[RADIATOR] Radiator Radius with VPN, mobile OTP
Hi Team - I am currently working on a potential customer for a > e-government project. For it's external VPN access, I am proposing Radiator. > any of you have any white paper, success story, or case study related I can > refer to ? Prefer some VPN radiau authetication with Mobile OTP, or other > enhanced security authentication method. > Thanks ! > best regards Scott At 2012-02-15 04:45:08,"Mike McCauley" wrote: >Hi Eddie, > >thanks for reporting this. >It has now been fixed in the latest patch set. > >Cheers. > >On Tuesday, February 14, 2012 03:53:04 PM Eddie Stassen wrote: >> UpdateQuery crashes Radiator when the query >> contains %{Quote:...}. This is due to $self not being passed as the >> third parameter to Radius::Util::format_special(). The patch below >> fixes it. >> >> Regards, >> Eddie Stassen >> >> --- SessSQL.pm.ORIG 2012-02-14 15:32:12.0 +0200 >> +++ SessSQL.pm 2012-02-14 15:44:42.0 +0200 >> @@ -132,7 +132,9 @@ >> $self->log($main::LOG_DEBUG, >>"$self->{Identifier} Updating session for $name, >> $nas_id, $nas_port", $p); >> # Now add the new one >> -$self->do(&Radius::Util::format_special($self->{UpdateQuery}, $p)); >> +$self->do(&$self->{UpdateQuery}, $p, $self, >> +$self->quote($name), $nas_id, $nas_port+0, >> + >> $self->quote($p->getAttrByNum($Radius::Radius::ACCT_SESSION_ID; } >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator >-- >Mike McCauley mi...@open.com.au >Open System Consultants Pty. Ltd >9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au >Phone +61 7 5598-7474 Fax +61 7 5598-7070 > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > >___ >radiator mailing list >radiator@open.com.au >http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
(Additional Infor) Re: (RADIATOR) RADIATOR RADIUS for Cisco AP 350
Hi Huge and others, Here is the additional information about the setup on the Cisco side and the test conducted so far: I have followed the instruction in the security setup documentation. But I have not been able to do even just the basic MAC address authentication. The setup in the Cisco side, according to the documentation, is as followed: 1.(Setup -> Address Filter) I have set "yes" to select the option called Lookup MAC Address on Authentication Server if not in Existing Filter List. With this option enabled. I have also entered the MAC address of the AP in the "Allowed" addresses list. 2. (setup -> security -> authentication server) I have entered the IP, shared secret, and port # for the RADIUS, and checked "MAC address authentication" (and selected "draft 10"). 3. (setup -> security -> Radio WEP) I have set "Optional" in the "Use of Data Encryption by the station", and checked "Open" and "Shared" in the "Accept Authentication Type", with all other options (including require EAP) unchecked. I have also set up a 128-bit WEP key with default "Transmit with key". 4. (setup -> AP radio -> advanced Primary SSID setup) I set "Disallowed" for Default Unicast Address Filter corresponding to (Accept Authentication Type) "Open" and "Shared". After saving all the settings, I tested it using a Symbol card on a Pocket PC (CE OS). It authenticates successfully on the RADIATOR with APs of other vendors. I also see the packets of RADIUS protocol sent to RADIUS when I monitored using Ethereal. But when I tested it on Cisco AP 350 and monitored using Ethereal, I did not see the Cisco AP 350 sends out any packets with RADIUS protocol to the RADIUS. Can anyone help and offer insights into what I might have missed. Many thanks in advance! Bon On Mon, 11 Nov 2002, Bon sy wrote: > Hi Huge and others, > > Anyone in the list has ever tried to set up RADIATOR to work with > Cisco AP 350/352. The system and radio firmware versions are 12.00T and > 5.02B respectively. > > I started with very basic "MAC authentication" (under > setup -> security -> authentication server). But the RADIATOR does not > seem to pick up. The configuration that I added to the RADIATOR config > file is just simply > > >secret SharedSecret >DupInterval 0 > > > As a side note, the same RADIATOR config file works for Orinoco > AP-500 and AP-1000, but not for Cisco Ap 350. I wonder anyone in the list > can shed lights on the proper settings on the side of the Cisco AP 350 > that I should start checking. > > Many thanks in advance! > > Bon > > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RADIATOR RADIUS for Cisco AP 350
Hi Huge and others, Anyone in the list has ever tried to set up RADIATOR to work with Cisco AP 350/352. The system and radio firmware versions are 12.00T and 5.02B respectively. I started with very basic "MAC authentication" (under setup -> security -> authentication server). But the RADIATOR does not seem to pick up. The configuration that I added to the RADIATOR config file is just simply secret SharedSecret DupInterval 0 As a side note, the same RADIATOR config file works for Orinoco AP-500 and AP-1000, but not for Cisco Ap 350. I wonder anyone in the list can shed lights on the proper settings on the side of the Cisco AP 350 that I should start checking. Many thanks in advance! Bon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radiator radius help
