(RADIATOR) Setup for Cisco 2511
Hi Folks, I have 'aquired' a Cisco 2511 to play with but I am having some trouble getting it to authenticate and connect successfully. Would anyone out there like to donate a Cisco config file and Radiator check/reply items to an overworked underpaid techo. ;) TIA. Brian Morris === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Blocking calls with no CLI
Would it be possible to setup the access server to simply ignore the call if it does not display the caller ID. That way the 'customer' does not get billed for the call. I remember some discussion about this in the Aussie-ISP mailing list a few months ago. Regards, Brian Morris === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authby RADIUS but store Accounting in SQL??
Hi all, I would like to authenticate users using RADIUS on another machine but record the accounting data to an SQL database. I'm sure this can be done with a continue until... or something but I'm currently stumped. Can anyone shine some light on this one? Thanks, Brian === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Feature Request... Colour!
Dear Hugh and Co. How difficult would it be to add colour to the various Trace messages going to the console in Radiator? For example - access rejects and other errors could be in red, accepts in green. It would make it easier to notice potential problems cropping up from time to time. As well as to keep an eye out for things of interest. Regards, Brian Morris === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Not able to trap passwords...
Hi Folks, I am trying to trap user passwords using PasswordLogFileName... but it is not working, can anyone tell me why? My config info appears below and any assistance would be appreciated Realm TrapPasswords # Strip the realm so we can auth with the bare user name # in the users file RewriteUsername s/^([^@]+).*/$1/ PasswordLogFileName %D/passwords.txt AuthByPolicy ContinueWhileJustDoThemAllThanks AuthBy SQL DBSource dbi:ODBC:RadiusLog DBUsername radiusd DBAuth mypassword AuthSelect AccountingStopsOnly AccountingTable ACRACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIMESTAMP,Timestamp,integer ... snip ... AcctColumnDef CALLERID,Calling-Station-Id /AuthBy AuthBy RADIUS Host whatever.com.au Secret mysecret /AuthBy /Realm === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco 2511 - Not supplying allocated IP address to Radiator
Hi All, I have setup some Cisco 2511's to authenticate with Radiator and they are all working fine, users can get on etc without any troubles at all. However, the 2511 does not report the IP address it allocated to the user into Radiator at all. Other NAS's are working fine, so I suspect it is something in the cisco 2511 config. Has anyone else had this problem? How would I fix it? Config details follow... Regards, Brian Morris. IOS 11.1.24 aaa new-model aaa authentication login TELNET-USERS local aaa authentication login no_radius enable aaa authentication login consoleport none aaa authentication ppp default if-needed radius aaa authorization network radius aaa accounting exec start-stop radius aaa accounting network start-stop radius aaa accounting connection start-stop radius aaa accounting system start-stop radius === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP address toRadiator
Thanks Aaron, Yes, the alive packet does have the IP address, but unless I am mistaken this does not get inserted into RADONLINE which is what I would really like. Is there a way around this? - Original Message - From: Aaron Holtz [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, November 15, 1999 1:31 PM Subject: Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP address toRadiator Brian, Add: aaa accounting update newinfo You need 11.3 or higher if I'm not mistaken. Cisco doesn't send the Framed-IP-Address in the Start packet like some others do - however, radiator will handle the Alive packet that the above command sends once the user has authenticated PPP and has a Framed address. -- Aaron Holtz ComNet Inc. UNIX Systems Administration/Network Operations "It's not broken, it just lacks duct tape." -- On Nov 15, Brian Morris molded the electrons to say Hi All, I have setup some Cisco 2511's to authenticate with Radiator and they are all working fine, users can get on etc without any troubles at all. However, the 2511 does not report the IP address it allocated to the user into Radiator at all. Other NAS's are working fine, so I suspect it is something in the cisco 2511 config. Has anyone else had this problem? How would I fix it? Config details follow... Regards, Brian Morris. IOS 11.1.24 aaa new-model aaa authentication login TELNET-USERS local aaa authentication login no_radius enable aaa authentication login consoleport none aaa authentication ppp default if-needed radius aaa authorization network radius aaa accounting exec start-stop radius aaa accounting network start-stop radius aaa accounting connection start-stop radius aaa accounting system start-stop radius === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP address toRadiator
I understand, but I am still not getting them into my radonline database. Could it be because I have "AccountingStopsOnly" for this realm?? Thanks for the feedback. Brian - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Aaron Holtz [EMAIL PROTECTED]; Brian Morris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, November 15, 1999 4:29 PM Subject: Re: (RADIATOR) Cisco 2511 - Not supplying allocated IP address toRadiator Hello Aaron and Brian - On Mon, 15 Nov 1999, Aaron Holtz wrote: Yes, I believe that the radiator code looks for the Alive packet as well as a Start packet just for this case. Be sure you are running a newer version of radiator - I believe that 2.13 and up should support it, but don't quote me on that. if ($status_type eq 'Start' || $status_type eq 'Alive') { # Some Ciscos dont send accounting-on, so we will # detect a reboot with the first session (ID 0001) $sessdb-clearNas($nas_id, $p) if $session_id eq '0001'; # Ciscos sometimes sends Alive. Use them to make _sure_ # there is an entry in the database $sessdb-add($original_username, $nas_id, $nas_port, $p); Aaron is quite correct, here's the relevant code from Handler.pm (Radiator 2.14.1). cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re:
