Hello everyone -
Below is my current setup after making recommended changes.
What I want to happen is the following:
if the user is in the users file
then if the entry has a password
then use it for authentication
else use UNIX (/etc/shadow)
else use UNIX (/etc/shadow)
Hello everyone,
please ignore my previous post. I didn't see that the AuthBy
clauses that were at the end of the radius.cfg file had to be at
the beginning.
It seems to be doing what I expected now I have to find out why
I'm getting the following message:
sending Accounting-Request Start...
No
The format of the PasswordLogFile is
time:username:entered_password:correct_password:result.
Is there a way to change this format? I would like the system to
only log failures using the format
time:username:entered_password.
Thanks in advance.
whr
===
Archive at
he entries in
the users file?
Thanks in advance.
whr
- Original Message -
From: "Hugh Irvine" [EMAIL PROTECTED]
To: "William Hernandez" [EMAIL PROTECTED]; "Radiator"
[EMAIL PROTECTED]
Sent: Wednesday, May 31, 2000 5:28 PM
Subject: Re: (RADIATOR) Password Log File F
In the testing phase I'm using:
radpwtst -s localhost -user whr -password whr -auth_port
1812 -noacct -s
ecret secret -dictionary /etc/raddb/dictionary.ascend2
Thanks in advance,
whr
- Original Message -
From: "Hugh Irvine" [EMAIL PROTECTED]
To: "William Hernandez&qu
Attached are the requested files.
- Original Message -
From: "Hugh Irvine" [EMAIL PROTECTED]
To: "William Hernandez" [EMAIL PROTECTED]; "Radiator"
[EMAIL PROTECTED]
Sent: Thursday, June 08, 2000 7:46 PM
Subject: Re: (RADIATOR) Password Log File For
Hello everyone.
We would like the output of "radpwtst" to output to
the screen all the reply-items in the users file.
For example,
#radpwtst -s localhost -user whr -password
whr -auth_port 1812 -acct_port
1813 -secret prwradius -dictionary
/etc/raddb/dictionary.ascend2
would output
Hello everyone,
I'm having problems getting the simultaneous-use check item to work. I've
tried using the internal SessionDatabase and an external SessionDatabase
(using mysql), but Radiator doesn't report a rejection on a second login
session either way.
I've attached my radius.cfg.
Some
y 18, 2000 7:32 PM
To: William Hernandez; Radiator
Subject: Re: (RADIATOR) Simultaneous-use in 2.15
Hello William -
I will need to see a trace 4 debug as well as what you have sent this time.
thanks
Hugh
On Wed, 19 Jul 2000, William Hernandez wrote:
Hello everyone,
I'm having proble
goes on to the next AuthBy clause which then accepts the user.
Radiator
is doing exactly what it has been configured to do.
I think you will need to explain what it is you are trying to accomplish so
I
can make some sensible suggestions.
regards
Hugh
On Thu, 20 Jul 2000, William Hernandez w
Hello everyone,
We would like to assign the value of "Ascend-Client-Gateway" in
the users file dynamically via a script, e.g.,
Ascend-Client-Gateway=`/usr/local/bin/setgw`. Has anyone done
this before? Did it work? Is there a better way?
Thanks in advance,
William Hernández
===
Archive at
Hello everyone,
Last evening at about 9:00pm (which is prime time with many users
logging in) our primary radius server apparently started timing
out and requests were being passed along to our secondary radius
server (both are running Radiator 2.15).
In the radius.log of out backup radius
the
system detects that "userx" is already logged in, i.e.,
simultaneous-use of 1 would be exceeded if the login were
allowed.
Should I stop rewriting "[EMAIL PROTECTED]" as "userx"?
Thanks in advance.
William Hernandez
===
Archive at http://www.starport.net/~radiat
Hello everyone,
I'm working on a hook where I need the name of the NASs on our
system.
