Re: (RADIATOR) Dupinterval and big NAS
Hello Sergey - This discussion comes up from time to time. The first thing to understand is that the identifier is used by the NAS only for the purposes of keeping track of outstanding requests, ie. access requests for which the NAS has not yet received a reply. It is also important to understand that this is how the radius protocol specification is written. I have copied this mail to Mike who may have additional comments. BTW - I would be interested to see a trace 4 debug showing what is happening, and I would also like to know what CommWorks say about how the identifier should be used by the radius server. regards Hugh On Thursday, August 1, 2002, at 03:48 PM, Sergey Y. Afonin wrote: Hello. I think I've discovered a problem with duplicate session detection on a NAS with large amount of modems. The identifier of radius packet is one byte sized (1-255), but in case of some NAS have over 255 modems. For example, CommWorks Total Control 1000 (which was known as USR/3COM Total Control) may be have up to 420 modems. It is common to have two different sessions having the same identifier in their authorization requests in short time interval. That promlem had led to another one. The Radiator ignores the second accounting packet of the same identifier. The NAS thinks that that radius server has gone away and moves to backup radius server. If backup is not pesent, any further accounting packets will be lost. I think in that case it is necessary to use username (for example) in addition to identifier to compare sessions for big NAS. -- Regards, Sergey Afonin [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SNMP, Simultaneous-Use and Redback SMS500
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Sven Holz [EMAIL PROTECTED]] Date: Thu, 1 Aug 2002 04:36:04 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Thu Aug 1 04:36:04 2002 Received: from mcqueen.wolfsburg.de (mcqueen.wolfsburg.de [212.68.68.5]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g719a3304809 for [EMAIL PROTECTED]; Thu, 1 Aug 2002 04:36:03 -0500 Received: from fwext.wolfsburg.de (fwext.wolfsburg.de [212.68.68.50]) by mcqueen.wolfsburg.de (8.11.3/8.11.3/sh-2002041503) with ESMTP id g719Xnu02871 for [EMAIL PROTECTED]; Thu, 1 Aug 2002 11:33:49 +0200 Date: Thu, 1 Aug 2002 11:33:48 +0200 (CEST) From: Sven Holz [EMAIL PROTECTED] X-X-Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SNMP, Simultaneous-Use and Redback SMS500 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, has anyone any eyperiences with the upper configuration? I'm also interested in the function, how radiator checks via snmp that an account is use. I did a snmpwalk on a portmaster and i haven't found any information about needfull data (what does not mean that it isn't there :-) And please don't tell me that cisco is better, it was not my decision ;-) with kind regards || Mit freundlichen Gruessen Sven Holz -- Sven Holz - IP-Services - WOBCOM GmbH Phone : +49.5361.189.473 Hesslinger Str. 1-5, D-38440 Wolfsburg Fax : +49.5361.189.199 Email: [EMAIL PROTECTED] - IRC: bofw2Mobile : +49.170.920.153.5 --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator and Windows Encryption
Hi Hugh, Hi All, Please, a straight forward question to everybody: 1. Is there anyone on this mailing list using Radiator and Windows 2000 servers? 2.Is there anyone on this mailing list using Radiator and Patton NASes? If yes to any of the questions above, has anyone implemented RADIUS authentication with MPPE encryption (or any other encryption)? (Hugh) Also, "someone" I mailed suggested that it is likely radiator isn't sending the proper MPPE keys to the Windows box (reason for not doing encryption or being able to connect when client requires encryption) Regards, Tunde Itayemi.
(RADIATOR) Complex config?
Hi Hugh, Hi All, I am some "twisted" requirements. Mysetup is as follows. 1. 3 Windows 2000 servers and 3 pattons at location A 2. 1 patton at location B 3. All NASes authenticate against radiator at location A 4. IPs allocated/used at location A different from IPs used at location B (routers inbetween) 5. Clients fall into two categories (full access can browse) and email-only (192.168.x.x ips) 6. Email-only clients MUST be able to reach DNS server and Email server. 7. ALLclients can log in from any NAS I need a config to do this. I have tried allocating IPs to email-only clients from a single 192.168.x.x IP block via radiator, and using "weighted static routes" on the mail and DNS servers to implement connections to email-only clients by trying out each NAS server in turn to see if the client can be reached by that server. I suspect this would degrade performance with large email-only client base? The main problem is with the fact that there are two locations and a client's record in the database can only contain one poolhint. Because I need to allocate IPs differently (different pools) based on the location to which client is connected (also whether email-only or full access). So how do I implement a config that enforces simultaneous connection rules; allow clients to connect from any of the two locations while using radiator to allocate IPs? I have nearly beat my brains out on this one - all the config options I can think of seem to have one problem or the other. Regards, Tunde Itayemi.