Jeff, I have a program (for Win NT) that will convert a log file into a comma-delimited text file. You can also select the dictionary attributes you want collected / discard. I wrote it a while ago before I changed over to SQL. It works, but recording to SQL works even better. E-mail me if you would like a copy. Regards, Brian Morris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Jeff Baldwin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, December 01, 1999 9:24 AM Subject: (RADIATOR) Re: Hello Jeff - On Tue, 30 Nov 1999, Jeff Baldwin wrote: %_I was wondering if you know of any software that would be good for reading the radius logfile. I need two do two things. one i need to count origional logins by realm and two i need to record time online from sertain clients for example the user may log in from radius client one but that is part of their account but client two is a bonus or maybee like 800 dialup so i need to track the users time online only from that client. any help with a good way to get this info would be helpful. In all honesty, there is no good way to do this from the logfile - my advice would be to use an SQL database for your accounting records. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator testing
Ray, The message occurs when you telnet into the PM3 - it sends an accounting message to Radiator, however because you are telnetting in, it doesn't have any NASPORT information to pass to Radonline - hence the error. It is complaining about NASPORT=(blank) Regards, Brian Morris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ray Carpenter [EMAIL PROTECTED]; Radiator [EMAIL PROTECTED] Sent: Friday, December 03, 1999 10:04 AM Subject: Re: (RADIATOR) Radiator testing Hello Ray - On Fri, 03 Dec 1999, Ray Carpenter wrote: Hi all, I'm doing evaluation testing with Radiator with 2 pm3 nas boxes and I have started getting these errors in the RadLog table. I am using AuthbyEmerald. Can anyone explain why these are occurring? Is anyone using Radiator with pm3's running 3.9b22 and doing simultaneous use checking? While I'm at it is anyone using Radiator with pm4's running 4.1c1? do failed for 'delete from RADONLINE where NASIDENTIFIER='167.206.131.11' and NASPORT=': Server message number=170 severity=15 state=1 line=1 server=signup text=Line 1: Incorrect syntax near '='. If you are using Emerald - have you configured an additional RADONLINE table? And could you please send me your configuration file (no secrets) and a more complete debug trace? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Oh Dear - Possible Authentication Bug
I have not investigated this too far yet but I thought it important enough to alert others of it now... I have discovered a fault in the setup of /our/ Radiator configuration where users may successfully authenticate to our SQL database with an INVALID username. The error occurs when the user places an apostrophy somewhere in their username - even though there is not one in their user record on our system, Radiator will still let them in. (eg: Username johnsmith logs in as johnsmit'h ) The accounting record is written as johnsmit'h so effectively the user does not get billed for their usage. We use the standard rewriteusername to strip the realm (RewriteUsername s/^([^@]+).*/$1/ ) so something could be put into there to strip apostrophies as well but this is not really a 'solution' (Anyone want to supply one for now anyway?) For reference our authselect looks something like this ... AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n' I thought that others may also want to know about this. Happy Easter! Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous use - Using ping test
Just a thought... If the IP address was re-allocated later on wouldn't there be two entries in RADONLINE for it? You could possibly check for the IP address in radonline as well, if it is allocated twice - blow away the oldest one! Regards, Brian Morris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Clement [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, May 18, 2000 12:24 PM Subject: Re: (RADIATOR) Simultaneous use - Using ping test Hi Clement - On Thu, 18 May 2000, Clement wrote: We are renting some ports from another ISP who does not allow us to do SNMP checking if a user is still on-line. Occassionally, an account close packet is lost and users will be locked out because Radiator "believes" the previous session is still on-line. Can Radiator, in addition to SNMP and finger tests, add a ping test option to check if the previous session is still on-line? That can fix the problem to a large extent. This is quite a good idea, albeit with one significant drawback, which is that the address could have been re-allocated between the time that the session in question finished (and the stop packet lost) and the user trying to reconnect. I have posted this to the list too, in the expectation that other Radiator users might have some thoughts on this. It would be relatively simple to add a Nas-Type of "Ping", so my question to the list is how many people out there would find this useful? I am thinking specifically of the somewhat frequent case of different NAS-Port reporting in radius packets compared to SNMP results. This isn't a perfect solution, but it may be useful nonetheless. Comments? regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Upgrade 2.14.1 to 2.15 helps
Folks, Just some feedback... we upgraded from Radiator v2.14.1 to 2.15 (with patches) last week and since then we have hardly had any 'duplicate request id xxx ignored' messages appear in our logfile. I assume something has changed to fix the problem we were having with duplicate requests - I thought it was a problem with our network. We were constantly receiving these messages in our logfiles (often hundreds a day) - now we receive no more than 5. We also seem to have either eliminated or significantly reduced the number of duplicate 'stop' records in our accounting files as well. My conclusion is that if you're considering updating to v2.15 then go for it. It has certainly helped us. Well done guys! Regards, Brian Morris PS: I was hoping that v2.15 would have more info in a trace level 3 though. I would love to know/record the NAS and Callerid for 'Bad Password' and 'No such user' messages - it would /really/ help with hacker investigations. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Handlers and Realms (101)
Hello All, We would like to add a facility to our existing radiator install where a user can dial-in to our access server using a different telephone number and receive different access permissions (eg: maximum session time) As they will be connecting to the same access server I figure we need to setup a handler based on the number they are dialling in to - as the default realm for the access server is already being used. My question is : can I setup a handler just for the called station ID and keep the existing realm whatever or must I change everything to be handled by a handler? Thanks in advance. Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PPPOE Authentication / Accounting