The following seems to work:
keys(%Radius::Client::clients)
because in radius.cfg I have a CLIENT clause for each NAS.
The problem is I'm now proxying to another radiator server to
authenticate a
specific
Hello everyone,
I was using a modification to AuthGeneric.pm that uses finger to
count simultaneous-user,
but had to trash it because the output of finger truncates the
user name and because we have
valid user names in the format [EMAIL PROTECTED] I rewrote it
to use snmpwalk, but
had to trash
Our user "ticket" has Simultaneous-Use set to 5. Yesterday
afternoon "ticket" tried to login but entered his password
incorrectly. The access request was denied because of Login
incorrect.
However, an INFO statement was also created in radius.log
referring to "Simultaneous-Use of 1 exceeded".
Does the NoDefaultIfFound parameter go in the AuthBy FILE block
or the AuthBY UNIX block or in both blocks?
Thanks in advance.
William
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 17, 2000 7:25 PM
To: William Hernandez; Radiator
Subject: Re
Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 02, 2000 7:06 AM
To: William Hernandez
Subject: RE: (RADIATOR) Access Rejected for Simultaneous-Use
Hello William -
At 17:31 -0400 1/12/00, William Hernandez wrote:
Does the NoDefaultIfFound parameter go
Hernandez; Radiator
Subject: RE: (RADIATOR) Access Rejected for Simultaneous-Use
Hello William -
At 9:26 -0400 4/12/00, William Hernandez wrote:
Thanks Hugh, this worked fine.
However, I have Trace set to 3 so that I can see the INFO
messages and now if a user enters an incorrect password
Hello everyone,
I'm trying to follow Hugh's tips, but I'm doing something wrong.
In my radius.cfg I have:
AuthBy SQL
Identifier TimeBlock-SQL
DBSource*
DBUsername*
DBAuth*
AuthSelect select TIMEBLOCK from XSTOP where
USERNAME='%n'
]]
Sent: Thursday, April 26, 2001 1:49 AM
To: William Hernandez; Radiator
Subject: Re: (RADIATOR) Important - How to do Block Time users
Hello William -
On Thursday 26 April 2001 01:25, William Hernandez wrote:
Hello everyone,
I'm trying to follow Hugh's tips, but I'm doing something
wrong
, April 25, 2001 9:25 PM
To: William Hernandez
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Important - How to do Block Time users
Hi,
I solved it in following way. Below is PostAuthHook script.
# CheckBlockTimeLeft
#
# PostAuthHook to check time left for a block user
# by verifying the Session
. Is
there a way to conditionally generate a Framed-Protocol=XXX based
on a particular Client and particular User?
Thanks in advance.
William
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 18, 2001 12:01 PM
To: William Hernandez; Radiator
Subject: Re: (RADIATOR
Hello everyone,
I'm tyring to do some testing of my radius.cfg where I have:
Handler Called-Station-ID=/5050$/
...
/Handler
I'm getting the above message No such attribute
Called-Station-ID using:
radpwtst -trace -s www.domain.com -user foo -password
foo -auth_port 1812 -noacct -secret foo
We're testing AuthBy PLATYPUS and I'm getting the following:
Thu Jul 26 11:42:47 2001: DEBUG: Handling with
Radius::AuthPLATYPUS
Thu Jul 26 11:42:47 2001: DEBUG: Query is: select password,
active, timeleft, blockuser, guarantor from customer where
username='[EMAIL PROTECTED]'
This appears to be
]
[mailto:[EMAIL PROTECTED]]On
Behalf Of William Hernandez
Sent: Thursday, July 26, 2001 12:16 PM
To: Radiator
Subject: (RADIATOR) AuthBy PLATYPUS Query
We're testing AuthBy PLATYPUS and I'm getting the following:
Thu Jul 26 11:42:47 2001: DEBUG: Handling with
Radius::AuthPLATYPUS
Thu Jul 26 11:42
]]On
Behalf Of William Hernandez
Sent: Thursday, July 26, 2001 12:16 PM
To: Radiator
Subject: (RADIATOR) AuthBy PLATYPUS Query
We're testing AuthBy PLATYPUS and I'm getting the following:
Thu Jul 26 11:42:47 2001: DEBUG: Handling with
Radius::AuthPLATYPUS
Thu Jul 26 11:42:47 2001: DEBUG: Query
We're having a problem with multiple accounting stop records. The
stop records have exactly a 1 minute difference between them,
.i.e, a stop record at 09:00:00 is followed by another stop
record at 09:00:01.
