Re: (RADIATOR) IdenticalClients
Hello Daniel - You can either use Include file(s) in your configuration file, or you can use the ClientListSQL clause to store the definitions in a database. hth Hugh On Wednesday 21 March 2001 18:31, daniel wrote: Hi, I have to add lots of IdenticalClients and I was wondering if it is possible to do something like /24? Example, IdenticalClients *.*.*.0/24 According to the Doc, I can only do ip space ip. Thanks in advance. Daniel === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthRADIUS mods
Thanks Arjan -
I have forwarded your suggestions to Mike for consideration.
cheers
Hugh
On Tuesday 20 March 2001 19:33, Arjan Waardenburg wrote:
Hi all,
I made some modifications to the AuthRADIUS.pm and maybe other folks can
use them.
The first one is to choose beforehand which port is used for the forwarded
packets. I used OutPort as keyword and default value is 0 which causes
Radiator to use a random free port just like the standard AuthRADIUS.pm.
The reason for this modification is the strict filtering on firewalls or
routers between our proxy radiusserver and the final radiusserver.
The second modification is to ensure fast processing of accountingpackets
by sending a response immediately after receiving an accounting-request.
This is done using AccountingHandled in combination with a new keyword
IgnoreAccountingReponse. AccountingHandled takes care of the immediate
response and IgnoreAccountingResponse silently drops the
accounting-response from the final radiusserver.
Here is the diff :
72a73
$self-{OutPort} = 0;
92a94
'OutPort' = $self-{OutPort},
121a124
'OutPort'= 'string',
126a130
'IgnoreAccountingResponse' = 'flag',
270c274
(0, Socket::inet_aton($bind_address)))
---
($self-{OutPort}, Socket::inet_aton($bind_address)))
478,479c482,485
unless $self-{IgnoreReject}
$p-code eq 'Access-Reject';
---
unless (($self-{IgnoreReject}
$p-code eq 'Access-Reject')
|| ($self-{IgnoreAccountingResponse}
$p-code eq 'Accounting-Response'));
Regards,
Arjan
***DISCLAIMER***
Deze e-mail is uitsluitend bestemd voor de geadresseerde(n).
Verstrekking aan en gebruik door anderen is niet toegestaan.
KPN N.V. sluit iedere aansprakelijkheid uit die voortvloeit uit
elektronische verzending.
This e-mail is intended exclusively for the addressee(s), and may
not be passed on to, or made available for use by any person
other than the addressee(s).
KPN N.V. rules out any and every liability resulting from any
electronic transmission.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PPPOE Authentication / Accounting
Hello Brian - Whatever NAS-like device you use to terminate your PPPoE sessions looks to Radiator like any other NAS. If the device reports packets in/out and bytes in/out in accounting records you will record them just the same as with any other NAS. hth Hugh On Wednesday 21 March 2001 15:33, Brian Morris wrote: Hi All, We require the ability to authenticate clients using PPPoE as well as account for their traffic. Our regular dial-in NAS (PM3 for modem customers) does both auth and accounting just fine however we are new to PPPoE and I am not sure how to monitor traffic. Can anyone offer any suggestions as to the best way to do accounting (Time/Mb) using PPPoE. Any help would be appreciated. Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Client list question
Hello Griff - You are correct, if a Client clause does not catch a request, it should be rejected. An easy test is to dummy up some authentication requests with radpwtst and do some experiments. Use a trace 4 and check what is happening. hth Hugh On Wednesday 21 March 2001 09:16, Griff Hamlin wrote: Hello all, I've noticed that several people have been authenticated on my server when the routers are not listed in the client list. How can this be? I was under the impression from the documentation that if the router is not listed, and no default is given, it should be immediately rejected. Please advise. My