Hi All, We require the ability to authenticate clients using PPPoE as well as account for their traffic. Our regular dial-in NAS (PM3 for modem customers) does both auth and accounting just fine however we are new to PPPoE and I am not sure how to monitor traffic. Can anyone offer any suggestions as to the best way to do accounting (Time/Mb) using PPPoE. Any help would be appreciated. Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PPPOE Authentication / Accounting
Hugh, Is a NAS-like device required for PPPoE? If so, can you (or anyone) suggest one? Regards, Brian Morris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, March 21, 2001 7:48 PM Subject: Re: (RADIATOR) PPPOE Authentication / Accounting Hello Brian - Whatever NAS-like device you use to terminate your PPPoE sessions looks to Radiator like any other NAS. If the device reports packets in/out and bytes in/out in accounting records you will record them just the same as with any other NAS. hth Hugh On Wednesday 21 March 2001 15:33, Brian Morris wrote: Hi All, We require the ability to authenticate clients using PPPoE as well as account for their traffic. Our regular dial-in NAS (PM3 for modem customers) does both auth and accounting just fine however we are new to PPPoE and I am not sure how to monitor traffic. Can anyone offer any suggestions as to the best way to do accounting (Time/Mb) using PPPoE. Any help would be appreciated. Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Attribute to return DNS addresses
Hi Folks, I would like to assign a new name server/s to a dial-in account but I can not find the attribute I need to return to setup the client with the primary and alternate DNS addresses. I have looked in both the standard dictionary and the livingston dictionary to no avail. (I am using a Portmaster 3) I am sure it is something simple but I just can't find it. Any help would be appreciated! Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Attribute to return DNS addresses
Hugh, I assumed that, but the livingston dictionary (PM3) does not have an entry in there for a DNS setting. Do you know of one? Regards, Brian Morris - Original Message - From: "Hugh Irvine" [EMAIL PROTECTED] To: "Brian Morris" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, April 04, 2001 2:44 PM Subject: Re: (RADIATOR) Attribute to return DNS addresses Hello Brian - I am afraid you are going to search in vain, as there is no standard attribute to do this. You will have to use whatever vendor-specific is supported by your NAS equipment. hth Hugh At 10:29 +1000 01/4/4, Brian Morris wrote: Hi Folks, I would like to assign a new name server/s to a dial-in account but I can not find the attribute I need to return to setup the client with the primary and alternate DNS addresses. I have looked in both the standard dictionary and the livingston dictionary to no avail. (I am using a Portmaster 3) I am sure it is something simple but I just can't find it. Any help would be appreciated! Regards, Brian Morris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator V 2.17 Could not bind authentication socket
Hi Alex, This happened to me on Nt 2000 - it was because I was running one of the Internet security / authentication services which used the same ports as radius. You need to remove or stop the service and (possibly) restart Windows for radiator to work properly. Regards, Brian Morris - Original Message - From: Alex Green [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 26, 2001 4:33 PM Subject: (RADIATOR) Radiator V 2.17 Could not bind authentication socket Hi All, If I try to restart the server it returns with the following error: Could not bind to authentication socket: Unknown error at radiusd line 339 does anyone have a solution for this or a config file for NT which will authenticate off the NT Groups Thanks, Alex Green === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Attribute Number 55 (vendor) - not defined
Greetings all, We are receiving the following error in Radiator Attribute Number 55 (vendor) is not defined in your dictionary It is using an ERX Broadband Concentrator (Unisphere attributes) Does anyone know what Attribute 55 would be so I can add it to my dictionary. Thanks in advance. Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Want to force a logoff at the end of a month
Hi All, If possible, I would like to return a max session time attribute to certain customers to force them to logoff at the end of a calendar month (say at 23:59 on the last day of each month) this is so I can close off our accounting files for billing purposes. Is there a way I can configure radiator to dynamically set this attribute to return the end of the current month? Regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Missing Attributes
Hi All, I am receiving the following error in our log file : ERR: Attribute number 87 (vendor ) is not defined in your dictionary Can anyone tell me what this attribute is and (ideally) the line to put into our dictionary file to stop these errors. We are using a Unisphere ERX for our ADSL 'NAS'. Thank you and regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Accounting-Response - While we're on the topic...
We have configured our sql servers accounting table to reject duplicate accounting records by setting the username+acctsessionid+sessiontime to be the primary key (no duplicates permitted) When the NAS sends a duplicate accounting record, sql/radiator spits out an error and does not write the packet to the SQL database (this part is good). My questions is - what does radiator then do with the Accounting Reply to the NAS - does it send back an acknowledgement or does it do nothing therefore making the NAS send the Acct packet again, and again, and again(that would be bad) Kind regards, Brian Morris PS: Does anyone have a better way to prevent duplicate accounting records? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Attributes 52 and 53
Hi All, I am getting error messages Attribute 52 (vendor) not defined in dictionary (and 53) Can anyone tell me where to find them so I can add them to our dictionary file. Thanks and regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Framed Route Question
Hi All, I have a client who I wants two non-contiguous c-class networks routed to them (say 203.1.1.0 and 202.2.2.0) Can anyone please tell me the framed-route reply command I would need to return to them. Currently, I return ... Idle-Timeout=0,Framed-IP-Address=203.n.n.n,Framed-Route=202.1.1.0 255.255.255.0 203.n.n.n 1 This works for the 203.1.1.0 range, However, I am not sure how I would add the second framed-route for the second range - is it simply an additional framed-route reply or do I incorporate it into the first reply?? Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Possible Gotcha in Radiator RADONLINE
