RE: (RADIATOR) conditional logging
Hello, I was wondering whether it's possible to do some kind of conditional logging, with the AcctLogFileName. For example, would it be possible to say, that radiator should only log the accounting line (defined in AcctLogFileFormat), if Acct-Status-Type (or any other attribute) has a specific value? If so, how could I do this, and where could I find more information about it? See 6.15 in the manual, you could use something like this : Handler Acct-Status-Type="specific value" AcctLogFilename filename AuthBy yourusualhandler /Handler With yourusualhandler as identifier for the handler your using normally. Thanks, -Andy Regards Arjan ***DISCLAIMER*** Deze e-mail is uitsluitend bestemd voor de geadresseerde(n). Verstrekking aan en gebruik door anderen is niet toegestaan. KPN N.V. sluit iedere aansprakelijkheid uit die voortvloeit uit elektronische verzending. This e-mail is intended exclusively for the addressee(s), and may not be passed on to, or made available for use by any person other than the addressee(s). KPN N.V. rules out any and every liability resulting from any electronic transmission. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Sending back packet back.
Hello Simon - I will need to see a copy of the configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. It is possible that either the shared secret is not set correctly or the NAS is trying to use CHAP and you have encrypted passwords in your user definitions. You can only use PAP with encrypted passwords in the database. regards Hugh At 14:00 +0100 01/4/2, Simon Green wrote: Hi All I am just setting up my radius server speaking to my Cisco as5300. If I do a remote test using radpwtst all works fine...but when I try to dial on using the as5300 the log show that the first 3 lines for the accepted packet are sent back then the user is dropped saying that they are not using the right password. This is where the logs stop. We have an old radius sever working with the as5300 with the same set up. Can you please point me in the right direction. Thanks Simon Green === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) DNIS Realm proxy
Title: Re: (RADIATOR) DNIS Realm proxy Hello Jc - This is very easy to do with Handlers: # configure AuthBy RADIUS AuthBy RADIUS Identifier ForwardToProxy . /AuthBy # configure Handlers with Called-Station-Id Handler Called-Station-Id = nnn AuthBy ForwardToProxy /Handler . hth Hugh At 1:09 +0800 01/4/3, JC wrote: hi everybody, I would like tosetup a radius that canproxy based on dnis. Does radiator support this ? JC -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
RE: (RADIATOR) DNIS Realm proxy
See 6.15 and 6.27, i.e. something like this : AuthBy RADIUS Hosteric.open.com.au Secret 666obaFGkmRNs666 Identifier radiusproxy1 /AuthBy handler Called-Station-Id="value" AuthBy radiusproxy1 /Handler Regards Arjan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of JC Sent: Monday, April 02, 2001 7:10 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) DNIS Realm proxy hi everybody, I would like to setup a radius that can proxy based on dnis. Does radiator support this ? JC ***DISCLAIMER*** Deze e-mail is uitsluitend bestemd voor de geadresseerde(n). Verstrekking aan en gebruik door anderen is niet toegestaan. KPN N.V. sluit iedere aansprakelijkheid uit die voortvloeit uit elektronische verzending. This e-mail is intended exclusively for the addressee(s), and may not be passed on to, or made available for use by any person other than the addressee(s). KPN N.V. rules out any and every liability resulting from any electronic transmission. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Acct-Session-Id non-unique across mutiple NAS's..
Hi, Im currently using Cistron Radius (with MySQL) to auth dial-in users from a PM3. Our original PM3 was getting close to maximum, so we purchased another. During testing I noticed the new PM3 is attempting to use the same Acct-Session-Id that had been previously used by the original PM3, the INSERT to the DBase fails due to a non-unique Acct-Session-Id. Does Radiator accomodate for this type of scenario - Multiple Identical NAS's authing via a single Radius Server ? Regards, Michael === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Acct-Session-Id non-unique across mutiple NAS's..