We starting seeing these multiple accounting stop records about a
month ago. This
We're occasionally getting the following message on terminal
screens where root is logged in:
DBD::mysql::st execute failed: Lost connection to MySQL server
during query at /usr/lib/perl5/site_perl/5.6.0/Radius/SqlDb.pm
line 202.
We're using Radiator 2.18.2 on RH Linux 7.1. Is this simply an
Hello everyone,
I'm trying to trace a problem that causes multiple accounting
stop records to be written to my /var/log/radacct/detail. The
following is an excerpt from Trace 4. I don't know how to
interpret the Accounting-Response. I see an Identifier that
matches the Identifier in the
Hello everyone,
We're using 2.18.2. Recently we started to see FRAMEDIPADDRESS of
0.0.0.0 in RADONLINE. These records create a problem when
checking for Simultaneous-Use. Is this a problem with the Ascend
NASes that we use?
Thanks in advance,
William
===
Archive at
: Accounting-Response
Identifier: 18
Authentic:
(196208254x23924323522#196x16613818215
Attributes:
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 7:35 PM
To: William Hernandez; Radiator
Subject: Re: (RADIATOR) Framed-IP of 0.0.0.0
Hello
Hello everyone,
We use handlers in our radius.cfg such as
Handler Realm=prdigital.com
Identifier prdigital
SessionDatabase prw-sessiondb
AuthBy prdigital-plat
PostAuthHook file:/etc/raddb/setSessionTimeout
AcctLogFileName
Hello everyone,
We have users that will be handled by the handler clause
Handler Called-Station-Id=/5050$/.
Some accounts will be assigned an IP address that is found
in the users file. All users will be authenticated against
Platypus.
We're testing using:
radpwtst -trace -s www.prw.net -user
/radacct/detail
/Handler
Does it make sense? Do I need an AuthBy clause if I'm only
handling Accounting-Request?
Thanks in advance,
William
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 7:43 PM
To: William Hernandez; Radiator
Subject: Re
Hello everyone,
I have the following in radius.cfg:
AcctLogFileFormat \
%U \
%{NAS-IP-Address} \
%{NAS-Identifier} \
%{Acct-Status-Type} \
%{Acct-Session-Id} \
%{Acct-Delay-Time} \
=
Ascend-Modem-SlotNo =
Timestamp = 1004712674
Is there a way to suppress the printing of values that don't have
values?
Thanks in advance,
William
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 02, 2001 12:10 AM
To: William Hernandez
Cc
Hello everyone,
We have Total Control NASes and the following works for us:
set authentication primary_secret
set accounting primary_secret
You can't verify what you entered with
show authentication
show accounting
Regards,
William
-Original Message-
From: [EMAIL
Hello everyone,
How do I add attributes in a hook to the Accounting start/stop records
that appear in the detail file?
I've tried using
$p-add_attr('Connect-Speed',$ConnectSpeed{$connectspeed});
And even
$rp-add_attr('Connect-Speed',$ConnectSpeed{$connectspeed});
But I'm not getting the
Hello everyone,
I found the following messages in the Radiator Archive and it appears to
be basically the same situation that I'm encountering.