Hi All, I thought I would share something that had me very confused for a couple of hours this morning. It is not really a bug, rather my poor implementation of reporting the contents of Radonlne. But it may help some others on the list. This relates to NAS's that send interim 'Alive' packets in addition to start and stop packets. (For people in Australia - Comindico do this) It appears that whichever module manages the Radonline table takes this packet and adds or replaces the current radonline details with these updated details including specifically the timestamp field. I have an inhouse web page we use to report active users using the radonline database. This page calculates the time a user has been online as the time difference between 'now' and the value in the radonline record 'timestamp'. This works fine for NAS's that don't send alive packets, but it reports incorrect information for those that do - it reports the time since the last alive packet instead of the time since login. After reading the doco the solution I found is to change the default RADONLINE table and create a custom AddQuery to also insert acctsessiontime values into radonline. I then had to adjust my web page to calculate and report based on both the timestamp and the interim acctsessiontime. I hope this helps others. It had me convinced that a NAS 'upgrade' was causing users to drop off after 15 minutes (ie the time between 'alive' packets) Regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-Timeout Maximum Value
Hehehe ... According to the RFC, the value (in seconds) is a 32bit unsigned integer! This equates conservatively (30 bits) to a tad over 34 years :-)) Even with all other things being suitable for an accurate test, I don't think I have enough time to live to fully test the true upper limit of this parameter! Cheers, Brian. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, January 23, 2002 6:59 PM Subject: Re: (RADIATOR) Session-Timeout Maximum Value Hello Brian - Check the RFC for details (doc/rfc2865.txt). However you are correct in that the only real way to be sure is to do some experiments with your NAS (we have seen problems with large numbers). regards Hugh On Wed, 23 Jan 2002 15:34, Brian Morris wrote: Hi all, Session-Timeout is defined as an integer in the dictionary file. Does anyone know what the maximum value that can be set for this is? I guess it would be dependant on individual NAS implementations for an integer, but has anyone had any success with setting it to a high value (eg : 604800 - the number of seconds in a week)? I am thinking that this will work but would I be pushing my luck to set it at 18 million odd? (~the number of seconds in a month) The reason is that we have some VISP ports on an AS5300 that we can not directly control to manually disconnect a user, therefore we would like to ensure that they do not login for what we consider to be way too long. Thanks and regards, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Freaky AuthBy DynAddress Problem
Hi All, Apologies for the long message... I have discovered a freaky problem in Radiator - this is not Radiators fault but it causes problems. The situation I have found is as follows : We use Authby DyanAddress to allocate IP addresses to broadband users - radius requests are sent to our radiator from a proxy radius at the vendor end. A routing mess-up meant that reply information was not getting back to the vendors proxy radius therefore users could not successfully authenticate. However, the proxy radius kept on sending the requests (as it should) and users kept on trying to connect (as they do). Radiator kept on receiving these requests and processing them as usual - and one of the steps was to allocate an IP address from the RADPOOL table - However, since multiple requests were coming through (due to no response being received) Radiator kept on allocating IP addresses from RADPOOL an not clearing the old ones it had previously allocated to the users last request. Pretty soon our RADPOOL table ran out of available IP addresses and even though routing was finally fixed, users could still not connect because there were no more available IP addresses. Now I know that the sessiontimeout paramater will eventually clear this up (after 24 hours though) but is there any other way that this can be checked for or prevented in the first place. Perhaps some checking like is done in RADONLINE where the users entry is cleared before being added again?? I know this is a very unusual problem that many peole will never encounter but I hope someone else will benefit from my experiences. I suspect that this problem may also occur on a highly congested (slow) link where a NAS resends an auth request after a timeout. Regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Freaky AuthBy DynAddress Problem
Agreed, However, I notice that Radiator removes any 'freaky' entry from the RADONLINE table along the lines of: Delete from radonline where nasidentifier = 'whatever' and nasport = 'whatever' prior to adding the new entry to the RADONLINE table. Couldn't a similar sanity check be used for RADPOOL? Regards, Brian Morris - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, February 04, 2002 2:53 PM Subject: Re: (RADIATOR) Freaky AuthBy DynAddress Problem Hello Brian - As you say - this is not a Radiator problem - and it is difficult to see how Radiator can be made to deal with a network routing issue. Depending on the exact contents of the radius requests that you are receiving, it may be possible to set up a session database and use session limiting, however I am not optimistic and you may introduce more problems than you solve. regards Hugh On Mon, 4 Feb 2002 12:59, Brian Morris wrote: Hi All, Apologies for the long message... I have discovered a freaky problem in Radiator - this is not Radiators fault but it causes problems. The situation I have found is as follows : We use Authby DyanAddress to allocate IP addresses to broadband users - radius requests are sent to our radiator from a proxy radius at the vendor end. A routing mess-up meant that reply information was not getting back to the vendors proxy radius therefore users could not successfully authenticate. However, the proxy radius kept on sending the requests (as it should) and users kept on trying to connect (as they do). Radiator kept on receiving these requests and processing them as usual - and one of the steps was to allocate an IP address from the RADPOOL table - However, since multiple requests were coming through (due to no response being received) Radiator kept on allocating IP addresses from RADPOOL an not clearing the old ones it had previously allocated to the users last request. Pretty soon our RADPOOL table ran out of available IP addresses and even though routing was finally fixed, users could still not connect because there were no more available IP addresses. Now I know that the sessiontimeout paramater will eventually clear this up (after 24 hours though) but is there any other way that this can be checked for or prevented in the first place. Perhaps some checking like is done in RADONLINE where the users entry is cleared before being added again?? I know this is a very unusual problem that many peole will never encounter but I hope someone else will benefit from my experiences. I suspect that this problem may also occur on a highly congested (slow) link where a NAS resends an auth request after a timeout. Regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Current Logged in Users