RE: (RADIATOR) vendor 2937, attributes 22/23 ?
According to the IANA website http://www.iana.org/assignments/enterprise-numbers, 2937 is the enterprise number for Deutsche Telekom AG. Maybe you could ask whoever is proxying those requests to you to send you a copy of thier dictionary? Frank Danielson [Infrastructure Architect] wireless: 407.467.7832 wireline: 407.515.8633 Data On Air 301 E. Pine St. Suite 450 Orlando, Fl 32801 http://www.dataonair.com -Original Message- From: Kurt Jaeger [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 12:11 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) vendor 2937, attributes 22/23 ? Hi! Anyone has a dictionary for vendor 2937 ? I don't even know what vendor that is, I receive them over some proxy link 8-( Thu Aug 1 17:54:49 2002: ERR: Attribute number 22 (vendor 2937) is not defined in your dictionary Thu Aug 1 17:54:49 2002: ERR: Attribute number 23 (vendor 2937) is not defined in your dictionary -- MfG/Best regards, Kurt Jaeger 18 years to go ! LF.net GmbH [EMAIL PROTECTED]Oberon.net GmbH[EMAIL PROTECTED] Ruppmannstr. 27 fon +49 711 90074-23 Georg-Glock-Str. 8 mob +49 171 3101372 D-70565 Stuttgart fax +49 711 90074-33 40474 Duesseldorf fon +49 211 179253-11 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Handler clause attributes
Hi Hugh, Hi All, Please it there somewhere i can get a list of all the attributes that can go into the Handler clause ( Handler attributes= ) and their proper name and format of their values? Regards, Tunde Itayemi.
(RADIATOR) addition to complex config?
Hi All, Just an addition to my previous mail. Since I guess the static routes I mentioned in my original mail would probably work, what I desire now is some way to: strip the Framed-IP-address (which is set to 192.168.x.x for email-only clients)off the access-accept packet IF 1. the NAS is the Patton NAS at locationB (I could do the same for all Patton NASes) so that the NAS would then allocate a public IP from the static pool defined on it. Can I do this though one of the Hooks? Maybe a little script that checks the NAS's identifier and if it is a particular one(s), then strips off the Frame-IP-Address and Framed-IP-Netmask? Can I hear someone volunteer to write this script :-) (seriously) Regards, Tunde Itayemi.
(RADIATOR) Problems checking Simultaneous-Use with TC NAS Manager problems
Hey all, I'm trying to get a new radiator configuration working on my FreeBSD 4.4 Machine that is using Radiator 3.1 and Perl 5.6.1. The problem that I am having is when Radiator tries to check if an existing session is still active with snmpget it times out every time without repsonse. I am using snmpget 5.0.1 that was compiled locally. Also, the TotalControls are running various ComOS versions 5.0-5.3. I have made sure that the SNMP community was configured in the TC and that it had the proper host authority. If you could provide any pointers as to what I could be doing wrong it would be much appreciated. I have attached my config file and also the trace level 4 output. Secondly, I am having a problem with the TC putting accounting entries in for Manager every minute. It increases the session id by one each time it does it. Does anyone know if this is a setting inside ComOS? Thanks in advance. Sincerely, Gib Salisbury Technician Quantum Connections, LLC Phone (616) 926-4242 x215 http://www.qtm.net/ *** Received from 127.0.0.1 port 3713 Code: Access-Request Identifier: 82 Authentic: 1234567890123456 Attributes: User-Name = gsalisbu Service-Type = Framed-User NAS-IP-Address = 216.163.41.10 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = *removed but correct* Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Handling request with Handler 'Realm=x2realm' Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: SessionSQL Deleting session for gsalisbu, 216.163.41.10, 1234 Thu Aug 1 15:47:07 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.163.41.10' and NASPORT=01234 Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthSQL Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthFILE: x2users Thu Aug 1 15:47:07 2002: DEBUG: Radius::AuthFILE looks for match with gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthUNIX: password Thu Aug 1 15:47:07 2002: DEBUG: Radius::AuthUNIX looks for match with gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='gsalisbu' Thu Aug 1 15:47:07 2002: WARNING: SessionSQL Could not find a Client for NAS 203.63.154.1 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Thu Aug 1 15:47:07 2002: WARNING: SessionSQL Could not find a Client for NAS 216.163.32.138 