Re: (RADIATOR) ODBC drivers for linux
I am running the snapshot version from the ftp site. Kevin Sofnet, Inc. -Original Message- From: Richard Hawley [EMAIL PROTECTED] To: Kevin Wormington [EMAIL PROTECTED]; Mike McCauley [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, June 04, 1999 3:12 PM Subject: Re: (RADIATOR) ODBC drivers for linux The URL is ftp://freetds.internetcds.com/pub/freetds_dbd/ in case anyone else wants to take a peak. I have the latest version. 0.02. I'm using perl 5.00.4 and DBI 1.02. Any difference to your setup? ..Rich On Fri, 4 Jun 1999 14:31:43 -0500, Kevin Wormington wrote: I'm out of the office so I don't have access to the url, but if you look through the FreeTDS readme/docs it has the ftp address that you can get the latest version from, from memory it was something like ftp.internetcds.com, anyway that will fix your compile error. Kevin Sofnet, Inc. -Original Message- From: Richard Hawley [EMAIL PROTECTED] To: Kevin Wormington [EMAIL PROTECTED]; Mike McCauley [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, June 04, 1999 9:54 AM Subject: Re: (RADIATOR) ODBC drivers for linux What version of perl are you using? I am using 5.00405 and when I tried to run make test, I got a screen full of errors. Here is a few examples. /usr/lib/perl5/i386-linux/5.00405/CORE/scope.h:110: parse error before `bool' /usr/lib/perl5/i386-linux/5.00405/CORE/scope.h:110: warning: no semicolon at end of struct or union In file included from /usr/lib/perl5/site_perl/i386-linux/auto/DBI/DBIXS.h:13, from FreeTDS.h:45, from FreeTDS.xs:35: /usr/lib/perl5/i386-linux/5.00405/CORE/perl.h:1322: parse error before `Perl_nomemok' /usr/lib/perl5/i386-linux/5.00405/CORE/perl.h:1322: warning: data definition has no type or storage class The errors ended in this FreeTDS.c: In function `XS_DBD__FreeTDS__dr_discon_all_': FreeTDS.c:71: warning: unused variable `ix' FreeTDS.c: In function `XS_DBD__FreeTDS__st_fetchrow_arrayref': FreeTDS.c:434: warning: unused variable `ix' FreeTDS.c: In function `XS_DBD__FreeTDS__st_fetchrow_array': FreeTDS.c:451: warning: unused variable `ix' FreeTDS.c: In function `XS_DBD__FreeTDS__st_FETCH_attrib': FreeTDS.c:562: warning: unused variable `ix' make: *** [FreeTDS.o] Error 1 The Sybase option wont work with SQL 7.0 according to the Boardtown DBA who is here. And the Openlink multi-tier distribution is incomplete. The docs mention a udbc.ini file in the bin directory. There is no bin directory in the distribution, no udbc.ini file anywhere. "Our driver looks for a file pointed to by the environment variable UDBCINI, or the file /etc/udbc.ini if the environment variable is not defined. This file is located in the openlink/bin directory." Thanks for any help. ..Rich On Fri, 4 Jun 1999 08:23:27 -0500, Mike McCauley wrote: Hi Kevin On Jun 3, 4:41pm, Kevin Wormington wrote: Subject: Re: (RADIATOR) ODBC drivers for linux The only success that I have had is with DBI and DBD::FreeTDS which works very well connection to MS SQL 6.5 and 7.0 and requires no other client libraries. Thats interesting. we have not used that one. Can you send more details about where to get it and the setup you used, so we can document it for others? Cheers. Kevin Sofnet, Inc. -Original Message- From: Richard Hawley [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, June 03, 1999 4:42 PM Subject: (RADIATOR) ODBC drivers for linux We are switching our billing package to Platypus. I've been going through the Emerald and Platypus sections of the radiator manual and it mentions needing an ODBC driver to connect to MS SQL. I downloaded and installed iODBC. Is that all I need? There was no documentation that came with iODBC, just a so file and the odbc.ini. Can someone who is using a similar setup send me an example of there odbc.ini and a location of any other odbc components I may need besides iODBC? Thanks. ..Rich - -- --- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Kevin Wormington -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the
Re: (RADIATOR) CHAP HOWTO
Hi Richi, On Jun 6, 10:30pm, Richi Plana wrote: Subject: Re: (RADIATOR) CHAP HOWTO Hi, Mike, et al. On Sun, 6 Jun 1999, Mike McCauley wrote: |o| Just wondering how to check the attributes CHAP-Password and |o| CHAP-Challenge. Are there methods in any of the Radiator objects that |o| would allow ones own written AuthBy method to check this attrib? |o| |o| Radius::Radius::check_plaintext_password does most of the hard |o| work of checking a password against whatever arrived in the radius |o| request, be it CHAP, PAPA or whatever. It's a good function. Works like a charm. Is there some kind of documentation on Radius::Radius or the whole Radius module (as implemented in Radiator)? Seems there are a lot nifty functions just waiting to be used. The only doc of the functions is in the file itself. BTW, although check_plaintext_password works as advertised, it won't work for us because it just hit me: we've stored clients' password using DES crypt(). If Radius::Radius::check_plaintext_password can work with that, I'd like to know how! Then you lose. Its not possible to do CHAP authentication unless you have the plaintext password available. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: question about radiator configuration
Hi Mike, Thanks for your help. I'm afraid I have more questions. --- I heard there is a patch for the 'authby ldap', because the current code does not do the unbind operation which can cause problems with some ldap servers. My netscape ldap server seems to be resistant to this, but load is increasing and I'm worried it may affect performance. Can I get the patch? I'm using Radiatior version 2.13. --- I saw that Radiator supports authentication with the ACE securId cards. We may want to use securId cards for roaming users because Surfnet requires us to use 'strong' authentication if we do not check on CLI. Can your radius server directly enquire the ACE server and how do I configure radiator to do that? Or does it use 'authby radius' to forward the radius authentication request to the (Livingstone?) radius server that is packaged with the Ace software? --- I have a question about info level logging. It's not very helpfull in my configuration: I have to check 2 ldap servers for the moment. Realm uva.nl ... AuthByPolicy ContinueWhileReject AuthBy LDAP Host with.ic.uva.nl Port 389 ... NoDefaultIfFound /AuthBy AuthBy LDAP Host blaeu.student.uva.nl ... NoDefaultIfFound /AuthBy /Realm If the user is in the first ldap server, but authentication does not succeed e.g. wrong CLI, then I only get info logging from the second ldap server with the totally useless information. Tue Jun 8 00:56:32 1999: INFO: Access rejected for mdw0011: No such user While it would make the life of the support staff a lot easier if I saw something like: Tue Jun 8 00:34:27 1999: INFO: Access rejected for mdw0011: Check item Calling- Station-Id expression '/204164698/' does not match '204164699' in request Is it configurable to get this information from the first and second authbyldap in stead of just the second one? --- Searching for DEFAULT: [08/Jun/1999:12:49:47 +0200] conn=557 op=1849 SRCH base="o=Universiteit van Amst erdam,c=Nl" scope=2 filter="(uid=DEFAULT)" If a user is not found then radiator searches for DEFAULT, that's a lot of extra searches that slow down the proces. Can I get rid of the searching for "DEFAULT" completely? --- Performance. In the log I see: Tue Jun 8 01:48:13 1999: WARNING: Could not find a handler: request is ignored Has that got to do with the fact that ldap connections are done synchronously? Does it indicate a performance problem? --- I hope you can help me with these questions. Kind regards, Marijke Marijke Vandecappelle Senior netwerkbeheerder Informatiseringscentrum Universiteit van Amsterdam E-mail [EMAIL PROTECTED] Turfdraagsterpad 9 Telefoon +31 20 5252025 1012 XT Amsterdam Fax +31 20 5252084 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthByPolicy ContinueUntilAccept
Hi Mickey, AuthBy RADIUS is a little different to most other AuthBy clauses. It forwards the request immediately, then does retransmits until it gets a reply, then sends the reply back to the original NAS. If you have 2 AuthBy RADIUS chained together (as you do), then _both_ will transmit immediately, and both will arrange for retransmits in the case of no reply, and both will send their replies back to the original NAS. So I guess this could be described as operating in parallel. In this case, the order is not really important. Hope that helps. Cheers. On Jun 8, 3:20pm, Mickey Coggins wrote: Subject: (RADIATOR) AuthByPolicy ContinueUntilAccept Hi, I have something like this in my config file: Realm DEFAULT AuthByPolicy ContinueUntilAccept AuthBy RADIUS DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP Host 10.1.1.1 Host 10.1.2.1 Host 10.1.3.1 Secret secret AuthPort 1645 AcctPort 1646 LocalAddress mylocal.cooldomain.com /AuthBy AuthBy RADIUS DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP Host auth.coolerdomain.com Secret moresecret AuthPort 1812 AcctPort 1813 LocalAddress mylocal.cooldomain.com /AuthBy /Realm What I see is that if the request times out for the first AuthBy and is accepted by the second, the first AuthBy continues to send requests for quite some time. How does this work? Does radiator try both in parallel? Is order important? Thanks, Mickey === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Mickey Coggins -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Probs with AccountingHandled
Hi, at my setup each customer group has his own Realm. I use 'RewriteUsername' to control this. Now, from time to time (no reboot or anything like this is done), my NAS (Livingston PM3) send the following Accounting Request out: Acct-Session-Id = "" NAS-IP-Address = IP-Number Acct-Status-Type = Start Acct-Delay-Time = 6 Timestamp = 929071869 As you can see, no username is in this request, so my rewriting doesn't work and the request doesn't end up in one of my Realms. It is ignored by Radiator an die NAS keeps retransmitting. Therefor I created a "special Handler": Handler Acct-Session-Id="" AcctLogFileName %L/stupid.detail AccountingHandled /Handler But Radiator (version 2.13.1) still ignore the Request. Inserting a simple AuthBy TEST /AuthBy in the above Realm fixes the Problem. Is this normal? Is there a better solution for my problem? Regards, Bernd === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Logging
Hi John, On Jun 13, 4:00pm, John Abbott wrote: Subject: (RADIATOR) SQL Logging Hi, I have a small query, mainly I think its my understanding of the logging/duplication of loggs by radiator. I have setup my radius server to duplicate every 12 hours and to record stops only so I can get a 12 hour update in permanent connections. However for some reason the logiing update doesn;t seem to represent the total traffic of the permanent link. So my question is does the duplicate log show the difference in octets from the last log dup or is it cumulative octets since the session began(ie, this logupdate superseeds the previous logging The octet counts in accounting stops are always the total octets since the beginning of the session. Also I am using stored procedures with radius and it works very well thanks to mike for the pointer but occaisionally the radius server will report an incomplete record with either username missing, NAS ip missing or somthing missiong which causes the logging to freak out after a while. I am using rad 2.13 if this helps does anyone now why this is? I have seen that sort of thing with some types of NAS, notable Cisco. Sometimes they just dont report what they should. Do you have any level 4 logs that might help see whether that was the problem? Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
FW: (RADIATOR) terminal screen accounting
