h323-disconnect-time}')+1))
AcctColumnDef
h323_disconnect_cause,cisco-h323-disconnect-
cause,literal,trim(substring('%{cisco-h323-disconnect-
cause}',locate('=','%{cisco-h323-disconnect-cause}')+1))
AcctColumnDef
h323_voice_quality,cisco-h323-voice-
quality,literal,trim(substring('%{cisco-h323-voice-
quality}',locate('=','%{cisco-h323-voice-quality}')+1))
AcctColumnDef
h323_remote_address,cisco-h323-remote-
address,literal,trim(substring('%{cisco-h323-remote-
Re: (RADIATOR) AuthBy External clause problem
Hi Hugh, I added following lines in AuthEXTERNAL.pm and tested radiator. - . . . . . . my $exit = $?; # added lines # print exit code $self-log($main::LOG_DEBUG, first Exit: $exit,$p); print first Exit: $exit\n; # This usually sets $? close READER; # Sometimes need to do this too. $exit = $? if waitpid($pid, 0); # added lines # print exit code $self-log($main::LOG_DEBUG, Exit: $exit,$p); print Exit: $exit\n; . . . . . . - External program returns exit status 0, but radiator somehow understands it as 768 which is 3 (768/256) and sends Access-Challenge. I also tested external program with following simple perl program, where test.txt contains access-requests. It also gets return value as 768. - #!/usr/local/pin/perl $x = system(cat test.txt | calccredittime); print return is: $x\n; exit 0; - I wrote simple C program which gets command line argument and returns that argument as a exit status. Small perl program gets restult of program as it supposed to. Very strange. I don't know what should do, I'll try ResultInOutput switch in radius config and let's see what happens. Following is debug: Code: Access-Request Identifier: 9 Authentic: 209230]209158179p28G180210*tZ176@ Attributes: User-Name = User-Password = 28_171Tm9183211$~173l151190Y! cisco-h323-conf-id = h323-conf-id=07D022A7 DDB911D7 8008E236 347AF897 cisco-avpair = h323-ivr-out=transactionID:8 Calling-Station-Id = 11323224 Called-Station-Id = 0011236 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Handling request with Handler 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/' Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Running command: d:\Radiator-3.6\hooks\CalcCreditTime Thu Sep 4 10:50:24 2003: DEBUG: first Exit: 1604 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Exit: 768 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Access challenged for : Thu Sep 4 10:50:24 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 21645 Code: Access-Challenge Identifier: 9 Authentic: 209230]209158179p28G180210*tZ176@ Attributes: cisco-h323-return-code = h323-return-code=0 cisco-h323-credit-time = h323-credit-time=2516 Reply-Message = first 5! At 09:54 PM 9/3/2003 +1000, you wrote: Hello Ganbold - It is possible that you may need to use ResultInOutput in this environment. Have a look at the code in Radius/AuthEXTERNAL.pm and maybe add some print statements so you can see what is happening. And please let us know what you find. regards Hugh On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote: Hi, I'm testing Radiator-3.6 in Windows 2000 advanced server. I'm using AuthBy External clause in handlers. But when external program returns 0 (Access-Accept) radiator understands it as a 3 and responds with Access-Challenge response. External program worked well in FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows above problem occurs. How can I solve this problem? Is it OS issue? or there is something else? I really appreciate if somebody give the right solution. thanks in advance, Ganbold Micom CO.,Ltd --- --- Trace 4 debug: --- --- Code: Access-Request Identifier: 149 Authentic: 157201205u249179118255240236W195253x Attributes: User-Name = User-Password = 15919224610228184Z200K1253232162^Tv cisco-h323-conf-id = h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D cisco-avpair = h323-ivr-out=transactionID:114 Calling-Station-Id = 11323224 Called-Station-Id = 002365 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to Wed Sep 3 19:36:01 2003: DEBUG: Rewrote
Re: (RADIATOR) AuthBy External clause problem
