Re: (RADIATOR) More authentication Attributes
Requiem, We had / have the same problem. Besides radiator, we also have our own radius server (but we're trying to get rid of it, VPN by VPN). The subscribers have an attribute 'radiusProfile' in their object. Whenever the value equals 1 they should have normal access, 0 no access and for instance 2 some different set of attributes: eg. a set of ip-filters. We forgot about the 2 for now. Somebody suggested to use the PreAuthHook to add an NV pair: add_attribute(radiusProfile, 1) and add another attribute in the directory, radiusCheck. An object now looks like this: dn: cn=user,... radiusProfile = 1 radiusCheck = radiusProfile=1 ... The first attribute is still necessary for the other Radius server, and the second to make it work with Radiator. I think it would be a nice feature to be able to check the retrieved attributes in a hook like PostAuthHook, and be able to reject or accept it based on the vlaue (or even better, select a profile at that point.) But anyway, this mechanisms does the job perfect for us. - Wilbert -Original Message-From: Requiem Aurelien (Ext/NTC) [EMAIL PROTECTED]To: Radiator (E-mail) [EMAIL PROTECTED]Date: donderdag 8 juli 1999 16:26Subject: (RADIATOR) More authentication AttributesHelloHow can i add more authentication attributesshall i use CheckAttr ?I need to anthenticate a user via 3 informations1) Name2) Password3) Calling-Station-IdAll of my user are into a ldap serverThanks a lot to answer me Recycle your PC, Get Linux...Recycle your Windows, Get Kde...=Archive at http://www.thesite.com.au/~radiator/To unsubscribe, email '[EMAIL PROTECTED]' with'unsubscribe radiator' in the body of the message.
(RADIATOR) SessionDatabase problem using Oracle with Fork
Hi Mike,
I got a problem when running multiple instances of Radiator with
external Database, Oracle, to enforce Simultaneous-Use limits. The
problem only exist when "Fork" is used in the config.
For environment, the Radiator runs in a Solaris machine with Oracle
sqlnet to access the Oracle serve. The sid and tables are created in the
Oracle server without problem. The Perl module DBI-1.11 and
DBD-Oracle-1.02 are installed. The version of Oracle is 8.0.5. The
config files are as follow:
# radius.cfg
.
.
.
Realm DEFAULT
AuthBy FILE
Filename /usr/local/etc/config
# Fork
/AuthBy
AcctLogFileName %L/detail
/Realm
Realm defaultrealm
AuthBy SYSTEM
UseGetspnam
Identifier System
DefaultReply Service-Type = Framed,\
Framed-Protocol = PPP
/AuthBy
/Realm
SessionDatabase SQL
DBSource dbi:Oracle:radius
DBUsername userid
DBAuth password
/SessionDatabase
#config
DEFAULT
Auth-Type=System,Group=g1,NAS-IP-Address=206.161.55.24,Simultaneous-Use=1
DEFAULT
Auth-Type=System,Group=g2,NAS-IP-Address=206.161.55.24,Simultaneous-Use=1
DEFAULT
Auth-Type=System,Group=g3,NAS-IP-Address=206.161.55.24,Simultaneous-Use=1
The configuration above has no problem without the "Fork".
However, when I put back the keyword "Fork", I would get the following
error messages inside the xterm which start the Radiator:
DBD::Oracle::db do failed: ORA-03113: end-of-file on communication
channel (DBD ERROR: OCIStmtExecute) at
/usr/local/lib/perl5/site_perl/Radius/SqlDb.pm line 230.
DBD::Oracle::db disconnect failed: ORA-12545: Connect failed because
target host or object does not exist (DBD ERROR: OCISessionEnd) at
/usr/local/lib/perl5/site_perl/Radius/SqlDb.pm line 244.
The above message would print continuously when a new user is getting
connected.
The logfile with trace 4 has the following message:
*** Received from 206.161.55.24 port 33100
Code: Access-Request
Identifier: 183
Authentic: 1234567890123456
Attributes:
User-Name = "t1c"
Service-Type = Framed-User
NAS-IP-Address = 206.161.55.24
NAS-Port = 1234
NAS-Port-Type = Async
Framed-IP-Address = 206.161.55.24
User-Password =
""132w184228{198170os1632112144211219"
Fri Jul 9 13:53:58 1999: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Jul 9 13:53:58 1999: DEBUG: Handling with Radius::AuthFILE
Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthFILE looks for match with
t1c
Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Fri Jul 9 13:53:58 1999: DEBUG: Handling with Radius::AuthSYSTEM
Fri Jul 9 13:53:58 1999: DEBUG: getpwnam got t1c, ZJgPkhMU6EVy., 62360,
111, , , Test Account, /export/home/t1c, /usr/bin/ksh
Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthSYSTEM looks for match with
t1c
Fri Jul 9 13:53:58 1999: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='t1c'
Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthSYSTEM ACCEPT:
Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthFILE ACCEPT:
Fri Jul 9 13:53:58 1999: DEBUG: Access accepted for t1c
Fri Jul 9 13:53:58 1999: DEBUG: Packet dump:
*** Sending to 206.161.55.24 port 33100
Code: Access-Accept
Identifier: 183
Authentic: 1234567890123456