-Original Message- From: Murat Kirmaci Sent: 11 Haziran 1999 Cuma 16:05 To: 'Mike McCauley'; [EMAIL PROTECTED] Cc:Proje Grubu; Fahrettin Gurkan Subject: RE: (RADIATOR) terminal screen accounting -Original Message- From: Mike McCauley [SMTP:[EMAIL PROTECTED]] Sent: 11 Haziran 1999 Cuma 05:54 To: Murat Kirmaci; Mike McCauley; [EMAIL PROTECTED] Cc: Proje Grubu; Fahrettin Gurkan Subject: Re: (RADIATOR) terminal screen accounting On Jun 10, 12:14pm, Murat Kirmaci wrote: Subject: RE: (RADIATOR) terminal screen accounting Hello, As you remember we have two problems 1. For " bring up the terminal after the connection" problem I have attached the logfile and the detail file. DETAIL LOGFILE Thanks for those. I presume its the example login for burhanu that shows the problem? In that one, the NAS is trying to do CHAP authentication, whcih is impossible with the NT user database. I suggest you change your NAS configuration so it prefers to use PAP instead of CHAP. [Murat Kirmaci] No, burnanu was not showing the problem, I was working on a different NT server and the user burhanu was not configured in the Radiator's NT. Our test username was "free", at first access request from the username "free" was accepted ( because I chose the option "bring up the terminal after the connection" at dial up networking then at the black screen I entered the username "free" and it's password). If you please look at the second access request from the user "free" you see that it was rejected(it was rejected because the terminal after the connection did not come on to screen and I used the username and password section of the dial up networking.) 2. for the accounting problem when I started the radacct.cgi on the web server I got the following error. What do you think? CGI Timeout The specified CGI application exceeded the allowed time for processing. The server has deleted the process. Was the detail file it was processing very large? How big? Which web server was it? On which operating system? [Murat Kirmaci] the detail file is the same as one I mailed. The operating system is NT4.0 and IIS3.0 is working on it. Murat KIRMACI Project Engineer TURCom Communications +902122576238 -Original Message- From: Mike McCauley [SMTP:[EMAIL PROTECTED]] Sent: 04 Haziran 1999 Cuma 16:08 To: Murat Kirmaci; [EMAIL PROTECTED] Subject: Re: (RADIATOR) terminal screen accounting Hello Murat, On Jun 3, 3:49pm, Murat Kirmaci wrote: Subject: (RADIATOR) terminal screen accounting [ Attachment (text/plain): 1596 bytes Character set: ISO-8859-9 plain text Encoded with "quoted-printable" ] -- End of excerpt from Murat Kirmaci Hello Everybody, I have got 2 problems to be solved on the radiator and I will be pleased to get your experiences and solutions. 1. I have installed the radiator on Nt Server and achieved to authenticate the users of our customer (Our customer is an ISP).But they were using another Radius program for their users and when the users try to establish a connection to the access server of the ISP there is a setting at the options of the dialup networking which is "bring up the terminal after the connection". this option was not chosen and they were using the username and password of the windows screen of dialup networking. After my installation and the achivement of the authentication of my test users, I have noticed that the users of our customer cannot access into the access server cause of not choosing the" bring up the terminal after the connection". All my tests were containing this option and I had not seen any problem. What can we do to solve that problem without changing any settings at the users?(Because there are lots of users) I think you will have to send us your configuration file (no secrets) and radiator log file at trace level 4 showing what happens 1. when users use the "bring up the terminal after the connection" 2. When they dont use it. 2. After the authentication, I want to use the accounting of a specific user on the NT Server using the radacct.cgi file . I'm using Nt server's IIS and what are the ymportatnt points for an accounting of a specific user? When you install radacct.cgi in your web server, you will be able to drill down to see summaries of usage for each user. Hope that helps. Cheers. Thanks. Murat KIRMACI Project Engineer -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61
Re: (RADIATOR) Probs with AccountingHandled
Hello Bernd, On Jun 11, 6:15pm, Bernd Strehhuber wrote: Subject: (RADIATOR) Probs with AccountingHandled Hi, at my setup each customer group has his own Realm. I use 'RewriteUsername' to control this. Now, from time to time (no reboot or anything like this is done), my NAS (Livingston PM3) send the following Accounting Request out: Acct-Session-Id = "" NAS-IP-Address = IP-Number Acct-Status-Type = Start Acct-Delay-Time = 6 Timestamp = 929071869 As you can see, no username is in this request, so my rewriting doesn't work and the request doesn't end up in one of my Realms. It is ignored by Radiator an die NAS keeps retransmitting. This looks like a message from the NAS saying it rebooted or restarted. Therefor I created a "special Handler": Handler Acct-Session-Id="" AcctLogFileName %L/stupid.detail AccountingHandled /Handler But Radiator (version 2.13.1) still ignore the Request. Inserting a simple AuthBy TEST /AuthBy in the above Realm fixes the Problem. Is this normal? Is there a better solution for my problem? Its a bit hard to say without seeing your configuration file, but it sounds like a reasonable response. The best solution would be to arrange for such "realmless" requests to be handled by one of your existing Handlers. Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Speaking to another radius server
On Jun 14, 3:45pm, Josh Bressers wrote: Subject: (RADIATOR) Speaking to another radius server Question for you all out there. I need to get radiator to authenticate and do accounting locally, but I also need it to send another machine the accounting data, no authentication. I've looked over the Ref Manual and the FAQ and can't find anything that resembles this. I have no problems getting it to authenticate and do accounting on one machine, that's fine. Can I get radiator to do this? If you mean that you want to send accoutning (not auth) to another remote radius server, no problem. You will want something like this: Realm DEFAULT AuthByPolicy ContinueWhileAccept AuthBy FILE # Whatever you have for local auth /AuthBy AuthBy RADIUS NoForwardAuthentication Hostwhatever Secret whatever /AuthBy /Realm Hope that helps. Cheers. JB === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Josh Bressers -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) problem with includes and handlers
Hi, i have tried to split our config file in some smaller config files similar to other radius servers: schnipp # clientconfigs are found in : clients.cfg include %D/clients.cfg # some numbered and realm based Handlers: proxy.cfg include %D/proxy.cfg Handler #default /Handler -schnapp- the file proxy.cfg contains 3 other handlers. one numbered (called-station-id) and two realm-based handlers. but this way, only one of the realm-based handlers(the first one) is used, the other one is ignored (without any warning). inserting the handler-statements from proxy.cfg directly into the config file, all handlers are used. ??? Thanx in advance for any help :-) Volker Klau -- +--+ + Volker KlauEMail: [EMAIL PROTECTED] + +Phone: +49-461-90 90 581 + + KomTel GmbHFAX: +49-461-90 900 71 + + Nordermarkt 1 - D-24937 Flensburg http://www.komtel.net + +--+ === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator Ascend IP FIltering
Hi, I have attached two files. fil.txt is the one we would like to set as reply attribute, and the result of it. Anybody has an idea why this error? Many thanks, Ferhat Mon May 31 11:45:02 1999: DEBUG: Radius::AuthSQL ACCEPT: Mon May 31 11:45:02 1999: DEBUG: Access accepted for domino Mon May 31 11:45:02 1999: WARNING: Could not parse Ascend-Data-Filter: ip in for ward tcp dstip 195.174.219.30 dstport=20 Mon May 31 11:45:02 1999: WARNING: Could not parse Ascend-Data-Filter: ip in for ward tcp dstip 195.174.219.30 dstport=21 Mon May 31 11:45:02 1999: WARNING: Could not parse Ascend-Data-Filter: ip out fo rward tcp dstip 195.174.219.30 dstport1023 Mon May 31 11:45:02 1999: DEBUG: Packet dump: *** Sending to 195.174.219.204 port 1782 Code: Access-Accept Identifier: 205 Authentic: 8168224M2381432124828249201223~177212161 Attributes: User-Service = Framed-User Framed-Protocol = PPP Framed-Netmask = 255.255.255.0 Framed-Routing = None Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP Ascend-Data-Filter = ip in forward tcp dstip 195.174.219.30 dstport=20 Ascend-Data-Filter = ip in forward tcp dstip 195.174.219.30 dstport=20 Ascend-Data-Filter = ip in forward tcp dstip 195.174.219.30 dstport=21 Ascend-Data-Filter = ip out forward tcp dstip 195.174.219.30 dstport102 3 Ascend-Data-Filter = ip in drop Ascend-Data-Filter = ip out drop User-Service=Framed-User,Ascend-Data-Filter="ip in forward tcp dstip 195.174.219.30 dstport=20",Ascend-Data-Filter="ip in forward tcp dstip 195.174.219.30 dstport=21",Ascend-Data-Filter="ip out forward tcp dstip 195.174.219.30 dstport1023",Ascend-Data-Filter="ip in drop",Ascend-Data-Filter="ip out drop",Framed-Protocol=PPP,Framed-Netmask=255.255.255.0,Framed-Routing=None,Framed-MTU=1500,Framed-Compression=Van-Jacobson-TCP-IP
Re: (RADIATOR) Radiator Ascend IP FIltering
I had problems with the "tcp" and "port" parameters in earlier versions of Radiator (2.11), but Mike said he fixed those. When I tested it in 2.12, I still found some strange problems with them so we don't filter on ports now. Not sure if these have been fixed in 2.13. But in any case, your syntax is incorrect I think. You need to put the /32 for the netmask somewhere. Check out the regular expression that Radiator users to process the Ascend filter attributes. I think the source code has some comments about the format. It might be different from that described in the Ascend manuals. On Tue, 15 Jun 1999, Ferhat Dilman wrote: Hi, I have attached two files. fil.txt is the one we would like to set as reply attribute, and the result of it. Anybody has an idea why this error? Many thanks, Ferhat _/_/_/ Peter Chow Chief Technical Advisor _/_/_/ interQ Corporation - System Division _/_/_/ [EMAIL PROTECTED] Shibuya Infoss Tower 10F _/_/_/ (tel)+81-3-5456-2555 20-1 Sakuragaokacho, Shibuya-ku _/_/_/ (fax)+81-3-5456-2556 Tokyo, Japan _/_/_/ http://www.interq.ad.jp 150-0031 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator Ascend IP FIltering
You have to specify the /32 for the netmask of the ip-address. I found this out the same way. Check out the code to see what exact syntax is required by Radiator. - Joost. This is a multi-part message in MIME format. --=_NextPart_000_000B_01BEB732.08F081E0 Content-Type: text/plain; charset="iso-8859-9" Content-Transfer-Encoding: 7bit Hi, I have attached two files. fil.txt is the one we would like to set as reply attribute, and the result of it. Anybody has an idea why this error? Many thanks, Ferhat --=_NextPart_000_000B_01BEB732.08F081E0 Content-Type: text/plain; name="hata.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="hata.txt" Mon May 31 11:45:02 1999: DEBUG: Radius::AuthSQL ACCEPT: Mon May 31 11:45:02 1999: DEBUG: Access accepted for domino Mon May 31 11:45:02 1999: WARNING: Could not parse Ascend-Data-Filter: = ip in for ward tcp dstip 195.174.219.30 dstport=3D20 Mon May 31 11:45:02 1999: WARNING: Could not parse Ascend-Data-Filter: = ip in for ward tcp dstip 195.174.219.30 dstport=3D21 Mon May 31 11:45:02 1999: WARNING: Could not parse Ascend-Data-Filter: = ip out fo rward tcp dstip 195.174.219.30 dstport1023 Mon May 31 11:45:02 1999: DEBUG: Packet dump: *** Sending to 195.174.219.204 port 1782 Code: Access-Accept Identifier: 205 Authentic: = 8168224M2381432124828249201223~177212161 Attributes: User-Service =3D Framed-User Framed-Protocol =3D PPP Framed-Netmask =3D 255.255.255.0 Framed-Routing =3D None Framed-MTU =3D 1500 Framed-Compression =3D Van-Jacobson-TCP-IP Ascend-Data-Filter =3D ip in forward tcp dstip 195.174.219.30 = dstport=3D20 Ascend-Data-Filter =3D ip in forward tcp dstip 195.174.219.30 = dstport=3D20 Ascend-Data-Filter =3D ip in forward tcp dstip 195.174.219.30 = dstport=3D21 Ascend-Data-Filter =3D ip out forward tcp dstip 195.174.219.30 = dstport102 3 Ascend-Data-Filter =3D ip in drop Ascend-Data-Filter =3D ip out drop --=_NextPart_000_000B_01BEB732.08F081E0 Content-Type: text/plain; name="fil.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="fil.txt" User-Service=3DFramed-User,Ascend-Data-Filter=3D"ip in forward tcp dstip = 195.174.219.30 dstport=3D20",Ascend-Data-Filter=3D"ip in forward tcp = dstip 195.174.219.30 dstport=3D21",Ascend-Data-Filter=3D"ip out forward = tcp dstip 195.174.219.30 dstport1023",Ascend-Data-Filter=3D"ip in = drop",Ascend-Data-Filter=3D"ip out = drop",Framed-Protocol=3DPPP,Framed-Netmask=3D255.255.255.0,Framed-Routing= =3DNone,Framed-MTU=3D1500,Framed-Compression=3DVan-Jacobson-TCP-IP --=_NextPart_000_000B_01BEB732.08F081E0-- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Please guide.....
Hi, Thanks, but problem is that my oracle is not running on the same machine that is used by Radiator server. Again I wants to explane. 1- I have two machine A) soalris2.6 server with radiator + DBI + DBD for oracle B) Windows NT4.0 with oracle8 2- As you suggest DBSource dbi:Oracle:sid This works if oracle and radiator are on same (local) machine.. since oracle is on another machine so we have to mention port number IP address of database machine etc as in DBI and DBD $dbh = DBI-connect('dbi:Oracle:', q{radiator/radiator@(DESCRIPTION=(ADDRESS=(PR OTOCOL=TCP)(HOST= 194.7618.24)(PORT=1521))(CONNECT_DATA=(SID=ORCL)))}, "")|| die "Could not connect : $DBI::errstr\n"; So plz guide me and send me details is it possible or not if yes plz give me full radius.cfg file . Best Regards. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) (Radiator) dictionary files for USR seem off.