radius config file is below with many routers removed for brevity, and the secrets missing. The users that are calling in on these routers are in the database, and are being accepted as they should be. However, I though that they should not be authenticated since their routers are not in the config file. Griff Hamlin, III _ # Radiator configuration file Trace 3 # Directory where logfile and details file are LogDir /var/adm/radacct # Database directory. Should contain: # users The user database # dictionary The dictionary for your NAS DbDir /etc/raddb AuthPort 1645 AcctPort 1646 # Global parameters LivingstonOffs 22 LivingstonHole 1 # Handle all users from all other realms by looking them up # in the users file at /etc/raddb/users. Handler RewriteUsername s/^([^@]+).*/$1/ AuthBy GROUP AuthByPolicy ContinueUntilAccept AuthBy QuikRadAcct # authorize by the module AuthQuikRadAcct.pm /AuthBy AuthBy FILE Filename %D/blkspam.1 DefaultReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Address = 10.10.10.10,\ Session-Timeout = 25,\ Idle-Timeout = 20 /AuthBy AuthBy FILE Filename %D/blkspam.2 DefaultReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Address = 10.10.10.10,\ Session-Timeout = 25,\ Idle-Timeout = 20 /AuthBy AuthBy FILE Filename %D/blkspam.3 DefaultReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Address = 10.10.10.10,\ Session-Timeout = 25,\ Idle-Timeout = 20 /AuthBy AuthBy FILE Filename %D/blkspam.4 DefaultReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Address = 10.10.10.10,\ Session-Timeout = 25,\ Idle-Timeout = 20 /AuthBy AuthBy FILE # This is primarily for test accounts not entered in Cheetah. Filename %D/users.head /AuthBy AuthBy QuikRad# authorize by the module AuthQuikRad.pm /AuthBy /AuthBy # Log accounting to the detail file in LogDir/client AcctLogFileName %L/%c/detail # MaxSessions 1 /Handler # Allows us to honour requests from radpwtst on the same host. Client localhost DupInterval 0 Secret xx /Client #63.169.132.243 O1 Communications proxy Client 63.169.132.243 Secret xx /Client #63.169.132.244 O1 Communications proxy Client 63.169.132.244 Secret xx /Client #63.169.132.245 O1 Communications proxy Client 63.169.132.245 Secret xx /Client #63.169.132.248 O1 Communications proxy Client 63.169.132.248 Secret xx /Client #63.169.132.249 O1 Communications proxy Client 63.169.132.249 Secret xx /Client #64.114.5.254 Chilliwack 1 Client 64.114.5.254 Secret xx NasType Livingston SNMPCommunity quik77 /Client #140.186.142.2 Boston 2 Client 140.186.142.2 Secret xx NasType Livingston SNMPCommunity quik77 /Client #140.186.142.100Boston Ascend Client 140.186.142.100 Secret xxx NasType Livingston SNMPCommunity quik77 /Client === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PPPOE Authentication / Accounting
Hugh, Is a NAS-like device required for PPPoE? If so, can you (or anyone) suggest one? Regards, Brian Morris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, March 21, 2001 7:48 PM Subject: Re: (RADIATOR) PPPOE Authentication / Accounting Hello Brian - Whatever NAS-like device you use to terminate your PPPoE sessions looks to Radiator like any other NAS. If the device reports packets in/out and bytes in/out in accounting records you will record them just the same as with any other NAS. hth Hugh On Wednesday 21 March 2001 15:33, Brian Morris wrote: Hi All, We require the ability to authenticate clients using PPPoE as well as account for their traffic. Our regular dial-in NAS (PM3 for modem customers) does both auth and accounting just fine however we are new to PPPoE and I am not sure how to monitor traffic. Can anyone offer any suggestions as to the best way to do accounting (Time/Mb) using PPPoE. Any help would be appreciated. Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Help with session timeout over l2tp tunnel
