Re: (RADIATOR) Accounting Question
Hello Chris - You can use as many checks as you wish in a Handler (keeping in mind performance issues). Have a look at section 6.16 in the Radiator 3.5 reference manual. regards Hugh On Friday, Jan 24, 2003, at 21:28 Australia/Melbourne, Chris Kay wrote: Is there a way to do this with 2 arguments EG -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine Sent: Friday, 24 January 2003 4:08 PM To: Chris Kay Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Accounting Question Hello Chris - The simplest way to do this is with Handlers: . . Note that you should not mix Realms and Handlers in the same configuration file. regards Hugh On Friday, Jan 24, 2003, at 13:12 Australia/Melbourne, Chris Kay wrote: Question I have is this I am wanting to know if there is a hook or something that could be made to ignore account from a certain NAS-IP With a supplier I have accounting records coming from the NAS and a Proxy, I would just like to keep the accounting records from the Proxy.. So if IP address does not equal XXX.XXX.XXX.XXX I would like it to ignore accounting records only Can this be done - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting Question
Is there a way to do this with 2 arguments EG > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine > Sent: Friday, 24 January 2003 4:08 PM > To: Chris Kay > Cc: [EMAIL PROTECTED] > Subject: Re: (RADIATOR) Accounting Question > > > > Hello Chris - > > The simplest way to do this is with Handlers: > > > . > > > > . > > > Note that you should not mix Realms and Handlers in the same > configuration file. > > regards > > Hugh > > > On Friday, Jan 24, 2003, at 13:12 Australia/Melbourne, Chris > Kay wrote: > > > > > Question I have is this > > > > I am wanting to know if there is a hook or something that could be > > made to ignore account from a certain NAS-IP > > > > With a supplier I have accounting records coming from the NAS and a > > Proxy, I would just like to keep the accounting records from the > > Proxy.. > > > > So if IP address does not equal XXX.XXX.XXX.XXX > > I would like it to ignore accounting records only > > > > Can this be done > > > > - > > Chris Kay (Systems Development) > > Techex Communications > > Website: www.techex.com.au Email: [EMAIL PROTECTED] > > Telephone: 1300 88 111 2 - Fax: 1300 882 221 > > - > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe > > radiator' in the body of the message. > > > > > > -- > Radiator: the most portable, flexible and configurable RADIUS > server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, > NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, > extensible, flexible with hardware, software, platform and > database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Question
Hello Chris - The simplest way to do this is with Handlers: . . Note that you should not mix Realms and Handlers in the same configuration file. regards Hugh On Friday, Jan 24, 2003, at 13:12 Australia/Melbourne, Chris Kay wrote: Question I have is this I am wanting to know if there is a hook or something that could be made to ignore account from a certain NAS-IP With a supplier I have accounting records coming from the NAS and a Proxy, I would just like to keep the accounting records from the Proxy.. So if IP address does not equal XXX.XXX.XXX.XXX I would like it to ignore accounting records only Can this be done - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question
Hello Tuncay - On Sun, 30 Apr 2000, Tuncay MARGILIC wrote: > > I want to insert the IP or the name of the radius server to the accounting > table. how can I describe this with AcctColumnDef? > You will need the appropriate column in the Accounting table to begin with, then specify an AcctSQLStatement something like this: DBSource DBUsername DBAuth AuthSelect . AccountingTable . AcctColumDef AcctSQLStatement insert into ACCOUNTING (HOSTNAME) values (%h) . Have a look at section 6.24 in the Radiator 2.15 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Hello Dmitry - On Sat, 25 Dec 1999, Dmitry Niqiforoff wrote: > Mike McCauley wrote: > > > Probably the best way to handle this kind of thing is to use the radius Class > > attribute. If you set the Class attribute in the reply to an access request, > > then the NAS will send that same string back in the Class attribue for the > > accounting requests. > > > > Then you can use > > > > to choose how to handle each category of accounting request > > I've tried this. It does work, but for accounting only. How do I set some > permissions and restrictions for user in certain groups based on those groups? I > mean, if I would like to deny users in group "testgroup" to use my USR > TotalControl access server or to use certain realms, how do I do this? > Perhaps you could explain your requirements in more detail and include a copy of your configuration file (no secrets) and I will see if I can help you. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Mike McCauley wrote: > > What do You think about config-wide user-defined variables? It would be just > >fine if the Radiator has it :) > > An interesting thought: do you mean a % variable that you can use like %n or %M > etc, but whose value you can set up yourself? Yes, something like that. Comparison expressions would be fine also (I mean, = 80, Called Station-Id <= 89> for example - it is much easier and convenient than perl regexps, in my opinion). Also, don't you thinks that all the handlers suitable for the current session should be processed? I mean, if current packet has both "Acct-Status-Type=Stop" and "Class = someclass", and there is two handlers - one for each of above, both those handlers should be processed in order they appear in radius.conf? > Hmmm, we havent seen that one before. Sounds like it would need a new AuthBy > module. They are quite easy to build: you usually only have to implemenet one > function. O'k, I'll think it over. Later :) By now I "composed" a little bit complicated SQL clause which implements all the checking - by user, by realm and by group, and chooses apropriate attributes for each user. > > Oops... Sorry - I didn't notice that. There must be something wrong with my > >"Netscape Messenger" at my