(RADIATOR) Release 2.13 now available
We are pleased to announce that Radiator 2.13 is now available. 2.13 includes lots of new features and some bug fixes. Below is an extract from the history file. (If you think you have seen this before, look again, because there have been some additions since 2.13beta) Existing customers and current testers can download the new version from http://www.open.com.au/radiator/downloads/Radiator-2.13.tar.gz >From the history file: Revision 2.13 (17/2/99) Lots of new features, some bug fixes. Added SNMP Agent. Now supports SNMP V1 requests as per draft-ietf-radius-servmib-04.txt. That means that you can get various types of server statistics, and even reset the server using SNMP. You might want to use MRTG or similar for monitoring your server. Added AuthBy RODOPI and example rodopi.cfg. Rodopi is quite a mature NT/MS-SQL based billing system with a Java/web GUI. Added new configurable and subclassable logging modules: Log FILE, Log SYSLOG and Log SQL. You can now log to any and all places at the same time, plus easily add your own logging modules. Simultaneous use check with finger for Portslave, Ascend, Shiva or Computone now defaults to using an internal perl finger client. You can still force it to use an external finger program by specifying FingerProg in the config file. The internal client improves portability to NT, and will improve performance, since it avoids the cost of starting an external program. Rationalised reporting and logging of rejections: Auth*::handle_request now also returns a reason message, which can optionally be replied to the user with the new Handler keyword RejectHasReason. All AuthBy modules now do their logging through a virtual log() function in AuthGeneric, which allows you to override with your own AuthBy specific error logging function. Suggested by Andrea Campi ([EMAIL PROTECTED]). Thanks Andrea. Added AuthTACACSPLUS to authenticate from Tacacs Plus server. requires Authen::TacacsPlus module from CPAN. We used the version in TacacsPlus-0.15.tar.gz. If its not on CPAN, its available from the author here. Status-Server message now returns all server and per-client statistics. AuthBy NT can now authenticate from an NT domain controller, even when Radiator is running on Unix. Requires the Authen::Smb package from CPAN. Testing with Security Dynamics ACE/Server Radius (also known as SecurID). Their radius server is very limited, but Radiator can proxy to it fine, and handles the Access-Challenges that are used to set and change PINs etc. Testing with Freeside, a free Unix based ISP billing package. Example freeside.cfg created. Forgot to mention previously the addition of several hooks that allow you to get control with your own perl code during authentication: PreClientHook, PreHandlerHook and PreAuthHook, PostAuthHook. Changed the default Framed-IP-Address in radpwtst. Fixed problem with cached attributes that meant that when a username was rewritten, it was not actually changed in the packet, which made the detail file log incorrectly. Added "delete session" link to radwho.cgi so that bogus sessions can be manually deleted. Added AuthBy GROUP, which allows authentication clauses to be bundled and grouped to any depth. Its intended for experimenters and early adopters. It only understands AuthByPolicy, StripFromReply, AddToReply, DefaultReply so far. Feedback is solicited. Fixed some bugs in radpwtst -gui mode that caused locked windows, false timeouts etc. Now works with Perl 5.005 and Tk800.011 on Unix. Still doesnt work on Win95 (looks like Tk file handlers are still not right on Win95). Fixed problems with wtmp format on Linux that prevented who and last from working. Created mysqlCreate.sql which correctly builds indexes for mysql. Added indexes to all SQL scripts in goodies Can now define AuthBy clauses at the top level, and refer to them and reuse them with the AuthBy parameter. Good for reusing complicated SQL database definitions (and reducing the number of SQL licenses required. From a suggeestion by Stephen Roderick ([EMAIL PROTECTED]). Thanks Steve. Added support for binary data type in dictionaries. Especially for use in Proxy-State which can otherwise get trailing NULs stripped off. radwho.cgi now shows the total number of users online, and optionally presents a hotlink to force a user off a NAS, by calling an external progam you specify (not supplied). Added NoForwardAuthentication and NoForwardAccounting to AuthBy RADIUS. From patches supplied by Vincent Gillet ([EMAIL PROTECTED]). Thanks Vincent. Makefile.PL can now do installation on Win95 hosts. No need to use make any more on Win95 (many people don't have it). Added LocalAddress to AuthRADIUS, which forces the proxy forwarding port to bind to a particular address. Defaults to the same as BindAddress. Useful for multi-homed hosts. Patch supplied by Lars Marowsky-Brée ([EMAIL PROTECTED]). Thanks Lars. Improved performance of all Hooks by precompiling the code. From a suggestion by
