Re: (RADIATOR) NT dialup and Radiator (Updated 8/10/99)
THANK YOU!!! THANK YOU!!!THANK YOU!!! THANK YOU!!! THANK YOU!!!THANK YOU!!! THANK YOU!!! THANK YOU!!! THANK YOU!!! THANK YOU!!! I don't think I can say it enough times. That immediatly solved the problem. This also solved a THREE year problem we have been having with our 95/98 customers (unable to establish a compatable set of network protocolls). Everybody seems to be connecting faster and borwsing faster. Again thank you!!! John D [EMAIL PROTECTED] PS to radiator folk: This might be a good one to put in the Radiator FAQ? I nearly went insane trying to track this one down when I ran into it. Change your users file from this : Framed-Compression = Van-Jacobsen-TCP-IP to this : Framed-Compression = Van-Jacobson-TCP-IP ...and see if it helps. It cleared up the same problem for me. VJ only affects TCP traffic, so pings (ICMP) and DNS (UDP) are unaffected when VJ is out of whack. I'm not sure why our PM3's suddenly get fussy over the spelling error when served by Radiator rather than Radius, but that's what appears to happen. If I proxy all our authentication traffic to our Radius server through Radiator running at trace 4, I can see that Radius serves it up with the spelling error intact. Nor am I sure why Windows 95/98 clients don't seem to be affected. It blew our NT users (and Win3 users) right out of the water, though. Lucent/Livingston's site has several pages with the spelling error given in example code, so I almost suspect that Radius example files may come with it or did come with it for a time. ---Mike Biesele - Original Message - From: John Davidson [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, August 10, 1999 12:48 PM Subject: (RADIATOR) NT dialup and Radiator (Updated 8/10/99) | Something new 8/10/99: I removed Radiator from our system and put back the old radius we were using, Meret AAA, and NT customers can now connect. This is a Radiator issue, but I have no idea where to look for a solution. BTW this is running on a BSDI 4.0 system. | | Something interesting 8/9/99: I had an NT customer call me up today and he told me that he was able to connect and browse yesterday just fine for about two hours today he can't. The logfile and detail file showed no difference in what happened, except that it was logged in the detail file multiple times. There were two start accounting records and three stop all with the same session ID the only difference is that the "Acct-Delay-time" is different. I have noticed this in many other locations in the detail file as well. | | More info: When an NI customer connects and can't browse (open socket connections) they are able to ping, trace and perform host name lookups, so it doesn't appear to be a routing issue. | | Here are portions of the logfile at trace level 4. I have included what the startup looks like, what an NT (bad) connection looks liks and what a 98 (good) connection looks like. I am not sure why it says that thoes attribute numbers are not defined because they are, they are Ascend specific attributes, but that only seems to affect accounting. | | --START UP INFO FROM LOG FILE-- [large amount of trace output deleted for brevity] | John Davidson | | | | Hi John - | | It would also be useful to include debug output at Trace level 4 showing what | is happening. I would have expected to see at least a couple of errors when | Radiator started up with this configuration. | | On Sat, 07 Aug 1999, [EMAIL PROTECTED] wrote: | Hi; | | We installed Radiator last weekend on our system and since that time our dialup NT (4.0) customers have had problems accessing the system. They authenticate just fine but can't browse. To really confuse things this only happens when they dialup into our PM3's not our Ascend's. | | I know that this doesn't sound like a Radius problem, but that is the only thing that has changed on our system. | | Here is the info from our config files that is relivant: | | From radius.cfg: | | Realm DEFAULT | AuthByPolicy ContinueUntilAccept | | AuthBy FILE | # The filename defaults to %D/users | /AuthBy | | # Log accounting to the detail file in LogDir | MaxSessions 1 | AcctLogFileName %L/detail | SessionDatabase SDB1 | /Realm | Realm thiswontmatchanything | # This clause says that for entries in the users file | # that specify Auth-Type=System, use the UNIX module to | # authenticate them | AuthBy UNIX | Identifier System | Filename /etc/master.passwd | /AuthBy | SessionDatabase SDB1 | /Realm | | | I have rewritten part of your config as
(RADIATOR) Strange warning...