If you are using an SQL back-end database, the RADONLINE table contains a fairly accurate list of all users currently online. When I say 'fairly accurate' - if your NAS fails to deliver a STOP record to radiator, the user will not be removed from the online users database. - Original Message - From: Shane Malden To: [EMAIL PROTECTED] Sent: Monday, February 11, 2002 2:59 PM Subject: (RADIATOR) Current Logged in Users Does anyone know any simple way of seeing who is logged on, using the logs from Radiator? We do receive start and stops from our gear. We are running ver 2.19 on a NT Server. Any help would be appreciated. Regards, Shane
Re: (RADIATOR) Current Logged in Users
Hi Shane - Just add this code to the bottom of your radius.cfg file (or whatever you call yours) SessionDatabase SQL DBSourcedbi:ODBC:RadiusLog DBUsernameradiususer DBAuthradiususerpassword/SessionDatabase Where : - RadiusLog is your ODBC datasource setup for Radiator (you probably already have this for authentication and accounting - use the same one) - radiususer is the SQL user account with access to the above datasource - radiususerpassword is the above users password for accessing the SQL datasource You should have/create a table within the above database calledRADONLINE its structure and details can be found in the goodies section. Use the suggested structure for now (that way you can accept the defaults) but you can add to it to record additional helpful info later if you want. Regards, Brian Morris - Original Message - From: Shane Malden To: Brian Morris Sent: Monday, February 11, 2002 4:10 PM Subject: Re: (RADIATOR) Current Logged in Users Thanks for this. Do you use NT and SQL yourself or just know Radiator fairly well?? Do you have any sample code on how so get Radiator to log this information?? Regards, Shane - Original Message - From: Brian Morris To: Shane Malden ; [EMAIL PROTECTED] Sent: Monday, February 11, 2002 3:22 PM Subject: Re: (RADIATOR) Current Logged in Users If you are using an SQL back-end database, the RADONLINE table contains a fairly accurate list of all users currently online. When I say 'fairly accurate' - if your NAS fails to deliver a STOP record to radiator, the user will not be removed from the online users database. - Original Message - From: Shane Malden To: [EMAIL PROTECTED] Sent: Monday, February 11, 2002 2:59 PM Subject: (RADIATOR) Current Logged in Users Does anyone know any simple way of seeing who is logged on, using the logs from Radiator? We do receive start and stops from our gear. We are running ver 2.19 on a NT Server. Any help would be appreciated. Regards, Shane
(RADIATOR) Recording Disconnect causes
Hi all, We are currently recording the Acct-Terminate-Cause in our stop records which is very useful for diagnosing problems. We now have another NAS which is sending us Ascend-Disconnect-Cause instead of Acct-Terminate-Cause in the Stop record. Is there any way of configuring Radiator to write two attributes to the same field in the stop record (accounting) table? Thanks in advance. Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator performance on various platforms.
Hi All, We are looking at upgrading our radiator / radius server and are considering the various platform options available to us. The radiator reference manual cites various performance measurements using versions of hardware and operating systems which are now several generations out of date. Does anyone have any performance information on radiator running on the likes of Solaris 8/9, Redhat 7 or NT 2000 with modern hardware? If so would they like to share their experiences? Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator performance on various platforms.
From: Karl Gaissmaier [EMAIL PROTECTED] you should tell us what Authentication schemes you wil be using. I think the performance is only comparable using the same auth schemes. We have radiator running under Solaris 9. Charly, I am hoping to use Solaris 9 / MySql to authenticate around 20,000 users on a Sun Enterprise 250 (2x400Mhz UltraSparc CPU's with 2Gb RAM) We currently run on 2000 Server with MSSQL7 and 512Mb RAM. The current accounting database is around 2Gb in size. Performance is currently fine, but I have doubts about it handling anticipated growth over the next 12 months. Regards, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) OT: Unix / Radius time to Wall Clock Time
Hi All, I need to be able to convert Epoch time to a date/time value - does anyone have a formula or program to do his? Ideally I want to pass in an epoch (Unix) timestamp and get back the Calendar date/time I am sure this has been done a million times before so any help / pointers would be appreciated. Regards, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: DefaultLeasePeriod
I think in the case of DSL clients though this is not quite correct. We have several 000's of DSL clients but only about 25% of them are online at any one time. Sure they CAN be permanent, but they usually are not. It is a waste of IP space to allocate a static IP to all of them. In some business cases it is even desirous not to allocate them a static IP - but rather make itan 'additional' purchase ;-) We have sometimes run into a problem where if the NAS fails, or the customers DSL router messes up and tries to login hundreds of times a minute we soon run out of available IP addresses in RADPOOL - upon inspection of RADPOOL it shows that the same user has dozens or more ip addresses allocated to them with a state of (1). It would be good if there was some method of clearing these up - currently, we run a script which sets the state of all but the most receint allocation to (0) for any user with more than one entry in RADPOOL. (We don't allow simultaneous logins on our DSL service) Has anyone else has similar problems and/or found a solution? Regards, Brian. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Monday, August 19, 2002 11:48 PM Subject: Re: (RADIATOR) Re: DefaultLeasePeriod Hello Tunde -By definition a customer with a permanent connection would not use a dynamic address.You should allocate such users static addresses instead.regardsHugh
Re: (RADIATOR) Session-Timeout = until nnnn ??
