[RADIATOR] Radiator Radius with VPN, mobile OTP

2012-02-15 Thread Scott 
Hi Team  - I am currently working on a potential customer for a
> e-government project. For it's external VPN access, I am proposing  Radiator. 
> any of you have any white paper, success story, or case study related I can 
> refer to ? Prefer some VPN radiau authetication with Mobile OTP, or other 
> enhanced security authentication method.
> Thanks !
> best regards
Scott




At 2012-02-15 04:45:08,"Mike McCauley"  wrote:
>Hi Eddie,
>
>thanks for reporting this.
>It has now been fixed in the latest patch set.
>
>Cheers.
>
>On Tuesday, February 14, 2012 03:53:04 PM Eddie Stassen wrote:
>> UpdateQuery  crashes Radiator when the query
>> contains %{Quote:...}.  This is due to $self not being passed as the
>> third parameter to Radius::Util::format_special(). The patch below
>> fixes it.
>> 
>> Regards,
>> Eddie Stassen
>> 
>> --- SessSQL.pm.ORIG 2012-02-14 15:32:12.0 +0200
>> +++ SessSQL.pm  2012-02-14 15:44:42.0 +0200
>> @@ -132,7 +132,9 @@
>>  $self->log($main::LOG_DEBUG,
>>"$self->{Identifier} Updating session for $name,
>> $nas_id, $nas_port", $p);
>>  # Now add the new one
>> -$self->do(&Radius::Util::format_special($self->{UpdateQuery}, $p));
>> +$self->do(&$self->{UpdateQuery}, $p, $self,
>> +$self->quote($name), $nas_id, $nas_port+0,
>> +   
>> $self->quote($p->getAttrByNum($Radius::Radius::ACCT_SESSION_ID; }
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>-- 
>Mike McCauley   mi...@open.com.au
>Open System Consultants Pty. Ltd
>9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
>Phone +61 7 5598-7474   Fax   +61 7 5598-7070
>
>Radiator: the most portable, flexible and configurable RADIUS server 
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
>___
>radiator mailing list
>radiator@open.com.au
>http://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

(Additional Infor) Re: (RADIATOR) RADIATOR RADIUS for Cisco AP 350

2002-11-11 Thread Bon sy 
Hi Huge and others,

Here is the additional information about the setup on the Cisco
side and the test conducted so far:

I have followed the instruction in the security setup documentation. But I
have not been able to do even just the basic MAC address
authentication. The setup in the Cisco side, according to the
documentation, is as followed:

1.(Setup -> Address Filter) I have set "yes" to select  the option called
Lookup MAC Address on Authentication Server if not in Existing Filter
List. With this option enabled. I have also entered the MAC address of the
AP in the "Allowed" addresses list.

2. (setup -> security -> authentication server) I have entered the IP,
shared secret, and port # for the RADIUS, and checked "MAC address
authentication" (and selected "draft 10").

3. (setup -> security -> Radio WEP) I have set "Optional" in the "Use of
Data Encryption by the station", and checked "Open" and "Shared" in the
"Accept Authentication Type", with all other options (including require
EAP) unchecked. I have also set up a 128-bit WEP key with default
"Transmit with key".

4.  (setup -> AP radio -> advanced Primary SSID setup) I set
"Disallowed" for  Default Unicast Address Filter corresponding to (Accept
Authentication Type) "Open" and "Shared".


After saving all the settings, I tested it using a Symbol card on a
Pocket PC (CE OS). It authenticates successfully on the RADIATOR with APs
of other vendors. I also see the packets of RADIUS protocol sent to RADIUS
when I monitored using Ethereal. 

But when I tested it on Cisco AP 350 and monitored using Ethereal, I did
not see the Cisco AP 350 sends out any packets with RADIUS protocol to the
RADIUS.

Can anyone help and offer insights into what I might have missed. Many
thanks in advance!

