(RADIATOR) Converting users flat file to CDB format
My Radiator users file is currently a flat file and I'd like to convert it to CDB format, as I've had good performance from CDBs on the mail system which runs Qmail. Are there resources out there where I can get help in the conversion e.g. a perl script or other tool? TIA, Robert AfricaOnline. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Converting users flat file to CDB format
Hi Robert, We dont have such a thing here, but it wouldnt be too hard to build one out of bits of builddbm, and bits of AuthCDB.pm Cheers. On Apr 3, 9:33am, Robert Mugo wrote: Subject: (RADIATOR) Converting users flat file to CDB format My Radiator users file is currently a flat file and I'd like to convert it to CDB format, as I've had good performance from CDBs on the mail system which runs Qmail. Are there resources out there where I can get help in the conversion e.g. a perl script or other tool? TIA, Robert AfricaOnline. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Robert Mugo -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) authby external
I am running an identical radius.cfg file and
external perl program in radius 2.13 and radius 2.15 and my results are quite
different. In radius 2.13 it functions properly and denies all
access... however in radius 2.15 it is accepting all access. I
checked the log file and it is giving an
Mon Apr 3 04:13:30 2000: DEBUG: Running
command: /usr/bin/perl /usr/local/etc/$Mon Apr 3 04:13:30 2000: ERR:
Bad attribute=value pair: 1Mon Apr 3 04:13:30 2000: DEBUG: Access
accepted for usa1000@usa
The Handler is below:
Handler
Called-Station-Id=/3099028/
AuthBy EXTERNAL Command
/usr/bin/perl /usr/local/etc/raddb/removal.pl %{User-Name}
%{Called-Station-Id}
/AuthBy/Handler
I made a simple removal.pl for this example and
here is what it says:
#!/usr/bin/perl
print "1"; # this should deny
access
exit;
Any ideas?
Brandon
Dialup USA, Inc.
(RADIATOR) error in dictionary?
Hi all, Could it be that the new dictionary included in the 2.15 release contains an error on line 38 (see below)? I changed type binary to abinary but that resulted in strange errors (see logfile excerpt below). I then changed the type to integer which in our case is right (should be string according to standards, but we use Ascend/Alcatel SMC). Mike, could you check the workings of the abinary type? I haven't had a look at the code yet, but this seems strange. - Joost. dictionary line 38: ATTRIBUTE Proxy-State 33 binary logfile: Mon Apr 3 12:46:23 2000: NOTICE: SIGHUP received: restarting Mon Apr 3 12:46:24 2000: ERR: Bad format in dictionary '/opt/APPradius/etc/dictionary' at line 38 Mon Apr 3 12:46:24 2000: INFO: Server started Mon Apr 3 12:46:30 2000: ERR: Attribute number 33 (vendor ) is not defined in your dictionary Mon Apr 3 12:46:44 2000: ERR: Attribute number 33 (vendor ) is not defined in your dictionary Mon Apr 3 12:46:46 2000: ERR: Attribute number 33 (vendor ) is not defined in your dictionary Mon Apr 3 12:46:46 2000: ERR: Attribute number 33 (vendor ) is not defined in your dictionary Mon Apr 3 12:46:51 2000: NOTICE: SIGHUP received: restarting Mon Apr 3 12:46:52 2000: INFO: Server started Mon Apr 3 12:46:55 2000: INFO: Radius::AuthKPNLDAP: Authentication failed for [EMAIL PROTECTED] Mon Apr 3 12:46:55 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:03 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:10 2000: INFO: Radius::AuthKPNLDAP: Authentication failed for [EMAIL PROTECTED] Mon Apr 3 12:47:10 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:17 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:36 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:38 2000: WARNING: Could not parse Proxy-State: generic out drop== Mon Apr 3 12:47:39 2000: NOTICE: SIGHUP received: restarting Mon Apr 3 12:47:39 2000: INFO: Server started - Joost. -- Joost Stegeman Service Developer Integration Services KPN OVN BBT/IP Integration Services tel. 070 - 371 37 83 fax. 070 - 371 26 38 E-mail: [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Reply Items in Access-Reject message?
Hello! How can I add some reply items in Access-Reject message? I need to return h323-return-code=cause to my IVR script, if user not exist in database. Thank you. Best regards, Rustam Povarov === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reply Items in Access-Reject message?
On Mon, 3 Apr 2000, Richi Plana wrote: |o| How can I add some reply items in Access-Reject message? I need to |o| return h323-return-code=cause to my IVR script, if user not |o| exist in database. This is Cisco's problem: too little documentation. Too bad it's getting to the point where alternatives simply aren't feasible. 1) Make an entry in your dictionary file for the H323-Return-Code VSA attribute (Cisco's vendor code is 9) 2) All H323 VSA's should be return in the format: H323-attrib = "cisco-h323-attrib-id=value" ie. H323-Return-Code = "h323-return-code=0" BTW ... that's how attribs are passed by client to server, too. Thank you, but i know, how to reply Voice VSA'a to cisco :) I want to know, how to say RADIATOR reply this vsa's with Access-Reject message. With Access-Accept it works successfully. Best regards, Rustam Povarov P.S. Sorry for my poor english. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reply Items in Access-Reject message?
On Mon, 3 Apr 2000, Rustam Povarov wrote: |o| How can I add some reply items in Access-Reject message? I need to |o| return h323-return-code=cause to my IVR script, if user not |o| exist in database. This is Cisco's problem: too little documentation. Too bad it's getting to the point where alternatives simply aren't feasible. 1) Make an entry in your dictionary file for the H323-Return-Code VSA attribute (Cisco's vendor code is 9) 2) All H323 VSA's should be return in the format: H323-attrib = "cisco-h323-attrib-id=value" ie. H323-Return-Code = "h323-return-code=0" BTW ... that's how attribs are passed by client to server, too. L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthbyRADMIN logging file problems?
