Re: (RADIATOR) RewriteUsername
Try naming the realm DEFAULT. It looks at anything after the @ to determine the realm name. So, if a customer logs in as [EMAIL PROTECTED], it is going to look for a realm called Realm abc.com. By default, if Radiator finds no matches, it will try to use Realm DEFAULT. -Ronan - Original Message - From: Barry Andersson To: [EMAIL PROTECTED] Sent: Thursday, 28 February, 2002 19:36 Subject: (RADIATOR) RewriteUsername Hi, I haveRewriteUsername s/^([^@]+).*/$1/ in my radius.cfg file however domains don't appear to be stripped from users who inadvertently login with their email address. I'm getting errors in the logfile such as "Could not find a handler for username@domainname: request is ignored" Below is the appropriate section from my radius.cfg Regards Barry Andersson AuthBy SYSTEM UseGetspnamf Identifier System /AuthBy Realm auth RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE Filename ./users /AuthBy AcctLogFileName /var/log/radius/detail /Realm Realm AuthBy INTERNAL AcctResult ACCEPT /AuthBy /Realm
Re: (RADIATOR) AcctSQLStatement
I have it in the AuthBy SQL Clause. I don't see it executing in a trace though. Maybe I am typing something wrong. Here is a snip from the config: Realm DEFAULT Description Default Realm for authenticating users RejectHasReason RewriteUsername s/^([^@]+).*/$1/ SessionDatabase RADONLINE AuthByPolicy ContinueWhileReject AuthBy SQL Identifier SUBSCRIBERS DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx DBUsername x DBAuth x DefaultSimultaneousUse 1 Description Database to use to authenticate users FailureBackoffTime 5 Timeout 10 AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y' # AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n' AuthColumnDef 0,User-Password,check AuthColumnDef 1,Port-Limit,reply AuthColumnDef 2,Framed-IP-Address,reply AuthColumnDef 3,Simultaneous-Use,check AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer-date AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef SERVICETYPE,Service-Type,integer AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CALLEDSTATIONID,Called-Station-Id AddToReply Service-Type=Framed-User, \ Framed-Protocol=PPP, \ Framed-IP-Netmask = 255.255.255.255 /AuthBy AuthBy SQL Identifier LIMITED_20HRS DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx DBUsername x DBAuth x DefaultSimultaneousUse 1 Description Database to use to authenticate 20 Hour users FailureBackoffTime 5 Timeout 10 AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where USERNAME='%n' AND ACTIVE='Y' AuthColumnDef 0,User-Password,check AuthColumnDef 1,Port-Limit,reply AuthColumnDef 2,Framed-IP-Address,reply AuthColumnDef 3,Simultaneous-Use,check AuthColumnDef 4,Session-Timeout,reply AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer-date AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef SERVICETYPE,Service-Type,integer AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctSQLStatement update LIMITED_20HRS set TIMELEFT=TIMELEFT-'%{Acct-Session-Time}' where USERNAME='%n' AddToReply Service-Type=Framed-User, \ Framed-Protocol=PPP, \ Framed-IP-Netmask = 255.255.255.255 /AuthBy AuthBy SQL Identifier LIMITED_30HRS DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx DBUsername x DBAuth x DefaultSimultaneousUse 1 Description Database to use to authenticate 30 Hour users FailureBackoffTime 5 Timeout 10 AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where USERNAME='%n' AND ACTIVE='Y' AuthColumnDef 0,User-Password,check AuthColumnDef 1,Port-Limit,reply AuthColumnDef 2,Framed-IP-Address,reply AuthColumnDef
Re: (RADIATOR) User-Name encrypted
That's rightI knew it was a config change, but I couldn't remember what it was. Missed it when looking through all the old backup configs... -Ronan - Original Message - From: Fabio Nitti (TEI) [EMAIL PROTECTED] To: Ronan Eckelberry [EMAIL PROTECTED]; Hugh Irvine [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, 21 February, 2002 04:17 Subject: RE: (RADIATOR) User-Name encrypted Hi all I solved my problem! I changed the configuration on Cisco System as5300 in the section Interface Group-async1 I modified the parameter async mode old config: async mode dedicated new config: async mode interactive The Nas pass correct user-name now. thanks a lot bye -Original Message- From: Fabio Nitti (TEI) [mailto:[EMAIL PROTECTED]] Sent: mercoledì 20 febbraio 2002 11.38 To: [EMAIL PROTECTED] Subject: (RADIATOR) User-Name encrypted Hi All, I've a problem whit my system Radiator 2.17.1 It receives access-request from dialin throught the Nas with user-name encrypted I don't know where is the problem because I did all test with radpwtst GUI and I verified the correct configuration The NAS is a Cisco 5300 It doesn't work fine for regular users when I do a dialin connection with modem and a correct user The Nas pass a User-name encrypted This is my logfile Thanks a lots *** Received from 113.254.2.2 port 1645 Code: Access-Request Identifier: 12 Authentic: 30K223238020117143239161152/L211%d Attributes: NAS-IP-Address = 113.254.2.2 NAS-Port = 19 NAS-Port-Type = Async User-Name = }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~2 Called-Station-Id = 672908919 Calling-Station-Id = 672588404 User-Password = 3/149|{+-]141e@Eq218131140 Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@tilab should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@cuori should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Start should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = ia should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = tilab should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = cuori should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Handling request with Handler '' Tue Feb 19 20:15:48 2002: DEBUG: Deleting session for }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~, 113.254.2.2, 19 Tue Feb 19 20:15:48 2002: DEBUG: Running command: /export/home/IVLR/R2.0/bin/ivlr_Authenticator.exe /export/home/IVLR/R2.0/bin/conf/Authenticator.ini Tue Feb 19 20:15:53 2002: INFO: Access rejected for }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~: Tue Feb 19 20:15:53 2002: DEBUG: Packet dump: *** Sending to 113.254.2.2 port 1645 Code: Access-Reject Identifier: 12 Authentic: 30K223238020117143239161152/L211%d Attributes: Reply-Message = Request Denied Fabio Nitti === Research development Consultant ANS s.p.a. c/o TEI Ericsson Italy Intelligence Network Fixed Mobile Convergence DT/DW System Specialist Engineer Via Anagnina 203 Rome C.A.P. 00040 tel. +39 0672583246 ECN 839 73246 fax +39 06 72583127 e-mail [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.