Attributes:
Service-Type = Framed
Framed-Protocol = PPP
Fri Jul 9 13:53:58 1999: DEBUG: Packet dump:
*** Received from 206.161.55.24 port 33100
Code: Accounting-Request
Identifier: 184
Authentic:
236202156020320331S631200T253239182
Attributes:
User-Name = "t1c"
Service-Type = Framed-User
NAS-IP-Address = 206.161.55.24
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "1"
Acct-Status-Type = Start
Framed-IP-Address = 206.161.55.24
Fri Jul 9 13:53:58 1999: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Jul 9 13:53:58 1999: DEBUG: Handling with Radius::AuthFILE
Fri Jul 9 13:53:58 1999: DEBUG: Accounting accepted
Fri Jul 9 13:53:58 1999: DEBUG: Packet dump:
*** Sending to 206.161.55.24 port 33100
Code: Accounting-Response
Identifier: 184
Authentic:
236202156020320331S631200T253239182
Attributes:
Fri Jul 9 13:53:58 1999: DEBUG: Adding session for t1c, 206.161.55.24,
1234
Fri Jul 9 13:53:58 1999: DEBUG: do query is: delete from RADONLINE
where NASIDENTIFIER='206.161.55.24' and NASPORT=1234
Fri Jul 9 13:53:58 1999: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('t1c',
'206.161.55.24', 1234, '1', 931499638, '206.161.55.24', 'Async',
'Framed-User')
Fri Jul 9 13:53:58 1999: DEBUG: Packet dump:
*** Received from 206.161.55.24 port 33100
Code: Accounting-Request
Identifier: 185
Authentic:
22200241178140*14531741752301470235224226
Attributes:
User-Name = "t1c"
Service-Type = Framed-User
NAS-IP-Address = 206.161.55.24
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "1"
Acct-Status-Type = Stop
Framed-IP-Address = 206.161.55.24
(RADIATOR) Accounting do Database via ODBC
Ladies Gentilmen:
I'm trying to do something here that
I'm not sure that it could work. I have radiator working just fine here at my
ISP and know I what to implement some new functions to him. I'm trying to make
radiator send the accounting information to a Data Base (very simple one -
Access) via an ODBC driver and still create the accounting log files. bellow is
my CONFIG FILE, I know it my be very wierd, but that's why I'm asking for some
help. When I run he command line:
c:\ perl radiusd
-confi_file=maxntdb.cfg I receive a lot of:
Sat Jul 10 10:28:45 1999: ERR: Unknown keyword
'Identifier=NTSystem' in maxntdb.cfg line 39Sat Jul 10 10:28:45 1999: ERR:
Unknown keyword 'Auth-Type=System' in maxntdb.cfg line 40Sat Jul 10 10:28:45
1999: ERR: Unknown keyword 'Domain=mydomain' in maxntdb.cfg line 41Sat Jul
10 10:28:45 1999: ERR: Unknown keyword 'DomainController=hostname' in
maxntdb.cfg line 42Sat Jul 10 10:28:45 1999: ERR: Unknown keyword
'AcctLogFileName=%L\%Y%m%d.act' in maxntdb.cfg line 44Sat Jul 10 10:28:45
1999: ERR: Unknown keyword 'DBSource=dbi:Acessos:localhost' in maxntdb.cfg line
46Sat Jul 10 10:28:45 1999: ERR: Unknown keyword
'AcctColumnDef=TIME_STAMP,Timestamp,formatted-date,to_date('%e' in maxntdb.cfg
line 48Sat Jul 10 10:28:46 1999: ERR: Unknown keyword
'AcctColumnDef=SessionID,Acct-Session-Id' in maxntdb.cfg line 50Sat Jul 10
10:28:46 1999: ERR: Unknown keyword 'AcctColumnDef=TIME_STAMP,Timestamp' in
maxntdb.cfg line 51Sat Jul 10 10:28:46 1999: ERR: Unknown keyword
'AcctColumnDef=StatusType,Acct-Status-Type' in maxntdb.cfg line 52Sat Jul 10
10:28:46 1999: ERR: Unknown keyword 'AcctColumnDef=UserName,User-Name' in
maxntdb.cfg line 53Sat Jul 10 10:28:46 1999: ERR: Unknown keyword
'AcctColumnDef=SessionTime,Acct-Session-Time,integer' in maxntdb.cfg line
54Sat Jul 10 10:28:46 1999: ERR: Unknown keyword 'AccountingTable=Acessos'
in maxntdb.cfg line 56Sat Jul 10 10:28:47 1999: INFO: Server
started
- CONFIG FILE
# maxntdb.cfg
ForegroundLogStdoutTrace
5AuthPort
1645AcctPort
1646LogDir
c:\radiator\malbanet\logLogFile
%L\%Y%m%d.logDbDir
C:\winnt\profiles\administrator\personalDictionaryFile
%D\dictionary.nt
# You will probably want to change
this to suit your site.
Client
localhostSecret mysecretDupInterval
0/Client
Client
XXX.YYY.ZZZ.xxxSecret mysecretDupInterval
0/Client
Client
XXX.YYY.ZZZ.xxxSecret mysecretDupInterval
0/Client
Client
XXX.YYY.ZZZ.xxxSecret mysecretDupInterval
0/Client
Realm DEFAULT# Limit all
users in this realm to max of 1
sessionMaxSessions 1AuthBy
NTIdentifier=NTSystemAuth-Type=SystemDomain=mydomainDomainController=hostname#
Log all accounting into daily log files in
LogDirAcctLogFileName=%L\%Y%m%d.act# Connect to ODBC on
localhostDBSource=dbi:Acessos:localhost# Heres how you can convert
Timestamps into a format that Oracle
likesAcctColumnDef=TIME_STAMP,Timestamp,formatted-date,to_date('%e %m
%Y %H:%M:%S', 'DD MM HH24:MI:SS')# AcctColumnDef
COLUMN,Attribute[,type][,format]AcctColumnDef=SessionID,Acct-Session-IdAcctColumnDef=TIME_STAMP,TimestampAcctColumnDef=StatusType,Acct-Status-TypeAcctColumnDef=UserName,User-NameAcctColumnDef=SessionTime,Acct-Session-Time,integer#
Store accounting records in
AcessosAccountingTable=Acessos/AuthBy/Realm