Hello Michael - The Acct-Session-Id is just a number, and will wrap around even on a single NAS you can't rely on it to be unique. Radiator has no trouble with any number of identical NAS's. hth Hugh At 20:44 +1000 01/4/3, Michael Bellears wrote: Hi, Im currently using Cistron Radius (with MySQL) to auth dial-in users from a PM3. Our original PM3 was getting close to maximum, so we purchased another. During testing I noticed the new PM3 is attempting to use the same Acct-Session-Id that had been previously used by the original PM3, the INSERT to the DBase fails due to a non-unique Acct-Session-Id. Does Radiator accomodate for this type of scenario - Multiple Identical NAS's authing via a single Radius Server ? Regards, Michael === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Acct-Session-Id non-unique across mutiple NAS's..
Thanks for the response Hugh. Looks like I may switch to Radiator. Regards, MB -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 03, 2001 9:36 PM To: Michael Bellears; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Acct-Session-Id non-unique across mutiple NAS's.. Hello Michael - The Acct-Session-Id is just a number, and will wrap around even on a single NAS you can't rely on it to be unique. Radiator has no trouble with any number of identical NAS's. hth Hugh At 20:44 +1000 01/4/3, Michael Bellears wrote: Hi, Im currently using Cistron Radius (with MySQL) to auth dial-in users from a PM3. Our original PM3 was getting close to maximum, so we purchased another. During testing I noticed the new PM3 is attempting to use the same Acct-Session-Id that had been previously used by the original PM3, the INSERT to the DBase fails due to a non-unique Acct-Session-Id. Does Radiator accomodate for this type of scenario - Multiple Identical NAS's authing via a single Radius Server ? Regards, Michael === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) DEFAULT User or Profiles with AuthBY LDAP2
I am already using AddToReplyIfNotExist for the standard RADIUS attributes, but that is not quite suitable for user profiles. Each of our users has a serviceType which defines which type of service they pay for. For example, some of these users are what we call "daytimers" because they are only allowed in off-peak hours. Other service types have unique reply items to enforce the service policies. What I want to do is detect from AuthBY LDAP2 that serviceType=DAY (using a request item), and requery LDAP to retrieve the necessary reply items (Time, Session-Timeout) from a service template found in a calculated DN (serviceType=%{serviceType},...o=Top). I'm pretty sure I know how to configure all of this, except that I can't find a way to perform the second LDAP query for the service template. The LDAP2 module requires a userPassword which would never match in a template. Perhaps a new AuthBy LDAP2 parameter could disable the password check, allowing additional check/reply items to be applied? I would like to keep the profiles in LDAP for centralization and simplified maintenance, but if worse came to worse I suppose I could have it fall through to a flat 'users' file as documented in "goodies/profiles.txt". (Does this sound reasonable?) Thanks, Carl Litt Network Administrator Execulink Internet On Tue, 3 Apr 2001, Hugh Irvine wrote: Hello Carl - Why not just use an AddToReply in the AuthBy clause? Section 6.16.7 in the Radiator 2.18 reference manual. hth Hugh At 14:20 -0400 01/4/2, Carl Litt wrote: I am trying to configure a DEFAULT user with AuthBy LDAP2. I want to to authenticate the Access-Request via LDAP2, then retrieve a DEFAULT user with LDAP2 which contains the necessary reply items. This is on my way to using account profiles matched by LDAP request items. The only problem is that AuthBy LDAP2 always expects to authenticate