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Thu Aug 1 15:47:07 2002: DEBUG: Checking if user is still online: Hiper, gsalisbu, 216.163.62.138, 4577, 1234 Thu Aug 1 15:47:07 2002: DEBUG: Running command `/usr/local/bin/snmpget -c 'public' 216.163.62.138 .iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.5833` Timeout: No Response from 216.163.62.138. Thu Aug 1 15:47:13 2002: NOTICE: SessionSQL Session for gsalisbu at 216.163.62.138:4577 has gone away Thu Aug 1 15:47:13 2002: DEBUG: SessionSQL Deleting session for gsalisbu, 216.163.62.138, 4577 Thu Aug 1 15:47:13 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.163.41.10' and NASPORT=01234 Thu Aug 1 15:47:13 2002: DEBUG: Checking if user is still online: TotalControlSNMP, gsalisbu, 216.163.41.10, 4577, 1234 Thu Aug 1 15:47:13 2002: DEBUG: Running command `/usr/local/bin/snmpget -c 'public' 216.163.41.10 .iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.8.48.48.48.4 8.49.50.51.52` Timeout: No Response from 216.163.41.10. Thu Aug 1 15:47:19 2002: NOTICE: SessionSQL Session for gsalisbu at 216.163.41.10:4577 has gone away Thu Aug 1 15:47:19 2002: DEBUG: SessionSQL Deleting session for gsalisbu, 216.163.41.10, 4577 Thu Aug 1 15:47:19 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.163.41.10' and NASPORT=01234 Thu Aug 1 15:47:19 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='gsalisbu' Thu Aug 1 15:47:19 2002: WARNING: SessionSQL Could not find a Client for NAS 203.63.154.1 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Thu Aug 1 15:47:19 2002: WARNING: SessionSQL Could not find a Client for NAS 216.163.32.138 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Thu Aug 1 15:47:19 2002: DEBUG: Checking if user is still online: Hiper, gsalisbu, 216.163.62.138, 4577, 1234 Thu Aug 1 15:47:19 2002: DEBUG: Running command `/usr/local/bin/snmpget -c 'public' 216.163.62.138 .iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.5833` Timeout: No Response from
Re: (RADIATOR) help with Handler User-Name=xxxxx
Hello Nikos - Have you tried with a regular expression? Handler User-Name = /qqqwww/ . /Handler And are you sure you are editing the correct configuration file and have you restarted Radiator so that the configuration file has been re-read? regards Hugh On Thursday, August 1, 2002, at 11:50 PM, Nikos Aslanakis wrote: Hello, We have a strange problem. Here is the (very simple) configuration file: BindAddress xxx.xxx.xxx.xxx AuthPort1845 AcctPort1846 LogDir /radius/log/test DbDir /radius/db PidFile /radius/log/testradiusd.pid Trace 4 Client xxx.xxx.xxx.xxx Secret /Client Handler User-Name=qqqwww AuthBy FILE Filename%D/users /AuthBy /Handler = here is the file users: qqqwwwUser-Password=test Service-Type = Framed-User and here is the logfile output: Thu Aug 1 16:36:43 2002: INFO: Server started: Radiator 3.0 Thu Aug 1 16:36:45 2002: DEBUG: Packet dump: *** Received from xxx.xxx.xxx.xxx port 57300 Code: Access-Request Identifier: 45 Authentic: 1234567890123456 Attributes: User-Name = qqqwww Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = ISDN User-Password = 240^21144A212311126185248|128137146229 Thu Aug 1 16:36:45 2002: WARNING: Could not find a handler for qqqwww: request is ignored --- As you can see, Radiator simply ignores the Handler User-Name=qqqwww We have tried without quotation marks too but again nothing. Is there a problem when using Handler User-Name=qqqwww with radiator? Thanks in advance Nikos Aslanakis Systems Administrator SPARKnet S.A. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMP, Simultaneous-Use and Redback SMS500
Hello Sven - There are many readers of this list who use Redback equipment, and there are people at Redback on this list as well. Radiator maintains one or more session databases (in memory, SQL, DBM, ...) and tries to keep track of current sessions by using the accounting starts to add records and accounting stops (and access requests) to delete records. The NAS itself is only contacted if Radiator detects what it thinks is a simultaneous-use exception, and then only if the NasType parameter is set in the corresponding Client clause(s). In this situation, Radiator goes through the list of sessions for the particular user and queries the NAS(s) to verify that the sessions are still active. If any session has gone away, that record in the session database is deleted and the connection is allowed to proceed. If on the other hand, all the sessions are still active, then the connection is rejected. You will find the mechanisms used to query the different NasTypes in section 6.5.5 of the Radiator 3.1 reference