Re: (RADIATOR) More authentication Attributes
Requiem, We had / have the same problem. Besides radiator, we also have our own radius server (but we're trying to get rid of it, VPN by VPN). The subscribers have an attribute 'radiusProfile' in their object. Whenever the value equals 1 they should have normal access, 0 no access and for instance 2 some different set of attributes: eg. a set of ip-filters. We forgot about the 2 for now. Somebody suggested to use the PreAuthHook to add an NV pair: add_attribute(radiusProfile, 1) and add another attribute in the directory, radiusCheck. An object now looks like this: dn: cn=user,... radiusProfile = 1 radiusCheck = radiusProfile=1 ... The first attribute is still necessary for the other Radius server, and the second to make it work with Radiator. I think it would be a nice feature to be able to check the retrieved attributes in a hook like PostAuthHook, and be able to reject or accept it based on the vlaue (or even better, select a profile at that point.) But anyway, this mechanisms does the job perfect for us. - Wilbert -Original Message-From: Requiem Aurelien (Ext/NTC) [EMAIL PROTECTED]To: Radiator (E-mail) [EMAIL PROTECTED]Date: donderdag 8 juli 1999 16:26Subject: (RADIATOR) More authentication AttributesHelloHow can i add more authentication attributesshall i use CheckAttr ?I need to anthenticate a user via 3 informations1) Name2) Password3) Calling-Station-IdAll of my user are into a ldap serverThanks a lot to answer me Recycle your PC, Get Linux...Recycle your Windows, Get Kde...=Archive at http://www.thesite.com.au/~radiator/To unsubscribe, email '[EMAIL PROTECTED]' with'unsubscribe radiator' in the body of the message.
(RADIATOR) SessionDatabase problem using Oracle with Fork
Hi Mike, I got a problem when running multiple instances of Radiator with external Database, Oracle, to enforce Simultaneous-Use limits. The problem only exist when "Fork" is used in the config. For environment, the Radiator runs in a Solaris machine with Oracle sqlnet to access the Oracle serve. The sid and tables are created in the Oracle server without problem. The Perl module DBI-1.11 and DBD-Oracle-1.02 are installed. The version of Oracle is 8.0.5. The config files are as follow: # radius.cfg . . . Realm DEFAULT AuthBy FILE Filename /usr/local/etc/config # Fork /AuthBy AcctLogFileName %L/detail /Realm Realm defaultrealm AuthBy SYSTEM UseGetspnam Identifier System DefaultReply Service-Type = Framed,\ Framed-Protocol = PPP /AuthBy /Realm SessionDatabase SQL DBSource dbi:Oracle:radius DBUsername userid DBAuth password /SessionDatabase #config DEFAULT Auth-Type=System,Group=g1,NAS-IP-Address=206.161.55.24,Simultaneous-Use=1 DEFAULT Auth-Type=System,Group=g2,NAS-IP-Address=206.161.55.24,Simultaneous-Use=1 DEFAULT Auth-Type=System,Group=g3,NAS-IP-Address=206.161.55.24,Simultaneous-Use=1 The configuration above has no problem without the "Fork". However, when I put back the keyword "Fork", I would get the following error messages inside the xterm which start the Radiator: DBD::Oracle::db do failed: ORA-03113: end-of-file on communication channel (DBD ERROR: OCIStmtExecute) at /usr/local/lib/perl5/site_perl/Radius/SqlDb.pm line 230. DBD::Oracle::db disconnect failed: ORA-12545: Connect failed because target host or object does not exist (DBD ERROR: OCISessionEnd) at /usr/local/lib/perl5/site_perl/Radius/SqlDb.pm line 244. The above message would print continuously when a new user is getting connected. The logfile with trace 4 has the following message: *** Received from 206.161.55.24 port 33100 Code: Access-Request Identifier: 183 Authentic: 1234567890123456 Attributes: User-Name = "t1c" Service-Type = Framed-User NAS-IP-Address = 206.161.55.24 NAS-Port = 1234 NAS-Port-Type = Async Framed-IP-Address = 206.161.55.24 User-Password = ""132w184228{198170os1632112144211219" Fri Jul 9 13:53:58 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Fri Jul 9 13:53:58 1999: DEBUG: Handling with Radius::AuthFILE Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthFILE looks for match with t1c Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT Fri Jul 9 13:53:58 1999: DEBUG: Handling with Radius::AuthSYSTEM Fri Jul 9 13:53:58 1999: DEBUG: getpwnam got t1c, ZJgPkhMU6EVy., 62360, 111, , , Test Account, /export/home/t1c, /usr/bin/ksh Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthSYSTEM looks for match with t1c Fri Jul 9 13:53:58 1999: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='t1c' Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthSYSTEM ACCEPT: Fri Jul 9 13:53:58 1999: DEBUG: Radius::AuthFILE ACCEPT: Fri Jul 9 13:53:58 1999: DEBUG: Access accepted for t1c Fri Jul 9 13:53:58 1999: DEBUG: Packet dump: *** Sending to 206.161.55.24 port 33100 Code: Access-Accept Identifier: 183 Authentic: 1234567890123456 Attributes: Service-Type = Framed Framed-Protocol = PPP Fri Jul 9 13:53:58 1999: DEBUG: Packet dump: *** Received from 206.161.55.24 port 33100 Code: Accounting-Request Identifier: 184 Authentic: 236202156020320331S631200T253239182 Attributes: User-Name = "t1c" Service-Type = Framed-User NAS-IP-Address = 206.161.55.24 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1" Acct-Status-Type = Start Framed-IP-Address = 206.161.55.24 Fri Jul 9 13:53:58 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Fri Jul 9 13:53:58 1999: DEBUG: Handling with Radius::AuthFILE Fri Jul 9 13:53:58 1999: DEBUG: Accounting accepted Fri Jul 9 13:53:58 1999: DEBUG: Packet dump: *** Sending to 206.161.55.24 port 33100 Code: Accounting-Response Identifier: 184 Authentic: 236202156020320331S631200T253239182 Attributes: Fri Jul 9 13:53:58 1999: DEBUG: Adding session for t1c, 206.161.55.24, 1234 Fri Jul 9 13:53:58 1999: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='206.161.55.24' and NASPORT=1234 Fri Jul 9 13:53:58 1999: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('t1c', '206.161.55.24', 1234, '1', 931499638, '206.161.55.24', 'Async', 'Framed-User') Fri Jul 9 13:53:58 1999: DEBUG: Packet dump: *** Received from 206.161.55.24 port 33100 Code: Accounting-Request Identifier: 185 Authentic: 22200241178140*14531741752301470235224226 Attributes: User-Name = "t1c" Service-Type = Framed-User NAS-IP-Address = 206.161.55.24 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1" Acct-Status-Type = Stop Framed-IP-Address = 206.161.55.24
(RADIATOR) Accounting do Database via ODBC
Ladies Gentilmen: I'm trying to do something here that I'm not sure that it could work. I have radiator working just fine here at my ISP and know I what to implement some new functions to him. I'm trying to make radiator send the accounting information to a Data Base (very simple one - Access) via an ODBC driver and still create the accounting log files. bellow is my CONFIG FILE, I know it my be very wierd, but that's why I'm asking for some help. When I run he command line: c:\ perl radiusd -confi_file=maxntdb.cfg I receive a lot of: Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'Identifier=NTSystem' in maxntdb.cfg line 39Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'Auth-Type=System' in maxntdb.cfg line 40Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'Domain=mydomain' in maxntdb.cfg line 41Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'DomainController=hostname' in maxntdb.cfg line 42Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'AcctLogFileName=%L\%Y%m%d.act' in maxntdb.cfg line 44Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'DBSource=dbi:Acessos:localhost' in maxntdb.cfg line 46Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'AcctColumnDef=TIME_STAMP,Timestamp,formatted-date,to_date('%e' in maxntdb.cfg line 48Sat Jul 10 10:28:46 1999: ERR: Unknown keyword 'AcctColumnDef=SessionID,Acct-Session-Id' in maxntdb.cfg line 50Sat Jul 10 10:28:46 1999: ERR: Unknown keyword 'AcctColumnDef=TIME_STAMP,Timestamp' in maxntdb.cfg line 51Sat Jul 10 10:28:46 1999: ERR: Unknown keyword 'AcctColumnDef=StatusType,Acct-Status-Type' in maxntdb.cfg line 52Sat Jul 10 10:28:46 1999: ERR: Unknown keyword 'AcctColumnDef=UserName,User-Name' in maxntdb.cfg line 53Sat Jul 10 10:28:46 1999: ERR: Unknown keyword 'AcctColumnDef=SessionTime,Acct-Session-Time,integer' in maxntdb.cfg line 54Sat Jul 10 10:28:46 1999: ERR: Unknown keyword 'AccountingTable=Acessos' in maxntdb.cfg line 56Sat Jul 10 10:28:47 1999: INFO: Server started - CONFIG FILE # maxntdb.cfg ForegroundLogStdoutTrace 5AuthPort 1645AcctPort 1646LogDir c:\radiator\malbanet\logLogFile %L\%Y%m%d.logDbDir C:\winnt\profiles\administrator\personalDictionaryFile %D\dictionary.nt # You will probably want to change this to suit your site. Client localhostSecret mysecretDupInterval 0/Client Client XXX.YYY.ZZZ.xxxSecret mysecretDupInterval 0/Client Client XXX.YYY.ZZZ.xxxSecret mysecretDupInterval 0/Client Client XXX.YYY.ZZZ.xxxSecret mysecretDupInterval 0/Client Realm DEFAULT# Limit all users in this realm to max of 1 sessionMaxSessions 1AuthBy NTIdentifier=NTSystemAuth-Type=SystemDomain=mydomainDomainController=hostname# Log all accounting into daily log files in LogDirAcctLogFileName=%L\%Y%m%d.act# Connect to ODBC on localhostDBSource=dbi:Acessos:localhost# Heres how you can convert Timestamps into a format that Oracle likesAcctColumnDef=TIME_STAMP,Timestamp,formatted-date,to_date('%e %m %Y %H:%M:%S', 'DD MM HH24:MI:SS')# AcctColumnDef COLUMN,Attribute[,type][,format]AcctColumnDef=SessionID,Acct-Session-IdAcctColumnDef=TIME_STAMP,TimestampAcctColumnDef=StatusType,Acct-Status-TypeAcctColumnDef=UserName,User-NameAcctColumnDef=SessionTime,Acct-Session-Time,integer# Store accounting records in AcessosAccountingTable=Acessos/AuthBy/Realm