the user with a password. The documentation (6.33.9) states that PasswordAttr or EncryptedPasswordAttr are required in the LDAP configuration. I did try it without PasswordAttr, but I get an LDAP_PARAM_ERROR. Obviously this won't let me lookup a DEFAULT user record. I think I remember some talk of how to do this with other AuthBy methods? My question is: How can I use LDAP2 to append profiled (or DEFAULT) reply items to an Access-Accept? Here is what my config looks like right now: AuthBy LDAP2 # Authenticate the Access-Request from LDAP # (This all works fine) Identifier LDAP-login ... /AuthBy AuthBy LDAP2 # Fetch the DEFAULT user's reply items Identifier LDAP-DEFAULT ... SearchFilter ((objectclass=radiusAccount)([EMAIL PROTECTED])) UsernameAttrmailLocalAddress AuthAttrDef radiusReplyItem,GENERIC,reply /AuthBy AuthBy GROUP Identifier genericLDAP AuthByPolicyContinueWhileAccept AuthBy LDAP-login AuthBy LDAP-DEFAULT /AuthBy Thanks, Carl Litt Network Administrator Execulink Internet === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator issues
--- Forwarded mail from [EMAIL PROTECTED] Date: Wed, 4 Apr 2001 07:10:21 +1000 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["steve" [EMAIL PROTECTED]] From mikem Wed Apr 4 07:10:17 2001 Received: by oscar.open.com.au (8.9.0/8.9.0) id HAA26244 for [EMAIL PROTECTED]; Wed, 4 Apr 2001 07:10:17 +1000 (EST) Received: from email.accessus.net (email.accessus.net [209.145.128.5]) by perki.connect.com.au with ESMTP id GAA24736 (8.8.8/IDA-1.7 for [EMAIL PROTECTED]); Wed, 4 Apr 2001 06:34:51 +1000 (EST) Received: from email.accessus.net (email.accessus.net [209.145.128.5]) by perki.connect.com.au with ESMTP id GAA24736 (8.8.8/IDA-1.7 for [EMAIL PROTECTED]); Wed, 4 Apr 2001 06:34:51 +1000 (EST) Received: from [207.206.171.40] (HELO Hamal) by email.accessus.net (CommuniGate Pro SMTP 3.4.3) with SMTP id 1331294 for [EMAIL PROTECTED]; Tue, 03 Apr 2001 15:34:50 -0500 From: "steve" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Radiator issues Date: Tue, 3 Apr 2001 15:36:21 -0500 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Importance: Normal Content-Type: text/plain; charset="iso-8859-1" We have been having some trouble with Bay Networks instant internet box, as well as some 3Com products. Radiator reports back as access accepted but the other device comes back as User Name and Password rejected. Porting the exact same info into a different device it works fine. Any ideas ? Attached is the log form from Radiator the users entry fallowed my the log form the Bay networks machine User-Name = "[EMAIL PROTECTED]" Tue Apr 3 11:21:55 2001: DEBUG: Rewrote user name to RAVEN Tue Apr 3 11:21:55 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 209.145.176.3, 20315 Tue Apr 3 11:21:55 2001: DEBUG: Radius::AuthFILE looks for match with RAVEN Tue Apr 3 11:21:55 2001: DEBUG: Access accepted for RAVEN User-Name = "[EMAIL PROTECTED]" Tue Apr 3 11:21:57 2001: DEBUG: Rewrote user name to RAVEN Tue Apr 3 11:21:57 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 209.145.176.3, 20315 Tue Apr 3 11:21:57 2001: DEBUG: Radius::AuthFILE looks for match with RAVEN Tue Apr 3 11:21:57 2001: DEBUG: Access accepted for RAVEN User-Name = "[EMAIL PROTECTED]" Tue Apr 3 11:22:00 2001: DEBUG: Rewrote user name to RAVEN Tue Apr 3 11:22:00 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 209.145.176.3, 20315 Tue Apr 3 11:22:00 2001: DEBUG: Radius::AuthFILE looks for match with RAVEN Tue Apr 3 11:22:00 2001: DEBUG: Access accepted for RAVEN RAVEN Encrypted-Password = "Bhk/ajx/814ec" Service-Type = Framed, Framed-Protocol = PPP, Framed-IP-Address = 209.145.176.213, Framed-IP-Netmask = 255.255.255.255, Port-Limit = 2, Idle-Timeout = 0 00:00:03.6467 tracing started at Tue Apr 3 11:59:56 2001 00:00:03.6479 Starting Script 00:00:03.6486 # provider Other (static) 00:00:03.6491 # type PPP static ISDN 00:00:03.6495 dial 00:00:03.6512 ISDN-B1 event:initiate state:dialing 00:00:05.5824 line state=connecting to switch (1) 00:00:29.6292 line state=initializing protocol (2) 00:00:29.7601 line state=active (4) 00:00:29.9365 dialing (64000) 2360117 00:00:29.9444 channel 1 assigned id 512 00:00:29.9464 call 512 state=call initiated (1) 00:00:30.7238 call 512 Channel ID:89 00:00:30.7244 call 512 assigned to B1 00:00:30.7295 call 512 state=outgoing call proceeding (3) 00:00:31.2727 call 512 connection confirmed 00:00:31.2773 call 512 on (0) set to hdlc64 protocol 00:00:31.2797 call 512 state=active (10) 00:00:31.2807 ISDN-B1 event:line up state:connected 00:00:31.4211 00:00:31.4218 00:00:31.4222 script complete 00:00:31.4243 ISDN-B1 event:dial complete state:negotiating 00:00:31.4260 ISDN-B1 snd: ppp typ=lcp state=reqsent code=cfgreq id=1 len=23 magic#=4CB8D mrru=1500 endpoint=03 00 C0 11 00 2A A0 .*. 00:00:31.4557 ISDN-B1 rcv: ppp typ=lcp state=reqsent code=cfgreq id=186 len=33 auth=pap magic#=EEAFE43D mrru=1524 endpoint=01 43 35 38 30 30 2D 52 53.C5800-RS 17=27 AD '. 00:00:31.4599 reject config request 00:00:31.4638 ISDN-B1 snd: ppp typ=lcp state=reqsent code=cfgrej id=186 len=8 17=27 AD '. 00:00:31.4710 ISDN-B1 rcv: ppp typ=lcp state=reqsent code=cfgack id=1 len=23 magic#=4CB8D mrru=1500 endpoint=03 00 C0 11 00 2A A0 .*. 00:00:31.4739 lcp state=ackrcvd:waiting on cfgreq 00:00:31.4851 ISDN-B1 rcv: ppp typ=lcp state=ackrcvd code=cfgreq id=187 len=29 auth=pap magic#=EEAFE43D mrru=1524 endpoint=01 43 35 38 30 30 2D 52 53.C5800-RS
(RADIATOR) Attribute to return DNS addresses
Hi Folks, I would like to assign a new name server/s to a dial-in account but I can not find the attribute I need to return to setup the client with the primary and alternate DNS addresses. I have looked in both the standard dictionary and the livingston dictionary to no avail. (I am using a Portmaster 3) I am sure it is something simple but I just can't find it. Any help would be appreciated! Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problem assign static IP
hi there, I having problem assign static ip for my dial-up customer. Hope someone can help. Attach below my config file and level 4 debug mode. From the Level 4 debug log, It seen that Radiator do forward the attribute to my RAS. The ip address assigned from the modem pool ip range. I am using Cisco as5300. Anyone have any clue? Thanks David Teh Auth by File test User-Password = "test1" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = "192.168.1.200", Framed-IP-Netmask = "255.255.255.255" Level 4 log Wed Apr 4 10:04:33 2001: DEBUG: Packet dump:*** Received from192.168.2.10 port 4214 Code: Access-RequestIdentifier: 147Authentic: 183y2381819514123725f2311612251531705Attributes: NAS-IP-Address =192.168.2.10 NAS-Port = 31 NAS-Port-Type = Async User-Name = "test" Called-Station-Id = "1234567" Calling-Station-Id = "1234567" User-Password = "223cOW248aj195224+24044[198184" Service-Type = Framed-User Framed-Protocol = PPP Wed Apr 4 10:04:33 2001: DEBUG: Handling request with Handler 'Realm= 'Wed Apr 4 10:04:33 2001: DEBUG: Rewrote user name to testWed Apr 4 10:04:33 2001: DEBUG: Deleting session for test, 192.168.2.10, 31Wed Apr 4 10:04:33 2001: DEBUG: Handling with Radius::AuthFILEWed Apr 4 10:04:33 2001: DEBUG: Radius::AuthFILE looks for match with testWed Apr 4 10:04:33 2001: DEBUG: Radius::AuthFILE ACCEPT:Wed Apr 4 10:04:33 2001: DEBUG: Access accepted for testWed Apr 4 10:04:33 2001: DEBUG: Packet dump:*** Sending to192.168.2.10 port 4214 Code: Access-AcceptIdentifier: 147Authentic: 183y2381819514123725f2311612251531705Attributes: Framed-IP-Address =192.168.1.1 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255
(RADIATOR) Configuration Questions?