manual (doc/ref.html) and you will find the corresponding code in the Radius/Nas directory. regards Hugh Hi, has anyone any eyperiences with the upper configuration? I'm also interested in the function, how radiator checks via snmp that an account is use. I did a snmpwalk on a portmaster and i haven't found any information about needfull data (what does not mean that it isn't there :-) And please don't tell me that cisco is better, it was not my decision ;-) with kind regards || Mit freundlichen Gruessen Sven Holz -- Sven Holz - IP-Services - WOBCOM GmbHPhone : +49.5361.189.473 Hesslinger Str. 1-5, D-38440 Wolfsburg Fax : +49.5361.189.199 Email: [EMAIL PROTECTED] - IRC: bofw2Mobile : +49.170.920.153.5 --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Radiator and Windows Encryption
Hello Tunde - We have many customers using Windows 2000 and we have many customers using Patton RAS, however I don't know if anyone is using both together. As for the MPPE questions, I have copied Mike on this mail for his comments. regards Hugh On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote: Hi Hugh, Hi All, Please, a straight forward question to everybody: 1. Is there anyone on this mailing list using Radiator and Windows 2000 servers? 2. Is there anyone on this mailing list using Radiator and Patton NASes? If yes to any of the questions above, has anyone implemented RADIUS authentication with MPPE encryption (or any other encryption)? (Hugh) Also, "someone" I mailed suggested that it is likely radiator isn't sending the proper MPPE keys to the Windows box (reason for not doing encryption or being able to connect when client requires encryption) Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) Re: Complex config?
Hello Tunde - We do offer contract installation and configuration services if you are interested: http://www.open.com.au/servicerequest.html regards Hugh On Friday, August 2, 2002, at 01:02 AM, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I am some "twisted" requirements. My setup is as follows. 1. 3 Windows 2000 servers and 3 pattons at location A 2. 1 patton at location B 3. All NASes authenticate against radiator at location A 4. IPs allocated/used at location A different from IPs used at location B (routers inbetween) 5. Clients fall into two categories (full access can browse) and email-only (192.168.x.x ips) 6. Email-only clients MUST be able to reach DNS server and Email server. 7. ALL clients can log in from any NAS I need a config to do this. I have tried allocating IPs to email-only clients from a single 192.168.x.x IP block via radiator, and using "weighted static routes" on the mail and DNS servers to implement connections to email-only clients by trying out each NAS server in turn to see if the client can be reached by that server. I suspect this would degrade performance with large email-only client base? The main problem is with the fact that there are two locations and a client's record in the database can only contain one poolhint. Because I need to allocate IPs differently (different pools) based on the location to which client is connected (also whether email-only or full access). So how do I implement a config that enforces simultaneous connection rules; allow clients to connect from any of the two locations while using radiator to allocate IPs? I have nearly beat my brains out on this one - all the config options I can think of seem to have one problem or the other. Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) vendor 2937, attributes 22/23 ?
Hello Kurt - You can run Radiator at trace 5 to get the hex dumps of the radius packets and decode them to see what is contained in each of the attributes that you mention. Otherwise you can do something like this in your dictionary file: VENDORATTR 2937 Bogus-22 22 string VENDORATTR 2937 Bogus-23 23 string regards Hugh On Friday, August 2, 2002, at 02:10 AM, Kurt Jaeger wrote: Hi! Anyone has a dictionary for vendor 2937 ? I don't even know what vendor that is, I receive them over some proxy link 8-( Thu Aug 1 17:54:49 2002: ERR: Attribute number 22 (vendor 2937) is not defined in your dictionary Thu Aug 1 17:54:49 2002: ERR: Attribute number 23 (vendor 2937) is not defined in your dictionary -- MfG/Best regards, Kurt Jaeger 18 years to go ! LF.net GmbH [EMAIL PROTECTED]Oberon.net GmbH[EMAIL PROTECTED] Ruppmannstr. 27 fon +49 711 90074-23 Georg-Glock-Str. 8 mob +49 171 3101372 D-70565 Stuttgart fax +49 711 90074-33 40474 Duesseldorf fon +49 211 179253-11 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) vendor 2937, attributes 22/23 ?