(RADIATOR) PM3 Dictionary
I'm getting this in my trace4 output from my PM3s. The attribute is not defined in the dictionary.livingston that I can find. What do I need to add to my dictionary to get it to be quiet? Thanks, John Kicklighter Internet 2xtreme ERR: Attribute number 2 (vendor 307) is not defined Code: Accounting-Request Identifier: 36 Authentic: H{E+<202><156><173><138><10><213><173><150>ZD;<201> Attributes: Acct-Session-Id = "0362" User-Name = "myuser Client-Id = 555.555.555.555 NAS-Port = 8 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 1 Acct-Authentic = RADIUS Connect-Info = "49333 LAPM/V42BIS" Acct-Input-Octets = 10 Acct-Output-Octets = 8 Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST User-Service = Framed-User Framed-Protocol = PPP Framed-Address = 666.666.666.666 Acct-Delay-Time = 0 === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PM3 Dictionary
Well, we have this in a newer dictionary: # Vendor-specific attributes for Livingston VENDORATTR 307 Livingston2 string But just what it means I dont know. Anyone else? On Feb 16, 9:10pm, [EMAIL PROTECTED] wrote: > Subject: (RADIATOR) PM3 Dictionary > I'm getting this in my trace4 output from my PM3s. The attribute is > not defined in the dictionary.livingston that I can find. What do I > need to add to my dictionary to get it to be quiet? > > Thanks, > John Kicklighter > Internet 2xtreme > > ERR: Attribute number 2 (vendor 307) is not defined > > Code: Accounting-Request > Identifier: 36 > Authentic: > H{E+<202><156><173><138><10><213><173><150>ZD;<201> > Attributes: > Acct-Session-Id = "0362" > User-Name = "myuser > Client-Id = 555.555.555.555 > NAS-Port = 8 > NAS-Port-Type = Async > Acct-Status-Type = Stop > Acct-Session-Time = 1 > Acct-Authentic = RADIUS > Connect-Info = "49333 LAPM/V42BIS" > Acct-Input-Octets = 10 > Acct-Output-Octets = 8 > Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST > User-Service = Framed-User > Framed-Protocol = PPP > Framed-Address = 666.666.666.666 > Acct-Delay-Time = 0 > > > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from [EMAIL PROTECTED] -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PM3 Dictionary
I put that in and I get: Livingston = "User Request - PPP Term Req" Look familiar? John Kicklighter Internet 2xtreme From: "Mike McCauley" <[EMAIL PROTECTED]> Date sent: Wed, 17 Feb 1999 17:28:44 -0500 To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject:Re: (RADIATOR) PM3 Dictionary > Well, we have this in a newer dictionary: > > # Vendor-specific attributes for Livingston > VENDORATTR 307 Livingston2 string > > But just what it means I dont know. Anyone else? > > > On Feb 16, 9:10pm, [EMAIL PROTECTED] wrote: > > Subject: (RADIATOR) PM3 Dictionary > > I'm getting this in my trace4 output from my PM3s. The attribute is > > not defined in the dictionary.livingston that I can find. What do I > > need to add to my dictionary to get it to be quiet? > > > > Thanks, > > John Kicklighter > > Internet 2xtreme > > > > ERR: Attribute number 2 (vendor 307) is not defined > > > > Code: Accounting-Request > > Identifier: 36 > > Authentic: > > H{E+<202><156><173><138><10><213><173><150>ZD;<201> > > Attributes: > > Acct-Session-Id = "0362" > > User-Name = "myuser > > Client-Id = 555.555.555.555 > > NAS-Port = 8 > > NAS-Port-Type = Async > > Acct-Status-Type = Stop > > Acct-Session-Time = 1 > > Acct-Authentic = RADIUS > > Connect-Info = "49333 LAPM/V42BIS" > > Acct-Input-Octets = 10 > > Acct-Output-Octets = 8 > > Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST > > User-Service = Framed-User > > Framed-Protocol = PPP > > Framed-Address = 666.666.666.666 > > Acct-Delay-Time = 0 > > > > > > > > === > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > >-- End of excerpt from [EMAIL PROTECTED] > > > > -- > Mike McCauley[EMAIL PROTECTED] > Open System Consultants Pty. Ltd Unix, Motif, C++, WWW > 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development > Phone, Fax: +61 3 9598-0985 http://www.open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody > === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Test
Test, please disregard. Kevin Sofnet, Inc.