I remember playing with that reply value and I remember making it work.. have you tried using the value as a time instead of as an integer.. something like 02:50 instead of 0250? Yep, Also tried single quotes and permutations of 02:50 2:50 0250 and 250 all with the same error as a result. I'm still working on it though. Regards, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Unisphere ERX Vendor 4874 Attribute 24
Unisphere ERX Vendor 4874 Attribute 24 Hi All, This attribute number (24) does not appear in the latest dictionary file. Does anyone know what it should be - we only just started receiveing them after an ERX upgrade. Regards, Brian Morris NetSpeed. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Answer : Unisphere ERX Vendor 4874 Attribute 24
Thanks to Chris Patterson at TransACT for this... VENDORATTR 4874 Unisphere-Pppoe-Description 24 string Regards, Brian. - Original Message - From: Brian Morris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 27, 2002 9:16 AM Subject: (RADIATOR) Unisphere ERX Vendor 4874 Attribute 24 Unisphere ERX Vendor 4874 Attribute 24 Hi All, This attribute number (24) does not appear in the latest dictionary file. Does anyone know what it should be - we only just started receiveing them after an ERX upgrade. Regards, Brian Morris NetSpeed. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Multiple Items in the same AcctColumnDef
Hi All, We receive session info from a few different NAS's but I would like to store all the connection specific information in a single table element. EG: I would like to store the Ascend-Disconnect-Cause as well as the standard Account-Terminate-Cause into the same table column. Is this possible to do? If so, what is the syntax for the ACCTCOLUMNDEF entry? Thanks in advance. Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple Items in the same AcctColumnDef
Thanks Hugh, Just one further question - if one of the NAS's does not return one of the attributes, will it cause an error? Regards, Brian. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 09, 2002 6:49 PM Subject: Re: (RADIATOR) Multiple Items in the same AcctColumnDef Hello Brian - Yes this is possible, simply specify the AcctColumnDef twice. Ie: . AcctColumnDef TERMINATECAUSE, Ascend-Disconnect-Cause AcctColumnDef TERMINATECAUSE, Acct-Terminate-Cause . regards Hugh On Monday, Dec 9, 2002, at 18:38 Australia/Melbourne, Brian Morris wrote: Hi All, We receive session info from a few different NAS's but I would like to store all the connection specific information in a single table element. EG: I would like to store the Ascend-Disconnect-Cause as well as the standard Account-Terminate-Cause into the same table column. Is this possible to do? If so, what is the syntax for the ACCTCOLUMNDEF entry? Thanks in advance. Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Oops!... Multiple Items in the same AcctColumnDef
Oops.. This didn't work quite right.. I added the following line to my radiator cfg file : AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause AcctColumnDef ACCTTERMINATECAUSE,LE-Terminate-Detail Started up and got the following error... Mon Dec 9 18:56:59 2002: ERR: do failed for 'insert into ACCOUNTING (USERNAME, TIMESTAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS, CONNECTINFO) values ('', 1039420619, 'Stop', 0, 8024, 160863, '4A00DCC7', 219, 'User-Request', 'User Request - PPP Term Req', '203.xx.xx.xx', '17', '203.xx.xx.xx', '42666 LAPM/V42BIS')': [Microsoft][ODBC SQL Server Driver][SQL Server]Column name 'ACCTTERMINATECAUSE' appears more than once in the result column list. (SQL-37000) [Microsoft][ODBC SQL Server Driver][SQL Server]Statement(s) could not be prepared. (SQL-37000)(DBD: st_prepare/SQLPrepare err=-1) It appears that if Radiator receives two or more of the ACCTTERMINATECAUSE attributes in a stop record it tries to insert it twice (or more) in the same insert statement. Is there a work around for this? Ideally to get it to concatenate them all into a single ACCTTERMINATECAUSE value. Perhaps something like the timestamp / formatted date parameters Thanks in advance.. Brian. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 09, 2002 6:49 PM Subject: Re: (RADIATOR) Multiple Items in the same AcctColumnDef Hello Brian - Yes this is possible, simply specify the AcctColumnDef twice. Ie: . AcctColumnDef TERMINATECAUSE, Ascend-Disconnect-Cause AcctColumnDef TERMINATECAUSE, Acct-Terminate-Cause . regards Hugh On Monday, Dec 9, 2002, at 18:38 Australia/Melbourne, Brian Morris wrote: Hi All, We receive session info from a few different NAS's but I would like to store all the connection specific information in a single table element. EG: I would like to store the Ascend-Disconnect-Cause as well as the standard Account-Terminate-Cause into the same table column. Is this possible to do? If so, what is the syntax for the ACCTCOLUMNDEF entry? Thanks in advance. Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session-Timeout options
Hi All, Is it possible to set a session timeout to the lesser of (say) 4 hours or [TimeRemaining] Where [TimeRemaining] is however much time credit the customer has remaining on teir account. I know you can set it to one OR the other, but how about the lesser of the two? Regards, Brian Morris (In smokey downtown Canberra) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Writing Radius 'Alive' packets to a different table
Hi All, I would like to be able to record radius 'alive' packet data to a seperate SQL table to that which records accounting 'Stops'. Is this possible, and if so how?? Regards, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Dicionary Entries needed for Redback
Hi All, I am installing a RedBack SMS and I think I need to get the updated dictionary entries for (vendor 2352) attributes 128-150 Are they in the latest dictionary? I have V3.1 and they dont appear to be on there. Thanks in advance. Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Dictionary Entries needed for Redback - FOUND
Ignore that - I found them! Sorry to waste bandwidth - it's been a long day. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator as a Windows Service