Hi everyone, I'm kind new here and I am having problems with L2TP. My telco provider offers RAS ports via ERICSSON TIGRIS. We've configured a L2TP tunnel from their TIGIRS to my gateway router, a Cisco 3640 via vpdn. All is well, authentication and accounting, but the session timeout does not seem to work. Althought I can see that the Cisco router is accepting the "session-timeout" value from the radius but it doesn't seem to implement it on the tigris. I hope someone can enlighten me. Thanks, Jaime Here is a copy of my radius config.: Handler Called-Station-ID=8350818 MaxSessions 1 #DbDir * AcctLogFileName /var/log/radius/Cards/details WtmpFileName /var/log/radius/Cardusers/%u PasswordLogFileName /var/log/radius/Cardpasswd/%m%d%Y-passlog PreAuthHook file:"hook2xonly" SessionDatabase SDB1 AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:mysql:* DBUsername DBAuth # Authentication ### AuthSelect select password, MAXTIME from SUBSCRIBERS where username='%n' and MAXTIME30 AuthColumnDef 0, User-Password, check AuthColumnDef 1, Ascend-Maximum-Time, reply AccountingTable ACCOUNTING AccountingStopsOnly AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef A_STAT_TYP,Acct-Status-Type AcctColumnDef A_SES_ID,Acct-Session-Id AcctColumnDef A_SES_TIME,Acct-Session-Time,integer AcctColumnDef A_TERM_CAUSE,Ascend-Disconnect-Cause,integer AcctColumnDef NAS_ID,NAS-IP-Address AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef F_IP_ADD,Framed-IP-Address AcctColumnDef CALLER_ID,Calling-Station-Id AcctColumnDef CALLED_STATION,Called-Station-Id AcctColumnDef 1X,tot1x,integer AcctColumnDef 2X,tot2x,integer AcctColumnDef 3X,tot3x,integer AcctColumnDef TIME_START,time-start,integer AcctSQLStatement DefaultReply Service-Type=Framed-User, Framed Protocol=PPP, Framed-Routing=None, Framed-MTU=1500 # Framed-IP-Netmask = 255.255.255.0, Framed-Compression = Van-Jacobson-TCP-IP Timeout 4 /AuthBy /Handler Here is what I have on my Cisco: aaa new-model aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default if-authenticated group radius aaa authorization network default if-authenticated group radius aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius ! vpdn enable ! vpdn-group PLDT accept-dialin protocol l2tp virtual-template 1 terminate-from hostname MAKATI_TIGRIS2 lcp renegotiation always l2tp tunnel password 7 * ! interface Virtual-Template1 description 300-port Manila RAS ip unnumbered FastEthernet0/1 keepalive 30 peer default ip address pool mnl-ras-pool ppp authentication pap ! === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PPPOE Authentication / Accounting
That's to be discussed, depending on the amount of concurrent users you're expecting :) Of course RedBack is better, but for low-profile ISP, DANA will do aswell. -Andy -Original Message- From: Karl, Matthew [mailto:[EMAIL PROTECTED]] Sent: woensdag 21 maart 2001 17:20 To: 'Andy De Petter'; Brian Morris Cc: Radiator Mailing Subject: RE: (RADIATOR) PPPOE Authentication / Accounting Redback Matthew C. Karl Florida State University Office of Telecommunications, MIS -Original Message- From: Andy De Petter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 21, 2001 7:23 AM To: Brian Morris Cc: Radiator Mailing Subject: RE: (RADIATOR) PPPOE Authentication / Accounting DANA, from Alcatel (http://www.alcatel.com), or REDBACK 1 (http://www.redback.com)? -a -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Morris Sent: woensdag 21 maart 2001 11:58 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) PPPOE Authentication / Accounting Hugh, Is a NAS-like device required for PPPoE? If so, can you (or anyone) suggest one? Regards, Brian Morris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, March 21, 2001 7:48 PM Subject: Re: (RADIATOR) PPPOE Authentication / Accounting Hello Brian - Whatever NAS-like device you use to terminate your PPPoE sessions looks to Radiator like any other NAS. If the device reports packets in/out and bytes in/out in accounting records you will record them just the same as with any other NAS. hth Hugh On Wednesday 21 March 2001 15:33, Brian Morris wrote: Hi All, We require the ability to authenticate clients using PPPoE as well as account for their traffic. Our regular dial-in NAS (PM3 for modem customers) does both auth and accounting just fine however we are new to PPPoE and I am not sure how to monitor traffic. Can anyone offer any suggestions as to the best way to do accounting (Time/Mb) using PPPoE. Any help would be appreciated. Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PPPOE Authentication / Accounting