I was wondering if someone could point me in the right direction We're trying to setup Radiator to authenticate users that have no realm or the @tfb.com realm. Our database is a Platypus SQL database and we're using the EMERALD auth function. If the user exists in the database as user, we want him to be able to authenticate as user or [EMAIL PROTECTED] If the user exists in the database as user, we want him to be able to authenticate as [EMAIL PROTECTED] or user I seem to be missing something, because I can't figure it out.. Also, we're interested in keeping some of our legacy Lucent RADIUS servers online for authentication. We would like to throw authentication requests to the Lucent RADIUS servers from Radiator, but still do the accounting in our Platypus SQL database. Any pointers on this? Thank you, James Laszko TFBnet [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator issues
Hello Steve - I will need to see a complete trace 4 debug from Radiator together with a copy of your configuration file (no secrets). thanks Hugh We have been having some trouble with Bay Networks instant internet box, as well as some 3Com products. Radiator reports back as access accepted but the other device comes back as User Name and Password rejected. Porting the exact same info into a different device it works fine. Any ideas ? Attached is the log form from Radiator the users entry fallowed my the log form the Bay networks machine User-Name = "[EMAIL PROTECTED]" Tue Apr 3 11:21:55 2001: DEBUG: Rewrote user name to RAVEN Tue Apr 3 11:21:55 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 209.145.176.3, 20315 Tue Apr 3 11:21:55 2001: DEBUG: Radius::AuthFILE looks for match with RAVEN Tue Apr 3 11:21:55 2001: DEBUG: Access accepted for RAVEN User-Name = "[EMAIL PROTECTED]" Tue Apr 3 11:21:57 2001: DEBUG: Rewrote user name to RAVEN Tue Apr 3 11:21:57 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 209.145.176.3, 20315 Tue Apr 3 11:21:57 2001: DEBUG: Radius::AuthFILE looks for match with RAVEN Tue Apr 3 11:21:57 2001: DEBUG: Access accepted for RAVEN User-Name = "[EMAIL PROTECTED]" Tue Apr 3 11:22:00 2001: DEBUG: Rewrote user name to RAVEN Tue Apr 3 11:22:00 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 209.145.176.3, 20315 Tue Apr 3 11:22:00 2001: DEBUG: Radius::AuthFILE looks for match with RAVEN Tue Apr 3 11:22:00 2001: DEBUG: Access accepted for RAVEN RAVEN Encrypted-Password = "Bhk/ajx/814ec" Service-Type = Framed, Framed-Protocol = PPP, Framed-IP-Address = 209.145.176.213, Framed-IP-Netmask = 255.255.255.255, Port-Limit = 2, Idle-Timeout = 0 00:00:03.6467 tracing started at Tue Apr 3 11:59:56 2001 00:00:03.6479 Starting Script 00:00:03.6486 # provider Other (static) 00:00:03.6491 # type PPP static ISDN 00:00:03.6495 dial 00:00:03.6512 ISDN-B1 event:initiate state:dialing 00:00:05.5824 line state=connecting to switch (1) 00:00:29.6292 line state=initializing protocol (2) 00:00:29.7601 line state=active (4) 00:00:29.9365 dialing (64000) 2360117 00:00:29.9444 channel 1 assigned id 512 00:00:29.9464 call 512 state=call initiated (1) 00:00:30.7238 call 512 Channel ID:89 00:00:30.7244 call 512 assigned to B1 00:00:30.7295 call 512 state=outgoing call proceeding (3) 00:00:31.2727 call 512 connection confirmed 00:00:31.2773 call 512 on (0) set to hdlc64 protocol 00:00:31.2797 call 512 state=active (10) 00:00:31.2807 ISDN-B1 event:line up state:connected 00:00:31.4211 00:00:31.4218 00:00:31.4222 script complete 00:00:31.4243 ISDN-B1 event:dial complete state:negotiating 00:00:31.4260 ISDN-B1 snd: ppp typ=lcp state=reqsent code=cfgreq id=1 len=23 magic#=4CB8D mrru=1500 endpoint=03 00 C0 11 00 2A A0 .