Bon



On Mon, 11 Nov 2002, Bon sy wrote:

> Hi Huge and others,
> 
>   Anyone in the list has ever tried to set up RADIATOR to work with
> Cisco AP 350/352. The system and radio firmware versions are 12.00T and
> 5.02B respectively. 
> 
>   I started with very basic "MAC authentication" (under
> setup -> security -> authentication server). But the RADIATOR does not
> seem to pick up. The configuration that I added to the RADIATOR config
> file is just simply 
> 
> 
>secret SharedSecret
>DupInterval 0
> 
> 
>   As a side note, the same RADIATOR config file works for Orinoco
> AP-500 and AP-1000, but not for Cisco Ap 350. I wonder anyone in the list
> can shed lights on the proper settings on the side of the Cisco AP 350
> that I should start checking. 
> 
>   Many thanks in advance!
> 
> Bon
> 
> 
> 
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
> 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RADIATOR RADIUS for Cisco AP 350

2002-11-10 Thread Bon sy 
Hi Huge and others,

Anyone in the list has ever tried to set up RADIATOR to work with
Cisco AP 350/352. The system and radio firmware versions are 12.00T and
5.02B respectively. 

I started with very basic "MAC authentication" (under
setup -> security -> authentication server). But the RADIATOR does not
seem to pick up. The configuration that I added to the RADIATOR config
file is just simply 


   secret SharedSecret
   DupInterval 0


As a side note, the same RADIATOR config file works for Orinoco
AP-500 and AP-1000, but not for Cisco Ap 350. I wonder anyone in the list
can shed lights on the proper settings on the side of the Cisco AP 350
that I should start checking. 

Many thanks in advance!

Bon



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) radiator radius help

2002-02-08 Thread Hugh Irvine 


Hello Peter -

You will have to look at a trace 4 debug from Radiator to see whether the 
problem is not receiving accounting stop records (likely), or whether the 
DeleteQuery shown below is failing for some reason (less likely).

regards

Hugh


On Fri, 8 Feb 2002 16:45, Peter Zhu wrote:
> Hello,
>
> I try to add current connected users to table vop_onlineusers, but when
> the user disconnected, this user is still at the to table
> vop_onlineusers. Can you help.
> the following is configuration file :
>
> 
>  Identifier SQLSDB
>  DBSource dbi:ODBC:IACBS
>  DBUsername x
>  DBAuth  x
> CountQuery select VOP_NO, NASPORTID, USERNAME from VOP_ONLINEUSERS where
> USERNAME='%u'
> DeleteQuery delete from VOP_ONLINEUSERS where username='%u'
> AddQuery insert into VOP_ONLINEUSERS (VOP_NO, USERNAME, NASPORTID,
> DNISID, IPADDRESS, CALLERID, SESSIONID, STARTTIME) values ('%m', '%u',
> '%{NAS-Port}', '%{Called-Station-Id}', '%{Framed-IP-Address}',
> '%{Calling-Station-Id}', '%{Acct-Session-Id}', '%o')
> 
>
>
> 
> # Accepts a username in an email address form ie: [EMAIL PROTECTED]
>  RewriteUsername s/^([^@]+).*/$1/
> # Converts Username to all lowercase, not currently required.
> # RewriteUsername tr/[A-Z]/[a-z]/
>  AcctLogFileName %L/accounting/%Y-%m/detail.%d
>  SessionDatabase SQLSDB
>  MaxSessions 1
>  
>   DBSource dbi:ODBC:IACBS
>   DBUsername x
>   DBAuth  xx
>   AuthSelect select ACCESS_PASSWD,CHECKATTR, REPLYATTR from ACCOUNTS
> where USERNAME='%n'
>
>
>   AccountingTable VOP_ACCOUNTING
>
>   AcctColumnDef LOGDATE,Timestamp,integer-date,%e/%m/%Y
>   ..
>   .
>   AcctColumnDef SESSIONID,Acct-Session-Id
>   AcctColumnDef CALLED_NO,Called-Station-Id
>   AcctColumnDef XMIT_RATE,Ascend-Xmit-Rate,integer
>   Timeout 60
>   FailureBackoffTime 30
>  
> 
>
>
> thanks,
>
> peter zhu from uniware
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) radiator radius help