Redback Matthew C. Karl Florida State University Office of Telecommunications, MIS -Original Message- From: Andy De Petter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 21, 2001 7:23 AM To: Brian Morris Cc: Radiator Mailing Subject:RE: (RADIATOR) PPPOE Authentication / Accounting DANA, from Alcatel (http://www.alcatel.com), or REDBACK 1 (http://www.redback.com)? -a -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Morris Sent: woensdag 21 maart 2001 11:58 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) PPPOE Authentication / Accounting Hugh, Is a NAS-like device required for PPPoE? If so, can you (or anyone) suggest one? Regards, Brian Morris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, March 21, 2001 7:48 PM Subject: Re: (RADIATOR) PPPOE Authentication / Accounting Hello Brian - Whatever NAS-like device you use to terminate your PPPoE sessions looks to Radiator like any other NAS. If the device reports packets in/out and bytes in/out in accounting records you will record them just the same as with any other NAS. hth Hugh On Wednesday 21 March 2001 15:33, Brian Morris wrote: Hi All, We require the ability to authenticate clients using PPPoE as well as account for their traffic. Our regular dial-in NAS (PM3 for modem customers) does both auth and accounting just fine however we are new to PPPoE and I am not sure how to monitor traffic. Can anyone offer any suggestions as to the best way to do accounting (Time/Mb) using PPPoE. Any help would be appreciated. Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) cisco av-pair and session-timeout
Hello again, I've been reading about the session-timeout with cisco by using their av-pair. I anyone kind enough to show me how to implement this av-pair on my radius config file. You help will be deeply appreciated. Thanks everyone!!! Jiame === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Trouble with SessionDatabase SQL
Hi all,
I write again to this list to report a strange behavior :
I want to limit simultaneous logins : Each user can be logged on once at
a time.
[In the bottom, you can find interesting parts of my config file.]
My trouble is the following : When I want to test that he second
simultaneous is rejected, I can see into the logfile :
*** Received from 212.180.2.10 port 2291
Code: Access-Request
Identifier: 22
Authentic: 1234567890123456
Attributes:
User-Name = "testrtc"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 12342
NAS-Port-Type = Async
User-Password =
"i1732171502331861891752128240XUg162230"
Wed Mar 21 18:08:14 2001: DEBUG: Check if Handler
Vendor-Specific=testing should be used to handle this request
Wed Mar 21 18:08:14 2001: DEBUG: Check if Handler
Vendor-Specific=dialup,Request-Type = Access-Request should be used to
handle this request
Wed Mar 21 18:08:14 2001: DEBUG: Handling request with Handler
'Vendor-Specific=dialup,Request-Type = Access-Request'
Wed Mar 21 18:08:14 2001: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Wed Mar 21 18:08:14 2001: DEBUG: SDB1 Deleting session for testrtc,
203.63.154.1, 12342
Wed Mar 21 18:08:14 2001: DEBUG: do query is: delete from RADONLINE
where NASIDENTIFIER='203.63.154.1' and NASPORT=012342
Wed Mar 21 18:08:14 2001: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='testrtc'
Wed Mar 21 18:08:14 2001: WARNING: SDB1 Could not find a Client for NAS
203.63.154.1 to double-check Simultaneous-Use. Perhaps
you do not have a reverse DNS for that NAS?