*. 00:00:31.4557 ISDN-B1 rcv: ppp typ=lcp state=reqsent code=cfgreq id=186 len=33 auth=pap magic#=EEAFE43D mrru=1524 endpoint=01 43 35 38 30 30 2D 52 53.C5800-RS 17=27 AD '. 00:00:31.4599 reject config request 00:00:31.4638 ISDN-B1 snd: ppp typ=lcp state=reqsent code=cfgrej id=186 len=8 17=27 AD '. 00:00:31.4710 ISDN-B1 rcv: ppp typ=lcp state=reqsent code=cfgack id=1 len=23 magic#=4CB8D mrru=1500 endpoint=03 00 C0 11 00 2A A0 .*. 00:00:31.4739 lcp state=ackrcvd:waiting on cfgreq 00:00:31.4851 ISDN-B1 rcv: ppp typ=lcp state=ackrcvd code=cfgreq id=187 len=29 auth=pap magic#=EEAFE43D mrru=1524 endpoint=01 43 35 38 30 30 2D 52 53.C5800-RS 00:00:31.4890 lcp state=opened:ready for next layer 00:00:31.4921 ISDN-B1 snd: ppp typ=lcp state=opened code=cfgack id=187 len=29 auth=pap magic#=EEAFE43D mrru=1524 endpoint=01 43 35 38 30 30 2D 52 53.C5800-RS 00:00:31.4984 ISDN-B1 snd: ppp typ=pap code=cfgreq id=0 len=34 12 52 41 56 45 4E 40 61 6E 65 74 2D 73 74 6C 2E .RAVEN@anet-stl. 63 6F 6D com 00:00:31.5966 ISDN-B1 rcv: ppp typ=pap code=cfgnak id=0 len=25 PAP USERNAME AND PASSWORD REJECTED 00:00:31.6021 hang up requested 00:00:31.6080 ISDN-B1 rcv: ppp typ=lcp state=opened code=termreq id=188 len=4 00:00:31.6110 lcp state=stopping 00:00:31.6138 ISDN-B1 snd: ppp typ=lcp state=stopping code=termack id=188 len=4 00:00:31.6180 hang up requested 00:00:31.6237 call 512 state=disconnect request (11) 00:00:31.9129 call 512 release requested 00:00:31.9177 call 512 disconnecting 00:00:31.9188 call 512 state=idle (0) 00:00:31.9199 ISDN-B1 event:connect failed state:down Steve Walkup Access US Network Engineer [EMAIL PROTECTED] 712 Second St. St. Louis MO 63102 618-257-2002 ext. 241 618-233-6087 fax 618-531-1041 cell ---End of forwarded mail from [EMAIL PROTECTED] -- Mike
Re: (RADIATOR) Problem assign static IP
Title: Re: (RADIATOR) Problem assign static IP Hello David - This is a Cisco configuration issue that has been discussed on the list many times. Please have a look at the FAQ (http://www.open.com.au/radiator/faq.html) as well as the archive site (http://www.starport.net/~radiator). From memory, you have to use virtual profiles or something similar. regards Hugh At 10:32 +0800 01/4/4, David T.C.Teh wrote: hi there, I having problem assign static ip for my dial-up customer. Hope someone can help. Attach below my config file and level 4 debug mode. From the Level 4 debug log, It seen that Radiator do forward the attribute to my RAS. The ip address assigned from the modem pool ip range. I am using Cisco as5300. Anyone have any clue? Thanks David Teh Auth by File test User-Password = test1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.1.200, Framed-IP-Netmask = 255.255.255.255 Level 4 log Wed Apr 4 10:04:33 2001: DEBUG: Packet dump: *** Received from192.168.2.10 port 4214 Code: Access-Request Identifier: 147 Authentic: 183y2381819514123725f2311612251531705 Attributes: NAS-IP-Address =192.168.2.10 NAS-Port = 31 NAS-Port-Type = Async User-Name = test Called-Station-Id = 1234567 Calling-Station-Id = 1234567 User-Password = 223cOW248aj195224+24044[198184 Service-Type = Framed-User Framed-Protocol = PPP Wed Apr 4 10:04:33 2001: DEBUG: Handling request with Handler 'Realm= ' Wed Apr 4 10:04:33 2001: DEBUG: Rewrote user name to test Wed Apr 4 10:04:33 2001: DEBUG: Deleting session for test, 192.168.2.10, 31 Wed Apr 4 10:04:33 2001: DEBUG: Handling with Radius::AuthFILE Wed Apr 4 10:04:33 2001: DEBUG: Radius::AuthFILE looks for match with test Wed Apr 4 10:04:33 2001: DEBUG: Radius::AuthFILE ACCEPT: Wed Apr 4 10:04:33 2001: DEBUG: Access accepted for test Wed Apr 4 10:04:33 2001: DEBUG: Packet dump: *** Sending to192.168.2.10 port 4214 Code: Access-Accept Identifier: 147 Authentic: 183y2381819514123725f2311612251531705 Attributes: Framed-IP-Address =192.168.1.1 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