Hello Frank, Hello Kurt - And when you do find out what they are, please let us know so we can add them to the Radiator dictionary. regards Hugh On Friday, August 2, 2002, at 03:32 AM, Frank Danielson wrote: According to the IANA website http://www.iana.org/assignments/enterprise-numbers, 2937 is the enterprise number for Deutsche Telekom AG. Maybe you could ask whoever is proxying those requests to you to send you a copy of thier dictionary? Frank Danielson [Infrastructure Architect] wireless: 407.467.7832 wireline: 407.515.8633 Data On Air 301 E. Pine St. Suite 450 Orlando, Fl 32801 http://www.dataonair.com -Original Message- From: Kurt Jaeger [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 12:11 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) vendor 2937, attributes 22/23 ? Hi! Anyone has a dictionary for vendor 2937 ? I don't even know what vendor that is, I receive them over some proxy link 8-( Thu Aug 1 17:54:49 2002: ERR: Attribute number 22 (vendor 2937) is not defined in your dictionary Thu Aug 1 17:54:49 2002: ERR: Attribute number 23 (vendor 2937) is not defined in your dictionary -- MfG/Best regards, Kurt Jaeger 18 years to go ! LF.net GmbH [EMAIL PROTECTED]Oberon.net GmbH[EMAIL PROTECTED] Ruppmannstr. 27 fon +49 711 90074-23 Georg-Glock-Str. 8 mob +49 171 3101372 D-70565 Stuttgart fax +49 711 90074-33 40474 Duesseldorf fon +49 211 179253-11 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Handler clause attributes
Hello Tunde - The Radiator 3.1 dictionary contains all of the attributes, including the Radiator internal ones. regards Hugh On Friday, August 2, 2002, at 04:06 AM, Ayotunde Itayemi wrote: Hi Hugh, Hi All, Please it there somewhere i can get a list of all the attributes that can go into the Handler clause ( Handler attributes= > ) and their proper name and format of their values? Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) Re: addition to complex config?
Hello Tunde - As mentioned in my previous mail, we also offer contract services if required. regards Hugh On Friday, August 2, 2002, at 04:42 AM, Ayotunde Itayemi wrote: Hi All, Just an addition to my previous mail. Since I guess the static routes I mentioned in my original mail would probably work, what I desire now is some way to: strip the Framed-IP-address (which is set to 192.168.x.x for email-only clients) off the access-accept packet IF 1. the NAS is the Patton NAS at location B (I could do the same for all Patton NASes) so that the NAS would then allocate a public IP from the static pool defined on it. Can I do this though one of the Hooks? Maybe a little script that checks the NAS's identifier and if it is a particular one(s), then strips off the Frame-IP-Address and Framed-IP-Netmask? Can I hear someone volunteer to write this script :-) (seriously) Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Problems checking Simultaneous-Use with TC NAS Manager problems
Hello Gib - Thanks for sending the trace file and the configuration. It would appear from the trace that there is a problem with the Client defintions, and it also shows there is a timeout when executing the snmpget. What do you see when you run the snmpget by hand? You should get that working first, because until you do, Radiator will not work either. It also appears from the trace that you have a problem in the AuthBy FILE clause(s): Unix-PW is being used as a check item, which should probably be User-Password regards Hugh On Friday, August 2, 2002, at 06:14 AM, Gib Salisbury wrote: Hey all, I'm trying to get a new radiator configuration working on my FreeBSD 4.4 Machine that is using Radiator 3.1 and Perl 5.6.1. The problem that I am having is when Radiator tries to check if an existing session is still active with snmpget it times out every time without repsonse. I am using snmpget 5.0.1 that was compiled locally. Also, the TotalControls are running various ComOS versions 5.0-5.3. I have made sure that the SNMP community was configured in the TC and that it had the proper host authority. If you could provide any pointers as to what I could be doing wrong it would be much appreciated. I have attached my config file and also the trace level 4 output. Secondly, I am having a problem with the TC putting accounting entries in for Manager every minute. It increases the