Wed Mar 21 18:08:14 2001: INFO: Access rejected for [EMAIL PROTECTED]:
MaxSessions exceeded
Wed Mar 21 18:08:14 2001: DEBUG: Packet dump:
*** Sending to 212.180.2.10 port 2291
Code: Access-Reject
Identifier: 22
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Reply-Message = "MaxSessions exceeded"
Wed Mar 21 18:08:14 2001: DEBUG: Handling with Radius::AuthLDAP2
Wed Mar 21 18:08:14 2001: DEBUG: LDAP got result for
[EMAIL PROTECTED],ou=users,domain=easynet.fr,vip=easynet-fr,o=easynet
.net
Wed Mar 21 18:08:14 2001: DEBUG: LDAP got userpassword:
{MD5}ZviHb9U7k5r2YaTNG6QuTA==
Wed Mar 21 18:08:14 2001: DEBUG: LDAP got idletime: 0
Wed Mar 21 18:08:14 2001: DEBUG: LDAP got ippool: 1
Wed Mar 21 18:08:14 2001: DEBUG: LDAP got ipnetmask: 255.255.255.255
Wed Mar 21 18:08:14 2001: DEBUG: LDAP got iproutemetric: 2
Wed Mar 21 18:08:14 2001: DEBUG: Radius::AuthLDAP2 looks for match with
[EMAIL PROTECTED]
Wed Mar 21 18:08:14 2001: DEBUG: Radius::AuthLDAP2 ACCEPT:
Wed Mar 21 18:08:14 2001: DEBUG: Access accepted for [EMAIL PROTECTED]
Wed Mar 21 18:08:14 2001: DEBUG: Packet dump:
*** Sending to 212.180.2.10 port 2291
Code: Access-Accept
Identifier: 22
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Reply-Message = "MaxSessions exceeded"
Ascend-Idle-Limit = 0
Ascend-Assign-IP-Pool = 1
Framed-IP-Netmask = 255.255.255.255
Ascend-Metric = 2
Service-Type = Framed-User
Framed-Protocol = PPP
Reply-Message = "Bienvenue sur Easynet France"
One request, and two answers : one reject (this is normal) and one
Accept (Abnormal, because of the MaxSessions Exceeded)
If think the Radius client will consider only the first answer, but in
case the first request is lost, the second (the wrong one) will be
received by the Radius client.
I want to have only one response, the reject.
Is there a way to do that ? with an AuthByPolicy ?
Thank you for attention, I hope someone can help me.
CONFIG FILE BELOW ##
AuthBy LDAP2
Identifier Auth_ldap_dialup
Host xxx.xxx.xxx.xxx
Port 389
AuthDN cn=xxx,o=xx.xxx
AuthPassword xx
BaseDN o=xxx.xxx
UsernameAttr uid
PasswordAttr userPassword
HoldServerConnection
AuthAttrDef ipaddr,Framed-IP-Address,reply
AuthAttrDef ipNetmask,Framed-IP-Netmask,reply
AuthAttrDef protocol,Framed-Protocol,reply
AuthAttrDef ipPool,Ascend-Assign-IP-Pool,reply
AuthAttrDef ipRouteMetric,Ascend-Metric,reply
AuthAttrDef minChannels,Ascend-Minimum-Channels,reply
AuthAttrDef maxChannels,Ascend-Maximum-Channels,reply
AuthAttrDef baseChannels,Ascend-Base-Channel-Count,reply
AuthAttrDef idleTime,Ascend-Idle-Limit,reply
SearchFilter
((uid=$name)(|(services=pstn)(services=isdn))(status=active))
AddToReply
Service-Type=Framed-User,Framed-Protocol=PPP,Reply-Message="Bienvenue
sur Easynet France"
/AuthBy
AuthBy SQL
Identifier Accounting1
# Disable authentication
AuthSelect
DBSource dbi:mysql:x:xxx
DBUsername xx
DBAuth x
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,
(RADIATOR) Nortel CVX-1800
Hi all, This question is a little off-topic, but I have seen some CVX-1800 users post to the list before who are using them with radiator as we are. We are having trouble with customers that are assigned static-ips via radiator being able to route to other customers who are just automatically assigned from the pools on the CVX-1800. They are able to reach the world, but can't even ping another dialup ip that's on the same box. Any pointers would be appreciated. Thanks, Kevin === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Trouble with SessionDatabase SQL
Salut Fred - Comment va la vie? Je suis desole qu'on s'est pas vu lors de ma derniere visite a Paris - mais peut-etre la prochaine fois? On Thursday 22 March 2001 04:50, Frederic Gargula wrote: Hi all, I write again to this list to report a strange behavior : I want to limit simultaneous logins : Each user can be logged on once at a time. [In the bottom, you can find interesting parts of my config file.] I agree with you - it looks quite strange. Could you tell me what version of Radiator you are running? And could you also try to remove the AuthByPolicy from the Handler? As you only have a single AuthBy you shouldn't need the AuthByPolicy anyway. A+ Hugues -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PPPOE Authentication / Accounting
