This may be the case now, but pretty sure we went down this road YEARS ago and
even with BindAddress, packets were still being sourced from the main IP
address. In the mailing list archives this argument may exist. I vaguely
remember being told by Hugh that it was not possible in Perl at the
In my experience this is not the case. It will LISTEN on those addresses for
sure. But it’s return packets are always sourced from the primary IP address of
the outgoing interface. DSR will work, but the clients will receive a response
from an IP address that is not of the configure RADIUS
DSR load balancing assumes the real servers know about the load balanced VIP
and is generally configured on a loopback.
The problem with this I think is that Radiator responds with a source address
of where the packet leaves. (at least that’s been my experience). Most clients
will probably
-64int
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
/radius.cfg line 129
Can't locate object method new via package Radius::AuthNTLM at
Radius/Configurable.pm line 450, CONFIG line 136.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
radiator mailing list
radiator
On 1/5/04 1:49 PM, Frank Danielson [EMAIL PROTECTED] wrote:
How about using-
kill '1',$$
or if you are in a hurry-
kill '9',$$
Actually if you are in that much a hurry why bother with kill when you can
just exit();
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http
= /A$/
AuthBy ...
/AuthBy
/Handler
Handler Username = /B$/
AuthBy ...
/AuthBy
/Handler
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9
Any sufficiently advanced bug is indistinguishable
second until
the requests are ack'd. Seems overly aggressive to me.
If this can be tweaked, where, and what settings should I use? Ideally I'm
looking for 3 seconds between requests with 3-5 retries until it should go
to the next server.
Thanks in advance to anyone that can help.
--
Robert
CachePasswords
RejectEmptyPassword
NoDefault
/AuthBy
SessionDatabase NoneDB
/Handler
Shouldn't CachePasswords be supported in this AuthBy? It is in AuthBy
RADIUS...
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http
On 10/2/03 1:01 PM, Robert Blayzor [EMAIL PROTECTED] wrote:
I have a Radiator farm setup which I'm trying to AuthBy ROUNDROBIN to... It
doesn't appear that CachePasswords works for this AuthBy. Looking at my
trace, auths are always sent to the clients and never lookedup in the cache
even
: NOTICE: Server started: Radiator 3.7 on foo
Once this happens it seems like it's still answering connections on port
9048, but then accepts no commands.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE
an instant NAK to the NAS...
I assume some PreHandlerHook (or PreClientHook) would be needed, but is
there an example how to? ie: Say I have a list of usernames in a file that
I want to discard on..
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint
are sync'd. (and current
date/time is what you want) You can do this several ways depending on your
backend, ie:
MSSQL - getdate()
Or PgSQL - timestamp 'now'
More..
INSERT INTO tbl_radacct (recdate) values (timestamp 'now')
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http
AcctSQLStatementEXEC sp_acctinsert '%{Acct-S
ession-Id}','%{Acct-Status-Type}','%{User-Name}','%{TimeStamp}'
Should insert the TimeStamp as '9/11/2003 21:21:21' ???
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = A445 7D1E 3D4F
into the format above to pass it in
the argument list.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
Exclusive: We're the only ones who have the documentation.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED
what's worked for me ...
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9
Life would be much easier if I had the source code.
===
Archive at http://www.open.com.au/archives/radiator
thing here. I've seen posts duplicated over the last couple of
days...
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9
Hackers have kernel knowledge.
===
Archive at http://www.open.com.au
On 9/11/03 2:42 PM, tracker [EMAIL PROTECTED] wrote:
Using this method, how do you enforce that only Accounting Stop records
will be stored locally?
Add the AccountingStopsOnly directive in your AuthBy SQL section.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net
-Port-Type');
${$_[0]}-add_attr('NAS-Port-Type', 'VPN');
}
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9
Design: The activity of preparing for a design review.