We are receiving alot of the following warnings: Thu Dec 2 07:56:26 1999: WARNING: No such attribute Timestamp Every time Radiator tries to relay an accounting packet this message gets generated. Below I have included Trace 4 output for the packet before and after. Any Ideas? John D [EMAIL PROTECTED] *** Received from 216.98.155.2 port 1097 Code: Accounting-Request Identifier: 145 Authentic: 130pZ169149219217253242F-4L1412128 Attributes: Acct-Session-Id = "3B0246B0" User-Name = "brlgear" NAS-Identifier = "216.98.155.2" NAS-Port = 21 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 996 Acct-Authentic = RADIUS Connect-Info = "44000 LAPM/V42BIS" Acct-Input-Octets = 194170 Acct-Output-Octets = 898353 Acct-Terminate-Cause = User-Request Livingston-Acct-Terminate-Cause = "User Request - Call Circuit Closed" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.98.155.36 Acct-Delay-Time = 0 Thu Dec 2 07:56:26 1999: DEBUG: Rewrote user name to brlgear Thu Dec 2 07:56:26 1999: DEBUG: Handling request with Handler 'Realm=' Thu Dec 2 07:56:26 1999: DEBUG: SDB2 Deleting session for brlgear, 216.98.155.2, 21 Thu Dec 2 07:56:26 1999: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.98.155.2' and NASPORT=21 Thu Dec 2 07:56:26 1999: DEBUG: Handling with Radius::AuthRADIUS Thu Dec 2 07:56:26 1999: WARNING: No such attribute Timestamp Thu Dec 2 07:56:26 1999: DEBUG: Packet dump: *** Sending to 216.98.128.65 port 1646 Code: Accounting-Request Identifier: 13 Authentic: Attributes: Acct-Session-Id = "3B0246B0" User-Name = "brlgear" NAS-Identifier = "216.98.155.2" NAS-Port = 21 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 996 Acct-Authentic = RADIUS Connect-Info = "44000 LAPM/V42BIS" Acct-Input-Octets = 194170 Acct-Output-Octets = 898353 Acct-Terminate-Cause = User-Request Livingston-Acct-Terminate-Cause = "User Request - Call Circuit Closed" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.98.155.36 Acct-Delay-Time = 0 Timestamp = 944150186 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about accounting
Hi; Our system is working just fine (authentication wise), but I need to be able to send accounting packets to two seperate locations for a particular realm. For example: Authentication packets for a certain realm are proxied (AuthBy Realm) to another Radius server which works fine. Accounting packets should be sent there too, this seems to be happening as well (it is not our radius server so I don't know for sure). I also want to be able to stuff the contents of the accounting packets into an SQL database, which I am currently doing for realms that authenticate of the same database. Here is my current config for the realm in question: Realm regional.com AuthByPolicy ContinueWhileAccept #I was just guesing on this one RewriteUsername tr/A-Za-z0-9\-\_\\.\@/ /cs RewriteUsername s/^([^@]+).*/$1/ AuthBy RADIUS Host Hidden Secret Hidden /AuthBy AuthBy SQL DBSourcedbi:mysql:Hidden DBUsername Hidden DBAuth Hidden AuthSelect SELECT DialupUsers.password FROM DialupUsers, DialupService WHERE DialupService.my_key = DialupUsers.my_key AND user_name = '%U' AND DialupService.realm = 'not_real' AND type='region' AND status='ACTIVE' DefaultReply User-Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = NoneFramed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP, Session-Timeout = 28800, Idle-Timeout = 1800 AuthColumnDef 0, User-Password, check AccountingStopsOnly AccountingTable ACCOUNTING_NATIONAL AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address,ipaddr /AuthBy # Log accounting to the detail file in LogDir MaxSessions 1 AcctLogFileName %L/detail-%m%d%Y SessionDatabase SDB2 /Realm John D [EMAIL PROTECTED] PS Something else, with the sessiondatabase like it is, somethime the re-written user-name is inserted into the database sometimes the origional username is inserted this is just strange. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Proxying accounting requests.
I want to put in a central radius accountinng server and was wondering how to configure my realms. I have some realms that I proxy for and some I do not. Right now I have all the realms going to a file. Is there a way I can tell the realms to fwd to a central server? Right now I am just saving them to files. If I do this, will it also still fwd the start/stop packets to the radius servers I am proxying to? Thanks === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxying accounting requests.
Hi, In this case I am not using sql at the central accounting server or at the host I am proxying to. So is there a way for me to fwd accounting request to both hosts on port 1646? Thanks -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 7:09 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Proxying accounting requests. Hello - You will need to add an AuthBy SQL clause to your configuration file. Something like this: # define AuthBy SQL clause for accounting AuthBy SQL Identifier SQLAccounting .. # empty AuthSelect to disable authentication AuthSelect # define accounting AccountingTable ACCOUNTING AcctColumnDef . . /AuthBy # define Realms Realm some.realm AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy /AuthBy . /Realm Realm another.realm AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy /AuthBy . /Realm . regards Hugh On Tue, 14 May 2002 01:02, [EMAIL PROTECTED] wrote: I want to put in a central radius accountinng server and was wondering how to configure my realms. I have some realms that I proxy for and some I do not. Right now I have all the realms going to a file. Is there a way I can tell the realms to fwd to a central server? Right now I am just saving them to files. If I do this, will it also still fwd the start/stop packets to the radius servers I am proxying to? Thanks === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Access SQL 2000 from Solaris 8
Hello, I've taken on the challege of getting my Solaris 8 x86 server talking to my W2K server running SQL 2000. I've read through the FAQ and still have a few questions before I start installing. I would like to do it with the freeware products available if possible. I was looking at freetds and DBD-sybase. The radiator faq talks about sql 2000, but from the freetds faq, it says sql 2000 is not fully supported and to use TDS 7.0. I'm confused about the different formats. Will TDS 7.0 actuall work with sql 2000? I'm going to be interfacing with the accounting package Platypus. Once these two packages (and any other dependant packages) are installed, I should just be able to configure radiator's config file to AuthBy PLATYPUS with the correct information? Is anyone else runs solaris 8 x86 with radiator and sql 2000? Thanks === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.