Hi Mike, The ability to run Radiator as an NT service is excellent and I would like to say well done indeed! Personally, I very much like the ability to monitor a users ability (or more importantly their inability) to login in real time. Running Radiator in a command window allows me to view the log file as it happens - much like a tail -f would do in a Unix environment. Is their any way to view the logfile in real time (or close to real time) when running Radiator as a service on NT? Regards, Brian Morris - Original Message - From: Mike McCauley [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 7:40 PM Subject: (RADIATOR) Radiator as a Windows Service Hello all, Up until now, users wishing to run Radiator as a Service on Windows were required to install and configure a Service program such as SRVANY or FireDaemon. We have recently uploaded patches to the Radiator 3.5 patches area that allow Radiator to install and run itself as a Windows Service. This has also involved some restructuring of some of the internals of radiusd. These patches will appear in the next release of Radiator but in the meantime we would welcome any comments on its use. Now, on Windows, radiusd supports some new command line arguments: -service Tells Radiator to run as a Windows Service. Requires Win32::Daemon, and requires that the service have been previously installed with the -installservice flag. Requires Win32::Daemon. -installservice On Windows, installs or reinstalls Radiator to run as a Windows Service. The service will be configured to run Radiator with all the same arguments as was passed with -installservice, and it will add the -service flag. After this, the Radiator service will appear in the Windows Service list as `Radiator Radius Server'. The Service will automatically start next time the host is booted. Requires Win32::Daemon. -uninstallservice On Windows, removes Radiator from Running as a Windows Service. Ensure the service is stopped before uninstalling it. Requires Win32::Daemon. Win32::Daemon can be installed on Windows with: ppm install http://www.roth.net/perl/packages/win32-daemon.ppd None of these changes are expected to effect the ability to run Radiator as a service under SRVANY or FireDaemon, or as a daemon on Unix. Furthermore, on Windows, the command perl Makefile.PL install now also creates a folder C:\Program Files\Radiator and installs sample configuration, users and dictionary files (if they are not already there). This is expected to improve the installation process for Windows users. Test and comments direct to me are welcome. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator as a Windows Service
Hi Mike, I am glad to say that Radiator has never once failed in the three or four years we have been using it. Your product rocks! Regards, Brian Morris NetSpeed. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Wireless Access Points that can do Radius Authentication
Hi All, Has anyone compiled a list of wireless access points that do radius authentication? If so, would they like to share it?? If not, can anyone offer some advice as to those that do and work with Radiator. Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Wildcards in Handler Clause
Hi All, Is it possible to have wildcards in handlers? I would like to have a situation where a handler 'handles' everything for a particular domain level regardles of its subdomains. For example... Handler realm=*foo.com.au This would handle actions for [EMAIL PROTECTED]as well as [EMAIL PROTECTED] or [EMAIL PROTECTED] Is such a thing possible? or is there another way apart from explicitly defining every possible realm? Cheers, Brian Morris
Re: (RADIATOR) Wildcards in Handler Clause
Thanks Hugh, It works exactly as desired. For reference I used Handler Realm=/foo.com.au$/ and it works correctly. I opted against using Handler Username=/foo.com.au$/ as some users log in without a realm and the (default realm) client clause adds it for them. Thanks again, Brian Morris - Original Message - From: Hugh Irvine To: Brian Morris Cc: [EMAIL PROTECTED] Sent: Monday, July 21, 2003 6:44 PM Subject: Re: (RADIATOR) Wildcards in Handler Clause Hello Brian -You can do something like this:Handler User-Name = /foo.com.au$//HandlerBTW - as always you should test thoroughly to verify correct operation.regardsHughOn Monday, Jul 21, 2003, at 18:14 Australia/Melbourne, Brian Morris wrote: Hi All,Is it possible to have wildcards in handlers?I would like to have a situation where a handler 'handles' everything for a particular domain level regardles of its subdomains.For example...Handler realm=*foo.com.auThis would handle actions for [EMAIL PROTECTED]as well as [EMAIL PROTECTED] or [EMAIL PROTECTED]Is such a thing possible? or is there another way apart from explicitly defining every possible realm?Cheers, Brian MorrisNB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
Re: (RADIATOR) radiator server under high load problem
Hi Hugh / Steve, We also experienced a similar sort of problem under load and are currently still investigating the problem although it now appears to be corrected... Running Radiator (as Proxy) on Sun /Solaris which sends requests to another Radiator server running on Win2k with the database on a separate SQL Server box again. Plenty of RAM / CPU / etc etc everywhere. At trace level 3 we found that we would receive a request (start / stop / alive) from the Sun box to the Win2K box, which would authenticate and reply within a second back to the Sun box but the Sun box would send a second request 5 or less seconds later (retry was set to 5). Note - we are still investigating but have made the following changes (a) replace the Win2k server hardware completely - no change (b) replace the SQL Server hardware completely - no change but (c) Force all NICs to 100Mbs FULL DUPLEX (not auto detect) (d) Increase the speed of the link between the two radius servers (was traffic shaped to 256k) The number of timeout errors has almost been eliminated since making changes c+d. I hope this helps. I will post further information if I find the exact cause / solution :-) Regards, Brian. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Steve Wilson [EMAIL PROTECTED] Cc: Radiator [EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 9:25 PM Subject: Re: (RADIATOR) radiator server under high load problem Hello Steve - Thanks for your mail - this topic comes up fairly frequently on the list. I don't really have enough information to give you definitive answers, but in my experience performance problems are almost always due to back-end services such as SQL databases and/or LDAP servers. I suggest you use the LogMicroseconds parameter in your logging (requires Time-HiRes from CPAN) so you can see exactly how much time is being used for each processing step. You can also use our companion product Radar to connect to a running Radiator instance which will give you a wide range of statistics together with fine-grained debugging and logging facilities. (BTW - you can also connect to the same Monitor port that supports Radar and issue commands manually, but I recommend Radar). You can also run two instances of Radiator - one for authentication and one for accounting. It may also be that you are seeing a problem with radius Identifiers when doing a lot of proxying, and if this is the case I recommend upgrading to the latest Radiator 3.6 (plus patches) and using the UseExtendedIds parameter in the AuthBy RADIUS clauses. If you have any further questions, please send me a copy of the Radiator configuration file (no secrets) and an example trace 4 or 5 debug with LogMicroseconds turned on and I will take a look. regards Hugh On Tuesday, Jul 22, 2003, at 