(RADIATOR) v2.13 report: Errors trying to use ascend dictionary
Hi Mike and all, I just installed version 2.13. When I set "DictionaryFile" to the dictionary.ascend, I have this log: Wed Feb 17 18:17:52 1999: WARNING: There is no attribute named Framed_Protocol in file '/Radiator-2.13/dictionary.ascend' before line 450 Ignored Wed Feb 17 18:17:52 1999: WARNING: There is no attribute named Framed_Protocol in file '/Radiator-2.13/dictionary.ascend' before line 451 Ignored Wed Feb 17 18:17:52 1999: WARNING: There is no attribute named Ascend-Temporary-Rtes in file '/Radiator-2.13/dictionary.ascend' before line 895 Ignored Wed Feb 17 18:17:52 1999: WARNING: There is no attribute named Ascend-Temporary-Rtes in file '/Radiator-2.13/dictionary.ascend' before line 896 Ignored Wed Feb 17 18:17:52 1999: INFO: Server started Also, when I use radpwtst, I get this: Wed Feb 17 18:21:30 1999: ERR: do failed for 'insert into Calls () values ()': [Microsoft][ODBC SQL Server Driver][SQL Server]The column NASIdentifier in table Calls may not be null. (SQL-23000)(DBD: st_execute/SQLExecute err=-1) (Why radpwtst doesn't supply NasIdentifier when I use ascend dictionary?) If I comment the line regarding "DictionaryFile", everything works fine. Best Regards, Ricardo Freire === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator and MSSQL 7
Just wondering if anyone has had success using Radiator under Linux going against MSSQL 7 server using DBD::Sybase? I am currently running MSSQL 6.5 and am thinking of going to 7 if it's supported. Kevin Sofnet, Inc.
(RADIATOR) v2.13 report II: missing info in trace 3
Hi Mike and all, In version 2.13, logging is *very* improved! It's GREAT to get this: Wed Feb 17 18:37:44 1999: INFO: Access rejected for ricardo: Bad Password Wed Feb 17 18:38:02 1999: INFO: Access rejected for mikem: No such user But when I test simultaneous-use (against radonline table), I get just: Wed Feb 17 18:39:01 1999: INFO: Access rejected: MaxSessions exceeded It would be great to know WHO is trying this access... Cheers, Ricardo Freire === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Hmmm
I have continuewhileaccept AuthSelect # Just logging The second AuthBy causes a reject. Steve === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Hmmm
On Feb 17, 1:56pm, Stephen Roderick wrote: > Subject: (RADIATOR) Hmmm > > I have > > > continuewhileaccept > > > > AuthSelect > # Just logging > > > > The second AuthBy causes a reject. Yes, thats the defined behaviour of AuthBy SQL when authenticaiton is disabled. I would do it round the other way: AuthByPolicy ContinueAlways AuthSelect # Just logging That will make it always log to SQL, and then always proxy. Hope that helps. Cheers. -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) v2.13 report II: missing info in trace 3