Hello Ganbold - Please let me know how you go with ResultInOutput. regards Hugh On Thursday, Sep 4, 2003, at 12:10 Australia/Melbourne, Ganbold wrote: Hi Hugh, I added following lines in AuthEXTERNAL.pm and tested radiator. --- -- . . . . . . my $exit = $?; # added lines # print exit code $self-log($main::LOG_DEBUG, first Exit: $exit,$p); print first Exit: $exit\n; # This usually sets $? close READER; # Sometimes need to do this too. $exit = $? if waitpid($pid, 0); # added lines # print exit code $self-log($main::LOG_DEBUG, Exit: $exit,$p); print Exit: $exit\n; . . . . . . --- -- External program returns exit status 0, but radiator somehow understands it as 768 which is 3 (768/256) and sends Access-Challenge. I also tested external program with following simple perl program, where test.txt contains access-requests. It also gets return value as 768. --- -- #!/usr/local/pin/perl $x = system(cat test.txt | calccredittime); print return is: $x\n; exit 0; --- -- I wrote simple C program which gets command line argument and returns that argument as a exit status. Small perl program gets restult of program as it supposed to. Very strange. I don't know what should do, I'll try ResultInOutput switch in radius config and let's see what happens. Following is debug: Code: Access-Request Identifier: 9 Authentic: 209230]209158179p28G180210*tZ176@ Attributes: User-Name = User-Password = 28_171Tm9183211$~173l151190Y! cisco-h323-conf-id = h323-conf-id=07D022A7 DDB911D7 8008E236 347AF897 cisco-avpair = h323-ivr-out=transactionID:8 Calling-Station-Id = 11323224 Called-Station-Id = 0011236 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Handling request with Handler 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/' Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to Thu Sep 4 10:50:24 2003: DEBUG: Running command: d:\Radiator-3.6\hooks\CalcCreditTime Thu Sep 4 10:50:24 2003: DEBUG: first Exit: 1604 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Exit: 768 ^ ^ ^ ^ Thu Sep 4 10:50:24 2003: DEBUG: Access challenged for : Thu Sep 4 10:50:24 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 21645 Code: Access-Challenge Identifier: 9 Authentic: 209230]209158179p28G180210*tZ176@ Attributes: cisco-h323-return-code = h323-return-code=0 cisco-h323-credit-time = h323-credit-time=2516 Reply-Message = first 5! At 09:54 PM 9/3/2003 +1000, you wrote: Hello Ganbold - It is possible that you may need to use ResultInOutput in this environment. Have a look at the code in Radius/AuthEXTERNAL.pm and maybe add some print statements so you can see what is happening. And please let us know what you find. regards Hugh On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote: Hi, I'm testing Radiator-3.6 in Windows 2000 advanced server. I'm using AuthBy External clause in handlers. But when external program returns 0 (Access-Accept) radiator understands it as a 3 and responds with Access-Challenge response. External program worked well in FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows above problem occurs. How can I solve this problem? Is it OS issue? or there is something else? I really appreciate if somebody give the right solution. thanks in advance, Ganbold Micom CO.,Ltd - -- --- Trace 4 debug: - -- --- Code: Access-Request Identifier: 149 Authentic: 157201205u249179118255240236W195253x Attributes: User-Name = User-Password = 15919224610228184Z200K1253232162^Tv cisco-h323-conf-id = h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D cisco-avpair = h323-ivr-out=transactionID:114 Calling-Station-Id = 11323224 Called-Station-Id = 002365 Service-Type = Login-User NAS-IP-Address = xxx.xxx.xxx.xxx Wed Sep 3 19:36:01 2003: DEBUG: Rewrote
(RADIATOR) AuthBy External cascading accounting requests
According to the radiator documentation The exit status of the external command determines what type of reply is to be sent in response to the request: 0 Means reply with an acceptance. For Access-Requests, an Access-Accept will be sent. For Accounting-Requests, an Accounting-Response will be sent. 1 Means reply with a rejection. For Access-Requests, an Access-Reject is sent. For Accounting-Requests, no response is sent. 2 Means don't send any reply. This will also make the Realm fall through to the next AuthBy module if you specified more than one for this Realm (but see also AuthByPolicy). I have two programs . My understanding is that prog1 is called for all requests. In prog1 if a certain condition is met it returns a value of 2 otherwise it returns a value of zero My problem is that even when it returns 0 prog2 is still run. My config file looks like this Realm DEFAULT AuthByPolicy ContinueWhileIgnore AuthBy FILE IgnoreAccounting Filename %D/users /AuthBy # Log accounting to a detail file AuthBy EXTERNAL IgnoreAuthentication Command /home/joshua/work/newapp/prog1 /AuthBy AuthBy EXTERNAL IgnoreAuthentication Command /home/joshua/work/newapp/prog2 /AuthBy AcctLogFileName %L/detail/Realm
Re: (RADIATOR) AuthBy External cascading accounting requests