office... > > Alas, its still happening. Oops... You must be joking? I can see my message came back in maillist and it is in plain text. If you mean this line below the message and above the signature - it is just a "_" symbols :) -- Regards, Dmitry Niqiforoff [tel. +7 8462 427427] Kraft-S, JSC. Samara, Russia === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Hello Dmitry, On Dec 24, 11:07am, Dmitry Niqiforoff wrote: > Subject: Re: (RADIATOR) Accounting question.. > > [ Attachment (text/plain): 1653 bytes > Character set: koi8-r > plain text ] >-- End of excerpt from Dmitry Niqiforoff Mike McCauley wrote: > Probably the best way to handle this kind of thing is to use the radius Class > attribute. If you set the Class attribute in the reply to an access request, > then the NAS will send that same string back in the Class attribue for the > accounting requests. > > Then you can use > > to choose how to handle each category of accounting request > Thanks, I'll try it today. > What do You think about config-wide user-defined variables? It would be just >fine if the Radiator has it :) An interesting thought: do you mean a % variable that you can use like %n or %M etc, but whose value you can set up yourself? > Also, I would like to adapt Radiator for my old ICRADIUS database. There is >attribute-value pairs stored for users or for groups of users in a different >records. Lets say, user "user" has "Service-Type" as attribute name and >"Framed-User" as its value in one database record, and "Framed-IP-Address" and >"195.128.154.125" in another, and we have to collect them all from the table >and >set up for "check" or "reply" items in "Access-Accept" (select >concat(attribute, >" = ", value, ",") from radcheck where username="user", for example). Is there >a >way to do that with Radiator? Hmmm, we havent seen that one before. Sounds like it would need a new AuthBy module. They are quite easy to build: you usually only have to implemenet one function. > BTW, it would be helpful if you did not post HTML to the list: not everyone > uses HTML mail agents. > Oops... Sorry - I didn't notice that. There must be something wrong with my >"Netscape Messenger" at my office... Alas, its still happening. >P.S. At first look Radiator is a very powerful AAA server. But it is a little >bit complicated to configure, but it is the most powerful RADIUS server I ever >seen yet. Thank you for your kind remarks. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Mike McCauley wrote: > Probably the best way to handle this kind of thing is to use the radius Class > attribute. If you set the Class attribute in the reply to an access request, > then the NAS will send that same string back in the Class attribue for the > accounting requests. > > Then you can use > > to choose how to handle each category of accounting request I've tried this. It does work, but for accounting only. How do I set some permissions and restrictions for user in certain groups based on those groups? I mean, if I would like to deny users in group "testgroup" to use my USR TotalControl access server or to use certain realms, how do I do this? -- Regards, Dmitry Niqiforoff [tel. +7 8462 427427] Kraft-S, JSC. Samara, Russia === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Mike McCauley wrote: > Probably the best way to handle this kind of thing is to use the radius Class > attribute. If you set the Class attribute in the reply to an access request, > then the NAS will send that same string back in the Class attribue for the > accounting requests. > > Then you can use > > to choose how to handle each category of accounting request Thanks, I'll try it today. What do You think about config-wide user-defined variables? It would be just fine if the Radiator has it :) Also, I would like to adapt Radiator for my old ICRADIUS database. There is attribute-value pairs stored for users or for groups of users in a different records. Lets say, user "user" has "Service-Type" as attribute name and "Framed-User" as its value in one database record, and "Framed-IP-Address" and "195.128.154.125" in another, and we have to collect them all from the table and set up for "check" or "reply" items in "Access-Accept" (select concat(attribute, " = ", value, ",") from radcheck where username="user", for example). Is there a way to do that with Radiator? > BTW, it would be helpful if you did not post HTML to the list: not everyone > uses HTML mail agents. Oops... Sorry - I didn't notice that. There must be something wrong with my "Netscape Messenger" at my office... P.S. At first look Radiator is a very powerful AAA server. But it is a little bit complicated to configure, but it is the most powerful RADIUS server I ever seen yet. -- Regards, Dmitry Niqiforoff [tel. +7 8462 427427] Kraft-S, JSC. Samara, Russia === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Hello Dmitry, Probably the best way to handle this kind of thing is to use the radius Class attribute. If you set the Class attribute in the reply to an access request, then the NAS will send that same string back in the Class attribue for the accounting requests. Then you can use to choose how to handle each category of accounting request Hope that helps. BTW, it would be helpful if you did not post HTML to the list: not everyone uses HTML mail agents. Cheers. On Dec 23, 4:31pm, Dmitry Niqiforoff wrote: > Subject: (RADIATOR) Accounting question.. > > [ Attachment (text/plain): 950 bytes > Character set: koi8-r > plain text ] >-- End of excerpt from Dmitry Niqiforoff Hello! Is there a way to select different handlers based on an information, retrieved from a database? For example, I have a database table where usernames, passwords and groups info stored. I need to use group the user belongs to to select different accounting method. For example, there is a user in "users" group, I need to store accounting into "radacct" table without any changes, and there is user in group "timed", and I need to store his accounting info into "radacct" table too AND to decrement his "timebank" field, stored in another table, by "Acct-Output-Octets", when his session ends. Any suggestions? Thanks in advance! -- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.