RE: (RADIATOR) User-Name encrypted
Hi all I solved my problem! I changed the configuration on Cisco System as5300 in the section Interface Group-async1 I modified the parameter async mode old config: async mode dedicated new config: async mode interactive The Nas pass correct user-name now. thanks a lot bye -Original Message- From: Fabio Nitti (TEI) [mailto:[EMAIL PROTECTED]] Sent: mercoledì 20 febbraio 2002 11.38 To: [EMAIL PROTECTED] Subject: (RADIATOR) User-Name encrypted Hi All, I've a problem whit my system Radiator 2.17.1 It receives access-request from dialin throught the Nas with user-name encrypted I don't know where is the problem because I did all test with radpwtst GUI and I verified the correct configuration The NAS is a Cisco 5300 It doesn't work fine for regular users when I do a dialin connection with modem and a correct user The Nas pass a User-name encrypted This is my logfile Thanks a lots *** Received from 113.254.2.2 port 1645 Code: Access-Request Identifier: 12 Authentic: 30K223238020117143239161152/L211%d Attributes: NAS-IP-Address = 113.254.2.2 NAS-Port = 19 NAS-Port-Type = Async User-Name = }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~2 Called-Station-Id = 672908919 Calling-Station-Id = 672588404 User-Password = 3/149|{+-]141e@Eq218131140 Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@tilab should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@cuori should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Start should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = ia should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = tilab should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = cuori should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Handling request with Handler '' Tue Feb 19 20:15:48 2002: DEBUG: Deleting session for }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~, 113.254.2.2, 19 Tue Feb 19 20:15:48 2002: DEBUG: Running command: /export/home/IVLR/R2.0/bin/ivlr_Authenticator.exe /export/home/IVLR/R2.0/bin/conf/Authenticator.ini Tue Feb 19 20:15:53 2002: INFO: Access rejected for }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~: Tue Feb 19 20:15:53 2002: DEBUG: Packet dump: *** Sending to 113.254.2.2 port 1645 Code: Access-Reject Identifier: 12 Authentic: 30K223238020117143239161152/L211%d Attributes: Reply-Message = Request Denied Fabio Nitti === Research development Consultant ANS s.p.a. c/o TEI Ericsson Italy Intelligence Network Fixed Mobile Convergence DT/DW System Specialist Engineer Via Anagnina 203 Rome C.A.P. 00040 tel. +39 0672583246 ECN 839 73246 fax +39 06 72583127 e-mail [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User-Name encrypted
That's rightI knew it was a config change, but I couldn't remember what it was. Missed it when looking through all the old backup configs... -Ronan - Original Message - From: Fabio Nitti (TEI) [EMAIL PROTECTED] To: Ronan Eckelberry [EMAIL PROTECTED]; Hugh Irvine [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, 21 February, 2002 04:17 Subject: RE: (RADIATOR) User-Name encrypted Hi all I solved my problem! I changed the configuration on Cisco System as5300 in the section Interface Group-async1 I modified the parameter async mode old config: async mode dedicated new config: async mode interactive The Nas pass correct user-name now. thanks a lot bye -Original Message- From: Fabio Nitti (TEI) [mailto:[EMAIL PROTECTED]] Sent: mercoledì 20 febbraio 2002 11.38 To: [EMAIL PROTECTED] Subject: (RADIATOR) User-Name encrypted Hi All, I've a problem whit my system Radiator 2.17.1 It receives access-request from dialin throught the Nas with user-name encrypted I don't know where is the problem because I did all test with radpwtst GUI and I verified the correct configuration The NAS is a Cisco 5300 It doesn't work fine for regular users when I do a dialin connection with modem and a correct user The Nas pass a User-name encrypted This is my logfile Thanks a lots *** Received from 113.254.2.2 port 1645 Code: Access-Request Identifier: 12 Authentic: 30K223238020117143239161152/L211%d Attributes: NAS-IP-Address = 113.254.2.2 NAS-Port = 19 NAS-Port-Type = Async User-Name = }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~2 Called-Station-Id = 672908919 Calling-Station-Id = 672588404 User-Password = 3/149|{+-]141e@Eq218131140 Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@tilab should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@cuori should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Start should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = ia should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = tilab should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = cuori should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Handling request with Handler '' Tue Feb 19 20:15:48 2002: DEBUG: Deleting session for }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~, 113.254.2.2, 19 Tue Feb 19 20:15:48 2002: DEBUG: Running command: /export/home/IVLR/R2.0/bin/ivlr_Authenticator.exe /export/home/IVLR/R2.0/bin/conf/Authenticator.ini Tue Feb 19 20:15:53 2002: INFO: Access rejected for }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~: Tue Feb 19 20:15:53 2002: DEBUG: Packet dump: *** Sending to 113.254.2.2 port 1645 Code: Access-Reject Identifier: 12 Authentic: 30K223238020117143239161152/L211%d Attributes: Reply-Message = Request Denied Fabio Nitti === Research development Consultant ANS s.p.a. c/o TEI Ericsson Italy Intelligence Network Fixed Mobile Convergence DT/DW System Specialist Engineer Via Anagnina 203 Rome C.A.P. 00040 tel. +39 0672583246 ECN 839 73246 fax +39 06 72583127 e-mail [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) adding a new username problem