Hello Joshua - I will need to see a trace 4 debug from Radiator showing what is happening. And it would also be useful to see any debug messages from your external programs showing what the exit status is. BTW - it is often easier to use Handlers and/or hooks for this sort of thing. # define Handlers Handler Request-Type = Accounting-Request> # deal with accounting requests /Handler> Handler> # deal with authentication . /Handler> You will find some example hooks in the file goodies/hooks.txt. regards Hugh On Thursday, Mar 27, 2003, at 21:01 Australia/Melbourne, Joshua Masiko wrote: According to the radiator documentation ? The exit status of the external command determines what type of reply is to be sent in response to the request: 0 Means reply with an acceptance. For Access-Requests, an Access-Accept will be sent. For Accounting-Requests, an Accounting-Response will be sent. 1 Means reply with a rejection. For Access-Requests, an Access-Reject is sent. For Accounting-Requests, no response is sent. 2 Means don't send any reply. This will also make the Realm fall through to the next AuthBy module if you specified more than one for this Realm (but see also AuthByPolicy). ? I have two programs . My understanding is that prog1 is called for all requests. In prog1 if a certain condition is met it returns a value of 2 otherwise it returns a value of zero My problem is that even when it returns 0 prog2 is still run. ? My config file looks like this ? Realm DEFAULT> ??? AuthByPolicy ContinueWhileIgnore ??? AuthBy FILE> ??? IgnoreAccounting ??? Filename %D/users ??? /AuthBy> ??? # Log accounting to a detail file ??? AuthBy EXTERNAL> ??? IgnoreAuthentication ??? Command /home/joshua/work/newapp/prog1 ??? ??? /AuthBy> ?? AuthBy EXTERNAL> ?? IgnoreAuthentication ?? Command /home/joshua/work/newapp/prog2 ?? /AuthBy> ??? AcctLogFileName %L/detail /Realm> NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) AuthBy External Reply-Message Duplication
Heya, I've got an AuthBy External block that's running an external program that, if the login fails, returns a Reply-Message indicating why it failed (lowbalance, nouser, etc). Somewhere in the process of sending the response back from radiator to the requesting server, another Reply-Message of Request Denied appears to be being added. Assuming this is correct, how would I get Radiator to supress the second Reply-Message? It's causing problems for the other end, which is getting confused as to which Reply-Message to use, and consequently not displaying reason for failure properly. KevinL -- Senior Consultant Obsidian Consulting Group Phone: +613 9355 7844Fax: +613 9350 4097 http://www.obsidian.com.au/[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy External Reply-Message Duplication
Hi Kevin - Nice to hear from you. Yes, Radiator adds the Reply-Message when a reject occurs. You can try using a StripFromReply Reply-Message to see which one is removed. You can also try using RejectHasReason in the Realm or Handler. regards Hugh On Thursday, Feb 20, 2003, at 10:08 Australia/Melbourne, KevinL wrote: Heya, I've got an AuthBy External block that's running an external program that, if the login fails, returns a Reply-Message indicating why it failed (lowbalance, nouser, etc). Somewhere in the process of sending the response back from radiator to the requesting server, another Reply-Message of Request Denied appears to be being added. Assuming this is correct, how would I get Radiator to supress the second Reply-Message? It's causing problems for the other end, which is getting confused as to which Reply-Message to use, and consequently not displaying reason for failure properly. KevinL -- Senior Consultant Obsidian Consulting Group Phone: +613 9355 7844Fax: +613 9350 4097 http://www.obsidian.com.au/[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy EXTERNAL not working ?
Adrian - Could you please tell me what version of Radiator you are running, and what version of Perl and what hardware/software platform? It would also be useful to see the complete configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. Could you also run your external program by hand so I can see how it behaves. regards Hugh Hi, I'm trying to use an external program to check that users have a valid shell on my server before they are authenticated. I've written the program that extracts the username from the attributes and looks up the shell and exits with 1 or 2, but I can't get Radiator to use the exit status correctly. I've created several programs (in C, perl, bourne) that simply run and then exit (with 1), but Radiator always seems to accept it and keep going. Here is my Radiator config snipit: AuthBy EXTERNAL Identifier CheckValidShell Command /usr/local/etc/radius/valid_shell /AuthBy AuthBy GROUP Identifier CheckUsers AuthByPolicy ContinueUntilAccept AuthBy CheckValidShell AuthBy CheckSystem /AuthBy I'd very much appreciate any suggestions, Thanks, Adrian. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy EXTERNAL not working ?
