(RADIATOR) Converting users flat file to CDB format
My Radiator users file is currently a flat file and I'd like to convert it to CDB format, as I've had good performance from CDBs on the mail system which runs Qmail. Are there resources out there where I can get help in the conversion e.g. a perl script or other tool? TIA, Robert AfricaOnline. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Converting users flat file to CDB format
Hi Robert, We dont have such a thing here, but it wouldnt be too hard to build one out of bits of builddbm, and bits of AuthCDB.pm Cheers. On Apr 3, 9:33am, Robert Mugo wrote: Subject: (RADIATOR) Converting users flat file to CDB format My Radiator users file is currently a flat file and I'd like to convert it to CDB format, as I've had good performance from CDBs on the mail system which runs Qmail. Are there resources out there where I can get help in the conversion e.g. a perl script or other tool? TIA, Robert AfricaOnline. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Robert Mugo -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) authby external
I am running an identical radius.cfg file and external perl program in radius 2.13 and radius 2.15 and my results are quite different. In radius 2.13 it functions properly and denies all access... however in radius 2.15 it is accepting all access. I checked the log file and it is giving an Mon Apr 3 04:13:30 2000: DEBUG: Running command: /usr/bin/perl /usr/local/etc/$Mon Apr 3 04:13:30 2000: ERR: Bad attribute=value pair: 1Mon Apr 3 04:13:30 2000: DEBUG: Access accepted for usa1000@usa The Handler is below: Handler Called-Station-Id=/3099028/ AuthBy EXTERNAL Command /usr/bin/perl /usr/local/etc/raddb/removal.pl %{User-Name} %{Called-Station-Id} /AuthBy/Handler I made a simple removal.pl for this example and here is what it says: #!/usr/bin/perl print "1"; # this should deny access exit; Any ideas? Brandon Dialup USA, Inc.
(RADIATOR) error in dictionary?
Hi all, Could it be that the new dictionary included in the 2.15 release contains an error on line 38 (see below)? I changed type binary to abinary but that resulted in strange errors (see logfile excerpt below). I then changed the type to integer which in our case is right (should be string according to standards, but we use Ascend/Alcatel SMC). Mike, could you check the workings of the abinary type? I haven't had a look at the code yet, but this seems strange. - Joost. dictionary line 38: ATTRIBUTE Proxy-State 33 binary logfile: Mon Apr 3 12:46:23 2000: NOTICE: SIGHUP received: restarting Mon Apr 3 12:46:24 2000: ERR: Bad format in dictionary '/opt/APPradius/etc/dictionary' at line 38 Mon Apr 3 12:46:24 2000: INFO: Server started Mon Apr 3 12:46:30 2000: ERR: Attribute number 33 (vendor ) is not defined in your dictionary Mon Apr 3 12:46:44 2000: ERR: Attribute number 33 (vendor ) is not defined in your dictionary Mon Apr 3 12:46:46 2000: ERR: Attribute number 33 (vendor ) is not defined in your dictionary Mon Apr 3 12:46:46 2000: ERR: Attribute number 33 (vendor ) is not defined in your dictionary Mon Apr 3 12:46:51 2000: NOTICE: SIGHUP received: restarting Mon Apr 3 12:46:52 2000: INFO: Server started Mon Apr 3 12:46:55 2000: INFO: Radius::AuthKPNLDAP: Authentication failed for [EMAIL PROTECTED] Mon Apr 3 12:46:55 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:03 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:10 2000: INFO: Radius::AuthKPNLDAP: Authentication failed for [EMAIL PROTECTED] Mon Apr 3 12:47:10 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:17 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:36 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:38 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:39 2000: NOTICE: SIGHUP received: restarting Mon Apr 3 12:47:39 2000: INFO: Server started - Joost. -- Joost Stegeman Service Developer Integration Services KPN OVN BBT/IP Integration Services tel. 070 - 371 37 83 fax. 070 - 371 26 38 E-mail: [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Reply Items in Access-Reject message?
Hello! How can I add some reply items in Access-Reject message? I need to return h323-return-code=cause to my IVR script, if user not exist in database. Thank you. Best regards, Rustam Povarov === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reply Items in Access-Reject message?
On Mon, 3 Apr 2000, Richi Plana wrote: |o| How can I add some reply items in Access-Reject message? I need to |o| return h323-return-code=cause to my IVR script, if user not |o| exist in database. This is Cisco's problem: too little documentation. Too bad it's getting to the point where alternatives simply aren't feasible. 1) Make an entry in your dictionary file for the H323-Return-Code VSA attribute (Cisco's vendor code is 9) 2) All H323 VSA's should be return in the format: H323-attrib = "cisco-h323-attrib-id=value" ie. H323-Return-Code = "h323-return-code=0" BTW ... that's how attribs are passed by client to server, too. Thank you, but i know, how to reply Voice VSA'a to cisco :) I want to know, how to say RADIATOR reply this vsa's with Access-Reject message. With Access-Accept it works successfully. Best regards, Rustam Povarov P.S. Sorry for my poor english. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reply Items in Access-Reject message?
On Mon, 3 Apr 2000, Rustam Povarov wrote: |o| How can I add some reply items in Access-Reject message? I need to |o| return h323-return-code=cause to my IVR script, if user not |o| exist in database. This is Cisco's problem: too little documentation. Too bad it's getting to the point where alternatives simply aren't feasible. 1) Make an entry in your dictionary file for the H323-Return-Code VSA attribute (Cisco's vendor code is 9) 2) All H323 VSA's should be return in the format: H323-attrib = "cisco-h323-attrib-id=value" ie. H323-Return-Code = "h323-return-code=0" BTW ... that's how attribs are passed by client to server, too. L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthbyRADMIN logging file problems?