On Feb 17, 6:41pm, Ricardo Freire wrote: > Subject: (RADIATOR) v2.13 report II: missing info in trace 3 > Hi Mike and all, > > In version 2.13, logging is *very* improved! > It's GREAT to get this: > > Wed Feb 17 18:37:44 1999: INFO: Access rejected for ricardo: Bad Password > Wed Feb 17 18:38:02 1999: INFO: Access rejected for mikem: No such user > > But when I test simultaneous-use (against radonline table), I get just: > > Wed Feb 17 18:39:01 1999: INFO: Access rejected: MaxSessions exceeded > > It would be great to know WHO is trying this access... OK, Ive added it for the next release. In the meantime here is a patch: *** Handler.pm.orig Thu Feb 18 09:02:33 1999 --- Handler.pm Thu Feb 18 09:03:05 1999 *** *** 235,241 { # Issue a denial and bomb out my $reason = "MaxSessions exceeded"; ! &main::log($main::LOG_INFO, "Access rejected: $reason"); $rp->set_code('Access-Reject'); $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, 'Request Denied'); --- 235,241 { # Issue a denial and bomb out my $reason = "MaxSessions exceeded"; ! &main::log($main::LOG_INFO, "Access rejected for $name: $reason"); $rp->set_code('Access-Reject'); $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, 'Request Denied'); -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) v2.13 report: Errors trying to use ascend dictionary
On Feb 17, 6:27pm, Ricardo Freire wrote: > Subject: (RADIATOR) v2.13 report: Errors trying to use ascend dictionary > Hi Mike and all, > > I just installed version 2.13. > When I set "DictionaryFile" to the dictionary.ascend, I have this log: > > Wed Feb 17 18:17:52 1999: WARNING: There is no attribute named > Framed_Protocol in file '/Radiator-2.13/dictionary.ascend' before line 450 > Ignored > Wed Feb 17 18:17:52 1999: WARNING: There is no attribute named > Framed_Protocol in file '/Radiator-2.13/dictionary.ascend' before line 451 > Ignored Those 2 are typos in the file. Note underscore instead of dash in Framed_Protocol. Fixed for next release. > Wed Feb 17 18:17:52 1999: WARNING: There is no attribute named > Ascend-Temporary-Rtes in file '/Radiator-2.13/dictionary.ascend' before line > 895 Ignored > Wed Feb 17 18:17:52 1999: WARNING: There is no attribute named > Ascend-Temporary-Rtes in file '/Radiator-2.13/dictionary.ascend' before line > 896 Ignored These are VALUE definitions without a corresponding ATTRIBUTE. Hmmm, dont know what the ATTRIBUTE def for Ascend-Temporary-Rtes should be. Anyone? > Wed Feb 17 18:17:52 1999: INFO: Server started > > Also, when I use radpwtst, I get this: > > Wed Feb 17 18:21:30 1999: ERR: do failed for 'insert into Calls > () > values > ()': [Microsoft][ODBC SQL Server Driver][SQL Server]The column > NASIdentifier in table Calls may not be null. (SQL-23000)(DBD: > st_execute/SQLExecute err=-1) > (Why radpwtst doesn't supply NasIdentifier when I use ascend dictionary?) > > If I comment the line regarding "DictionaryFile", everything works fine. The problem is that dictionary.ascend defines NAS-Identifier different to everyone else. It defines it to be what everyone else calls NAS-IP-Address. -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Two questions...