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Adrian [EMAIL PROTECTED]] Date: Sun, 9 Feb 2003 18:30:26 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Sun Feb 9 18:30:26 2003 Received: from power.connexus.net.au (power.connexus.net.au [203.12.22.20]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id h1A0UPx02751 for [EMAIL PROTECTED]; Sun, 9 Feb 2003 18:30:25 -0600 Received: from NOTEBOOK.connexus.net.au (as13.Melbourne.interNex.net.au [203.12.22.37]) by power.connexus.net.au (8.12.4/8.11.6) with ESMTP id h1A5OrtB088168 for [EMAIL PROTECTED]; Mon, 10 Feb 2003 16:24:54 +1100 (EST) (envelope-from [EMAIL PROTECTED]) XAntiVirus: This e-mail has been scanned for viruses via the Connexus Internet Service Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Mon, 10 Feb 2003 16:27:24 +1000 To: [EMAIL PROTECTED] From: Adrian [EMAIL PROTECTED] Subject: AuthBy EXTERNAL not working ? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Hi, I'm trying to use an external program to check that users have a valid shell on my server before they are authenticated. I've written the program that extracts the username from the attributes and looks up the shell and exits with 1 or 2, but I can't get Radiator to use the exit status correctly. I've created several programs (in C, perl, bourne) that simply run and then exit (with 1), but Radiator always seems to accept it and keep going. Here is my Radiator config snipit: AuthBy EXTERNAL Identifier CheckValidShell Command /usr/local/etc/radius/valid_shell /AuthBy AuthBy GROUP Identifier CheckUsers AuthByPolicy ContinueUntilAccept AuthBy CheckValidShell AuthBy CheckSystem /AuthBy I'd very much appreciate any suggestions, Thanks, Adrian. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
AW: (RADIATOR) AuthBy External und CHAP
Hello Hugh, we use an API in our external modul to access a SQL-Server Database. The passwords are encrypted in this DB. But we have to put a cleartext password as input to this API (a dll). The API handles the decryption of the cleartext password. I think, the authgeneric.pm handles the encryption of a CHAP password. But is does not work and no error occurs in the logfiles trace level 4. How can we configure, that RADIATOR only accept PAP Athentication? Thanks Burkhard. -Ursprüngliche Nachricht- Von: Hugh Irvine [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 4. April 2002 01:10 An: Burkhard Bartelt; '[EMAIL PROTECTED]' Betreff: Re: (RADIATOR) AuthBy External und CHAP Hello Burkhard - This is a problem, because you cannot decrypt CHAP passwords. You must have your user passwords stored as cleartext in your database to be able to use CHAP. regards Hugh On Thu, 4 Apr 2002 04:14, Burkhard Bartelt wrote: Hello, we are using AuthBy EXTERNAL since several years to authenticate PAP Users and to decrypt with the special parameter Decrypt Password. Currently we are moving to a new provider. His Radius is sending us as Standard first a CHAP Authentification. If CHAP fails he should send a PAP Authentification.This is currently not working in our new Providers Radius (MCI Worldcom). Therefore we need now to decrypt the CHAP Passsword. We couldn't find how to do this in AuthBy EXTERNAL Could you please help. FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl 5.1.6.630 Thanks a lot. Burkhard Bartelt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: AW: (RADIATOR) AuthBy External und CHAP
Hello Burkhard - Radiator handles both PAP and CHAP automatically. The difference is that PAP passwords can be decrypted and the resulting cleartext password is used to perform the same encryption as the encrypted password in the database and the two are compared. If there is a match, the passwords are the same. With CHAP however, only the encryption is sent and Radiator must perform the same encryption on the cleartext password from the database and again, if there is a mathc then the passwords must be the same. It is the NAS that must be configured for either PAP or CHAP. regards Hugh On Thu, 4 Apr 2002 20:18, Burkhard Bartelt wrote: Hello Hugh, we use an API in our external modul to access a SQL-Server Database. The passwords are encrypted in this DB. But we have to put a cleartext password as input to this API (a dll). The API handles the decryption of the cleartext password. I think, the authgeneric.pm handles the encryption of a CHAP password. But is does not work and no error occurs in the logfiles trace level 4. How can we configure, that RADIATOR only accept PAP Athentication? Thanks Burkhard. -Ursprüngliche Nachricht- Von: Hugh Irvine [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 4. April 2002 01:10 An: Burkhard Bartelt; '[EMAIL PROTECTED]' Betreff: Re: (RADIATOR) AuthBy External und CHAP Hello Burkhard - This is a problem, because you cannot decrypt CHAP passwords. You must have your user passwords stored as cleartext in your database to be able to use CHAP. regards Hugh On Thu, 4 Apr 2002 04:14, Burkhard Bartelt wrote: Hello, we are using AuthBy EXTERNAL since several years to authenticate PAP Users and to decrypt with the special parameter Decrypt Password. Currently we are moving to a new provider. His Radius is sending us as Standard first a CHAP Authentification. If CHAP fails he should send a PAP Authentification.This is currently not working in our new Providers Radius (MCI Worldcom). Therefore we need now to decrypt the CHAP Passsword. We couldn't find how to do this in AuthBy EXTERNAL Could you please help. FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl 5.1.6.630 Thanks a lot. Burkhard Bartelt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy External und CHAP