Hello Jay, On Apr 3, 2:39pm, Jay West wrote: Subject: (RADIATOR) AuthbyRADMIN logging file problems? We're having problems with the logfile stuff when using radmin. Here's our radmin.cfg file: ==begin paste AuthPort 1812 AcctPort 1813 DictionaryFile /usr/local/etc/raddb/dictionary PidFile /var/run/radiusd.pid Trace 3 LogDir /var/log/radius LogFile logfile ClientListSQL DBSource dbi:mysql:radmin:pearl.tseinc.com DBUsername aa DBAuth /ClientListSQL SessionDatabase SQL DBSource dbi:mysql:radmin:pearl.tseinc.com DBUsername aaa DBAuth /SessionDatabase Realm DEFAULT AuthBy RADMIN DBSource dbi:mysql:radmin:pearl.tseinc.com DBUsername aaa DBAuth # Dont check MAXLOGINS, but do take note of these... # FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\ NULL,FRAMED_NETMASK,FRAMED_FILTER_ID,\ MAXIDLETIME \ from RADUSERS where \ USERNAME='%n' and BADLOGINS 5 and \ VALIDFROM %t and VALIDTO %t AuthColumnDef 0,Framed-IP-Netmask,reply AuthColumnDef 1,Filter-Id,reply AuthColumnDef 2,Idle-Timeout,reply AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP /AuthBy /Realm =end paste== Several problems... 1) Even though we have Trace set to 3, radiator is logging lots of level 4 messages (to RADMESSAGES) which are quite annoying and voluminous :) Any way to tell it that trace 3 means just trace 3 and lower? We have just fixed this problem: basically AuthBy RADMIN was logging everyrhing and ignoring the trace level. You can find a fixed version that honours the global Trace level in the patches area at http://www.open.com.au/radiator/downloads/patches-2.15/AuthRADMIN.pm We apologise for that. 2) Radiator set up as above is logging to three places /var/log/radius/logfile, /usr/local/etc/raddb/logfile, and the RADMESSAGES table. Is there any way to tell it to log to RADMESSAGES via SQL ONLY - nowhere else? Hmmm, AuthBy RADMIN will only log messages that originate _inside_ the AuthBy RADMIN. We have a new version of LogSQL avaialble that can be configured to log anywhere by changing the LogQuery paramter. You may want to use that to catch mesages that originate outside AuthBy RADMIN? If so I will send you an early release of the code. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radmin enhancement request
I was wondering if it would be possible to include something like "user permissions" in an upcoming release of radmin. For example - we want tech support staff to be able to get into the radmin website and look at user data, but not be able to change anything. Administration staff should be able to change things. Specifically, we don't want tech support to be able to put in an ip address for the user. They've been known to type in our router IP address to get assigned to a ppp user :) But it's not just IP addresses - they need to see a user but not update them, and they need access to the logs, etc. I know this can be done via .htpasswd type structures, but I before I go setting up stuff like that I was wondering if there might be thoughts of doing this in the vanilla package. That way my stuff doesn't just stop working when I upgrade radmin :) Also - it would be nice if the radmin webpages for viewing messages and usagelogs had a button to clear the log. If the above change was implemented, this would be an admin only feature. One other thing - it'd be nice if one could access the other files (like radclients for example) on the web instead of user radusers. Just a few thoughts - thanks for a great product! Jay West === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reply Items in Access-Reject message?
Hello Rustam, On Apr 3, 4:07pm, Rustam Povarov wrote: Subject: (RADIATOR) Reply Items in Access-Reject message? Hello! How can I add some reply items in Access-Reject message? I need to return h323-return-code=cause to my IVR script, if user not exist in database. Radaitor is not able to do that "out of the box". The only ways I could see of doing that would be: 1. Change the code. In Client.pm at about line 296: $rp-set_code('Access-Reject'); $rp-addAttrByNum($Radius::Radius::REPLY_MESSAGE, 'Request Denied'); $rp-addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason) if $self-{RejectHasReason}; # add this $rp-add_attr('H323-Return-Code', '"h323-return-code=0"'); $p-{Client}-replyTo($rp, $p); return; 2. Add a PostAuthHook that appends the H323-Return-Code, something like this (untested) PostAuthHooh sub {${$_[1]}-add_attr('H323-Return-Code', '"h323-return-code=0"');} Hope that helps. Cheers. Thank you. Best regards, Rustam Povarov === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Rustam Povarov -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Attribute number 39051
Hi. I am getting a lot of these at the moment: Tue Apr 4 12:32:20 2000: ERR: Attribute number 39051 (vendor 429) is not defined in your dictionary Can anyone tell me what the correct Attribute should be? Cheers John -- John Vorstermans ||In the confrontation between the stream and the Technical Manager ||rock, The stream always wins - not through Actrix Networks ||strength but through perseverance. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Attribute number 39051
Hi John, On Apr 4, 12:39pm, John Vorstermans wrote: Subject: (RADIATOR) Attribute number 39051 Hi. I am getting a lot of these at the moment: Tue Apr 4 12:32:20 2000: ERR: Attribute number 39051 (vendor 429) is not defined in your dictionary Can anyone tell me what the correct Attribute should be? Its in dictionary.usr: VENDORATTR 429 Disconnect-Reason0x988B integer also there are a number of VALUE definitions for it: VALUE Disconnect-Reason drv_no_error 0 etc Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.