Radiator continues to perform very nicely, but I'm at a loss on two little things. First, we're seeing duplicate ID errors, but what's odd is that they come in bursts. Things will be just fine for a long time, then suddenly I'll see a bevy duplicate request errors from several different NASs within about ten seconds of each other. Any ideas? The other thing is more easily explainable. We're using our own SQL stanzas for accounting (using AcctSQLStatement in the config file), but I'm relatively frequently seeing errors like this one: Wed Feb 17 16:09:23 1999: ERR: do failed for 'UPDATE CallsOnline SET acctinputoctets = , acctoutputoctets = , acctsessiontime = , acctterminatecause = 0 WHERE acctsessionid = '284842146' AND nasidentifier = '209.16.18.34'': ORA-00936: missing expression (DBD: error possibly near <*> indicator at char 42 in 'UPDATE CallsOnline SET acctinputoctets = <*>, acctoutputoctets = , acctsessiontime = , acctterminatecause = 0 WHERE acctsessionid = '284842146' AND nasidentifier = '209.16.18.34'') Now, it's obvious from looking at the SQL statement that it's lacking several variables, but these variables are definitely in the stanza in the config file. It looks like this: AcctSQLStatement UPDATE CallsOnline SET acctinputoctets = \ %{Acct-Input-Octets}, acctoutputoctets = %{Acct-Output-Octets}, \ acctsessiontime = %{Acct-Session-Time}, acctterminatecause = \ 0 WHERE acctsessionid = '%{Acct-Session-Id}' \ AND nasidentifier = '%{NAS-Identifier}' First of all, does anyone know why some accounting packets are lacking these variables? My rather uneducated guess is that it's someone who logged on and right back off again, but I'm really just pulling that idea out of thin air. Failing an explanation for the missing variables, does anyone have any suggestions on how to deal with these errors appropriately? The result of the error is that we end up with a start record in our CallsOnline table, but no stop record, so for all intents and purposes, this user is indefinitely logged on. Any explanations and/or ideas are greatly appreciated! -- Andrew O. Smith - <[EMAIL PROTECTED]> Sysadmin, Insync Internet Services Houston, Texas, USA === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Two questions...
Hi Andrew, On Feb 17, 4:47pm, Andrew wrote: > Subject: (RADIATOR) Two questions... > Radiator continues to perform very nicely, but I'm at a loss on two little > things. > > First, we're seeing duplicate ID errors, but what's odd is that they come > in bursts. Things will be just fine for a long time, then suddenly I'll > see a bevy duplicate request errors from several different NASs within > about ten seconds of each other. Any ideas? Was it auth or accounting requests, or both? 1. A short lived blockage in your network (router reboot?) that causes some of the Radius replies to get lost, NAS then retransmits and radius server ignores the duplicate. This could only affect auth requests. 2. If DupInterval is set too long, you might see the identifiers wrapping at times of peak usage. Try setting DupInterval to say, 30 or less. > > The other thing is more easily explainable. We're using our own SQL > stanzas for accounting (using AcctSQLStatement in the config file), but > I'm relatively frequently seeing errors like this one: > > Wed Feb 17 16:09:23 1999: ERR: do failed for 'UPDATE CallsOnline SET > acctinputoctets = , acctoutputoctets = , acctsessiontime = , > acctterminatecause = 0 WHERE acctsessionid = '284842146' AND nasidentifier > = '209.16.18.34'': ORA-00936: missing expression (DBD: error possibly near > <*> indicator at char 42 in 'UPDATE CallsOnline SET acctinputoctets = <*>, > acctoutputoctets = , acctsessiontime = , acctterminatecause = 0 WHERE > acctsessionid = '284842146' AND nasidentifier = '209.16.18.34'') > > Now, it's obvious from looking at the SQL statement that it's lacking > several variables, but these variables are definitely in the stanza in the > config file. It looks like this: > > AcctSQLStatement UPDATE CallsOnline SET acctinputoctets = \ > %{Acct-Input-Octets}, acctoutputoctets = %{Acct-Output-Octets}, \ > acctsessiontime = %{Acct-Session-Time}, acctterminatecause = \ > 0 WHERE acctsessionid = '%{Acct-Session-Id}' \ > AND nasidentifier = '%{NAS-Identifier}' > > First of all, does anyone know why some accounting packets are lacking > these variables? My rather uneducated guess is that it's someone who > logged on and right back off again, but I'm really just pulling that idea > out of thin air. You wont see those attributes in an accounting Start, or possibly with a shell or exec session (depending on your NAS) ON the other hand, if its jyst randomly omitting some of those variables, I would look to the NAS software. Perhaps if you run Radiator at trace level 4 for a while, you might be able to get a packet dump of one of these offending packets, then we can see if there are any clues in the other attributes? > > Failing an explanation for the missing variables, does anyone have any > suggestions on how to deal with these errors appropriately? The result of > the error is that we end up with a start record in our CallsOnline table, > but no stop record, so for all intents and purposes, this user is > indefinitely logged on. You dont say what database you are using, but mysql for example allows you to have if() clauses in your select so that the select statment could detect the empty string and replace it with NULL, or 0 or something. Hope that helps. Cheers. -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Easy change
On Feb 17, 4:41pm, Stephen Roderick wrote: > Subject: (RADIATOR) Easy change > > I propose the following change to radiusd for the next release: It has been incorporated into the next release. Thanks for your contribution. Cheers. -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SNMP fails to start..