Hello, We are getting two different sets of data for connection speed from radiator and merit radius. here is an example. Merit radius: Tue Jun 15 15:23:55 1999 User-Name = "core77" NAS-IP-Address = 207.240.142.3 Acct-Status-Type = Start Acct-Session-Id = "16908696" NAS-Port = 259 USR-Modem-Training-Time = 19 USR-Unauthenticated-Time = 9 USR-Connect-Speed = 4-BPS Radiator: core77 207.240.142.3 259 16908696 Tue Jun 15 15:27:43 1999 207.240.215.13 Async Framed-User v90Digital 58666_BPS. The radiator speed seems high. Note that we are logging to both systems currently and that the session-ID's match. Is it possible that the USR dictionary is missing some entries for radiator? We are using the TotalControlSNMP NAS type. Oliver Stockhammer Systems The Internet Channel === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RADIATOR question
I am trying to get Radiator to log bad passwords. Here is the .cfg file entry: # Set this to the directory where your logfile and details file are to go LogDir /var/log/radius PasswordLogFileName /var/log/radius/passwords WHen I try to log in I get: Tue Jun 15 15:56:49 1999: DEBUG: Handling request with Handler 'Realm=' Tue Jun 15 15:56:49 1999: DEBUG: Rewrote user name to chrism Tue Jun 15 15:56:49 1999: DEBUG: Handling with Radius::AuthUNIX Tue Jun 15 15:56:49 1999: DEBUG: Radius::AuthUNIX looks for match with chrism Tue Jun 15 15:56:49 1999: DEBUG: Radius::AuthUNIX REJECT: Bad Encrypted-Password Tue Jun 15 15:56:49 1999: INFO: Access rejected for chrism: Bad Encrypted-Password Tue Jun 15 15:56:49 1999: DEBUG: Packet dump: I think I am getting rejected because of some problem reading the shadow passwords file with this realm profile (see anything?): Realm # turn into lowercase RewriteUsername tr/A-Z/a-z/ AuthByPolicy ContinueWhileAccept AuthBy UNIX Identifier System Filename /etc/shadow /AuthBy AuthBy DBFILE Filename %D/users /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/detail /Realm However, I expected to see a bad passwords file get created to log the password into. After all, if I get "Bad Encrypted-Password" I would expect to see the list :) Any ideas? Thanks, Chris === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) terminal screen accounting
Hello Murat, The answer is the same: You have your NAS configured so it prefers to do CHAP over PAP, but radiator is not able to do CHAP authentication with an NT user database. You must change your NAS configuration so it uses PAP. Hope that helps. Cheers. On Jun 11, 4:05pm, Murat Kirmaci wrote: Subject: RE: (RADIATOR) terminal screen accounting [ Attachment (text/plain): ".prt21108@" 6434 bytes Character set: iso-8859-9 plain text ] -- End of excerpt from Murat Kirmaci -Original Message- From: Mike McCauley [SMTP:[EMAIL PROTECTED]] Sent: 11 Haziran 1999 Cuma 05:54 To: Murat Kirmaci; Mike McCauley; [EMAIL PROTECTED] Cc: Proje Grubu; Fahrettin Gurkan Subject: Re: (RADIATOR) terminal screen accounting On Jun 10, 12:14pm, Murat Kirmaci wrote: Subject: RE: (RADIATOR) terminal screen accounting Hello, As you remember we have two problems 1. For " bring up the terminal after the connection" problem I have attached the logfile and the detail file. DETAIL LOGFILE Thanks for those. I presume its the example login for burhanu that shows the problem? In that one, the NAS is trying to do CHAP authentication, whcih is impossible with the NT user database. I suggest you change your NAS configuration so it prefers to use PAP instead of CHAP. [Murat Kirmaci] No, burnanu was not showing the problem, I was working on a different NT server and the user burhanu was not configured in the Radiator's NT. Our test username was "free", at first access request from the username "free" was accepted ( because I chose the option "bring up the terminal after the connection" at dial up networking then at the black screen I entered the username "free" and it's password). If you please look at the second access request from the user "free" you see that it was rejected(it was rejected because the terminal after the connection did not come on to screen and I used the username and password section of the dial up networking.) -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) problem with includes and handlers
Hello Volker, You configuration file looks OK. I suspect that perhaps you are using Radiator version 2.13, which had a problem with Handler selection (it would always choose the first Handler). There is a patch available, see http://www.open.com.au/radiator/downloads/patches-2.13/README The problem is also fixed in the latest release 2.13.1 Hope that helps, but please let me know if not. Cheers. On Jun 15, 12:33pm, Volker Klau wrote: Subject: (RADIATOR) problem with includes and handlers Hi, i have tried to split our config file in some smaller config files similar to other radius servers: schnipp # clientconfigs are found in : clients.cfg include %D/clients.cfg # some numbered and realm based Handlers: proxy.cfg include %D/proxy.cfg Handler #default /Handler -schnapp- the file proxy.cfg contains 3 other handlers. one numbered (called-station-id) and two realm-based handlers. but this way, only one of the realm-based handlers(the first one) is used, the other one is ignored (without any warning). inserting the handler-statements from proxy.cfg directly into the config file, all handlers are used. ??? Thanx in advance for any help :-) Volker Klau -- +--+ + Volker KlauEMail: [EMAIL PROTECTED] + +Phone: +49-461-90 90 581 + + KomTel GmbHFAX: +49-461-90 900 71 + + Nordermarkt 1 - D-24937 Flensburg http://www.komtel.net + +--+ === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Volker Klau -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Can any body help me.....
Hello Abdul. Here is a sample configuration file that will authenticate from a file called users in the same directory, and will reply with all the attributes that a Cisco likes: Foreground LogStdout LogDir . DbDir . # You will probably want to change this to suit your site. Client DEFAULT Secret mysecret DupInterval 0 /Client Realm DEFAULT AuthBy FILE Filename ./users AddToReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName ./detail /Realm And in your user file, you would want something like this for each user: mikem Password="fred" abdul Password="xxx" Hope that helps. Cheers. On Jun 15, 7:09pm, Abdul Rehman Saeed wrote: Subject: (RADIATOR) Can any body help me. Hi All, I have very serious problem, I am using evaluation copy of radiator, before purchase. I installed(solaris 2.6) and tested by RADDPWTST on local machine working fine. For testing a have cisco 2511 term server modem to dialin. I have very short period for testing. I will be highly obliged if any friend help me, send me all configuration for cisco2511 and radius.cfg. Plz. all things should be in detail, I have no time time to research now, My first step is to dialin and authenticated from radius server. Please help me. Looking forward to all radiator friends If any question plz. ask me. Warm Regards. A.R.Saeed.. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Abdul Rehman Saeed -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Logging Rejections
With some help from Mike I created a logging module for SQL which logs the reasons that people are rejected. This is great for troubleshooting tech support calls. The module is small so I went ahead and attached it. In your configuration file you need: Log RejectSQL DBSource dbi:mysql:dbname:host DBUsername dbusername DBAuth dbpassword Table dbtablename /Log RejectSQL Table structure: CREATE TABLE rejectlog ( userid varchar(50) DEFAULT '' NOT NULL, reason varchar(128) DEFAULT '' NOT NULL, mdate timestamp(14), KEY userid (userid) ); Enjoy. Steve package Radius::LogRejectSQL; use Radius::LogSQL; use vars qw($VERSION @ISA); BEGIN { @ISA = qw(Radius::LogSQL); } # Even this might be unnecessary sub new { my ($class, $file) = @_; my $self = $class-SUPER::new($file); return $self; } sub log { my ($self, $p, $s) = @_; return unless $s =~ /^Access rejected for (.*): (.*)$/; my ($n, $r) = ($1, $2); # (Re)-connect to the database if necessary, return undefif !$self-reconnect; $n = $self-{dbh}-quote($n); $r = $self-{dbh}-quote($r); my $q = "insert into $self-{Table} (userid, reason) values ($n, $r)"; $self-do($q); } 1;
Re: (RADIATOR) (Radiator) dictionary files for USR seem off.
Hi Oliver, I suspect this is related to the USR attribute numbering issues discussed in the Radiator FAQ at http://www.open.com.au/radiator/faq.html#29 Hope that helps. Cheers. On Jun 15, 5:37pm, O Stockhammer wrote: Subject: (RADIATOR) (Radiator) dictionary files for USR seem off. Hello, We are getting two different sets of data for connection speed from radiator and merit radius. here is an example. Merit radius: Tue Jun 15 15:23:55 1999 User-Name = "core77" NAS-IP-Address = 207.240.142.3 Acct-Status-Type = Start Acct-Session-Id = "16908696" NAS-Port = 259 USR-Modem-Training-Time = 19 USR-Unauthenticated-Time = 9 USR-Connect-Speed = 4-BPS Radiator: core77 207.240.142.3 259 16908696 Tue Jun 15 15:27:43 1999 207.240.215.13 Async Framed-User v90Digital 58666_BPS. The radiator speed seems high. Note that we are logging to both systems currently and that the session-ID's match. Is it possible that the USR dictionary is missing some entries for radiator? We are using the TotalControlSNMP NAS type. Oliver Stockhammer Systems The Internet Channel === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from O Stockhammer -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthDBFile issue
With this DBM file entry: chrism Auth-Type = "System", NAS-Port-Type = "Async" Service-Type = "Framed-User", Framed-Protocol = "PPP", Framed-IP-Address = "255.255.255.254", Framed-MTU = "1500" Why does this debug output happen: Tue Jun 15 17:20:34 1999: DEBUG: Handling request with Handler 'Realm=' Tue Jun 15 17:20:34 1999: DEBUG: Rewrote user name to chrism Tue Jun 15 17:20:34 1999: DEBUG: Handling with Radius::AuthDBFILE Tue Jun 15 17:20:34 1999: DEBUG: Radius::AuthDBFILE looks for match with chrism Tue Jun 15 17:20:34 1999: WARNING: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: DEBUG: Radius::AuthDBFILE REJECT: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: INFO: Access rejected for chrism: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: DEBUG: Packet dump: Here is the .cfg file entry: Realm # turn into lowercase RewriteUsername tr/A-Z/a-z/ AuthByPolicy ContinueWhileAccept AuthBy DBFILE Identifier System Filename %D/users /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/detail /Realm Thanks, Chris === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthDBFile issue
Hi Chris, Thats puzzling. Is it possible that you changed the config and HUPped the server? If so I would suggest you restart it instead. No, I killed and restarted it. BTW, that configuration is basically recursive: when you get it to go to System, it will then call System again, over and over until something terrible happens. It is more usual to make the System authby a separate item: AuthBy UNIX Identifier System /AuthBy I had it doing this: AuthBy UNIX Identifier System Filename /etc/shadow /AuthBy just in front of doing the DBFile thing, but I thought this was interesting that when I went to remove the UNIX stuff and just use DBFile that I got these results. Chris Cheers. On Jun 15, 5:23pm, Chris M wrote: Subject: (RADIATOR) AuthDBFile issue With this DBM file entry: chrism Auth-Type = "System", NAS-Port-Type = "Async" Service-Type = "Framed-User", Framed-Protocol = "PPP", Framed-IP-Address = "255.255.255.254", Framed-MTU = "1500" Why does this debug output happen: Tue Jun 15 17:20:34 1999: DEBUG: Handling request with Handler 'Realm=' Tue Jun 15 17:20:34 1999: DEBUG: Rewrote user name to chrism Tue Jun 15 17:20:34 1999: DEBUG: Handling with Radius::AuthDBFILE Tue Jun 15 17:20:34 1999: DEBUG: Radius::AuthDBFILE looks for match with chrism Tue Jun 15 17:20:34 1999: WARNING: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: DEBUG: Radius::AuthDBFILE REJECT: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: INFO: Access rejected for chrism: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: DEBUG: Packet dump: Here is the .cfg file entry: Realm # turn into lowercase RewriteUsername tr/A-Z/a-z/ AuthByPolicy ContinueWhileAccept AuthBy DBFILE Identifier System Filename %D/users /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/detail /Realm Thanks, Chris === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Chris M -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthDBFile issue