Hello, I have a problem adding a new username and NAS server to the users data file. I have run the simple.cfg and in this file the authentication is provided by the users file. So in the same directory I have opened the users file but it is a little bit complicated.Do I have to add the new username as the format written in the users file but when I create a new user database file named user_data and changed the auth file name to user_data in the simple.cfg but could not achieve to authenticate the new username. What should be the users file and simple.cfg context? I'll be pleased to get your comments. Murat KIRMACI === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) DHCP and Radiator High
Hello, I've the following question: Are there people who are using DHCP in combination with Radiator ? We want to use DHCP in combination with Radiator but we don't have the knowledge. We have some performance problems, we did some tests and the ip address alloction is the problem. The ip address are given from a mysql db. In this test we had 2 servers, 1 Radiator and the other the Database (Sun 420) (The test was run on the Radiator) radpwtst -user testbas -password test -iterations 254 -time -notrace Result: time for 254 iterations: 22s Is this normal ? When a user with a fixed ip address dials in there is no problem, but most of our users get a dynamic ip address So if we change to DHCP, would this solve the problem ? Further more we want to setup a high availability configuration anyone suggestions ? ps. we don't own our can configure the nasses Any help would be great. Regards, Dirk Laan begin:vcard n:Laan;Dirk tel;work:020-5497967 x-mozilla-html:FALSE adr:;; version:2.1 email;internet:[EMAIL PROTECTED] fn:Dirk Laan end:vcard
(RADIATOR) Radiator configuration File and Password
Hi I would like to get some assistance on how to have the password clipped from within the configuration file radius.cfg. Let me explain further. We have configured the radius.cfg file to be able to authenticate both from a file and from a database. The authentication is done by implementing the subscribers table as recommended by the installation process. However we are denied access when the user that is logging-in is in the subscribers table. We have found that by including the additional spaces in the password that equal the size of the password ,field define in the subscribers table, only then are we able tologin. Table: subscribers username char(12) Example: Login Name: vcas Password:vcas+8spaces
RE: (RADIATOR) DHCP and Radiator High
What kind of NAS are you using? It may be quicker to have the NAS assign the IP from a pool. -Ronan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dirk Laan Sent: Thursday, 21 February, 2002 15:49 To: Radiator Mailing Subject: (RADIATOR) DHCP and Radiator High Hello, I've the following question: Are there people who are using DHCP in combination with Radiator ? We want to use DHCP in combination with Radiator but we don't have the knowledge. We have some performance problems, we did some tests and the ip address alloction is the problem. The ip address are given from a mysql db. In this test we had 2 servers, 1 Radiator and the other the Database (Sun 420) (The test was run on the Radiator) radpwtst -user testbas -password test -iterations 254 -time -notrace Result: time for 254 iterations: 22s Is this normal ? When a user with a fixed ip address dials in there is no problem, but most of our users get a dynamic ip address So if we change to DHCP, would this solve the problem ? Further more we want to setup a high availability configuration anyone suggestions ? ps. we don't own our can configure the nasses Any help would be great. Regards, Dirk Laan === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radiator configuration File and Password
Are you putting spaces after the username in the database? -Ronan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shaun Eck Sent: Thursday, 21 February, 2002 16:56 To: [EMAIL PROTECTED] Subject: (RADIATOR) Radiator configuration File and Password Hi I would like to get some assistance on how to have the password clipped from within the configuration file radius.cfg. Let me explain further. We have configured the radius.cfg file to be able to authenticate both from a file and from a database. The authentication is done by implementing the subscribers table as recommended by the installation process. However we are denied access when the user that is logging-in is in the subscribers table. We have found that by including the additional spaces in the password that equal the size of the password ,field define in the subscribers table, only then are we able to login. Table: subscribers usernamechar(12) Example: Login Name: vcas Password: vcas+8spaces === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radiator configuration File and Password
The problem is that the type is char not varchar. Most databases will padd strings that are less than the size of the column to the column width with spaces. You will have to use the varchar type in order to avoid this. Sincerely, Leon Oosterwijk ISDN-NET Inc. www.isdn.net +1 615-221-4200 -Original Message- From: Ronan Eckelberry [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 5:02 PM To: 'Shaun Eck'; Subject: RE: (RADIATOR) Radiator configuration File and Password Are you putting spaces after the username in the database? -Ronan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shaun Eck Sent: Thursday, 21 February, 2002 16:56 To: [EMAIL PROTECTED] Subject: (RADIATOR) Radiator configuration File and Password Hi I would like to get some assistance on how to have the password clipped from within the configuration file radius.cfg. Let me explain further. We have configured the radius.cfg file to be able to authenticate both from a file and from a database. The authentication is done by implementing the subscribers table as recommended by the installation process. However we are denied access when the user that is logging-in is in the subscribers table. We have found that by including the additional spaces in the password that equal the size of the password ,field define in the subscribers table, only then are we able to login. Table: subscribers usernamechar(12) Example: Login Name: vcas Password: vcas+8spaces === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) adding a new username problem