Hello Peter - You will have to look at a trace 4 debug from Radiator to see whether the problem is not receiving accounting stop records (likely), or whether the DeleteQuery shown below is failing for some reason (less likely). regards Hugh On Fri, 8 Feb 2002 16:45, Peter Zhu wrote: > Hello, > > I try to add current connected users to table vop_onlineusers, but when > the user disconnected, this user is still at the to table > vop_onlineusers. Can you help. > the following is configuration file : > > > Identifier SQLSDB > DBSource dbi:ODBC:IACBS > DBUsername x > DBAuth x > CountQuery select VOP_NO, NASPORTID, USERNAME from VOP_ONLINEUSERS where > USERNAME='%u' > DeleteQuery delete from VOP_ONLINEUSERS where username='%u' > AddQuery insert into VOP_ONLINEUSERS (VOP_NO, USERNAME, NASPORTID, > DNISID, IPADDRESS, CALLERID, SESSIONID, STARTTIME) values ('%m', '%u', > '%{NAS-Port}', '%{Called-Station-Id}', '%{Framed-IP-Address}', > '%{Calling-Station-Id}', '%{Acct-Session-Id}', '%o') > > > > > # Accepts a username in an email address form ie: [EMAIL PROTECTED] > RewriteUsername s/^([^@]+).*/$1/ > # Converts Username to all lowercase, not currently required. > # RewriteUsername tr/[A-Z]/[a-z]/ > AcctLogFileName %L/accounting/%Y-%m/detail.%d > SessionDatabase SQLSDB > MaxSessions 1 > > DBSource dbi:ODBC:IACBS > DBUsername x > DBAuth xx > AuthSelect select ACCESS_PASSWD,CHECKATTR, REPLYATTR from ACCOUNTS > where USERNAME='%n' > > > AccountingTable VOP_ACCOUNTING > > AcctColumnDef LOGDATE,Timestamp,integer-date,%e/%m/%Y > .. > . > AcctColumnDef SESSIONID,Acct-Session-Id > AcctColumnDef CALLED_NO,Called-Station-Id > AcctColumnDef XMIT_RATE,Ascend-Xmit-Rate,integer > Timeout 60 > FailureBackoffTime 30 > > > > > thanks, > > peter zhu from uniware > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radiator radius help
Hello, I try to add current connected users to table vop_onlineusers, but when the user disconnected, this user is still at the to table vop_onlineusers. Can you help. the following is configuration file : Identifier SQLSDB DBSource dbi:ODBC:IACBS DBUsername x DBAuth x CountQuery select VOP_NO, NASPORTID, USERNAME from VOP_ONLINEUSERS where USERNAME='%u' DeleteQuery delete from VOP_ONLINEUSERS where username='%u' AddQuery insert into VOP_ONLINEUSERS (VOP_NO, USERNAME, NASPORTID, DNISID, IPADDRESS, CALLERID, SESSIONID, STARTTIME) values ('%m', '%u', '%{NAS-Port}', '%{Called-Station-Id}', '%{Framed-IP-Address}', '%{Calling-Station-Id}', '%{Acct-Session-Id}', '%o') # Accepts a username in an email address form ie: [EMAIL PROTECTED] RewriteUsername s/^([^@]+).*/$1/ # Converts Username to all lowercase, not currently required. # RewriteUsername tr/[A-Z]/[a-z]/ AcctLogFileName %L/accounting/%Y-%m/detail.%d SessionDatabase SQLSDB MaxSessions 1 DBSource dbi:ODBC:IACBS DBUsername x DBAuth xx AuthSelect select ACCESS_PASSWD,CHECKATTR, REPLYATTR from ACCOUNTS where USERNAME='%n' AccountingTable VOP_ACCOUNTING AcctColumnDef LOGDATE,Timestamp,integer-date,%e/%m/%Y .. . AcctColumnDef SESSIONID,Acct-Session-Id AcctColumnDef CALLED_NO,Called-Station-Id AcctColumnDef XMIT_RATE,Ascend-Xmit-Rate,integer Timeout 60 FailureBackoffTime 30 thanks, peter zhu from uniware === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radiator radius
Hello Peter - On Mon, 17 Dec 2001 10:05, Peter Zhu wrote: > Hi, > > We have installed Radiator Radius software for windows 2000. > > Can I configure radius to let some users only can connect between 8:00am > > to 5:00pm. > You don't say what user database you are using, but you can use the Time check item to limit connect times. Have a look at section 13.1.11 in the Radiator 2.19 reference manual ("doc/ref.html"). hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radiator radius
Hi, We have installed Radiator Radius software for windows 2000. Can I configure radius to let some users only can connect between 8:00am to 5:00pm. thanks, peter zhu === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator RADIUS with OpenLDAP 2.0.6
Hi I wanted to work with OpenLDAP 2.0.6 with Radiator RADIUS Server 2.16.3 on Red Hat Linux 2.6. The got couple of doubts and would like to get clear that. So I have listed them below. 1. I changed the "user" directive in radpwtst script and wrote the complete DN of a user from LDAP. It was not authenticated . How to make it work? 2. If it is possible to give the absolute DN for authentication in "user" directive, is it possible to pass wild charecter in the DN. Example- if I want to authenticate a user in all domains and all subdomains of my schema, can I pass the "user" as "userid=username, subdomainname=*, domianname=*,ou=CustomerInformation, o=OrgName, c=US" I will apprciate if u will suggest me some way to solve this problem Jajati === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.