Hi Chris. OK, I tried it here and it went recursive as I expected. So I cant explain what you saw. Its not causing you a problem is it? On Jun 15, 7:33pm, Chris M wrote: Subject: Re: (RADIATOR) AuthDBFile issue Hi Chris, Thats puzzling. Is it possible that you changed the config and HUPped the server? If so I would suggest you restart it instead. No, I killed and restarted it. BTW, that configuration is basically recursive: when you get it to go to System, it will then call System again, over and over until something terrible happens. It is more usual to make the System authby a separate item: AuthBy UNIX Identifier System /AuthBy I had it doing this: AuthBy UNIX Identifier System Filename /etc/shadow /AuthBy just in front of doing the DBFile thing, but I thought this was interesting that when I went to remove the UNIX stuff and just use DBFile that I got these results. Chris Cheers. On Jun 15, 5:23pm, Chris M wrote: Subject: (RADIATOR) AuthDBFile issue With this DBM file entry: chrism Auth-Type = "System", NAS-Port-Type = "Async" Service-Type = "Framed-User", Framed-Protocol = "PPP", Framed-IP-Address = "255.255.255.254", Framed-MTU = "1500" Why does this debug output happen: Tue Jun 15 17:20:34 1999: DEBUG: Handling request with Handler 'Realm=' Tue Jun 15 17:20:34 1999: DEBUG: Rewrote user name to chrism Tue Jun 15 17:20:34 1999: DEBUG: Handling with Radius::AuthDBFILE Tue Jun 15 17:20:34 1999: DEBUG: Radius::AuthDBFILE looks for match with chrism Tue Jun 15 17:20:34 1999: WARNING: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: DEBUG: Radius::AuthDBFILE REJECT: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: INFO: Access rejected for chrism: Could not find Identifier for Auth-Type System Tue Jun 15 17:20:34 1999: DEBUG: Packet dump: Here is the .cfg file entry: Realm # turn into lowercase RewriteUsername tr/A-Z/a-z/ AuthByPolicy ContinueWhileAccept AuthBy DBFILE Identifier System Filename %D/users /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/detail /Realm Thanks, Chris === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Chris M -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody -- End of excerpt from Chris M -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) restartWrapper and screen
Anyone using restartWrapper and screen? I'd like to use restartWrapper but I need to be able to start and stop radiator remotely. I'd like to use screen to do this but I am not sure how to add that to the startup scripts so it launches radiator on the detached screen at bootup. This is kind of off topic but figured someone here is doing something similar. ..Rich -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Logging
Hi John, I dont think there are any patches relevent to your previous question, but you may want to check for yourself at http://www.open.com.au/radiator/downloads/patches-2.13.1/README Cheers. On Jun 16, 9:56pm, John Abbott wrote: Subject: (RADIATOR) SQL Logging Hi Mike, I will get some loggs to you if my next move doesn't solve it. Can you let me know if any updates/patches should be applied, I am using 2.13 out of the box(so to speek :-) regs John Abbott === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from John Abbott -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Install mishap on FreeBSD 2.2.8
Hello, We were just installing to our production machine and recieve this error in the make test: # make test PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.00502/i386-freebsd -I/usr/local/lib/perl5/5.00502 test.pl Starting tests... Starting servers. Please wait... Undefined subroutine Radius::Realm::reinitialize called at radiusd line 166. Undefined subroutine Radius::Realm::reinitialize called at radiusd line 166. This is the most recent Radiator and the patch tarball is that of 14.6.99. Please advise as how to fix. Thank You, Oliver Stockhammer Systems The Internet Channel === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator PostAuthHook
Trying to use thePostAuthHook function ot have Radiator generate some custom logs to give details of all attempted logins. Current PostAuthHook shown below; PostAuthHook sub { my $filename = "/usr/local/radius/logs/testlog"; \ my $time = time; \ my $ctime = localtime($time); \ my $nas_ip = $_[0]-get_attr('NAS-IP-Address'); \ my $phone = $_[0]-get_attr('Called-Station-Id'); \ my $user = $_[0]-get_attr('User-Name'); \ my $r = "NULL"; \ $nas_ip = "POP3 mail" \ if $nas_ip eq "196.14.80.129";\ $r = "DENY" \ if $_[2] == $main::REJECT; \ $r = "ACCEPT" \ if $_[2] == $main::ACCEPT;\ open(LOG, "$filename");\ print LOG "$ctime: UserName \"$user\": Dialed $phone - $nas_ip - $r\n"; \ close(LOG); } No compilation errors are reported, however when a request is processed the log file reports the following error message; Thu Jun 3 10:30:56 1999: ERR: Error in PostAuthHook(): Can't call method "get_attr" on unblessed reference at (eval 189) line 1. Radiator version - 2.13.1 Patched - patches-2.13.1.tar.gz - June 3 1999 Any suggestions on how to overcome this would be greatly appreciated.. Regards Ian Hughes +--+ Ian Hughes - Tech Support/System Admin. Hunterlink Pty. Ltd. (Australia) 1st Floor, 805 Hunter Street Dangar, NSW, 2309 Australia Phone: +61 2 4969 0122 Fax: +61 2 4969 0133 E-Mail: [EMAIL PROTECTED] +--+ If things get any worse, I'll have to ask you to stop helping me. +--+ === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator PostAuthHook
Hi Ian, On Jun 17, 4:09pm, Ian Hughes wrote: Subject: (RADIATOR) Radiator PostAuthHook Trying to use thePostAuthHook function ot have Radiator generate some custom logs to give details of all attempted logins. Current PostAuthHook shown below; Contrary to the documentation, you need to dereference $_[0] like this: my $nas_ip = ${$_[0]}-get_attr('NAS-IP-Address'); and $_[2] like this: if ${$_[2]} == $main::REJECT; We apologise for the error in our docs. Hope that helps. Cheers. PostAuthHook sub {my $filename = "/usr/local/radius/logs/testlog"; \ my $time = time; \ my $ctime = localtime($time); \ my $nas_ip = $_[0]-get_attr('NAS-IP-Address'); \ my $phone = $_[0]-get_attr('Called-Station-Id'); \ my $user = $_[0]-get_attr('User-Name'); \ my $r = "NULL"; \ $nas_ip = "POP3 mail" \ if $nas_ip eq "196.14.80.129";\ $r = "DENY" \ if $_[2] == $main::REJECT; \ $r = "ACCEPT" \ if $_[2] == $main::ACCEPT;\ open(LOG, "$filename");\ print LOG "$ctime: UserName \"$user\": Dialed $phone - $nas_ip - $r\n";\ close(LOG); } No compilation errors are reported, however when a request is processed the log file reports the following error message; Thu Jun 3 10:30:56 1999: ERR: Error in PostAuthHook(): Can't call method "get_attr" on unblessed reference at (eval 189) line 1. Radiator version - 2.13.1 Patched - patches-2.13.1.tar.gz - June 3 1999 Any suggestions on how to overcome this would be greatly appreciated.. Regards Ian Hughes +--+ Ian Hughes - Tech Support/System Admin. Hunterlink Pty. Ltd. (Australia) 1st Floor, 805 Hunter Street Dangar, NSW, 2309 Australia Phone: +61 2 4969 0122 Fax: +61 2 4969 0133 E-Mail: [EMAIL PROTECTED] +--+ If things get any worse, I'll have to ask you to stop helping me. +--+ === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Ian Hughes -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Install mishap on FreeBSD 2.2.8
Hi Oliver, Looks to me like you have a patched radiusd running, but the patched Realm.pm is not installed in the right place. You should check that you really have the patched Realm.pm in the Radius directory of your distribution. If you have done a "make install" already, you may need to do it again too. Hope that helps. Cheers. On Jun 17, 2:21am, O Stockhammer wrote: Subject: (RADIATOR) Install mishap on FreeBSD 2.2.8 Hello, We were just installing to our production machine and recieve this error in the make test: # make test PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.00502/i386-freebsd -I/usr/local/lib/perl5/5.00502 test.pl Starting tests... Starting servers. Please wait... Undefined subroutine Radius::Realm::reinitialize called at radiusd line 166. Undefined subroutine Radius::Realm::reinitialize called at radiusd line 166. This is the most recent Radiator and the patch tarball is that of 14.6.99. Please advise as how to fix. Thank You, Oliver Stockhammer Systems The Internet Channel === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from O Stockhammer -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) static IP+ maximun sessions
Dear All, Hi, Today I am very happy because I am succeeded to test radiator, I dial authenticate from radius (/etc/shadow) and log maintain on radius server and also in oracle server. It is working fine upto this .. Now I have three problems 1- I have user named saeed I wants to allocate him static IP e.g. 210.56.8.106 each time whenever reconnects, he should got this IP. I have tried but not succeeded. note: I am running radiator on solaris and use UNIX file /etc/shadow for authentication. 2- For an other user login name is sdtfgI wants to maximum session 3 (concurrent login session) 3- Please look into accounting logs Thu Jun 17 14:49:00 1999 NAS-IP-Address = 210.56.8.100 NAS-Port = 9 NAS-Port-Type = Async User-Name = "arsaeed" Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "0033" Framed-Protocol = PPP Framed-IP-Address = 210.56.8.102 Acct-Input-Octets = 2338 Acct-Output-Octets = 151 Acct-Input-Packets = 28 Acct-Output-Packets = 7 Acct-Session-Time = 43 Acct-Delay-Time = 0 Timestamp = 929648940 I am unable to understand Timestamp= 929648940 for billing purpuse wants to use header Thu Jun 17 14:49:00 1999 how can I store "Thu Jun 17 14:49:00 1999" in accounting table as time stamp ? Is it possible to maintain log in flate file as in TACACS+ ..? for example: Thu Jun 17 20:32:00 1999210.56.8.40 dailydinAsync13 async start task_id=1784service=ppp Thu Jun 17 20:32:02 1999194.133.50.7jilanee Async5 async/ start task_id=944 timezone=UTCservice=ppp Thu Jun 17 20:32:03 1999210.56.8.40 dailydinAsync13 async update task_id=1784service=ppp protocol=ip addr=210.56.9.106 Thu Jun 17 20:32:13 1999210.56.8.39 erichbr Async12 async stop task_id=576 service=ppp protocol=ip addr=210.56.9.87 bytes_in =102573 bytes_out=689177paks_in=1720paks_out=1825 elapsed_time=152 6 Note: I am using this radius.cfg file, Please guide me in details... Advance Thanks. # Set this to the directory where your logfile and details file are to go LogDir /var/log/radius LogFile /var/log/%Y-radius.log DbDir /usr/local/etc/raddb Client 210.56.8.100 Secret comsatsinternet123 DupInterval 0 /Client Realm DEFAULT AuthByPolicy ContinueUntilAccept AuthBy SQL DBSource dbi:Oracle:(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=211.26.18.24)(POR T=1521))(CONNECT_DATA=(SID=orcl))) DBUsername radiator DBAuthrdffrss AuthSelect AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address /AuthBy AuthBy UNIX Filename /etc/shadow AddToReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP /AuthBy AcctLogFileName ./detail /Realm Best Regards. COMSATS Internet Servives === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous use
On Mon, 14 Jun 1999, Mike McCauley wrote: Hi James. On Jun 11, 2:21am, James H. Thompson wrote: Subject: Re: (RADIATOR) Simultaneous use Since the NAS reply items are different for each NAS, I'd have to setup 3 full sets of check/reply items for each user. That sounds like too much work. How would I do it by chaining the File authentications? I was thinking about something like this: Realm DEFAULT AuthByPolicy ContinueAlways Shouldn't the line above be: AuthByPolicy ContinueWhileAccept if the first Authby Rejects, we don't want to let the next accept it? AuthBy FILE DefaultSimultaneosUse 1 Filename xxx /AuthBy AuthBy FILE Filename yyy /AuthBy /Realm In file xxx: # This make user1 and user2 have a sim-use limit of 2, everyone else gets 1 DEFAULT user1 Simultaneous-Use=2 user2 Simultaneous-Use=2 IN file yyy: DEFAULT NAS-Identifier = "LRD56_82BE00", Auth-Type = ljnet_sql Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 400 # Nortel DEFAULT NAS-Identifier = "las-nortel", Auth-Type = ljnet_sql Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 200 etc. So the effect is that xxx checks the sim-use amd yyy check everything else. Jim [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Improving RADIUS reliability?
On 1999-06-18T09:11:30, "Mike McCauley" [EMAIL PROTECTED] said: The theory is that using TCP allows the apps to get a better handle on poor network connections or down/unreachable radius servers than the simple UDP protocol. Does that seem like a good idea to anyone? Partly a good idea. First thing which comes to my mind is that fact that TCP will lose packets just like UDP on saturated links - it just provides a buildin recovery mechanism, it resends the packets. The RADIUS protocol does this too. One might arrive at the conclusion that if you have serious packet loss on your internal backbone, you are screwed anyway ;-) Next, I think if you need an additional layer of reliability between your RADIUS servers, your network is probably a bit larger than mine ;) And you are likely to get many RADIUS packets/second. Maybe it would make more sense to replicate the auth data to each POP and also provide a speedup. I don't think it is a _bad_ idea - it just occurs to me that it may not be a very important feature, sorry. Sincerely, Lars Marowsky-Brée -- Lars Marowsky-Brée Network Management teuto.net Netzdienste GmbH - DPN Verbund-Partner === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Improving RADIUS reliability?