2002-02-07 Thread Peter Zhu 

Hello,

I try to add current connected users to table vop_onlineusers, but when
the user disconnected, this user is still at the to table
vop_onlineusers. Can you help.
the following is configuration file :


 Identifier SQLSDB
 DBSource dbi:ODBC:IACBS
 DBUsername x
 DBAuth  x
CountQuery select VOP_NO, NASPORTID, USERNAME from VOP_ONLINEUSERS where
USERNAME='%u'
DeleteQuery delete from VOP_ONLINEUSERS where username='%u'
AddQuery insert into VOP_ONLINEUSERS (VOP_NO, USERNAME, NASPORTID,
DNISID, IPADDRESS, CALLERID, SESSIONID, STARTTIME) values ('%m', '%u',
'%{NAS-Port}', '%{Called-Station-Id}', '%{Framed-IP-Address}',
'%{Calling-Station-Id}', '%{Acct-Session-Id}', '%o')




# Accepts a username in an email address form ie: [EMAIL PROTECTED]
 RewriteUsername s/^([^@]+).*/$1/
# Converts Username to all lowercase, not currently required.
# RewriteUsername tr/[A-Z]/[a-z]/
 AcctLogFileName %L/accounting/%Y-%m/detail.%d
 SessionDatabase SQLSDB
 MaxSessions 1
 
  DBSource dbi:ODBC:IACBS
  DBUsername x
  DBAuth  xx
  AuthSelect select ACCESS_PASSWD,CHECKATTR, REPLYATTR from ACCOUNTS
where USERNAME='%n'


  AccountingTable VOP_ACCOUNTING

  AcctColumnDef LOGDATE,Timestamp,integer-date,%e/%m/%Y
  ..
  .
  AcctColumnDef SESSIONID,Acct-Session-Id
  AcctColumnDef CALLED_NO,Called-Station-Id
  AcctColumnDef XMIT_RATE,Ascend-Xmit-Rate,integer
  Timeout 60
  FailureBackoffTime 30
 



thanks,

peter zhu from uniware

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) radiator radius

2001-12-16 Thread Hugh Irvine 


Hello Peter -

On Mon, 17 Dec 2001 10:05, Peter Zhu wrote:
> Hi,
>
> We have installed Radiator Radius software for windows 2000.
>
> Can I configure radius to let some users only can connect between 8:00am
>
> to 5:00pm.
>

You don't say what user database you are using, but you can use the Time 
check item to limit connect times.

Have a look at section 13.1.11 in the Radiator 2.19 reference manual 
("doc/ref.html").

hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) radiator radius

2001-12-16 Thread Peter Zhu 

Hi,

We have installed Radiator Radius software for windows 2000.

Can I configure radius to let some users only can connect between 8:00am

to 5:00pm.

thanks,

peter zhu



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Radiator RADIUS with OpenLDAP 2.0.6

2000-11-10 Thread Jajati Samal 

Hi
I wanted to work with OpenLDAP 2.0.6 with Radiator RADIUS Server 2.16.3
on Red Hat Linux 2.6.

The got couple of doubts and would like to get clear that. So I have
listed them below.

1. I changed the "user" directive in radpwtst script and wrote the
complete DN of a user from LDAP. It was not authenticated . How to make
it work?

2. If it is possible to give the absolute DN for authentication in
"user" directive, is it possible to pass wild charecter in the DN.
Example- if I want to authenticate a user in all domains and all
subdomains of my schema,  can I  pass the "user" as "userid=username,
subdomainname=*, domianname=*,ou=CustomerInformation, o=OrgName, c=US"


I will apprciate if u will suggest me some way to solve this problem
Jajati


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.