Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP address toRadiator
Hello Aaron and Brian -
On Mon, 15 Nov 1999, Aaron Holtz wrote:
Yes, I believe that the radiator code looks for the Alive packet as well
as a Start packet just for this case. Be sure you are running a newer
version of radiator - I believe that 2.13 and up should support it, but
don't quote me on that.
if ($status_type eq 'Start' || $status_type eq 'Alive')
{
# Some Ciscos dont send accounting-on, so we will
# detect a reboot with the first session (ID 0001)
$sessdb-clearNas($nas_id, $p)
if $session_id eq '0001';
# Ciscos sometimes sends Alive. Use them to make _sure_
# there is an entry in the database
$sessdb-add($original_username, $nas_id, $nas_port, $p);
Aaron is quite correct, here's the relevant code from Handler.pm (Radiator
2.14.1).
cheers
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radwho.cgi Radacct.cgi
Hello Asif - On Mon, 15 Nov 1999, Asif wrote: %_Hi, I am facing a problem with the RADWHO.CGI and RADACCT.CGI scripts. The DBSource, DBUsername, DBAuth are set to correct values. DBI/DBD modules have been installed correctly. I am using Radiator on a Solaris 7 machine, authentication is done thru MySQL database, Apache web server installed on the same machine as the Radiator and MySql. Everything is working fine, except the two CGI files. The CGI files display a blank page on the screen, with only the static text from the CGI. The actual data from the MySQL table is not being displayed. Could you please send me a copy of your configuration file (no secrets) and the source of both radwho.cgi and radacct.cgi (the modified copies that are running in the Apache cgi-bin directory). thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP address toRadiator
I understand, but I am still not getting them into my radonline database.
Could it be because I have "AccountingStopsOnly" for this realm??
Thanks for the feedback.
Brian
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Aaron Holtz [EMAIL PROTECTED]; Brian Morris [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, November 15, 1999 4:29 PM
Subject: Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP address
toRadiator
Hello Aaron and Brian -
On Mon, 15 Nov 1999, Aaron Holtz wrote:
Yes, I believe that the radiator code looks for the Alive packet as well
as a Start packet just for this case. Be sure you are running a newer
version of radiator - I believe that 2.13 and up should support it, but
don't quote me on that.
if ($status_type eq 'Start' || $status_type eq 'Alive')
{
# Some Ciscos dont send accounting-on, so we will
# detect a reboot with the first session (ID 0001)
$sessdb-clearNas($nas_id, $p)
if $session_id eq '0001';
# Ciscos sometimes sends Alive. Use them to make _sure_
# there is an entry in the database
$sessdb-add($original_username, $nas_id, $nas_port, $p);
Aaron is quite correct, here's the relevant code from Handler.pm (Radiator
2.14.1).
cheers
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP addresstoRadiator
I'd say that is your problem. If you don't log Start packets, I'm
guessing that Alive packets aren't processed either. Anything but a Stop
is ignored (or acknowledged and then ignored.) You'll need to remove that
statement to get those entries into your online db I believe. Do you have
anything other than 2511's on this Realm that are logging to the radonline
db?
--
Aaron Holtz
ComNet Inc.
UNIX Systems Administration/Network Operations
"It's not broken, it just lacks duct tape."
--
On Nov 15, Brian Morris molded the electrons to say
I understand, but I am still not getting them into my radonline database.
Could it be because I have "AccountingStopsOnly" for this realm??
Thanks for the feedback.
Brian
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Aaron Holtz [EMAIL PROTECTED]; Brian Morris [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, November 15, 1999 4:29 PM
Subject: Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP address
toRadiator
Hello Aaron and Brian -
On Mon, 15 Nov 1999, Aaron Holtz wrote:
Yes, I believe that the radiator code looks for the Alive packet as well
as a Start packet just for this case. Be sure you are running a newer
version of radiator - I believe that 2.13 and up should support it, but
don't quote me on that.
if ($status_type eq 'Start' || $status_type eq 'Alive')
{
# Some Ciscos dont send accounting-on, so we will
# detect a reboot with the first session (ID 0001)
$sessdb-clearNas($nas_id, $p)
if $session_id eq '0001';
# Ciscos sometimes sends Alive. Use them to make _sure_
# there is an entry in the database
$sessdb-add($original_username, $nas_id, $nas_port, $p);
Aaron is quite correct, here's the relevant code from Handler.pm (Radiator
2.14.1).