SNMP agent fails to start due to a missing module. Install guide makes no mention of additional required libs, although CPAN does have SNMP_Util-1_x available.. # ./radiusd Can't locate SNMP_util.pm in @INC (@INC contains: . /usr/local/lib/perl5/5.00502/sun4-solaris /usr/local/lib/perl5/5.00502 /usr/local/lib/perl5/site_perl/5.005/sun4-solaris /usr/local/lib/perl5/site_perl/5.005 .) at /usr/local/lib/perl5/site_perl/5.005/Radius/SNMPAgent.pm line 12, chunk 50. BEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.005/Radius/SNMPAgent.pm line 12, chunk 50. # pwd /export/home/ollis/Radiator-2.13 # find . -name 'SNMP*' -print ./Radius/SNMPAgent.pm ./blib/lib/Radius/SNMPAgent.pm -- Stephen Ollis <[EMAIL PROTECTED]> Ph: +61 2 9911 1606(BH) Team Leader, Server Systems - Network Engineering +61 2 9911 1555(FAX) AT&T EasyLink Services, Lvl 8, 15 Orion Rd, Lane Cove, NSW 2066 Australia 'There is no traffic jam on the extra mile.' - Zig Ziegler === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Easy change
I propose the following change to radiusd for the next release: *** 87,92 --- 87,93 't', sub { $time }, 'T', sub { $packet->code }, + 'U', sub { my @n = split(/@/, $packet->getAttrByNum($Radius::Radius::USER_NAME)); $n[0] }, 'y', sub { $year%100 }, 'Y', sub { $year+1900 }, # Correct Y2K behaviour for perl ); *** *** 498,504 = localtime($time); local $packet = $current_packet; ! $s =~ s/%([%acCdDhHLmMNnRtTyY])/&{$main::conversions{$1}}()/egs; $s =~ s/%\{([^{]+)\}/{$packet->get_attr($1)}/egs; return $s; --- 499,505 = localtime($time); local $packet = $current_packet; ! $s =~ s/%([%acCdDhHLmMNnRtTUyY])/&{$main::conversions{$1}}()/egs; $s =~ s/%\{([^{]+)\}/{$packet->get_attr($1)}/egs; return $s; This is making my SQL life so much easier because I can now log the userid and realm in separate fields. I use the following: RewriteUsername s/^([^@]+).*/$1\@proaxis.com/ so that I always have a realm and it is always what I expect. Then I log all 3 %R, %U, %n and I can do report queries anyway I like. (call me picky :-) Steve --- Steve Roderick ProAxis Communications, Inc. [EMAIL PROTECTED] Internet Access Provider (541) 757-0248 === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Two questions...
On Wed, Feb 17, 1999 at 04:47:37PM -0600, Andrew wrote: > Radiator continues to perform very nicely, but I'm at a loss on two little > things. > > First, we're seeing duplicate ID errors, but what's odd is that they come > in bursts. Things will be just fine for a long time, then suddenly I'll > see a bevy duplicate request errors from several different NASs within > about ten seconds of each other. Any ideas? > CPU load on the machine is another 'duplicate generator'. We have Ciscos sending RADIUS packets with a 5 second retransmit, when the machine was being backed up or processing accounts Radiator wasn't able to respond in time and the Ciscos sent more packets. Increasing the retransmit to 20 seconds decreased duplicates from many thousand a month to a couple of hundred (still not quite acceptable but not downright awful). This is especially annoying given that Ciscos generate 'undetectable' duplicate packets which Radiator cannot distinguish (Accounting Ids increment with every packet including retransmits). [EMAIL PROTECTED] === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMP fails to start..
