Hello Alain -
As the error message in the log file says, you will need a Realm or Handler
clause to deal with the Disconnect-Request. You will also need software on
the NAS that understands Disconnect-Request.
Also note that when the NAS is configured to process Disconnect-Request it is
Hello Vangelis -
Actually, an internal session database is exactly that - a session database
held entirely in memory. The username in each request is what is used, as
follows: Access-Request - check current sessions and reject if limit
exceeded, Accounting Start - add new record, Accounting
Hello John, Hello Chris -
What platform are you running on? Note that some syslog systems need to be
run with the -r flag.
From http://www.open.com.au/radiator/faq.html#66:
Recent versions of Linux syslogd do not by default listen to the UDP port
that the Perl Sys::Syslog module uses. In
Hello guys,
Is there a variable that can be used, to log the realm, that the user went
through, in an AuthLog SuccessFormat ?
Thanks,
-Andy
--
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property
Hello Dmitry -
Here is what I get with this configuration file (copied from your mail):
Foreground
Trace 4
Client DEFAULT
Secret mysecret
/Client
Handler Realm=bbeyond.nl
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 1
AuthBy FILE
Filename ./bbeyond.users
/AuthBy
Hello Andy -
Sure - %R (section 6.2 in the manual).
cheers
Hugh
On Friday 13 July 2001 17:10, Andy De Petter wrote:
Hello guys,
Is there a variable that can be used, to log the realm, that the user went
through, in an AuthLog SuccessFormat ?
Thanks,
-Andy
--
*** DISCLAIMER ***
Odd..
I'm using:
SuccessFormat %l:%n:%P:%a:PASS:%N:%c:%R
FailureFormat %l:%n:%P:none:FAIL:%N:%c:%R
And, while it's logging, the last parameter remains empty :(
I'm using this as RewriteFunction:
RewriteFunction sub { my($a) = shift; $a =~ tr/A-Z/a-z/; $a =~ s/[\000]//g;
Title: RE: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
My NAS support Disconnect-Request.
Can u tell me how define Handler or Realm for forward the request correctly?
Thanks
-Mensaje original-
De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Enviado el:
Maybe my question wasn't very well understood ;)))
My users authenticate with username and not with username@realm. I'm
forcing their realm, based on the access server they were using..
But my question was: how can I log the realm where they've been pushed into,
even though they didn't
Hello Alain -
As mentioned below, you can use radpwtst to send the Disconnect-Request
directly to the NAS. However, if you want to send it through Radiator you
will have to configure an AuthBy RADIUS clause pointing at the NAS and a
Realm or Handler clause to recognise the Disconnect-Request
Hi Andy -
Ahhh - correct.
You will have to use a PreAuthHook, in which you can include the rewrite that
you show below, as well as add a pseudo-attribute for the Realm.
Something like this:
my $realm = .;
$p-add_attr('User-Realm', $realm);
Then in your AuthLog you can
Hello,
and the problem here is that NAS generates the Access-Request in form
"username@realm", proxy stripes off the the realmname and my Radiator
receives just "username". Whereas the accounting request approaches the
Radiator in its original form e.g. "username@realm". So the session database
--- Forwarded mail from [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: Fri, 13 Jul 2001 05:20:50 -0500
To: [EMAIL PROTECTED]
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Jonathan
[EMAIL PROTECTED]]
From [EMAIL PROTECTED] Fri Jul 13 05:20:49 2001
Received: from mail.ur.nl
by default HPUX uses syslogd -D (Prevent the kernel from directly printing
its messages on the system console.). I've tried with -r, syslog by
itself, you name the combination, I can't figure out why it wouldn't be
doing it =/
its an HPUX 11i, Lclass PA2.0RISC box (800 series).
On Fri, 13
Greetings all,
After using radiator for some time with AuthBy SQL, i'm looking at
tying it into our new directory via LDAP. However, i'm having some
difficulty with AuthBy LADP2, specifically the ServerChecksPassword
parameter. As i understand it, This should cause the LDAP module to
Hi Hugh,
It's good to hear from you.
I'm on Linux RH 7.1.
The problem I am having with logging is that I had a known good config on
one machine and (you may remember all the problems I was having) I decided
to create a brand new box that was Redhat 7.1 and run Radiator on that.
The only new
On Fri, 13 Jul 2001, Jeremy Bushman wrote:
I am having some problems getting our new MegaPOP sites to auth users.
The problem is that the username makes it ok, but the password shows
up as a bunch of garbage.
99.999% of the time, garbled password == unmatched secrets.
Some NASes don't seem
Are any versions of Radiator vulnerable to this ?
http://xforce.iss.net/alerts/advise87.php
--
Dave
St.Louis, Missouri
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator'
Oops, i didn't go far enough into the logs i guess. It looks like
it goes anonymous for the initial search query, and then uses the supplied
username and password to authenticate the actual record lookup later.
Answered my own question ;).
- jeremy
On Fri, 13 Jul 2001, Jeremy Hinton
Hello Chairarth -
It only makes sense to keep your user definitions in a single database, so if
you are going to use Rodopi you should keep all your users there.
regards
Hugh
On Friday 13 July 2001 21:23, Chairarth K wrote:
Hello Hugh,
Maybe only in Rodopi , maybe in Ropopi and RadminĀ
Hello Jonathon -
Like many before me, I've wrestled with check and reply items. I won, but I
still want to have something cleared up:
userUser-Password = xxx,
Service-Type = Framed-User,
Framed-IP-Address = xxx.xx.xx.xxx,
Hello Dave -
On Saturday 14 July 2001 01:24, Dave Salaman wrote:
Are any versions of Radiator vulnerable to this ?
http://xforce.iss.net/alerts/advise87.php
As you know, Radiator is written in Perl, which handles bounds checking for
all variables automatically. Mike has stated that
Hello Dmitry -
I see.
I think you have two choices: first (prefered) is to change the proxy so it
sends you all requests with the realm intact, and second is to add an
additional proxy in front of your Radiator that only rewrites the usernames.
The only way that the session database is
Hello Jeremy -
This sounds very much like the shared secrets are not set correctly.
hth
Hugh
On Saturday 14 July 2001 00:55, Jeremy Bushman wrote:
I am having some problems getting our new MegaPOP sites to auth users. The
problem is that the username makes it ok, but the password shows up
24 matches
Mail list logo