Lars Marowsky-Bree wrote: On 1999-06-18T09:11:30, "Mike McCauley" [EMAIL PROTECTED] said: The theory is that using TCP allows the apps to get a better handle on poor network connections or down/unreachable radius servers than the simple UDP protocol. Does that seem like a good idea to anyone? Partly a good idea. First thing which comes to my mind is that fact that TCP will lose packets just like UDP on saturated links - it just provides a buildin recovery mechanism, it resends the packets. The RADIUS protocol does this too. Well, I think that you earn nothing by TCP'ing out the Auth requests. If you start losing data the odds are that the PPP user connection times out... However I can see that Acct should go TCP... Someone else also said that Radius provides for retransmissions (even if UDP doesn't) Have you thought what happens when a Radius server ACK packet gets lost? I wish you never live a Radius Storm (tm) Next, I think if you need an additional layer of reliability between your RADIUS servers, your network is probably a bit larger than mine ;) And you are likely to get many RADIUS packets/second. Maybe it would make more sense to replicate the auth data to each POP and also provide a speedup. This really makes sense... -- Arturo Pina - [EMAIL PROTECTED] CTV Internet [http://www.ctv.es/] +34 902 444557 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SecurID and Radiator
yes, here i am, meanwhile, i modify radiator to work in a mixed mode if AuthByAce AuthByFile standard radiator supports ace only as a "full to configure" radius server. have fun steffen [EMAIL PROTECTED] wrote: Does anyone have Radiator running with Secure Dynamics ACE server? If so can you share your configs - I'm trying to find out how to have radiator authenticate using the securid token cards but so far it appears that radiator would proxy to another radius server that can then talk to the ACE server. Rob --reminds me of the story about the world being on the back of a turtle, which is itself standing on a turtle, which is === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- -BEGIN PGP PUBLIC KEY BLOCK- Version: PGP for Personal Privacy 5.0 mQGiBDTGDC0RBAD2mT9QsIvAmRLAo03HHDsztp+OMfu/Pw7DHNVyGNEqaJGY6a6u vi/jWfa9suz22ZUMYIxSZao8VKDk2tOryLUFRD51X/azG/6sgcxyYDydR0HZqjd8 qT28vVMmvRTax3oCoFDIgTJfcSrpuQZGAwjv0fAvzwwcK2iNe34IbQ//QwCg/yAG duGdMGaTeEchEK4ztevPNvUD/03yycrHuYgS7ITw4FwYIzu0jESe4B8jBCe8V+zi 4exHmjRrXQzZKmPh9tJP4DeK8Ldq8kI9vJ4EgiZI0RucSlD3Y8J82nIH6Axmn/7v zc32urngE8Mh0tX2FLUHLOflNWV07DYeJctuB1WSFvV7nnCslqdDZzWRFSzAkxDf yo4oBADFJpsngdgFWUA9jaW6207biUu/Piw5z5VIhwtW33GLUKh+TYi19qhHW2eR y+NyhhJ0G2Zom1gZvmQj2fRsmAW9ZCzhmgkTlxjIpoPatd9yOzx/NEipmmSQ9e6b 3OZCsJOKdn1p9PqTJX125GUNic1fUcXLKCf9SnU8XHPwpuoyirQmU3RlZmZlbiBH ZWhyaW5nIDxzLmdlaHJpbmdAYWxjYXRlbC5kZT6JAEsEEBECAAsFAjTGDC0ECwMB AgAKCRDDwzJ3onjozhh2AJ4/ts0cou/Vs8bH7IXtl4j8nCYr1ACgpfW2xnw8VZcc 06pVWx1MszY1yjC5Ag0ENMYMLRAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65 Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09 jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brw v0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiN jrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrK lQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIIANhDUXfv 6kGMQfflKMrsWokmaBJq5KlEAXKHVmKsDreEbbHkycKUuqxnd1zHD6qJ6zqumGhk p1+0LD96Bz+dLNXaB58Uxs7VDYdxqC2st841Ogtpr/+8KwFtAtoMDLsNwQQdJdf2 /dK8QG8kZbfjkVy0Du63md9y9g6aYvVF1X3geoAPpNWYuZPdrN8jQFxIARPsjgnf RNbyyvmpcF1Yfrp19IlIPI1YHxr6jL95ffjFTS+/2DrtwAcjomkIS/idKG8uJirk AJr+92hpLb+CuMrtmDxzTHV3yGRrgbsqhNXyT5QuTtkq6FV/VtSU7f1W1NRYDL1t 7x5jaTassXsDvsWJAD8DBRg0xgwtw8Myd6J46M4RAobnAJ4hccD8UhlLmUJHDxxt V+dSDxCXEgCffhuDC8ozsyn/doYp2CJffPMriGc= =hZAS -END PGP PUBLIC KEY BLOCK- begin:vcard n:#47978;Gehring, Steffen, x-mozilla-html:FALSE adr:;; version:2.1 email;internet:[EMAIL PROTECTED] note;quoted-printable:username@lts.sel.alcatel.de=0D=0Avorname.nachname@lts.sel.alcatel.de=0D=0Avorname.nachname@ks.sel.alcatel.de=0D=0Ausername=0D=0Avorname.nachn=0D=0A x-mozilla-cpt:;-3328 fn:Gehring, Steffen, #47978 end:vcard
(RADIATOR) snmpget errors.
I've suddenly started getting snmpget errors. The only thing that has changed is I upgraded the linux kernel to 2.2.9 Here is my config. # radius.cfg Trace 4 PidFile /usr/local/radius/radiusd.pid AuthPort1645 AcctPort1646 LogDir /usr/local/radius/log LogFile %L/%Y%m%d DbDir /usr/local/radius/raddb DictionaryFile /usr/local/radius/dictionary.usr RewriteUsername tr/[A-Z]/[a-z]/ Client xxx.xxx.xxx.xxx Secret somesecret DefaultRealm domain.com IgnoreAcctSignature NasType TotalControlSNMP SNMPCommunity somecommunity IdenticalClients xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx etc. /Client I have 2.13.1 and all the patches. I am using RedHat 5.2 with kernel 2.2.9 (which is new) and RH's rpm ucd-snmp-utils-3.5.3-2 package for snmpget. I have double and triple checked the community and it is correct. Here is the errors I am getting Error in packet Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: No community name specified. Usage: snmpget [-v 1|2c|2p] [-h] [-d] [-q] [-R] [-D] [-m MIBS] [-M MIDDIRS] [-p P] [-t T] [-r R] [-c S D] hostname community|{srcParty dstParty context} [objectID ...] all the parameters for snmpget printed here...I thought I'd spare you and delete them sh: somecommunity: command not found So it looks like radiator is not parsing the config file correctly because it thinks the community 'somecommunity' is a command, not part of the SNMPCommunity setting. More likely is that RedHat is using some weird version of snmpget. ..Rich PS: Before sending this message, I uninstalled the ucd-snmp's rpm's and installed the latest version from the link off the radiator site. Same problem. PSS: Mike, FYI the link to ucd-snmp is not working properly. It tacks on the ucd URL to open.com.au. -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session timeout
Does anyone know if a session timeout flag exists in radiator? Basically if a user is logged on for too long, kick em off. JB === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Improving RADIUS reliability?
On 1999-06-18T08:37:13, Lars Marowsky-Bree [EMAIL PROTECTED] said: First thing which comes to my mind is that fact that TCP will lose packets just like UDP on saturated links - it just provides a buildin recovery mechanism, it resends the packets. The RADIUS protocol does this too. One might arrive at the conclusion that if you have serious packet loss on your internal backbone, you are screwed anyway ;-) Now, what I meant to say but forgot: There is a certain horror scenario associated with the fact that TCP not only gives you reliable, but also ordered delivery. Lets say you actually have packet loss and your NAS gets 10 connections in quick succession. Only the first packet sent to the server gets lost (either the UDP packet or the first TCP packet). What happens? The rest of the UDP packets arrive fine, and get authorised quickly. The failed packet gets retransmitted after 1-2 seconds, depending on your timeout. The rest of the TCP packets do not get through to the RADIUS server, because the first one is missing, and you get the TCP/IP stream only after it has been successfully retransmitted. This delays all other requests behind the failed on too, maybe triggering timeouts on the NAS and causing the NAS to retransmit the query to the RADIUS server at the leaf site, which would probably require duplicate detection code to not retransmit to the server in this case. The effect can be lessened by opening, lets say, 5 parallel connections from the leaf site to the master server and using them round-robin, but this doesn't solve the problem completely. And TCP/IP has quite some interesting timeouts before admitting failure, which are absolutely inacceptable for RADIUS. (And the fact that it admits failure and takes the entire send queue down, and not just the failed packet) (This is unlikely to occur, but anyway: If it is the _bitpattern_ in the first packet which causes the transmit to fail (been there done that), it would kill the whole TCP connection over which it is send, since it could never be transmitted - in the UDP case, only this one auth would fail) Encryption: Yes. (Should be no problem from .au) Cool idea for colocated servers etc. Maybe even a smarter retransmit thing than the current RADIUS protocol. TCP? Not IMHO. Sincerely, Lars Marowsky-Brée -- Lars Marowsky-Brée Network Management teuto.net Netzdienste GmbH - DPN Verbund-Partner === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session timeout
On Fri, Jun 18, 1999 at 03:33:56PM -0500, Josh Bressers wrote: Does anyone know if a session timeout flag exists in radiator? Basically if a user is logged on for too long, kick em off. Radiator can send Session-Timeout or Ascend-Maximum-Time back to the NAS, but it's up to the NAS to interpret and disconnect the user. [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Recommendation on Installation - Root or Not
Do you have any recommendations on whether root should or should not install Radiator? There will be other non-root users needing to run Radiator. I am installing as root and do not want to prevent non-root users from using the application. John === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Give me some suggestions
I am trying to transfer the conventional radius (use text file to record users) to Radiator system. I have several NAS devices including Cisco AS5300 and Xyplex Terminal Server in several location. Now I use central authentication for all users in different location. In conventional radius, it will keep several detail files according to the IP address of NAS device (for example, NAS1 will keep detail file in a directory a.b.c.d, NAS2 will keep detail file in a directory e.f.g.h) . If I want to use SQL server for authentication, accounting and billing, please give me some suggestions how do I to design database schema for accounting (according to date, NAS device,) so that I can bill all users according their usage(time or packages). Authur === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Give me some suggestions
I am trying to transfer the conventional radius (use text file to record users) to Radiator system. I have several NAS devices including Cisco AS5300 and Xyplex Terminal Server in several location. Now I use central authentication for all users in different location. In conventional radius, it will keep several detail files according to the IP address of NAS device (for example, NAS1 will keep detail file in a directory a.b.c.d, NAS2 will keep detail file in a directory e.f.g.h) . If I want to use SQL server for authentication, accounting and billing, please give me some suggestions how do I to design database schema for accounting (according to date, NAS device,) so that I can bill all users according their usage(time or packages). Authur === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Qu re software
Hello, We have a VERSANET 2002 Unit, which support RADIUS functionality. We require a RADIUS software package (which runs on Windows 95/NT) which will enable us to maintain users and know WHAT MB amount they have downloaded and WHAT time they have used per month. Can your software obtain this information directly from the RADIUS on the versanet? (PS: Versanet told me to contact you directly, they claim your software can..? www.versanet.com) I would appreciate a prompt reply. many Thanks. Jacob Ohlson // CO PowerNET computer Consultants P/L === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SQL fallback to flat file
Hey, I'm trying to accomplish several things, but just cant get them to work together. I Authenticate using AuthBy PLATYPUS, and also send additional accounting information and log info to a MySQL server. The biggest problem is that my stinking Windows NT box that runs SQL server throws a temper-tantrum every week or so and insists on being rebooted. When the NT box is rebooted, obviously SQL stops and users cannot authenticate. However, when it comes back up, radiator still thinks its down and rejects logins until radiusd is killed with a kill -9 and restarted. What I have done is create a script which runs nightly and creates a flat file to be used with AuthBy FILE. Optimally, what I want to happen is if (when) MsSQL server goes down or stops responding, then radius authenticate through the flat file, write a common format detail file (and still log to my MySQL database), and then when (if) SQL comes back up, start authenticating through Platypus again. I've been looking into the AuthBy GROUP command, which is what I think I need, but haven't had any luck. Below is what I am using now, without the fall-back to the flat file. BTW, since I'm including this config, the Log RejectSQL doesnt work, any ideas? Thanks! Foreground LogStdout LogDir /var/log/radiusd DbDir /usr/local/etc DictionaryFile /usr/local/etc/dictionary Trace 4 Client localhost Secret mysecret /Client Client DEFAULT Secret mysecret # DupInterval 0 /Client Realm DEFAULT AuthByPolicy ContinueAlways AuthBy SQL DBSourcedbi:mysql:radiustbl:localhost DBUsername myusername DBAuth mypasswd AuthSelect AcctColumnDef ACCTAUTHENTIC,Acct-Authentic,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef ASCENDCONNECTPROGRESS,Ascend-Connect-Progress,integer AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer AcctColumnDef ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause,integer AcctColumnDef ASCENDFIRSTDEST,Ascend-First-Dest AcctColumnDef ASCENDMODEMPORTNO,Ascend-Modem-PortNo,integer AcctColumnDef ASCENDMODEMSLOTNO,Ascend-Modem-SlotNo,integer AcctColumnDef ASCENDMULTILINKID,Ascend-Multilink-ID,integer AcctColumnDef ASCENDNUMINMULTILINK,Ascend-Num-In-Multilink,integer AcctColumnDef ASCENDPREINPUTOCTETS,Ascend-Pre-Input-Octets,integer AcctColumnDef ASCENDPREINPUTPACKETS,Ascend-Pre-Input-Packets,integer AcctColumnDef ASCENDPREOUTPUTOCTETS,Ascend-Pre-Output-Octets,integer AcctColumnDef ASCENDPREOUTPUTPACKETS,Ascend-Pre-Output-Packets,integer AcctColumnDef ASCENDPRESESSIONTIME,Ascend-PreSession-Time,integer AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,integer AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CONNECTINFO,Connect-Info AcctColumnDef FRAMEDIPADDRESS,Framed-Ip-Address AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol,integer AcctColumnDef NASIPADDRESS,NAS-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer AcctColumnDef SERVICETYPE,Service-Type,integer AcctColumnDef TIMESTAMP,Timestamp,integer AcctColumnDef USERNAME,User-Name /AuthBy SQL AuthBy PLATYPUS DBSource dbi:Sybase:MYINTNAME DBUsername platusername DBAuth platpasswd AuthSelect ' ' #AccountingTable /AuthBy PLATYPUS MaxSessions 2 PasswordLogFileName /var/log/radiusd/pwlog #Log accounting to the detail file in LogDir #AcctLogFileName /var/log/radiusd/detail /Realm Log SQL DBSourcedbi:mysql:radiustbl:localhost DBUsername myusername DBAuth mypasswd Trace 3 /Log SQL Log RejectSQL DBSource dbi:mysql:radiustbl:localhost DBUsername myusername DBAuth mypasswd Table rejectlog /Log RejectSQL SNMPAgent Community mysnmppw Port mysnmpport /SNMPAgent SessionDatabase SQL Identifier SDB1 DBSource dbi:mysql:radiustbl:localhost DBUsername myusername DBAuth mypasswd AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \ ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, CALLINGSTATIONID, \ CONNECTINFO, NASPORTTYPE, \ SERVICETYPE) values ('%n', '%N',
Re: (RADIATOR) accouting with IdenticalClient proxy radius
Hello Didier, On Jun 18, 11:44am, Didier Lancry wrote: Subject: (RADIATOR) accouting with IdenticalClient proxy radius Hello, Radiator recieves authentification requests from a proxy server. There are several NAS's which use this proxy. I have declared the proxy thru the CLIENT xxx tag. This works well for authentification, Radiator does not need to know anything about NAS's IP, Proxy's IP declaration is enough. But for accounting messages, I have to declare all NAS's IP addresses individually, else Radiator rejects the accouting message (unknow client) Thats very curious. It means that the accounting requests are not going through the proxy at all! The problem is I have no control on NAS's IP (which are managed by another society) and those addresses are subject to changes from time to time. So I will miss accouting message. Is there a way to have Radiator check ONLY proxy address for accounting as it does for authentification ? No, but you can arrange for it to ignore the signature for accounting requests. I think you have 2 options: 1. Set up a Client DEFAULT with IgnoreAcctSignature. 2. Arrange for accounting requests to go via the proxy too. Hope that helps. Cheers. Thanks for your help, Didier -- [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Didier Lancry -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) snmpget errors.