On Feb 18, 11:09am, Stephen Ollis wrote: > Subject: (RADIATOR) SNMP fails to start.. > SNMP agent fails to start due to a missing module. Install guide makes > no > mention of additional required libs, although CPAN does have > SNMP_Util-1_x > available.. Apologies. It requires SNMP_Session-0.62.tar.gz from ftp://ftp.switch.ch/software/sources/network/snmp/perl/ -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Two questions...
On Thu, 18 Feb 1999, Mike McCauley wrote: > Was it auth or accounting requests, or both? These are just auth requests. Accounting requests go to a different server, and we see virtually no duplicates there. > 1. A short lived blockage in your network (router reboot?) that causes > some of the Radius replies to get lost, NAS then retransmits and > radius server ignores the duplicate. This could only affect auth > requests. Always a possibility, but I'd like to think our network is reasonably healthy. :) I'll be sure to look at some throughput stats next time I see a burst. > 2. If DupInterval is set too long, you might see the identifiers > wrapping at times of peak usage. Try setting DupInterval to say, 30 or > less. That may very well be the case. I've noticed that the majority of the duplicates come from our Portmaster 4, which has something like 24 PRIs plugged into it. It's definitely sending *lots* of RADIUS requests during peak hours. I'll decrease that interval and see what happens. > You wont see those attributes in an accounting Start, or possibly with > a shell or exec session (depending on your NAS) These are only the stop packets generating the errors, and we've got only about three accounts that are shell or exec sessions, and they're almost never used. > ON the other hand, if its jyst randomly omitting some of those > variables, I would look to the NAS software. That was my initial thought as well, but we're seeing these errors from both our Ascend Maxen and our PM4. Both platforms certainly have more than their fair share of bugs, but I'd be kinda surprised to see the exact same problem pop up from both of them. > Perhaps if you run Radiator at trace level 4 for a while, you might be > able to get a packet dump of one of these offending packets, then we > can see if there are any clues in the other attributes? I'll do that. > You dont say what database you are using, but mysql for example allows > you to have if() clauses in your select so that the select statment > could detect the empty string and replace it with NULL, or 0 or > something. That's a good idea, at least as a band-aid of sorts. The SQL DB is Oracle 7, which I strongly suspect can do what you're describing (at the price, it better!). I don't claim to be an SQL guru, so I really don't know, but I'll do some digging. > Hope that helps. Definitely got me on the right track. :) -Andrew -- Andrew O. Smith - <[EMAIL PROTECTED]> Sysadmin, Insync Internet Services Houston, Texas, USA === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Detail logging by Realm name
I've got multiple realms configured that authenticate via a single flatfile. The reason for the multiple realms is due to multiple customer types to allow them to dial in for different functions - i.e. DVS tunnelling on BAY 5399's, IPASS, etc. I have a single flatfile with basic authentication details, and use RewriteUsername s/^([^@]+).*/$1/ in each pair to strip out the realm. I want to have separate detail files for each realm for accounting purpose so I setup:- # Where do we write the accounting file AcctLogFileName %L/detail.%R-%Y%m%d in each realm file.. but it is creating the detail file as %L/detail.-19990218 instead of %L/detail.realmname-19990218 Putting the AcctLogFileName entry before or after the Rewrite has no effect. -- Stephen Ollis <[EMAIL PROTECTED]> Ph: +61 2 9911 1606(BH) Team Leader, Server Systems - Network Engineering +61 2 9911 1555(FAX) AT&T EasyLink Services, Lvl 8, 15 Orion Rd, Lane Cove, NSW 2066 Australia 'There is no traffic jam on the extra mile.' - Zig Ziegler === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.