We're running Radiator 2.18.2 and we proxy requests for a specific realm
to another radius server. And the detail file has multiple timestamps in
the
Currently Radiator is configured to write accounting start/stop records
to the detail file. The NAS retransmits accounting start/stop records if
an acknowledgement is not received. In our particular setup an
acknowledgement will never be sent to the NAS. Can I use
AccountingHandled to eliminate
Hello everyone,
We're trying to configure Radiator 2.18.2 to reject access to a specific
Called-Station-Id when the Calling-Station-Id is in a specific range
using various ideas picked up from the archives, but the following is
not working for us.
# radpwtst -trace -s www -user username
to work, but it means that I have to define all my users in the
users file. Is there an easier way?
Thanks in advance,
William
-Original Message-
From: William Hernandez
Sent: Monday, February 18, 2002 9:38 AM
To: Radiator (Radiator)
Subject: Reject access from specific Calling-Station-Id
Hello everyone,
I haven't gotten any closer on this. Does anyone have any suggestions?
Thanks in advance,
William
-Original Message-
From: William Hernandez [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 11:34 AM
To: Radiator (Radiator)
Subject: RE: Reject access from
Thanks for the suggestion Frank.
I'm running 2.18.2 so I'll have to schedule an upgrade to 2.19 to try
this out.
Regards,
William
-Original Message-
From: Frank Danielson [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 01, 2002 2:02 PM
To: William Hernandez; Radiator (Radiator)
Subject
Hugh,
Please ignore this message. I found the ref.html in the doc
subdirectory.
William
-Original Message-
From: William Hernandez
Sent: Monday, April 22, 2002 11:24 AM
To: Hugh Irvine ([EMAIL PROTECTED])
Subject: PDF file for 2.18 Documentation
Hello Hugh,
Would it be possible
Hello everyone,
Can I use the DefaultSimultaneousUse parameter in an AuthBy RADIUS
clause? If not, is there a workaround?
Thanks in advance,
William
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
Hello everyone,
I set the Class attribute and the VSA VPN-Neighbor attribute in a
postauthhook. And I can see that both attributes are being set in a
trace 4 log.
The problem is that I can see the Class attribute in the accounting
log file, but not the VPN-Neighbor attribute.
Here's an
Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 04, 2002 4:20 AM
To: William Hernandez; Radiator (Radiator)
Subject: Re: (RADIATOR) VPN-Neighbor Attribute not in Accounting Log
Hello William -
This looks to me like an accounting response being sent back to the NAS
Hello everyone,
Something strange occurred this week:
If I'm logged in on home.prw.net I get the following:
radpwtst -trace -s home.prw.net -user x -password x -auth_port 1812
-acct_port 1813 -secret x -dictionary /etc/raddb/dictionary.prw
sending Access-Request... sendTo: send failed: Invalid
Hello everyone,
I've just installed Radiator 3.1 plus patches on RedHat 7.3.
Our users are authenticating, but I'm getting the following on every
request:
Malformed request packet: Attribute 25 with length 1: ignored
The trace 4 output has:
Fri Aug 16 14:10:45 2002: DEBUG: User whr has
Hello everyone,
I'm testing our upgrade to 3.1 and I'm getting
ERR: Attribute number 79 is not defined in your dictionary
I get the error with the 'dictionary' file from the 3.1 release. At this
point we're just testing with radpwtst so I didn't think it was a vendor
specific attribute, but I
]]
Sent: Friday, August 16, 2002 10:02 PM
To: William Hernandez
Cc: Radiator (Radiator)
Subject: Re: (RADIATOR) Malformed request packet: Attribute 25 with
length 1: ignored
Hello William -
I will need to see a more complete trace 5 debug (including hex dumps)
of the incoming request
87 string
ATTRIBUTE Framed-Pool 88 string
Thanks,
William
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of William Hernandez
Sent: Monday, August 19, 2002 10:42 AM
To: Radiator (Radiator)
Subject: (RADIATOR) Attribute
Hello everyone,
I'm testing 3.1 using radpwtst. And I've noticed the message INFO:
Access rejected for whr: Simultaneous-Use of 2 exceeded in the
radius.log. The message is correct. The problem is that RADONLINE shows
there are 3 logins.
radpwtst -trace -s localhost -user whr -password x
Mike,
Does this installation problem affect running on Redhat 7.3?