Hello Murat - Please send me a copy of your Radiator configuration file (no secrets) together with a copy of your users file. thanks Hugh On Thu, 21 Feb 2002 23:13, Murat Kirmaci wrote: Hello, I have a problem adding a new username and NAS server to the users data file. I have run the simple.cfg and in this file the authentication is provided by the users file. So in the same directory I have opened the users file but it is a little bit complicated.Do I have to add the new username as the format written in the users file but when I create a new user database file named user_data and changed the auth file name to user_data in the simple.cfg but could not achieve to authenticate the new username. What should be the users file and simple.cfg context? I'll be pleased to get your comments. Murat KIRMACI === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) DHCP and Radiator High
Hello Dirk - With address allocation from a MySQL database, you can improve the performance considerably by changing the FindQuery like this: select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='%0' and STATE=0 order by TIME_STAMP limit 1 Have a look at section 6.51.5 in the Radiator 2.19 reference manual (doc/ref.html). regards Hugh On Fri, 22 Feb 2002 07:49, Dirk Laan wrote: Hello, I've the following question: Are there people who are using DHCP in combination with Radiator ? We want to use DHCP in combination with Radiator but we don't have the knowledge. We have some performance problems, we did some tests and the ip address alloction is the problem. The ip address are given from a mysql db. In this test we had 2 servers, 1 Radiator and the other the Database (Sun 420) (The test was run on the Radiator) radpwtst -user testbas -password test -iterations 254 -time -notrace Result: time for 254 iterations: 22s Is this normal ? When a user with a fixed ip address dials in there is no problem, but most of our users get a dynamic ip address So if we change to DHCP, would this solve the problem ? Further more we want to setup a high availability configuration anyone suggestions ? ps. we don't own our can configure the nasses Any help would be great. Regards, Dirk Laan -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radonline check
Hello Tuan Anh - Does any one know how to refine this problem : After logout, record in radonline that belong to user was not deleted for some reason. when user login again SNMP program will be run to check Simultaneous-Use. User not found on that port and accepted. But the next times, SNMP must be run again and again for that user until other user login at that NAS and NASPort. It will make system and authentication progress slow because of checking SNMP. I think if user has gone away on that port it should be delete from radonline to avoid this problem. You are correct, however the only way to do this currently is with a cron job or similar, that goes around and tidies things up. There are a couple of examples in the goodies directory. We are considering ways of adding this functionality to Radiator. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting logs problem
Hello Merad - It is usually easier to do this sort of thing with Handlers instead of Realms. Something like this: # define separate Handlers for accounting and authentication Handler Request-Type = Accounting-Request, Realm = client.domain # do accounting . /Handler Handler Realm = client.domain # do authentication . /Handler regards Hugh On Wed, 20 Feb 2002 20:52, Merad Abdelkrim wrote: Hi all, I have a radiator version 2.18.4 installed on an OpenBSD 2.7. I have Realms authenticated by LDAP For that I use the rewriteUsername feature. My problem is that in the accounting logs I don't have the field login@realm but only login It's a bloquing problem cause we must make accountings by realm in way to establish bills. If someone have a solution for me I will appreciate. Thanks a lot Here an extract of my radius.cfg : Realm client.domaine RewriteUsername s/^([^@]+).*/$1/ AuthBy LDAP2 # The LDAP host to connect to # If not set, defaults to localhost Host aaa.bbb.ccc.ddd # If not set, defaults to 389 # Can be a numeric port number or a service name # from /etc/services # Port 389 # Not supported yet. #UseSSL #AuthDN #AuthPassword # The base DN at which to start the search BaseDN ou=client.domaine,o=co,c=FR # The LDAP host to connect to # If not set, defaults to localhost Hostaa.bb.cc.dd # If not set, defaults to 389 # Can be a numeric port number or a service name # from /etc/services # Port 389 # Not supported yet. #UseSSL #AuthDN #AuthPassword # The base DN at which to start the search BaseDN ou=xxx,o=,c=zzz # The attribute to match against User-Name UsernameAttrlogin # The attribute that contains a plaintext password PasswordAttrpassword # Optional attribute that contains an # encrypted password to use instead of PasswordAttr # EncryptedPasswordAttr sn # Optional attribute that contains check # items for the user # Optional attribute that contains reply # items for the user # Optional attribute that contains reply # items for the user #ReplyAttr mail /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/%Y%m%d_%H00.act /Realm Merad Abdelkrim E-Brands Tel 0171081631 Mob 0622287223 7 Allée de l'Arche 92677 Courbevoie Cedex - La Défense Tour Cèdre - 15ième étage === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.