Hello Brian - On Wednesday 21 March 2001 21:57, Brian Morris wrote: Hugh, Is a NAS-like device required for PPPoE? If so, can you (or anyone) suggest one? PPPoE translates to "Point to Point Protocol over Ethernet", and just like using PPP over modems, you need two ends to make a connection. Most ISP operators who are doing broadband over cable, or xDSL, use some sort of mass termination device to terminate the head-end of their subscribers' sessions. The question for you is "how many sessions are you looking to terminate?". If it is just one you could probably use a Linux box (or similar), but for larger numbers you will probably want a higher density solution. Others on the list have made a couple of suggestions regarding PPPoE devices, and as I have no experience in that area I have nothing to add. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) cisco av-pair and session-timeout
Hello Jaime - On Thursday 22 March 2001 04:56, Jaime Elizaga Jr. wrote: Hello again, I've been reading about the session-timeout with cisco by using their av-pair. I anyone kind enough to show me how to implement this av-pair on my radius config file. You help will be deeply appreciated. There are some example cisco-avpair reply attributes in the sample users file (called "users") in the main distribution directory. Also have a look at this item in the FAQ: 59. Whats the story with Session-Timeout and Cisco's hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Nortel CVX-1800
Hello Kevin - On Thursday 22 March 2001 09:42, Kevin Wormington wrote: Hi all, This question is a little off-topic, but I have seen some CVX-1800 users post to the list before who are using them with radiator as we are. We are having trouble with customers that are assigned static-ips via radiator being able to route to other customers who are just automatically assigned from the pools on the CVX-1800. They are able to reach the world, but can't even ping another dialup ip that's on the same box. Any pointers would be appreciated. Some devices have trouble with multiple bits of the same subnet in different places. You will probably need to set up some form of routing (either static or dynamic) to force the device to recognise the different subnet blocks. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Nortel CVX-1800
They are actually in two different subnets and we are using static routing. I can ping or traceroute either address from anywhere on the internet, they just can't see each other. Kevin -Original Message- From: Hugh Irvine [EMAIL PROTECTED] To: Kevin Wormington [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, March 21, 2001 5:30 PM Subject: Re: (RADIATOR) Nortel CVX-1800 Hello Kevin - On Thursday 22 March 2001 09:42, Kevin Wormington wrote: Hi all, This question is a little off-topic, but I have seen some CVX-1800 users post to the list before who are using them with radiator as we are. We are having trouble with customers that are assigned static-ips via radiator being able to route to other customers who are just automatically assigned from the pools on the CVX-1800. They are able to reach the world, but can't even ping another dialup ip that's on the same box. Any pointers would be appreciated. Some devices have trouble with multiple bits of the same subnet in different places. You will probably need to set up some form of routing (either static or dynamic) to force the device to recognise the different subnet blocks. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) IMPORTANT - MaxSessions problem in Radiator 2.18
Salut Fred, Salut Tout-le-monde - There is a slight error in Radiator 2.18 when using MaxSessions in a Realm or Handler. There is a patched version of Handler.pm in the patches area. Merci a Fred de l'avoir trouve! A+ Hugues -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