session id by one each time it does it. Does anyone know if this is a setting inside ComOS? Thanks in advance. Sincerely, Gib Salisbury Technician Quantum Connections, LLC Phone (616) 926-4242 x215 http://www.qtm.net/ *** Received from 127.0.0.1 port 3713 Code: Access-Request Identifier: 82 Authentic: 1234567890123456 Attributes: User-Name = "gsalisbu" Service-Type = Framed-User NAS-IP-Address = 216.163.41.10 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "*removed but correct*" Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Handling request with Handler 'Realm=x2realm' Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: SessionSQL Deleting session for gsalisbu, 216.163.41.10, 1234 Thu Aug 1 15:47:07 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.163.41.10' and NASPORT=01234 Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthSQL Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthFILE: x2users Thu Aug 1 15:47:07 2002: DEBUG: Radius::AuthFILE looks for match with gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthUNIX: password Thu Aug 1 15:47:07 2002: DEBUG: Radius::AuthUNIX looks for match with gsalisbu Thu Aug 1 15:47:07 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='gsalisbu' Thu Aug 1 15:47:07 2002: WARNING: SessionSQL Could not find a Client for NAS 203.63.154.1 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Thu Aug 1 15:47:07 2002: WARNING: SessionSQL Could not find a Client for NAS 216.163.32.138 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Thu Aug 1 15:47:07 2002: DEBUG: Checking if user is still online: Hiper, gsalisbu, 216.163.62.138, 4577, 1234 Thu Aug 1 15:47:07 2002: DEBUG: Running command `/usr/local/bin/snmpget -c 'public' 216.163.62.138 .iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.5833` Timeout: No Response from 216.163.62.138. Thu Aug 1 15:47:13 2002: NOTICE: SessionSQL Session for gsalisbu at 216.163.62.138:4577 has gone away Thu Aug 1 15:47:13 2002: DEBUG: SessionSQL Deleting session for gsalisbu, 216.163.62.138, 4577 Thu Aug 1 15:47:13 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.163.41.10' and NASPORT=01234 Thu Aug 1 15:47:13 2002: DEBUG: Checking if user is still online: TotalControlSNMP, gsalisbu, 216.163.41.10, 4577, 1234 Thu Aug 1 15:47:13 2002: DEBUG: Running command `/usr/local/bin/snmpget -c 'public' 216.163.41.10 .iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.8.48.48.48.4 8.49.50.51.52` Timeout: No Response from 216.163.41.10. Thu Aug 1 15:47:19 2002: NOTICE: SessionSQL Session for gsalisbu at 216.163.41.10:4577 has gone away Thu Aug 1 15:47:19 2002: DEBUG: SessionSQL Deleting session for gsalisbu, 216.163.41.10, 4577 Thu Aug 1 15:47:19 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.163.41.10' and NASPORT=01234 Thu Aug 1 15:47:19 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='gsalisbu' Thu Aug 1 15:47:19 2002: WARNING: SessionSQL Could not find a Client for NAS 203.63.154.1 to double-check
(RADIATOR) Re: Radiator and Windows Encryption
Hello Tunde, On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote: Hello Tunde - We have many customers using Windows 2000 and we have many customers using Patton RAS, however I don't know if anyone is using both together. As for the MPPE questions, I have copied Mike on this mail for his comments. There are some recent patches to the AutoMPPEKeys feature in the Radiator 3.1 area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an interoperability problem. These have been tested to be working correctly now by a number of people. Cheers. regards Hugh On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote: Hi Hugh, Hi All, Please, a straight forward question to everybody: 1. Is there anyone on this mailing list using Radiator and Windows 2000 servers? 2. Is there anyone on this mailing list using Radiator and Patton NASes? If yes to any of the questions above, has anyone implemented RADIUS authentication with MPPE encryption (or any other encryption)? (Hugh) Also, someone I mailed suggested that it is likely radiator isn't sending the proper MPPE keys to the Windows box (reason for not doing encryption or being able to connect when client requires encryption) Regards, Tunde Itayemi. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) vendor 2937, attributes 22/23 ?