Re: (RADIATOR) Attribute to return DNS addresses
Hello Brian - I am afraid you are going to search in vain, as there is no standard attribute to do this. You will have to use whatever vendor-specific is supported by your NAS equipment. hth Hugh At 10:29 +1000 01/4/4, Brian Morris wrote: Hi Folks, I would like to assign a new name server/s to a dial-in account but I can not find the attribute I need to return to setup the client with the primary and alternate DNS addresses. I have looked in both the standard dictionary and the livingston dictionary to no avail. (I am using a Portmaster 3) I am sure it is something simple but I just can't find it. Any help would be appreciated! Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) DEFAULT User or Profiles with AuthBY LDAP2
Hello Carl - Yes, I understand what you want to do. I am sure that it can be done from LDAP because some of our customers do this. Have a look at the archive site: http://www.starport.net/~radiator/2000-11/msg0.html I'm sure there are other postings on this topic as well. hth Hugh At 12:41 -0400 01/4/3, Carl Litt wrote: I am already using AddToReplyIfNotExist for the standard RADIUS attributes, but that is not quite suitable for user profiles. Each of our users has a serviceType which defines which type of service they pay for. For example, some of these users are what we call "daytimers" because they are only allowed in off-peak hours. Other service types have unique reply items to enforce the service policies. What I want to do is detect from AuthBY LDAP2 that serviceType=DAY (using a request item), and requery LDAP to retrieve the necessary reply items (Time, Session-Timeout) from a service template found in a calculated DN (serviceType=%{serviceType},...o=Top). I'm pretty sure I know how to configure all of this, except that I can't find a way to perform the second LDAP query for the service template. The LDAP2 module requires a userPassword which would never match in a template. Perhaps a new AuthBy LDAP2 parameter could disable the password check, allowing additional check/reply items to be applied? I would like to keep the profiles in LDAP for centralization and simplified maintenance, but if worse came to worse I suppose I could have it fall through to a flat 'users' file as documented in "goodies/profiles.txt". (Does this sound reasonable?) Thanks, Carl Litt Network Administrator Execulink Internet On Tue, 3 Apr 2001, Hugh Irvine wrote: Hello Carl - Why not just use an AddToReply in the AuthBy clause? Section 6.16.7 in the Radiator 2.18 reference manual. hth Hugh At 14:20 -0400 01/4/2, Carl Litt wrote: I am trying to configure a DEFAULT user with AuthBy LDAP2. I want to to authenticate the Access-Request via LDAP2, then retrieve a DEFAULT user with LDAP2 which contains the necessary reply items. This is on my way to using account profiles matched by LDAP request items. The only problem is that AuthBy LDAP2 always expects to authenticate the user with a password. The documentation (6.33.9) states that PasswordAttr or EncryptedPasswordAttr are required in the LDAP configuration. I did try it