Thanks in advance,
William
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of Mike McCauley
Sent: Friday, August 30, 2002 5:40 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject:
Hello everyone,
Testing on Radiator 3.3 with
radpwtst -user username -password badpassword
We see the message in radius.log
INFO: Access rejected for username: No such user.
Actually it should say:
INFO: Access rejected for username: Bad password.
The radius.cfg has:
AuthBy SQL
Hello everyone,
Using the radpwtst of Radiator 3.3.1 there is no difference in output
between radpwtst -trace 2 and radpwtst -trace 3 and radpwtst
-trace 4 provides way too much output.
# radpwtst -trace 3
sending Access-Request...
OK
I seem to recall that with Radiator 2.18.2
# radpwtst
Hello everyone,
I'm using
AcctLogFileFormat %o %r ... VTS-Session-Key = %{VTS-Session-Key}
%r ...
But it prints out garbage in the accounting detail file.
Without the AcctLogFileFormat Radiator prints lines like
VTS-Session-Key = m15227158165+
9149S255166=223.16
Can I get the
Hello everyone,
I'm testing Radiator 3.5 (with patches) on our RH 7.3 which is currently
running Radiator 3.3.1.
I'm seeing a lot of not oks in make test.
# perl Makefile.PL
# make
# make test
PERL_DL_NONLAZY=1 /bin/perl -Iblib/arch -Iblib/lib
-I/usr/lib/perl5/5.6.1/i386-l
inux
the
original radius.cfg (and radius2.cfg) and the users file as
included in the distribution.
regards
Hugh
On Friday, Feb 21, 2003, at 03:24 Australia/Melbourne, William
Hernandez wrote:
Hello everyone,
I'm testing Radiator 3.5 (with patches) on our RH 7.3 which is
currently
running Radiator
Einstein
-Original Message-
From: William Hernandez [mailto:[EMAIL PROTECTED]
Sent: Thursday, 20 February 2003 6:25 PM
To: Radiator (Radiator)
Subject: (RADIATOR) make test in Radiator 3.5
Hello everyone,
I'm testing Radiator 3.5 (with patches) on our RH 7.3 which
Hello everyone,
The NASIDENTIFIER column in RADONLINE and the NAS-IP-Address line in the
accounting detail file for our users who connect via Total Control NASes
shows as the NASes private ip address. We would like this to show as the
public ip address.
A related problem is that accounting
Hello everyone,
The Radiator 3.3.1 manual states in Section 6.28 AuthBy SQL
AuthBy SQL is tolerant of database failures. If your database
server goes down, Radiator will try to reconnect to a database as
described above, starting again at the first database you
specified.
What does server goes
Hello everyone,
The following error messages appeared in radius.log:
Wed Sep 17 09:17:55 2003: ERR: do failed for 'delete from
RADONLINE where NASIDENTIFIER='xxx.xxx.xx.x' and NASPORT=010212':
Server message number=105 severity=15 state=1 line=1 server=SQL
text=Unclosed quotation mark before
, \
Ascend-Idle-Limit = 900
Is there a syntax change in 3.6?
Thanks in advance,
William Hernandez
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 20, 2003 5:47 AM
To: William Hernandez
Cc: 'Radiator'
Subject: Re: (RADIATOR) Bad attribute=value pair in 3.6
Hello William -
If you are running on a recent Redhat version, see the FAQ item
here
(and you should also install
:[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2003 6:58 PM
To: William Hernandez
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Bad attribute=value pair in 3.6
Hello William -
This is most curious.
Could you try something for me? Download and test Radiator 3.7
and see
if it fixes the problem
68 matches
Mail list logo