Is it a fat-finger? 2637 - Aptis/Nortel -Nick -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 5:31 PM To: Frank Danielson Cc: Kurt Jaeger; [EMAIL PROTECTED] Subject: Re: (RADIATOR) vendor 2937, attributes 22/23 ? Hello Frank, Hello Kurt - And when you do find out what they are, please let us know so we can add them to the Radiator dictionary. regards Hugh === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Caller ID settings
Dear All: Finally Iam able to integrate the Quidway 8010 refiner with radius. Now, i want to restrict CLI for dial-in users. I have questions: 1. How Radiator will handle CLI, 2. How I can restrict user to connect only when its coming from the defined number. 3. Can i define multiple numbers ? If yes how many ? Kind Regards Ali
Re: (RADIATOR) Caller ID settings
Hello Ali - 1. Radiator can use one or the other of Called-Station-Id and/or Calling-Station-Id 2. Your user definition would look like this: someuser Password = x, Calling-Station-Id = nnn . 3. You can define multiple numbers with regular expressions: someuser Password = x, Calling-Station-Id = /1|2|33/ ... You can list the numbers individually or use pattern matching. regards Hugh On Friday, August 2, 2002, at 03:09 PM, Ali Malik wrote: Dear All: Finally Iam able to integrate the Quidway 8010 refiner with radius. Now, i want to restrict CLI for dial-in users. I have questions: 1. How Radiator will handle CLI, 2. How I can restrict user to connect only when its coming from the defined number. 3. Can i define multiple numbers ? If yes how many ? Kind Regards Ali -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) vendor 2937, attributes 22/23 ?
Hello Nicholas - 2637 ne 2937 regards Hugh On Friday, August 2, 2002, at 10:49 AM, Nicholas N. Sten wrote: Is it a fat-finger? 2637 - Aptis/Nortel -Nick -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 5:31 PM To: Frank Danielson Cc: Kurt Jaeger; [EMAIL PROTECTED] Subject: Re: (RADIATOR) vendor 2937, attributes 22/23 ? Hello Frank, Hello Kurt - And when you do find out what they are, please let us know so we can add them to the Radiator dictionary. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMP, Simultaneous-Use and Redback SMS500
Hi Hugh, We also use Redback equipment. At the moment we always assume that session DB is correct, but I'd like to chek also. So far I haven't found a suitable NasType parameter. Only place where Redback is mentioned in the ref.pdf is section about dictionaries (v.2.19 v.3.1). Could you tell us what type might be most suitable? I have also the same problem with Unisphere ERX family equipment. Rgds. Toomas Kärner - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, August 02, 2002 2:08 AM Subject: Re: (RADIATOR) SNMP, Simultaneous-Use and Redback SMS500 Hello Sven - There are many readers of this list who use Redback equipment, and there are people at Redback on this list as well. Radiator maintains one or more session databases (in memory, SQL, DBM, ...) and tries to keep track of current sessions by using the accounting starts to add records and accounting stops (and access requests) to delete records. The NAS itself is only contacted if Radiator detects what it thinks is a simultaneous-use exception, and then only if the NasType parameter is set in the corresponding Client clause(s). In this situation, Radiator goes through the list of sessions for the particular user and queries the NAS(s) to verify that the sessions are still active. If any session has gone away, that record in the session database is deleted and the connection is allowed to proceed. If on the other hand, all the sessions are still active, then the connection is rejected. You will find the mechanisms used to query the different NasTypes in section 6.5.5 of the Radiator 3.1 reference manual (doc/ref.html) and you will find the corresponding code in the Radius/Nas directory. regards Hugh Hi, has anyone any eyperiences with the upper configuration? I'm also interested in the function, how radiator checks via snmp that an account is use. I did a snmpwalk on a portmaster and i haven't found any information about needfull data (what does not mean that it isn't there :-) And please don't tell me that cisco is better, it was not my decision ;-) with kind regards || Mit freundlichen Gruessen Sven Holz -- Sven Holz - IP-Services - WOBCOM GmbHPhone : +49.5361.189.473 Hesslinger Str. 1-5, D-38440 Wolfsburg Fax : +49.5361.189.199 Email: [EMAIL PROTECTED] - IRC: bofw2Mobile : +49.170.920.153.5 --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMP, Simultaneous-Use and Redback SMS500