Hello, we are using AuthBy EXTERNAL since several years to authenticate PAP Users and to decrypt with the special parameter "Decrypt Password". Currently we are moving to a new provider. His Radius is sending us as Standard first a CHAP Authentification. If CHAP fails he should send a PAP Authentification.This is currently not working in our new Providers Radius (MCI Worldcom). Therefore we need now to decrypt the CHAP Passsword. We couldn't find how to do this in AuthBy EXTERNAL Could you please help. FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl 5.1.6.630 Thanks a lot. Burkhard Bartelt
Re: (RADIATOR) AuthBy External und CHAP
Hello Burkhard - This is a problem, because you cannot decrypt CHAP passwords. You must have your user passwords stored as cleartext in your database to be able to use CHAP. regards Hugh On Thu, 4 Apr 2002 04:14, Burkhard Bartelt wrote: Hello, we are using AuthBy EXTERNAL since several years to authenticate PAP Users and to decrypt with the special parameter Decrypt Password. Currently we are moving to a new provider. His Radius is sending us as Standard first a CHAP Authentification. If CHAP fails he should send a PAP Authentification.This is currently not working in our new Providers Radius (MCI Worldcom). Therefore we need now to decrypt the CHAP Passsword. We couldn't find how to do this in AuthBy EXTERNAL Could you please help. FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl 5.1.6.630 Thanks a lot. Burkhard Bartelt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy EXTERNAL
Hi Everyone, i am new to Radiator, so please be patient :) i wrote a perl-script that checks a (telephone)number for a legal area-code. So my Question is now, how does this AuthBy EXTERNAL-thing work? I want that the CallingStationId is transefered to my small script. I read Section 6.26... but it didnt help me. Are there maybe some examples? with regards, Georg Lehmann === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy EXTERNAL
Hello Georg - On Monday 08 October 2001 22:54, Georg Lehmann wrote: Hi Everyone, i am new to Radiator, so please be patient :) i wrote a perl-script that checks a (telephone)number for a legal area-code. So my Question is now, how does this AuthBy EXTERNAL-thing work? I want that the CallingStationId is transefered to my small script. I read Section 6.26... but it didnt help me. Are there maybe some examples? You would probably be better off using a Hook to do this. There are some example hooks in the file goodies/hooks.txt. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) authby external
I am running an identical radius.cfg file and
external perl program in radius 2.13 and radius 2.15 and my results are quite
different. In radius 2.13 it functions properly and denies all
access... however in radius 2.15 it is accepting all access. I
checked the log file and it is giving an
Mon Apr 3 04:13:30 2000: DEBUG: Running
command: /usr/bin/perl /usr/local/etc/$Mon Apr 3 04:13:30 2000: ERR:
Bad attribute=value pair: 1Mon Apr 3 04:13:30 2000: DEBUG: Access
accepted for usa1000@usa
The Handler is below:
Handler
Called-Station-Id=/3099028/
AuthBy EXTERNAL Command
/usr/bin/perl /usr/local/etc/raddb/removal.pl %{User-Name}
%{Called-Station-Id}
/AuthBy/Handler
I made a simple removal.pl for this example and
here is what it says:
#!/usr/bin/perl
print "1"; # this should deny
access
exit;
Any ideas?
Brandon
Dialup USA, Inc.
Re: (RADIATOR) AuthBy EXTERNAL using Perl script
Hi Charl -
On Wed, 25 Aug 1999, charl wrote:
Hi all,
When I try and use AuthBy EXTERNAL with the following:
AuthBy EXTERNAL
Command /usr/bin/perl /usr/local/bin/auth.pl %U %R
# Pass password as Plain Text to script
DecryptPassword
/AuthBy
I get the following out put:
sending Access-Request...
No reply
sending Accounting-Request Start...
No reply
sending Accounting-Request Stop...
No reply
Here is the source of the perl script:
#1/usr/bin/perl -w
Try this (replace "1" with "!"):
#!/usr/bin/perl -w
use strict;
use IO::File;
# create a new IO::File object
my $fh = new IO::File " /tmp/temp_file";
# write the command-line options I have been given to the file
if (defined $fh)
{
my $element = '';
foreach $element (@ARGV)
{
print $fh "$element\n";
}
$fh-close;
}
# hard code the exit to success for now
exit 0;
Does anyone have any clues as to why I am not getting a success returned
from the script?
I have made the correction above and it works for me.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