===
Archive at http
of. I know that at least on the AS5300's they send a
termination reason in with every stop record. Just search the RADIUS
dictionary for terminate it's in there.. Once you find that attribute you
can deal with it in your accounting policy.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP
. With Radiator you can
specify the exact accounting query to your backend with as many or as little
RADIUS attribs as you want
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9
Real
sure that the
secrets match in your httpd.conf and in your Radiator configuration for
the client.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
State-of-the-art: What we could do with enough money.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED
Sounds like you do not have a default gateway set, or your subnet mask
is wrong.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
If the automobile had followed the same development cycle as the
computer, a Rolls-Royce would today cost $100, get a million miles per
gallon, and explode once
program or right from perl -e):
[shell:~] perl -e 'print oct(0b01011000).\n;'
1408
What gives?
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
Advanced design:
Upper management doesn't understand it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
was not needed as the bit shifting is much
faster anyway. Thanks.
my $i_id = ($i_port 0xf800) 27 ./. ($i_port 0x0700)
24 ./.
($i_port 0xff) 16 ... ($i_port 0x);
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
That function is not currently supported
number 105 (vendor 1147499380)
is not defined in your dictionary
Sun Jun 2 20:32:38 2002: ERR: Attribute number 99 (vendor 1399813490)
is not defined in your dictionary
Sun Jun 2 20:32:38 2002: ERR: Attribute number 99 (vendor 1399813490)
is not defined in your dictionary
--
Robert Blayzor, BOFH
and a different log database.
As well as the generic parameters described in Section 6.48 , AuthLog
SQL understands the following parameters:
Please advise.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
If the automobile had followed the same development cycle as the
computer, a Rolls-Royce would
DBUsername
DBAuth
Identifier SQL-AuthLog1
FailureQueryEXEC sp_RadiusAuthLog
'%{GlobalVar:ServerID}','%n','%{Class}','%N','%{Called-Station-Id}','%{C
alling-Station-Id}',%1
LogSuccess 0
LogFailure 1
/AuthLog
--
Robert
So I got the bright idea to add a AND PASS='%{Password}' to
the AuthSelect line. But the query ends up AND PASS=''
(nothing is put
in there.) So, obviously RADIUS either 1) can't pass it like
that or 2)
can but I'm doing it wrong.
Perhaps you want AND PASS='%P' ???
--
Robert
I'm curious to know if it's possible to do either of the following:
1) Change the format of what is included in the PasswordLogFile
Or
2) Omit the PASSED password entries and log only the FAIL's
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
Document code? Why do you think they call
}','%{NAS-Po
rt-Type}','%{Service-Type}','%{Framed-Protocol}','%{Framed-IP-Address}',
'%{Connect-Info}','%{Acct
-Terminate-Cause}','%{Acct-Input-Octets}','%{Acct-Output-Octets}','%{Acc
t-Session-Time}'
A more advanced SQL statement?
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED
. Then
again, this may not solve your problem as you haven't provided enough
information about your NAS.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
Artificial Intelligence: Making computers behave like they do in the
movies.
-Original Message-
From: [EMAIL PROTECTED
:
Framed-IP-Address = 255.255.255.254
Service-Type = Framed-User
MS-MPPE-Encryption-Policy = Encryption-Required
MS-MPPE-Encryption-Types = Encryption-40
MS-MPPE-Send-Key = removed
MS-MPPE-Recv-Key = removed
Tunnel-Type = PPTP
--
Robert Blayzor, BOFH
than their text meanings.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
Earth is 98% full...please delete anyone you can.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator
to large data warehousing of accounting
records, it makes the most sense. Either case, I was just curious as if
this could be done in one way or another It would make a nice
feature.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
Years of development: We finally got one to work
the session so long as
one of the attributes matches..
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
Logic: The art of being wrong with confidence...
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED
perform in a very active RADIUS server environment.
The one quirk I've always noticed is that if the connection breaks
between FreeTDS and your MSSQL server, FreeTDS mod seems to bomb out the
whole PERL script running. Any work arounds or suggestions?
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL
37 matches
Mail list logo