Hello Jay,
On Apr 3, 2:39pm, Jay West wrote:
Subject: (RADIATOR) AuthbyRADMIN logging file problems?
We're having problems with the logfile stuff when using radmin.
Here's our radmin.cfg file:
==begin paste
AuthPort 1812
AcctPort 1813
DictionaryFile /usr/local/etc/raddb/dictionary
PidFile /var/run/radiusd.pid
Trace 3
LogDir /var/log/radius
LogFile logfile
ClientListSQL
DBSource dbi:mysql:radmin:pearl.tseinc.com
DBUsername aa
DBAuth
/ClientListSQL
SessionDatabase SQL
DBSource dbi:mysql:radmin:pearl.tseinc.com
DBUsername aaa
DBAuth
/SessionDatabase
Realm DEFAULT
AuthBy RADMIN
DBSource dbi:mysql:radmin:pearl.tseinc.com
DBUsername aaa
DBAuth
# Dont check MAXLOGINS, but do take note of these...
# FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME
AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
NULL,FRAMED_NETMASK,FRAMED_FILTER_ID,\
MAXIDLETIME \
from RADUSERS where \
USERNAME='%n' and BADLOGINS 5 and \
VALIDFROM %t and VALIDTO %t
AuthColumnDef 0,Framed-IP-Netmask,reply
AuthColumnDef 1,Filter-Id,reply
AuthColumnDef 2,Idle-Timeout,reply
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
/AuthBy
/Realm
=end paste==
Several problems...
1) Even though we have Trace set to 3, radiator is logging lots of level 4
messages (to RADMESSAGES) which are quite annoying and voluminous :) Any way
to tell it that trace 3 means just trace 3 and lower?
We have just fixed this problem: basically AuthBy RADMIN was logging everyrhing
and ignoring the trace level. You can find a fixed version that honours the
global Trace level in the patches area at
http://www.open.com.au/radiator/downloads/patches-2.15/AuthRADMIN.pm
We apologise for that.
2) Radiator set up as above is logging to three places
/var/log/radius/logfile, /usr/local/etc/raddb/logfile, and the RADMESSAGES
table. Is there any way to tell it to log to RADMESSAGES via SQL ONLY -
nowhere else?
Hmmm, AuthBy RADMIN will only log messages that originate _inside_ the AuthBy
RADMIN. We have a new version of LogSQL avaialble that can be configured to log
anywhere by changing the LogQuery paramter. You may want to use that to catch
mesages that originate outside AuthBy RADMIN?
If so I will send you an early release of the code.
Cheers.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
2000, NT, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) radmin enhancement request
I was wondering if it would be possible to include something like "user permissions" in an upcoming release of radmin. For example - we want tech support staff to be able to get into the radmin website and look at user data, but not be able to change anything. Administration staff should be able to change things. Specifically, we don't want tech support to be able to put in an ip address for the user. They've been known to type in our router IP address to get assigned to a ppp user :) But it's not just IP addresses - they need to see a user but not update them, and they need access to the logs, etc. I know this can be done via .htpasswd type structures, but I before I go setting up stuff like that I was wondering if there might be thoughts of doing this in the vanilla package. That way my stuff doesn't just stop working when I upgrade radmin :) Also - it would be nice if the radmin webpages for viewing messages and usagelogs had a button to clear the log. If the above change was implemented, this would be an admin only feature. One other thing - it'd be nice if one could access the other files (like radclients for example) on the web instead of user radusers. Just a few thoughts - thanks for a great product! Jay West === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reply Items in Access-Reject message?
Hello Rustam,
On Apr 3, 4:07pm, Rustam Povarov wrote:
Subject: (RADIATOR) Reply Items in Access-Reject message?
Hello!
How can I add some reply items in Access-Reject message?
I need to return h323-return-code=cause to my IVR script, if user not
exist in database.
Radaitor is not able to do that "out of the box". The only ways I could see of
doing that would be:
1. Change the code. In Client.pm at about line 296:
$rp-set_code('Access-Reject');
$rp-addAttrByNum($Radius::Radius::REPLY_MESSAGE,
'Request Denied');
$rp-addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
if $self-{RejectHasReason};
# add this $rp-add_attr('H323-Return-Code', '"h323-return-code=0"');
$p-{Client}-replyTo($rp, $p);
return;
2. Add a PostAuthHook that appends the H323-Return-Code, something like this
(untested)
PostAuthHooh sub {${$_[1]}-add_attr('H323-Return-Code',
'"h323-return-code=0"');}
Hope that helps.
Cheers.
Thank you.
Best regards,
Rustam Povarov
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-- End of excerpt from Rustam Povarov
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
2000, NT, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Attribute number 39051
Hi. I am getting a lot of these at the moment: Tue Apr 4 12:32:20 2000: ERR: Attribute number 39051 (vendor 429) is not defined in your dictionary Can anyone tell me what the correct Attribute should be? Cheers John -- John Vorstermans ||In the confrontation between the stream and the Technical Manager ||rock, The stream always wins - not through Actrix Networks ||strength but through perseverance. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Attribute number 39051
Hi John, On Apr 4, 12:39pm, John Vorstermans wrote: Subject: (RADIATOR) Attribute number 39051 Hi. I am getting a lot of these at the moment: Tue Apr 4 12:32:20 2000: ERR: Attribute number 39051 (vendor 429) is not defined in your dictionary Can anyone tell me what the correct Attribute should be? Its in dictionary.usr: VENDORATTR 429 Disconnect-Reason0x988B integer also there are a number of VALUE definitions for it: VALUE Disconnect-Reason drv_no_error 0 etc Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
