Re: (RADIATOR) RewriteUsername
Try naming the realm DEFAULT. It looks at anything after the @ to determine the realm name. So, if a customer logs in as [EMAIL PROTECTED], it is going to look for a realm called Realm abc.com. By default, if Radiator finds no matches, it will try to use Realm DEFAULT. -Ronan - Original Message - From: Barry Andersson To: [EMAIL PROTECTED] Sent: Thursday, 28 February, 2002 19:36 Subject: (RADIATOR) RewriteUsername Hi, I haveRewriteUsername s/^([^@]+).*/$1/ in my radius.cfg file however domains don't appear to be stripped from users who inadvertently login with their email address. I'm getting errors in the logfile such as "Could not find a handler for username@domainname: request is ignored" Below is the appropriate section from my radius.cfg Regards Barry Andersson AuthBy SYSTEM UseGetspnamf Identifier System /AuthBy Realm auth RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE Filename ./users /AuthBy AcctLogFileName /var/log/radius/detail /Realm Realm AuthBy INTERNAL AcctResult ACCEPT /AuthBy /Realm
Re: (RADIATOR) AcctSQLStatement
I have it in the AuthBy SQL Clause. I don't see it executing in a trace
though. Maybe I am typing something wrong. Here is a snip from the config:
Realm DEFAULT
Description Default Realm for authenticating users
RejectHasReason
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase RADONLINE
AuthByPolicy ContinueWhileReject
AuthBy SQL
Identifier SUBSCRIBERS
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsername x
DBAuth x
DefaultSimultaneousUse 1
Description Database to use to authenticate users
FailureBackoffTime 5
Timeout 10
AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from
SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y'
# AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef 3,Simultaneous-Use,check
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef SERVICETYPE,Service-Type,integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AddToReply Service-Type=Framed-User, \
Framed-Protocol=PPP, \
Framed-IP-Netmask = 255.255.255.255
/AuthBy
AuthBy SQL
Identifier LIMITED_20HRS
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsername x
DBAuth x
DefaultSimultaneousUse 1
Description Database to use to authenticate 20 Hour users
FailureBackoffTime 5
Timeout 10
AuthSelect select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
USERNAME='%n' AND ACTIVE='Y'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef 3,Simultaneous-Use,check
AuthColumnDef 4,Session-Timeout,reply
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef SERVICETYPE,Service-Type,integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctSQLStatement update LIMITED_20HRS set
TIMELEFT=TIMELEFT-'%{Acct-Session-Time}' where USERNAME='%n'
AddToReply Service-Type=Framed-User, \
Framed-Protocol=PPP, \
Framed-IP-Netmask = 255.255.255.255
/AuthBy
AuthBy SQL
Identifier LIMITED_30HRS
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsername x
DBAuth x
DefaultSimultaneousUse 1
Description Database to use to authenticate 30 Hour users
FailureBackoffTime 5
Timeout 10
AuthSelect select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
USERNAME='%n' AND ACTIVE='Y'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef
Re: (RADIATOR) User-Name encrypted
That's rightI knew it was a config change, but I couldn't remember
what it was. Missed it when looking through all the old backup configs...
-Ronan
- Original Message -
From: Fabio Nitti (TEI) [EMAIL PROTECTED]
To: Ronan Eckelberry [EMAIL PROTECTED]; Hugh Irvine
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, 21 February, 2002 04:17
Subject: RE: (RADIATOR) User-Name encrypted
Hi all
I solved my problem!
I changed the configuration on Cisco System as5300 in the section Interface
Group-async1
I modified the parameter async mode
old config: async mode dedicated
new config: async mode interactive
The Nas pass correct user-name now.
thanks a lot
bye
-Original Message-
From: Fabio Nitti (TEI) [mailto:[EMAIL PROTECTED]]
Sent: mercoledì 20 febbraio 2002 11.38
To: [EMAIL PROTECTED]
Subject: (RADIATOR) User-Name encrypted
Hi All,
I've a problem whit my system Radiator 2.17.1
It receives access-request from dialin throught the Nas
with user-name encrypted
I don't know where is the problem because I did all test with radpwtst GUI
and I verified the correct configuration
The NAS is a Cisco 5300
It doesn't work fine for regular users when I do a dialin connection with
modem and a correct user
The Nas pass a User-name encrypted
This is my logfile
Thanks a lots
*** Received from 113.254.2.2 port 1645
Code: Access-Request
Identifier: 12
Authentic: 30K223238020117143239161152/L211%d
Attributes:
NAS-IP-Address = 113.254.2.2
NAS-Port = 19
NAS-Port-Type = Async
User-Name = }#@!}!} }
$}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~2
Called-Station-Id = 672908919
Calling-Station-Id = 672588404
User-Password = 3/149|{+-]141e@Eq218131140
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type =
Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@tilab should
be used to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type =
Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@cuori should
be used to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type =
Accounting-Request, Acct-Status-Type = Stop should be used to handle this
request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type =
Accounting-Request, Acct-Status-Type = Start should be used to handle this
request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = ia should be used
to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = tilab should be
used to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = cuori should be
used to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler should be used to handle
this request
Tue Feb 19 20:15:48 2002: DEBUG: Handling request with Handler ''
Tue Feb 19 20:15:48 2002: DEBUG: Deleting session for }#@!}!} }
$}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~, 113.254.2.2,
19
Tue Feb 19 20:15:48 2002: DEBUG: Running command:
/export/home/IVLR/R2.0/bin/ivlr_Authenticator.exe
/export/home/IVLR/R2.0/bin/conf/Authenticator.ini
Tue Feb 19 20:15:53 2002: INFO: Access rejected for }#@!}!} }
$}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~:
Tue Feb 19 20:15:53 2002: DEBUG: Packet dump:
*** Sending to 113.254.2.2 port 1645
Code: Access-Reject
Identifier: 12
Authentic: 30K223238020117143239161152/L211%d
Attributes:
Reply-Message = Request Denied
Fabio Nitti
===
Research development Consultant
ANS s.p.a.
c/o
TEI Ericsson Italy
Intelligence Network Fixed
Mobile Convergence
DT/DW
System Specialist Engineer
Via Anagnina 203 Rome
C.A.P. 00040
tel. +39 0672583246 ECN 839 73246
fax +39 06 72583127
e-mail [EMAIL PROTECTED]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