without PasswordAttr, but I get an LDAP_PARAM_ERROR. Obviously this won't let me lookup a DEFAULT user record. I think I remember some talk of how to do this with other AuthBy methods? My question is: How can I use LDAP2 to append profiled (or DEFAULT) reply items to an Access-Accept? Here is what my config looks like right now: AuthBy LDAP2 # Authenticate the Access-Request from LDAP # (This all works fine) Identifier LDAP-login ... /AuthBy AuthBy LDAP2 # Fetch the DEFAULT user's reply items Identifier LDAP-DEFAULT ... SearchFilter ((objectclass=radiusAccount)([EMAIL PROTECTED])) UsernameAttrmailLocalAddress AuthAttrDef radiusReplyItem,GENERIC,reply /AuthBy AuthBy GROUP Identifier genericLDAP AuthByPolicyContinueWhileAccept AuthBy LDAP-login AuthBy LDAP-DEFAULT /AuthBy Thanks, Carl Litt Network Administrator Execulink Internet === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Configuration Questions?
Hello James - At 21:09 -0700 01/4/3, James Laszko wrote: I was wondering if someone could point me in the right direction We're trying to setup Radiator to authenticate users that have no realm or the @tfb.com realm. Our database is a Platypus SQL database and we're using the EMERALD auth function. OK. If the user exists in the database as user, we want him to be able to authenticate as user or [EMAIL PROTECTED] If the user exists in the database as user, we want him to be able to authenticate as [EMAIL PROTECTED] or user I seem to be missing something, because I can't figure it out.. You just need a RewriteUsername to strip the realm (see below). Also, we're interested in keeping some of our legacy Lucent RADIUS servers online for authentication. We would like to throw authentication requests to the Lucent RADIUS servers from Radiator, but still do the accounting in our Platypus SQL database. Any pointers on this? Very easy to do - here are some pointers: # configure AuthBy clauses AuthBy EMERALD Identifier CheckEMERALD DBSource DBUsername DBAuth .. /AuthBy AuthBy RADIUS Identifier CheckLUCENT Host Secret /AuthBy # configure Handlers # accounting requests go here Handler Request-Type = Accounting-Request AuthBy CheckEMERALD /Handler # authentication requests to LUCENT go here # configure the Handler appropriately Handler .. AuthBy CheckLUCENT /Handler # everything else goes here Handler # Strip realm RewriteUsername s/^([^@]+).*/$1/ AuthBy CheckEMERALD /Handler hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Attribute to return DNS addresses
Hugh, I assumed that, but the livingston dictionary (PM3) does not have an entry in there for a DNS setting. Do you know of one? Regards, Brian Morris - Original Message - From: "Hugh Irvine" [EMAIL PROTECTED] To: "Brian Morris" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, April 04, 2001 2:44 PM Subject: Re: (RADIATOR) Attribute to return DNS addresses Hello Brian - I am afraid you are going to search in vain, as there is no standard attribute to do this. You will have to use whatever vendor-specific is supported by your NAS equipment. hth Hugh At 10:29 +1000 01/4/4, Brian Morris wrote: Hi Folks, I would like to assign a new name server/s to a dial-in account but I can not find the attribute I need to return to setup the client with the primary and alternate DNS addresses. I have looked in both the standard dictionary and the livingston dictionary to no avail. (I am using a Portmaster 3) I am sure it is something simple but I just can't find it. Any help would be appreciated! Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.