cheers
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy Emerald Platypus
Dear Radiator Platypus users, Could someone share their .cfg file with me ? In particular I am curious about the line that reads; AcctColumnDef AcctTerminateCause, ?, integer When using Platypus what should the read ? I have it set to the default setting which is Acct-Terminate-Cause. I am having problems with users not getting disconnected and I am wondering if this may be part of the problem. Thanks for any help of input. Todd === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) problems with authby SQL and authby FILE with ContinueWhileAccept
Hello Jay - On Tue, 16 Nov 1999, Jay West wrote: Here's the defuserfile: DEFAULT Service-Type = Framed-User Framed-Protocol = PPP, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP I suspect the routers in question are Cisco's? If so, then you will need a Service-Type = Framed-User as a Reply attribute. Your current definition for DEFAULT has it only as a check item. Try this: DEFAULT Service-Type = Framed-User Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP Note: Cisco's *always* expect to see the Service-Type in the Access-Accept match the Service-Type in the Access-Request. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy Emerald Platypus
Here is what we use: Realm DEFAULT # If Platypus rejects the login, forward it to the old Radius server AuthByPolicy ContinueUntilAccept ExcludeFromPasswordLog AuthBy EMERALD # You can use this to force Radiator to limit # maximum session times to how many minutes # are left in subaccounts.timeleft TimeBanking # Change DBSource, DBUsername, DBAuth for your database # See the reference manual DBSourcedbi:ODBC:LocalServer DBUsername xx DBAuth xx # You can add to or change these if you want. AccountingTable Calls AcctColumnDef UserName,User-Name AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef AcctTerminateCause,Ascend-Disconnect-Cause,int eger # AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,intege r # AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AddATDefaults AuthSelect ,sa.LoginLimit AuthColumnDef 0,Simultaneous-Use,check /AuthBy AuthBy FILE Filename %D/users /AuthBy # Log all accounting into daily log files AcctLogFileName /local/etc/radius/log/%Y%m%d.act /Realm At 11:59 15-11-99 -0500, Todd Knaus wrote: Dear Radiator Platypus users, Could someone share their .cfg file with me ? In particular I am curious about the line that reads; AcctColumnDef AcctTerminateCause, ?, integer When using Platypus what should the read ? I have it set to the default setting which is Acct-Terminate-Cause. I am having problems with users not getting disconnected and I am wondering if this may be part of the problem. Thanks for any help of input. Todd === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- John Vorstermans||We are what we repeatedly do. Technical Manager || - Aristotle Actrix Networks === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RADONLINE not showing IP addresses?
I finally got Radiator up and running with mySQL. Thanks to all who gave me input. Looking back on it, it really wasn't that difficult. One strange thing I noticed though... when I do a 'select * from RADONLINE;', it does show me the users who are currently online. All the fields are filled in (username, nasid, etc. etc.) except one. The Framed-IP-Address that was assigned to the router is not filled in. Perhaps this additional info might help... I went back through old detail logs before we switched to SQL. I noticed that start records do not show an ip address, only stop records do. I wonder if this is because of how we manage dialup vs. dedicate address space? In SUBSCRIBERS, all users that are dialup users get an ip address of 255.255.255.254 which when passed back to our cisco 2611 tells is to assign the address from a pool defined in the router. Static IP address people have their ip address hardcoded in their REPLYATTR entry. If that is why we're not seeing an IP address in RADONLINE, I see two possible fixes... 1) is there a way for the router to tell radiator what IP address it assigned to the person so it gets put in RADONLINE or 2) Is there a way to have Radiator manage a pool of addresses and let it decide the address before it's passed to the cisco? Perhaps there are other ideas for this... Thanks in advance for anyone's input! Jay West === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Help! Static IP assignments not working!
My full configuration was included in a previous email about 'problems with authbysql'. I'm now having a problem with static IP addresses. Note the file settings: mysql select * from SUBSCRIBERS - where Username='testuser'; +--+--+---+---+- -+ | USERNAME | PASSWORD | ENCRYPTEDPASSWORD | CHECKATTR | REPLYATTR | +--+--+---+---+- -+ | testuser | | NULL | NULL | Framed-IP-Address = "192.168.1.73",Framed-IP-Netmask = "255.255.255.252",Idle-Timeout = "0" | +--+--+---+---+- -+ 1 row in set (0.00 sec) And since I'm using authbysql followed by authbyfile with continuewhileaccept this is important: DEFAULT Service-Type = Framed-User Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP However, I've just verified that when this user (testuser) logs in, they're getting assigned an IP address from a pool defined on the router (via 255.255.255.254) instead of the specific IP address listed in SUBSCRIBERS (as well as a host route of 255.255.255.255 instead of the 252 above). Help (and THANKS IN ADVANCE!) Jay West === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Help! Static IP assignments not working!
Jay, What's in your file for the authby file? Is it anything other than the DEFAULT user? Maybe you should drop the file and put everything into the db. Put replyattr's for just those users with special setups and use something like this in your config: DefaultReply \ Service-Type=Framed-User,Framed-IP-Address=255.255.255.254,\ Framed-IP-Netmask=255.255.255.255,Framed-MTU=1500,\ Framed-Compression=Van-Jacobson-TCP-IP That way those without replyattr's in the db will get a default set. Then put everything that a special user would need in the db for just that user. Also, I'd wonder if the quotes around the reply items in the db aren't causing some issues. Maybe reput those items into your db without the quotes. On a Trace 4 is that testuser getting the right attributes in the reply packet? -- Aaron Holtz ComNet Inc. UNIX Systems Administration/Network Operations "It's not broken, it just lacks duct tape." -- On Nov 15, Jay West molded the electrons to say My full configuration was included in a previous email about 'problems with authbysql'. I'm now having a problem with static IP addresses. Note the file settings: mysql select * from SUBSCRIBERS - where Username='testuser'; +--+--+---+---+- -+ | USERNAME | PASSWORD | ENCRYPTEDPASSWORD | CHECKATTR | REPLYATTR | +--+--+---+---+- -+ | testuser | | NULL | NULL | Framed-IP-Address = "192.168.1.73",Framed-IP-Netmask = "255.255.255.252",Idle-Timeout = "0" | +--+--+---+---+- -+ 1 row in set (0.00 sec) And since I'm using authbysql followed by authbyfile with continuewhileaccept this is important: DEFAULT Service-Type = Framed-User Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP However, I've just verified that when this user (testuser) logs in, they're getting assigned an IP address from a pool defined on the router (via 255.255.255.254) instead of the specific IP address listed in SUBSCRIBERS (as well as a host route of 255.255.255.255 instead of the 252 above). Help (and THANKS IN ADVANCE!) Jay West === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