Hi Richard, On Jun 18, 1:47pm, Richard Hawley wrote: Subject: (RADIATOR) snmpget errors. I've suddenly started getting snmpget errors. The only thing that has changed is I upgraded the linux kernel to 2.2.9 Here is my config. # radius.cfg Trace 4 PidFile /usr/local/radius/radiusd.pid AuthPort1645 AcctPort1646 LogDir /usr/local/radius/log LogFile %L/%Y%m%d DbDir /usr/local/radius/raddb DictionaryFile /usr/local/radius/dictionary.usr RewriteUsername tr/[A-Z]/[a-z]/ Client xxx.xxx.xxx.xxx Secret somesecret DefaultRealm domain.com IgnoreAcctSignature NasType TotalControlSNMP SNMPCommunity somecommunity IdenticalClients xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx etc. /Client I have 2.13.1 and all the patches. I am using RedHat 5.2 with kernel 2.2.9 (which is new) and RH's rpm ucd-snmp-utils-3.5.3-2 package for snmpget. I have double and triple checked the community and it is correct. Here is the errors I am getting Error in packet Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: No community name specified. Usage: snmpget [-v 1|2c|2p] [-h] [-d] [-q] [-R] [-D] [-m MIBS] [-M MIDDIRS] [-p P] [-t T] [-r R] [-c S D] hostname community|{srcParty dstParty context} [objectID ...] all the parameters for snmpget printed here...I thought I'd spare you and delete them sh: somecommunity: command not found So, that last line is actually printed out by snmpget or Radiator? So it looks like radiator is not parsing the config file correctly because it thinks the community 'somecommunity' is a command, not part of the SNMPCommunity setting. More likely is that RedHat is using some weird version of snmpget. Did you specify SNMP version 1? Radiator only supports version 1. Perhaps the new snmpget has a different default version? ..Rich PS: Before sending this message, I uninstalled the ucd-snmp's rpm's and installed the latest version from the link off the radiator site. Same problem. PSS: Mike, FYI the link to ucd-snmp is not working properly. It tacks on the ucd URL to open.com.au. Fixed. Thanks for that one. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Fail
Hello Mikael. The strategy Radiator uses when SQL fails is this: 1. Try to fallback to another SQL server. You can have multiple fallback servers by specifying multiple DBSource lines. 2. If after trying all the DBSources, it still cant connect, it will say to IGNORE the request. So you have several options: 1. Have a standby SQL server, and have a fallback SQL server configured into Radiator. 2. Chain a second authentication method after SQL, so that if SQL fails (and says IGNORE), it will then auth from (say) a local flat file: Realm whatever AuthByPolicy ContinueWhileIgnore AuthBy SQL # whatever /AuthBy # If SQL fails, auth from flat file: AuthBy FILE Filename whatever /AuthBy /Realm Hope that helps. PS, if I misunderstood, and Radiator actually crashed, it should not do that. If thats what happened, please send us the Radiator log file, plus whatever you see on stdout, plus details of your operting system revision and platform. Cheers. Cheers. On Jun 19, 5:17am, Mikael Hugo wrote: Subject: (RADIATOR) SQL Fail [ Attachment (text/plain): 880 bytes Character set: windows-1252 plain text Encoded with "quoted-printable" ] -- End of excerpt from Mikael Hugo How can I fix, so that the Radiator does not crash for all Realms when an SQL server fails for a single realm? We took down an MYSQL server for a testdomain, and suddenly we got at LOT of angry calls. Sat Jun 19 05:01:42 1999: ERR: Could not connect to SQL database with DBI-conne ct dbi:mysql:xxx: Can't connect to MySQL server on '' (60) Sat Jun 19 05:01:42 1999: ERR: Could not connect to any SQL database. Request is ignored. * -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Give me some suggestions
Hello Authur, I think if you use the example schemas that we provide in the goodies directory it will do what you want. In those examples, each accounting record has the NAS-IP-Address stored in the NASIDENTIFIER column. You could then use that column to select the accounting records for each NAS. Hope that helps. Cheers. On Jun 20, 9:44am, Authur Lin wrote: Subject: (RADIATOR) Give me some suggestions I am trying to transfer the conventional radius (use text file to record users) to Radiator system. I have several NAS devices including Cisco AS5300 and Xyplex Terminal Server in several location. Now I use central authentication for all users in different location. In conventional radius, it will keep several detail files according to the IP address of NAS device (for example, NAS1 will keep detail file in a directory a.b.c.d, NAS2 will keep detail file in a directory e.f.g.h) . If I want to use SQL server for authentication, accounting and billing, please give me some suggestions how do I to design database schema for accounting (according to date, NAS device,) so that I can bill all users according their usage(time or packages). Authur === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Authur Lin -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) bind/unbind in LDAP2
Hello LDAP authenticators, We have recently modified LDAP2 authentication so that it more closely conforms with what some LDAP server expect: namely it keeps one LDAP connection up as long as possible, but binds unbinds for each search. This should have some performance improvements of the current patch for LDAP2, and should continue to work OK with all the LDAP server we know about. We would appreciate it if interested parties would try this version, and let us know about any problems. You should keep a copy of your current AuthLDAP2.pm so you can roll back if need be. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody AuthLDAP2.pm
Re: (RADIATOR) SQL fallback to flat file
Hi Derek, On Jun 20, 10:09am, Derek Sanderson wrote: Subject: (RADIATOR) SQL fallback to flat file Hey, I'm trying to accomplish several things, but just cant get them to work together. I Authenticate using AuthBy PLATYPUS, and also send additional accounting information and log info to a MySQL server. The biggest problem is that my stinking Windows NT box that runs SQL server throws a temper-tantrum every week or so and insists on being rebooted. When the NT box is rebooted, obviously SQL stops and users cannot authenticate. However, when it comes back up, radiator still thinks its down and rejects logins until radiusd is killed with a kill -9 and restarted. Hmmm, thats not what I would expect to happen. Are you at Radiator revision 2.13.1? Could you get a trace of what happens during an event liek this at trace level 4? Im the meantime What I have done is create a script which runs nightly and creates a flat file to be used with AuthBy FILE. Optimally, what I want to happen is if (when) MsSQL server goes down or stops responding, then radius authenticate through the flat file, write a common format detail file (and still log to my MySQL database), and then when (if) SQL comes back up, start authenticating through Platypus again. I've been looking into the AuthBy GROUP command, which is what I think I need, but haven't had any luck. Yes, I think you need to do a GROUP to solve this one, mainly because the requirement for chaining are slightly different for each auth method. I think you want something like this: Realm DEFAULT AuthByPolicy ContinueAlways # We always want to save accounting to this database AuthBy SQL # As you have now /AuthBy # Now auth by PLATYPUS, or FILE if PLATYPUS is not available AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy PLATYPUS # As you have now /AuthBy AuthBy FILE # As you have now /AuthBy /AuthBy /Realm Below is what I am using now, without the fall-back to the flat file. BTW, since I'm including this config, the Log RejectSQL doesnt work, any ideas? Any chance of a log file at trace 4? Hope that helps. Cheers. Thanks! Foreground LogStdout LogDir /var/log/radiusd DbDir /usr/local/etc DictionaryFile /usr/local/etc/dictionary Trace 4 Client localhost Secret mysecret /Client Client DEFAULT Secret mysecret # DupInterval 0 /Client Realm DEFAULT AuthByPolicy ContinueAlways AuthBy SQL DBSourcedbi:mysql:radiustbl:localhost DBUsername myusername DBAuth mypasswd AuthSelect AcctColumnDef ACCTAUTHENTIC,Acct-Authentic,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef ASCENDCONNECTPROGRESS,Ascend-Connect-Progress,integer AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer AcctColumnDef ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause,integer AcctColumnDef ASCENDFIRSTDEST,Ascend-First-Dest AcctColumnDef ASCENDMODEMPORTNO,Ascend-Modem-PortNo,integer AcctColumnDef ASCENDMODEMSLOTNO,Ascend-Modem-SlotNo,integer AcctColumnDef ASCENDMULTILINKID,Ascend-Multilink-ID,integer AcctColumnDef ASCENDNUMINMULTILINK,Ascend-Num-In-Multilink,integer AcctColumnDef ASCENDPREINPUTOCTETS,Ascend-Pre-Input-Octets,integer AcctColumnDef ASCENDPREINPUTPACKETS,Ascend-Pre-Input-Packets,integer AcctColumnDef ASCENDPREOUTPUTOCTETS,Ascend-Pre-Output-Octets,integer AcctColumnDef ASCENDPREOUTPUTPACKETS,Ascend-Pre-Output-Packets,integer AcctColumnDef ASCENDPRESESSIONTIME,Ascend-PreSession-Time,integer AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,integer AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CONNECTINFO,Connect-Info AcctColumnDef FRAMEDIPADDRESS,Framed-Ip-Address AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol,integer AcctColumnDef NASIPADDRESS,NAS-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer AcctColumnDef SERVICETYPE,Service-Type,integer
Re: (RADIATOR) Recommendation on Installation - Root or Not
Hi, |o| Subject: (RADIATOR) Recommendation on Installation - Root or Not |o| Do you have any recommendations on whether root should or should not |o| install Radiator? There will be other non-root users needing to run |o| Radiator. I am installing as root and do not want to prevent non-root |o| users from using the application. We've installed ours in /opt/radiator with all the Radiator-specific perl libs in /opt/radiator/lib/perl5/... We then run radiator as user (surprise!) radiator making sure radiator has enough read-write access to /opt/radiator/* directories. L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) snmpget errors.