20:37 Australia/Melbourne, Steve Wilson wrote: Hi, We are currently in the process of migrating about 5 icradius servers into 1 system, we are currently at the stage where everything (about 10 NAS's) use our a central radiator server to authenticate, this then sends the request to the correct icradius server based on the realm. As this is under testing I'm currently running radiator at debug level 5 to be able to diagnose any problems immediately. A serious problem arose overnight where this morning there were approx 2000 users all trying to authenticate at the same time. This left the machine under high load and it was then discovered that radiator was no seeing the return radius accept packets, but tcpdump saw them returning to the machine. What I need to know is what can be upgraded/improved to allow heavy debugging while users are rapidly connecting, the current machine spec is 2x2G Pentium III ( 256k L2 cache ),1G RAM, 36G raid5 (adaptec i2o). This machine is running linux (kernel 2.4.19-16mdksecure SMP) and version 3.3.1-1 rpm version of Radiator. Any advice appreciated ;) In the future the 5 backend radius servers will turn into ldap auths, is this the best option ? Everything will be doubled so we have redundancy too. Regards Steve Wilson Senior Systems Administrator Legend Internet Ltd. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL
Re: (RADIATOR) Issue with Duplicate Key when Adding a Session
Hmm... What are the implications of an Insert Ignore? Will it override the primary key constraint thus giving you two rows with the same primary key or will it simply not do the insert? Regards, Brian. (The reason I ask is that I get them too) - Original Message - From: Brandon [EMAIL PROTECTED] To: Paul [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 25, 2003 1:07 PM Subject: Re: (RADIATOR) Issue with Duplicate Key when Adding a Session I would recommend using an INSERT IGNORE instead of an INSERT. This is a mysql issue, it means that you have a unique key (primary key) defined in your mysql table and your are trying to add another entry with the same unique key. *** Brandon Mullenberg Dialup USA, Inc. Tel: 888-460-2286 ext 202 Fax: 866-627-8808 Email: [EMAIL PROTECTED] ** - Original Message - From: Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 6:49 PM Subject: (RADIATOR) Issue with Duplicate Key when Adding a Session Hi All, We are using Radiator 3.6 with latest patches but we are seeing an issue when a new session is added. We're getting Duplicate key which appears to be coming from the internal handler code rather than MySQL itself. Below is the error when it occurs. We've modified our delete from RADONLINE query to match the details more accurately and we don't appear to be having any problems with this, it's just Adding session for %s is where it seems to go astray. Thu Jul 24 20:57:37 2003: DEBUG: Adding session for [EMAIL PROTECTED], 1.2.3.4, 6256 Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='1.2.3.4' and NASPORT=6256 and ACCTSESSIONID = '00062398'': Thu Jul 24 20:57:37 2003: DEBUG: do query is: 'INSERT INTO RADONLINE (USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY, ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID,targetid, DOWNLOADRATE, UPLOADRATE, ORIGUSER) VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async',' Framed-User','0312345678','03912345678', '6F419DF2', '2185','346903','2410144','61', '15', '45333', '26400', '[EMAIL PROTECTED]')': Thu Jul 24 20:57:37 2003: ERR: do failed for 'INSERT INTO RADONLINE (USERNAME, NASIDENTIFIER, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORT, NASPORTTYPE, SERVICETYPE, DNIS, PHONENO, SESSIONKEY, ACCTSESSIONTIME, INPUTOCTETS, OUTPUTOCTETS, POPID, targetid, DOWNLOADRATE, UPLOADRATE, ORIGUSER) VALUES('myuser','1.2.3.4','00062398','1059044257','5.6.7.8','6256','Async',' Framed-User','0312345678','03912345678', '6F419DF2', '2185','346903','2410144','61', '15', '45333', '26400', '[EMAIL PROTECTED]')': Duplicate entry '1.2.3.4-6256' for key 1 If you have any ideas that'd be great. Thanks Regards, Paul Rivoli [EMAIL PROTECTED] K B S I N T E R N E T === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Something for the Wish List
Hi folks, I would like to propose a 'feature' to add to the Radiator wishlist. How about a feature where, if a customer is not permitted more than one simultaneous login, that the system allows the second connection to connect, but also drops the first connection. This will have two benefits to my specific case... 1. If a subscriber was logged in at work then went home but forgot to disconnect from work, he can still connect when he gets home without having to get us to drop his other connection. (less support requests = happy customer = happy support staff = happy manager!) 2. 'Leechers' who buy unlimited access accounts then share them with friends will be booted off whenever they break the rules. (less leechers = got the bastards = more profit = happy manager!!) Perhaps a post-auth hook or something could do this. The actual disconnect process would be NAS dependant but I am sure it could be done. Regards, Brian Morris (somewhat happy) Manager, NetSpeed === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Something for the Wish List
I don't see how (but I would love to find out) If they must first authenticate successfully before we boot the other one off then I can't see how it would cause a DOS. If I am missing something please correct me - It wouldn't be the first time :-) Regards, Brian - Original Message - From: Bret Jordan [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 1:46 PM Subject: Re: (RADIATOR) Something for the Wish List That would open a really bad DOS attack. Bret Brian Morris wrote: Hi folks, I would like to propose a 'feature' to add to the Radiator wishlist. How about a feature where, if a customer is not permitted more than one simultaneous login, that the system allows the second connection to connect, but also drops the first connection. This will have two benefits to my specific case... 1. If a subscriber was logged in at work then went home but forgot to disconnect from work, he can still connect when he gets home without having to get us to drop his other connection. (less support requests = happy customer = happy support staff = happy manager!) 2. 'Leechers' who buy unlimited access accounts then share them with friends will be booted off whenever they break the rules. (less leechers = got the bastards = more profit = happy manager!!) Perhaps a post-auth hook or something could do this. The actual disconnect process would be NAS dependant but I am sure it could be done. Regards, Brian Morris (somewhat happy) Manager, NetSpeed === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- ~~~ Bret Jordan Dean's Office Computer Administrator College of Engineering 801.585.3765 University of Utah [EMAIL PROTECTED] ~~~ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.