Hi Toomas, I am trying to config our Redback box. If possible I would like to see your Redback configuration. If possible please send me Redback config without secret/password? Thanks, Balgaa On Fri, 2 Aug 2002, [iso-8859-1] Toomas Kärner wrote: Hi Hugh, We also use Redback equipment. At the moment we always assume that session DB is correct, but I'd like to chek also. So far I haven't found a suitable NasType parameter. Only place where Redback is mentioned in the ref.pdf is section about dictionaries (v.2.19 v.3.1). Could you tell us what type might be most suitable? I have also the same problem with Unisphere ERX family equipment. Rgds. Toomas Kärner - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, August 02, 2002 2:08 AM Subject: Re: (RADIATOR) SNMP, Simultaneous-Use and Redback SMS500 Hello Sven - There are many readers of this list who use Redback equipment, and there are people at Redback on this list as well. Radiator maintains one or more session databases (in memory, SQL, DBM, ...) and tries to keep track of current sessions by using the accounting starts to add records and accounting stops (and access requests) to delete records. The NAS itself is only contacted if Radiator detects what it thinks is a simultaneous-use exception, and then only if the NasType parameter is set in the corresponding Client clause(s). In this situation, Radiator goes through the list of sessions for the particular user and queries the NAS(s) to verify that the sessions are still active. If any session has gone away, that record in the session database is deleted and the connection is allowed to proceed. If on the other hand, all the sessions are still active, then the connection is rejected. You will find the mechanisms used to query the different NasTypes in section 6.5.5 of the Radiator 3.1 reference manual (doc/ref.html) and you will find the corresponding code in the Radius/Nas directory. regards Hugh Hi, has anyone any eyperiences with the upper configuration? I'm also interested in the function, how radiator checks via snmp that an account is use. I did a snmpwalk on a portmaster and i haven't found any information about needfull data (what does not mean that it isn't there :-) And please don't tell me that cisco is better, it was not my decision ;-) with kind regards || Mit freundlichen Gruessen Sven Holz -- Sven Holz - IP-Services - WOBCOM GmbHPhone : +49.5361.189.473 Hesslinger Str. 1-5, D-38440 Wolfsburg Fax : +49.5361.189.199 Email: [EMAIL PROTECTED] - IRC: bofw2Mobile : +49.170.920.153.5 --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMP, Simultaneous-Use and Redback SMS500
Hello Toomas - You should check with Redback to see what is possible as far as querying the device is concerned, as well as what is recorded in the accounting requests (and the correspondence of course). I have copied this mail to Onno Becker at Redback who may be able to help, as there are many of Onno's customers using Radiator already. Please copy us on what you discover so we can add the correct NasType code. regards Hugh On Friday, August 2, 2002, at 04:05 PM, Toomas Kärner wrote: Hi Hugh, We also use Redback equipment. At the moment we always assume that session DB is correct, but I'd like to chek also. So far I haven't found a suitable NasType parameter. Only place where Redback is mentioned in the ref.pdf is section about dictionaries (v.2.19 v.3.1). Could you tell us what type might be most suitable? I have also the same problem with Unisphere ERX family equipment. Rgds. Toomas Kärner - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, August 02, 2002 2:08 AM Subject: Re: (RADIATOR) SNMP, Simultaneous-Use and Redback SMS500 Hello Sven - There are many readers of this list who use Redback equipment, and there are people at Redback on this list as well. Radiator maintains one or more session databases (in memory, SQL, DBM, ...) and tries to keep track of current sessions by using the accounting starts to add records and accounting stops (and access requests) to delete records. The NAS itself is only contacted if Radiator detects what it thinks is a simultaneous-use exception, and then only if the NasType parameter is set in the corresponding Client clause(s). In this situation, Radiator goes through the list of sessions for the particular user and queries the NAS(s) to verify that the sessions are still active. If any session has gone away, that record in the session database is deleted and the connection is allowed to proceed. If on the other hand, all the sessions are still active, then the connection is rejected. You will find the mechanisms used to query the different NasTypes in section 6.5.5 of the Radiator 3.1 reference manual (doc/ref.html) and you will find the corresponding code in the Radius/Nas directory. regards Hugh Hi, has anyone any eyperiences with the upper configuration? I'm also interested in the function, how radiator checks via snmp that an account is use. I did a snmpwalk on a portmaster and i haven't found any information about needfull data (what does not mean that it isn't there :-) And please don't tell me that cisco is better, it was not my decision ;-) with kind regards || Mit freundlichen Gruessen Sven Holz -- Sven Holz - IP-Services - WOBCOM GmbHPhone : +49.5361.189.473 Hesslinger Str. 1-5, D-38440 Wolfsburg Fax : +49.5361.189.199 Email: [EMAIL PROTECTED] - IRC: bofw2Mobile : +49.170.920.153.5 --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.