sh: somecommunity: command not found So, that last line is actually printed out by snmpget or Radiator? I am not sure. It looks like a shell error. Just as if I typed somecommunity at the prompt and bash gave that error. So it looks like radiator is not parsing the config file correctly because it thinks the community 'somecommunity' is a command, not part of the SNMPCommunity setting. More likely is that RedHat is using some weird version of snmpget. Did you specify SNMP version 1? Radiator only supports version 1. Perhaps the new snmpget has a different default version? I created an alias: alias snmpget="snmpget -v 1" and changed the SnmpgetProg variable to: SnmpgetProg snmpget. Same error. ..Rich -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) (Fwd) quick question about nodefaultiffound
My problem is that when authentication check fail then radiator tries to match user with other DEFAULT entries in users file e.g. tries to match other groups. correction and addition - my user is defined separately in users file so my statement "other DEFAULT" is wrong - should be just "DEFAULT" Sry about this. From my users file: userwhatever Authentication-Type = Site-PW, Group = site __ Kalev Nurklik MicroLink Online Sakala 19, 10141 Tallinn, Estonia Tel: +372 6 308 909 Fax: +372 6 308 901 E-mail: [EMAIL PROTECTED] http://www.online.ee === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AcctLogFileFormat problem
We're in the process of switching to Radiator 2.13.1 from an ugly mix of Merit, Cistron, and Ascend Access Control. It's looking good so far, but I've run into a bit of a snag. I'm trying to specify what gets written into the accounting files with AcctLogFileFormat statement, but I'm not getting the results the reference manual implies I should. Here's a brief snippet of an accounting record with no AcctLogFileFormat: Thu Jun 17 17:42:05 1999 User-Name = "fred@joe" NAS-IP-Address = 192.168.10.11 NAS-Port = 51 NAS-Port-Type = Async (long list of other attributes follows) As a test, I decided to see if I could specify an AcctLogFileFormat clause that would result in the same detail file format. So I added the following to a test realm: AcctLogFileFormat %{User-Name} %{NAS-IP-Address} %{NAS-Port} etc. which is similar to the example in the ref manual (section 6.12.5). But when I reloaded and ran a radpwtst, I ended up with the following: fred@joe 192.168.10.11 Async Start 1234 i.e., no datestamp at the start, no "attribute = " in front of the values, and no newlines. Any ideas regarding what I'm missing? I'm doing this because our billing guy noticed that when Radiator handles accounting, we end up with a "timestamp" attribute that's not recorded when AAC does the accounting. His software won't understand the extra attribute. He could change the software, but I'd like to get this AcctLogFileFormat working so we can leave out attributes we decide not to use in the future. If anyone's got any ideas on how to simply leave out one or more attributes without a AcctLogFileFormat statement, I'd love to hear them. Ian Quorn UNIX mook -- IWBC "Living in a pretend world of happiness My painted face melts as I recede Into my own reality - into my hole" -Solitude Aeturnus, "Never" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radacct.cgi and numerical sort order for summary by IP
Hi Karl, OK, here is a new version that uses a similar sorting to radwho.cgi. Let me know how you go. Cheers. On Jun 22, 9:29am, Karl Gaissmaier wrote: Subject: (RADIATOR) radacct.cgi and numerical sort order for summary by IP Hi Mike, it would be nice if in one of the next patches of radacct.cgi you could implement the sorting of the IP addresse in a numerical manner and not alphanumerical. Please have a look at the following sort, done by the currect radacct.cgi: .. 134.60.8.177 134.60.8.178 134.60.8.179 134.60.8.18 134.60.8.180 134.60.8.182 .. This is not what you expect if you are looking for an IP address in a very long list. Please implement the sort by number on every octet and not only for the last octet. Thanks in advance Charly -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration Tel/Fax: ++49 731 50 22499/22471 pgp-key available: http://www.uni-ulm.de/urz/Netzwerk/uuca/keylist.html === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Karl Gaissmaier -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody radacct.cgi
(RADIATOR) RFC 2621 on RADIUS Accounting Server MIB (fwd)
Mike, Saw this come across my mailbox. Is this supported by Radiator in the 2.13.1? _/_/_/ Peter Chow Chief Technical Advisor _/_/_/ interQ Corporation - System Division _/_/_/ [EMAIL PROTECTED] Shibuya Infoss Tower 10F _/_/_/ (tel)+81-3-5456-2555 20-1 Sakuragaokacho, Shibuya-ku _/_/_/ (fax)+81-3-5456-2556 Tokyo, Japan _/_/_/ http://www.interq.ad.jp 150-0031 -- Forwarded message -- Date: Mon, 21 Jun 1999 16:24:12 -0700 From: RFC Editor [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RFC 2621 on RADIUS Accounting Server MIB A new Request for Comments is now available in online RFC libraries. RFC 2621: Title: RADIUS Accounting Server MIB Author(s): G. Zorn, B. Aboba Status: Informational Date: June 1999 Mailbox:[EMAIL PROTECTED], [EMAIL PROTECTED] Pages: 15 Characters: 27768 Updates/Obsoletes/See Also: None I-D Tag:draft-ietf-radius-acc-servmib-05.txt URL:ftp://ftp.isi.edu/in-notes/rfc2621.txt This memo defines a set of extensions which instrument RADIUS accounting server functions. These extensions represent a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. Using these extensions IP-based management stations can manage RADIUS accounting servers. This document is a product of the Remote Authentication Dial-In User Service Working Group of the IETF. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to [EMAIL PROTECTED] Requests to be added to or deleted from the RFC-DIST distribution list should be sent to [EMAIL PROTECTED] Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to [EMAIL PROTECTED] with the message body help: ways_to_get_rfcs. For example: To: [EMAIL PROTECTED] Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to [EMAIL PROTECTED] Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo Submissions for Requests for Comments should be sent to [EMAIL PROTECTED] Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Alegre Ramos USC/Information Sciences Institute ... Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs. multipart/alternative: No recognizable part
Re: (RADIATOR) snmpget errors.
How can I fix it though? It was working fine until I upgraded the kernel to 2.2.9, but I fail to see what the kernel has to do it. Is it something wrong with the config file? I did install the version of ucd-snmp from the link on your web site. Can I hard code the snmp community string in radiator as a test? Which module would that be, Nas.pm? ..Rich On Tue, 22 Jun 1999 10:03:56 -0500, Mike McCauley wrote: Hi Richard. On Jun 21, 7:51am, Richard Hawley wrote: Subject: Re: (RADIATOR) snmpget errors. sh: somecommunity: command not found So, that last line is actually printed out by snmpget or Radiator? I am not sure. It looks like a shell error. Just as if I typed somecommunity at the prompt and bash gave that error. Thats what it looks like to me too. I have a very strong suspicion that your snmpget program is behaving in a different way to before, and its not sending the community name to Radiator as you would expect. -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radacct.cgi problem
I have installed the "radacct.cgi" in apache server successfully. I do authentication, accounting by SQL (use default tables SUBSCRIBERS, ACCOUNTING, RADONLINE, RADLOG). I have some problems as following: 1. When I run "radacct.cgi" program (http://myserver/cgi-bin/radacct.cgi), every fields ("User-Name", "Acct-Session-Time", "In-Octets", "Out-Octets") show normally except the fields "In-Packets" and "Out-Packets" show a question mark "?" 2. If I click for some user (http://myserver/cgi-bin/radacct.cgi?type=useruser=legendeamp;filename=), I still can not see the content of fields- "In-Octets", "Out-Octets" (a question mark "?") 3. If I want to show detail information for a session-id (http://myserver/cgi-bin/radacct.cgi?type=session_iduser=legendeamp;session_id=Xyplex), I can not see anything. I am sure all information for radius accounting stored in database ( I can execute sql command to retrieve the data). I found my Session-Id is in a pattern like "Xyplex Terminal Server: 2b9196" , Whether it can not be processed by program "rdacct.cgi". How do I to fix it ? ps: I have modified the field type of "ACCTSESSIONID" to varhar(50) Authur
Re: (RADIATOR) snmpget errors.
Ok, I looked through Nas.pm and extracted the following command line. Can you tell me if this is the same command line radiator would construct? I picked an active session from my session database and ran the command: snmpget xxx.xxx.xxx.xxx somecommunity .iso.org.dod.internet.private.enterprises.429.269 I got this error: Error in packet Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: enterprises.429.269 What mib do I need installed for TotalControl Netservers and Hipers? Should that mib be in the default installation of ucd-snmp? ..Rich On Tue, 22 Jun 1999 07:24:28 -0400, Richard Hawley wrote: How can I fix it though? It was working fine until I upgraded the kernel to 2.2.9, but I fail to see what the kernel has to do it. Is it something wrong with the config file? I did install the version of ucd-snmp from the link on your web site. Can I hard code the snmp community string in radiator as a test? Which module would that be, Nas.pm? ..Rich On Tue, 22 Jun 1999 10:03:56 -0500, Mike McCauley wrote: Hi Richard. On Jun 21, 7:51am, Richard Hawley wrote: Subject: Re: (RADIATOR) snmpget errors. sh: somecommunity: command not found So, that last line is actually printed out by snmpget or Radiator? I am not sure. It looks like a shell error. Just as if I typed somecommunity at the prompt and bash gave that error. Thats what it looks like to me too. I have a very strong suspicion that your snmpget program is behaving in a different way to before, and its not sending the community name to Radiator as you would expect. -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Update LDAP dir from Radiator
I have been asked to implement Radiator on a site using an LDAP server as a user database. They have some extra requirements: 1 On succesful login the current time has to be put in an attribute in the users entry 2 While the user has an active session the ip address he was allocated has to be available in an attribute in his entry. Are these extras possible using a vanilla Radiator or do I have to modify it ?? If I need to modify it what would the logical way to implement the be ?? TIA Paul -- Paul van der Zwan paulz @ trantor.xs4all.nl "I think I'll move to theory, everything works in theory..." === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) ODBC drivers for Linux
Hi All, I have a copy of Radius Radiator running on Linux Redhat 6.0, which I would like to have authenticate against a Platypus server running on top of Windows NT and Microsoft SQL server. I understand in order to do this I need the Perl 5.004 DBD:ODBC and related drivers. I got the DBD:ODBC modules from CPAN, but haven't found a decent driver. Can anyone recommend one? Thanks in advance, Michael Biondi Startec Communications === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Strange attributes from Xyplex
Anyone seen this before? This is an accounting packet from a Xyplex NAS. Note the very unusual Acct-Session-Id. Can anyone shed any light on why a Xyplex does this, and how to stop it? Tue Jun 22 12:46:15 1999: DEBUG: Packet dump: *** Received from 210.208.161.225 port 1646 Code: Accounting-Request Identifier: 225 Authentic: 247149r1791347211632077219132479[178 Attributes: User-Name = "cq123346" NAS-IP-Address = 210.208.161.225 NAS-Identifier = "Xyplex MX1620 (0800870BFE06) - Port" NAS-Port = 3 NAS-Port-Type = Async Service-Type = Framed Framed-Protocol = PPP Framed-IP-Address = 210.208.164.83 Framed-Compression = Van-Jacobson-TCP-IP Acct-Session-Id = "Xyplex Terminal Server: 1e4417" Acct-Status-Type = Start Acct-Authentic = RADIUS -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Update LDAP dir from Radiator
I have been asked to implement Radiator on a site using an LDAP server as a user database. They have some extra requirements: 1 On succesful login the current time has to be put in an attribute in the users entry 2 While the user has an active session the ip address he was allocated has to be available in an attribute in his entry. Are these extras possible using a vanilla Radiator or do I have to modify it ?? If I need to modify it what would the logical way to implement the be ?? They are certainly possible doing a postauthhook. This can be done without modification. However please do think this over a second time. LDAP is optimized for reading, not for writing. It's very possible that the updates are not available until a long time after your 'insert' statement. Especially the OpenLDAP server is very slow in updates on the directory. This might defeat the purpose of storing the information. When doing synchronous updates, your authentication process may come top a halt waiting for the updates to be processed. Mind you, the IP and time of authorization are also available in the accounting logs. Maybe you could arrange some other contruction? TIA Paul -- Joost. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NoDefaultIfFound and Fall-Through
Hi All, Just wondering if it is possible to get NoDefaultIfFound and Fall-Through to work together. We have an AuthBy FILE file which has some users with passwords in the file, some with passwords in AuthBy SYSTEM. The default user has their password in AuthBy SYSTEM. Some users have passwords in AuthBy SYSTEM, but also have an entry in the users file (for storing static ip stuff). Basically, we want to use fallthrough for users who have AuthBy SYSTEM passwords, and not go to the default item if *ANY* check items on any of the users fail. The problem as I see it is if I use NoDefaultIfFound, then Fall-Through doesn't actually fall through to the default user. Is there any way around this? Thanks, Jeremy -- Jeremy Burton Database Administrator, Netspace Online Systems [EMAIL PROTECTED] [EMAIL PROTECTED], [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Strange attributes from Xyplex
Anyone seen this before? This is an accounting packet from a Xyplex NAS. Note the very unusual Acct-Session-Id. Can anyone shed any light on why a Xyplex does this, and how to stop it? If you issue a 'def server identification whatever', it will prepend the "whatever: " to the Acct-Session-Id. I would guess the server identification was never defined and this is some sort of default. Acct-Session-Id = "Xyplex Terminal Server: 1e4417" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Update LDAP dir from Radiator
Hi Paul, I must agree with a previous poster on this topic: Putting that data into LDAP is not really what LDAP was designed for. If you really have to do it, you could do it by adding a PostAuthHook, and at least avoid having to change the distributed Radiator code. Hope that helps. Cheers. On Jun 22, 5:58pm, Paul van der Zwan wrote: Subject: (RADIATOR) Update LDAP dir from Radiator I have been asked to implement Radiator on a site using an LDAP server as a user database. They have some extra requirements: 1 On succesful login the current time has to be put in an attribute in the users entry 2 While the user has an active session the ip address he was allocated has to be available in an attribute in his entry. Are these extras possible using a vanilla Radiator or do I have to modify it ?? If I need to modify it what would the logical way to implement the be ?? TIA Paul -- Paul van der Zwan paulz @ trantor.xs4all.nl "I think I'll move to theory, everything works in theory..." === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Paul van der Zwan -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) db: do failed
On Jun 24, 4:41pm, John Vorstermans wrote: Subject: (RADIATOR) db: do failed Hi. Just installed the latest Radiator with all patches talking to an SQL database. However we have suddenly started seeing these messages: [root@ankh etc]# DB::Synapse::dB do failed: Server message number=233 severity=16 state=2 line=1 server=SOLOMON text=The column User Name in table Calls may not be null. at /us/lib/perl5/site_perl/5.005/Radius/SQL.PM line 228. DB::Synapse::dB do failed: Server message number=233 severity=16 state=2 line=1 server=SOLOMON text=The column User Name in table Calls may not be null. at /us/lib/perl5/site_perl/5.005/Radius/SQL.PM line 228. Anyone have any idea what is causing this? Hmmm, looks like you are receiving some sort of accounting request which does not have a User-Name attribute in it, and your SQL database says that the user name column is not permitted to be null. Some NASs send very unusual accounting requests as a matter of course, but I have not heard of this. What sort of NAS do you have? Is it possible to get a Radiator log file at trace level 4, showing what the contents of the radius request that causes this? You may be able to turn off whatever these strange requests are, or else you may have to modifiy your SQL database so that NULL usernames are permitted in that table. We are using Auntly EMERALD. Cheers John -- John Vorstermans. Actrix Networks Ltd, Wgtn, New Zealand. +64 4 801-6815 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from John Vorstermans -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NAS-Identifier
In getting Radiator to work with a Nortel CVX 1800, I found that it sends NAS-Identifier but not NAS-IP-Address. As a result Radiator doesn't do quite what you expect unless you tell the Nortel box to send its IP address in NAS-Identifier. There should probably be a warning in the manual about this, It would be nice if Radiator would write a warning or error in the logfile when it gets a NAS-Identifier that doesn't look like an IP address. Jim [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Give me some suggestions for Authentication, Authorization and Accounting
Hello, We know the radius can process all about authentication, authorization, and accounting. Whether it is possible if I use radius for authentication/accounting, LDAP for authorization ? Could anyone give me some suggestions ? Authur === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Give me some suggestions for Authentication, Authorization and Accounting
Hi Authur, On Jun 24, 9:41pm, Authur Lin wrote: Subject: (RADIATOR) Give me some suggestions for Authentication, Authoriza Hello, We know the radius can process all about authentication, authorization, and accounting. Whether it is possible if I use radius for authentication/accounting, LDAP for authorization ? Could anyone give me some suggestions ? Sounds like you want to authenticate and do accounting to a remote radius server, but to get check and reply items from an LDAP server? You can do this by chaining 2 AuthBy clauses together: Realm whatever AuthByPolicy ContinueAlways # Check items from LDAP, if they pass the check items # Note, no PasswordAttr, so password is not checked AuthBy LDAP CheckAttr check-attr ReplyAttr reply-attr etc /AuthBy AuthBy RADIUS Host whatever Secret whatever /AuthBy /Realm In this strategy, the user will be prechecked with check items (but not a password) from LDAP. If the check items are OK, it applies the reply items. Then the request is sent to the remote radius. Any reply items from the remote radius will be added to the ones from LDAP. Accounting will just go to remote radius. In the LDAP database, you could have a DEFAULT user to handle the most common cases, and some per-user entries for the unusual usuaers: uid: DEFAULT reply-attr: "Service-Type=Framed-User" reply-attr: "Framed-Protocol = PPP" uid: mrstatic reply-attr: "Service-Type=Framed-User" reply-attr: "Framed-Protocol = PPP" reply-attr: "Framed-IP-Address = 1.2.3.4" Hope that helps. Cheers. Authur === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Authur Lin -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RFC for registered nos.
Hi, Would anyone who knows please tell me where I can get a list of registered vendor numbers? I understand that Vendor nos. for devices and services such as RADIUS Vendor-Specific attributes and Network Inteface Card MAC addresses are listed somewhere. L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Packet year and month of adjusted packet time
Hi Mike, I store account records by the month. Thus the accounting table is defined as AccountingTable access_log_%Y%m Now because the delay in the packets, I found records of the previous month were logged in the next month. Does RADIATOR provide the year and month of the packet after the time is adjusted by the delay? Or can you suggest the module that I can add these parameters? Regards Clement ANS Communications Pty Ltd === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RFC for registered nos.
Would anyone who knows please tell me where I can get a list of registered vendor numbers? I understand that Vendor nos. for devices and services such as RADIUS Vendor-Specific attributes and Network Inteface Card MAC addresses are listed somewhere. For Ethernet NICs, see URL:http://www.cavebear.com/CaveBear/Ethernet/vendor.html or URL:ftp://venera.isi.edu/in-notes/iana/assignments/ethernet-numbers In RFC2138 (RADIUS Auth) we find: ---8--- Vendor-Id The high-order octet is 0 and the low-order 3 octets are the SMI Network Management Private Enterprise Code of the Vendor in network byte order, as defined in the Assigned Numbers RFC [3]. ---8--- The reference is to RFC1700, which is sadly out of date and AFAIK there is no current/maintained RFC covering assigned numbers. However, in URL:ftp://venera.isi.edu/in-notes/iana/assignments/ we find the file enterprise-numbers - which is headed: ---8--- PRIVATE ENTERPRISE NUMBERS SMI Network Management Private Enterprise Codes: ---8--- Could that be what you are looking for? HTH, Neale. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) flat file fallback
hey, i am authenticating through platypus, and falling back to a flat file if sql times out. however, i want to log a text detail file ONLY if authby platypus isnt working. any ideas? thanks Derek
RE: (RADIATOR) Update LDAP dir from Radiator
I'd be very interested in any performance figures for this, when you get it running. I assume that you are going to use the stored IP address to retrieve user info later on? And how many users? Best regards, Ingvar Berg -Original Message- From: Paul van der Zwan [mailto:[EMAIL PROTECTED]] Sent: den 22 juni 1999 17:58 To: [EMAIL PROTECTED] Subject: (RADIATOR) Update LDAP dir from Radiator I have been asked to implement Radiator on a site using an LDAP server as a user database. They have some extra requirements: 1 On succesful login the current time has to be put in an attribute in the users entry 2 While the user has an active session the ip address he was allocated has to be available in an attribute in his entry. Are these extras possible using a vanilla Radiator or do I have to modify it ?? If I need to modify it what would the logical way to implement the be ?? TIA Paul -- Paul van der Zwan paulz @ trantor.xs4all.nl "I think I'll move to theory, everything works in theory..." === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator installation
Hi! Is it posible to install Radiator ( in Unix ) in a separate directory out of the perl directories? I wish to have Radiator installed in something like /opt/radiator because the posible perl changes of version, with the .pm files in /opt/radiator/lib, but I don't know how to get that. It's obvious that I'm not a perl expert. :) Thanks in advance. Félix __ DATAGRAMA SERVICIOS INTERNET C/ Acer 30Tlf: +34 3 223 00 98 08038 BARCELONA ( Spain ) Fax: +34 3 223 12 66 mailto:[EMAIL PROTECTED] http://www.datagrama.net __ ÿ Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) AuthByPolicy ContinueUntilAccept
Hi, Is there a way to get this to work in series? Try one, if it fails, then try the next one? Thanks, Mickey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike McCauley Sent: mercredi, 9. juin 1999 16:11 To: Mickey Coggins; Radiator Users List Subject: Re: (RADIATOR) AuthByPolicy ContinueUntilAccept Hi Mickey, AuthBy RADIUS is a little different to most other AuthBy clauses. It forwards the request immediately, then does retransmits until it gets a reply, then sends the reply back to the original NAS. If you have 2 AuthBy RADIUS chained together (as you do), then _both_ will transmit immediately, and both will arrange for retransmits in the case of no reply, and both will send their replies back to the original NAS. So I guess this could be described as operating in parallel. In this case, the order is not really important. Hope that helps. Cheers. On Jun 8, 3:20pm, Mickey Coggins wrote: Subject: (RADIATOR) AuthByPolicy ContinueUntilAccept Hi, I have something like this in my config file: Realm DEFAULT AuthByPolicy ContinueUntilAccept AuthBy RADIUS DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP Host 10.1.1.1 Host 10.1.2.1 Host 10.1.3.1 Secret secret AuthPort 1645 AcctPort 1646 LocalAddress mylocal.cooldomain.com /AuthBy AuthBy RADIUS DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP Host auth.coolerdomain.com Secret moresecret AuthPort 1812 AcctPort 1813 LocalAddress mylocal.cooldomain.com /AuthBy /Realm What I see is that if the request times out for the first AuthBy and is accepted by the second, the first AuthBy continues to send requests for quite some time. How does this work? Does radiator try both in parallel? Is order important? Thanks, Mickey === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Mickey Coggins -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator seems to have a lock on the ACCOUNTING table...
Hi Barry, On Jun 28, 11:25pm, Barry W Anderson wrote: Subject: (RADIATOR) Radiator seems to have a lock on the ACCOUNTING table. using DBD-Sybase-0.18, DBI-1.11. As soon as I try and do a "SELECT * FROM ACCOUNTING", the process goes into lock sleep state. Anyone seen/fixed this puppy? Hmmm, is it possible the Sybase log is full? Radiator always enables AutoCommit, so there shoul dbe no uncommitted transactions holding it up. Keep me posted. Cheers. -- Shori Pty Ltd / Barry W Anderson \ / / Senior Consultant \\\' , / // [EMAIL PROTECTED]\\\//, _/ //, \_-//' / //, http://www.shori.com\ /// //` / \\\`__/_ 42 Munich Drive /,)-^ _\` \\\ Keilor Downs, Victoria(/ \\ / \\\ Australia 3038 // //\\\ --((`-((`- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Barry W Anderson -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthByPolicy ContinueUntilAccept
Hi Mickey, On Jun 28, 5:47pm, Mickey Coggins wrote: Subject: RE: (RADIATOR) AuthByPolicy ContinueUntilAccept Hi, Is there a way to get this to work in series? Try one, if it fails, then try the next one? AuthBy RADIUS can fall back to alternate radius servers if it gets no response, You can also control the timeout period and th enumber of retries before falling back. AuthBy RADIUS Host host1 Host host2 Host host3 Retries 2 RetryTimeout 10 /AuthBy Hope that helps. Cheers. Thanks, Mickey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike McCauley Sent: mercredi, 9. juin 1999 16:11 To: Mickey Coggins; Radiator Users List Subject: Re: (RADIATOR) AuthByPolicy ContinueUntilAccept Hi Mickey, AuthBy RADIUS is a little different to most other AuthBy clauses. It forwards the request immediately, then does retransmits until it gets a reply, then sends the reply back to the original NAS. If you have 2 AuthBy RADIUS chained together (as you do), then _both_ will transmit immediately, and both will arrange for retransmits in the case of no reply, and both will send their replies back to the original NAS. So I guess this could be described as operating in parallel. In this case, the order is not really important. Hope that helps. Cheers. On Jun 8, 3:20pm, Mickey Coggins wrote: Subject: (RADIATOR) AuthByPolicy ContinueUntilAccept Hi, I have something like this in my config file: Realm DEFAULT AuthByPolicy ContinueUntilAccept AuthBy RADIUS DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP Host 10.1.1.1 Host 10.1.2.1 Host 10.1.3.1 Secret secret AuthPort 1645 AcctPort 1646 LocalAddress mylocal.cooldomain.com /AuthBy AuthBy RADIUS DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP Host auth.coolerdomain.com Secret moresecret AuthPort 1812 AcctPort 1813 LocalAddress mylocal.cooldomain.com /AuthBy /Realm What I see is that if the request times out for the first AuthBy and is accepted by the second, the first AuthBy continues to send requests for quite some time. How does this work? Does radiator try both in parallel? Is order important? Thanks, Mickey === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Mickey Coggins -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Mickey Coggins -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) platypus import?
Hello Gustavo, On Jun 28, 1:38pm, Gustavo A. Barreto A. wrote: Subject: (RADIATOR) platypus import? Hi all, anyone here has tested an import from the passwd/shadow system from UNIX to platypus need I to insert decrypted passwords into the platypus DB??? or can I insert encrypted password in the DB?? any help will be apreciated :) 1. You can mix encrypted and unencrypted password in your SQL database, provided the crypted ones look like this: {crypt}1xMKc0GIVUNbE ie if they are unix crypted, prepend the string {crypt} 2. If you use PasswordLogFileName, it wil log the plaintext passwords for users that have sucessfully logged in. 3. I know of a number of people who have made some clever (temporary) modifications to Radiator to help capture plaintext password and automatically migrate them to their SQL database. Perhaps some of those people might put their hands up? Hope that helps. Cheers. Suerte! "Que esta es una mala epoca? Pues bien, estamos aqui para hacerla mejor!" Thomas Carlyle o o o o o o o . . . _===_T___ o _ ||Gustavo A. Barreto| | [EMAIL PROTECTED] | .][__n_n_|DD[ | |Administrador de Red | | UIN: 776336 | (_UV_|__|_[___/_]_|Colnet International LTDA_|_|_Tel. 3150334/5/6___|_ _/oo OO o` ooo ooo 'o^o^oo^o^o` 'o^o o^o` -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- PGP Public Key: E-mail me with subject "pgp-key" "Cocaine is nature's way of telling you you have too much money." "Penguin is the key" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Gustavo A. Barreto A. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.