I've read in the docu that CHAP will not work when using
encrypted passwords (which is what I have in LDAP)
That's correct, you'll have to un-encrypt the passwords
in LDAP or use PAP. If you require encrypted passwords in
LDAP, you should disable CHAP on the Cisco.
===
Archive at
When you try to download any .tgz files, the web server reports a MIME
type of text/plain, which means that I can't correctly download the file
in Netscape under Windows becuase it messes up the binary data in the
process of 'translating' UNIX text to MS text.
Is shift-click any help in
Visit: http://web1.netcarrier.net/cgi-bin/radwho.cgi
But the file does exist with proper permissions:
web1# ls -l /usr/radiator/online.db
-rw-rw-rw- 1 root wheel 16384 Dec 17 10:11 /usr/radiator/online.db
It is quite possible the webserver user will need write access to
create files in
For backup reasons I've the following question :
Is it possible to define a second ldap host which Radiator contacts
when the (primary) ldap does not give any reply. (And if so, how :-)?
Most LDAP client libraries will allow you to set multiple
servers in a space-separated list.
It would be
2) use FreeTDS and DBD-Sybase - when I tried this
it was an exciting mix of linking alpha software with alpha software :) It's
probably much better now.
There are *two* freetds. One is what most would consider to be
FreeTDS, as featured at http://www.freetds.org, and
Again: Simultaneous-Use is a check item, not a reply item.
The reply item you want to use is "Port-Limit = 1".
Now a question to the sophisticated part of the audience:
how does the Port-Limit apply in a multi-chassis situation ?
As Port-Limit is a reply item, it's up to the NAS to keep
Is there any way we can configure Radiator to log an incoming radius
request to a flatfile or SQL, say storing username and password (assuming
both come thru in cleartext)?
PasswordLogFileName passlog.%d%m%Y.txt.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email
I need to authenticate my users by calling a class in a java program.
I suppose it would be possible using Auth By External, but in that
case a new instance of the java program would be created for every
Perhaps you could run it as a servlet on a web server, and
write a simple authby to call
You certainly want to cut down on the number of rewrite
statements. For example, the first two you list could be done with one
regex... "s/^\s*(.*)\s*$/$1/". On the other hand, I'd first make sure
that you need to do that anyway; I've never seen leading and trailing
spaces coming in on the
The thing is, I'm gonna use LDAP, but I must have the communication
with the LDAP server secure.
Oh, I see. Probably the simplest way is to setup an ssh
tunnel. You could use SSL but you'll need to setup a new secure
session for authentication request which is a lot more overhead
than I think
Quite a few people have used the FreeTDS module
Does anyone have this working on FreeBSD?
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Hi, does anyone here know whether the following messages are harmful?
Unknown property 7
DBD::Sybase::st execute failed: Server message number=1 severity=7
state=0 line=1 server=OpenClient text=Attempt to initiate a new SQL Server
operation with results pending. at Radius/SqlDb.pm
How difficult would it be to add colour to the various Trace messages going
to the console in Radiator?
You might like to look at some of the log colourizers already
available, try your local freshmeat.net mirror and remember, it
will probably want american spelling when you search. I'm sure
"Joshua M. Thompson" wrote:
On Thu, 30 Sep 1999, Mike McCauley wrote:
There is no way (yet) to set the umask from within the Radiator config file.
(is this a good idea, anyone?)
I don't see any problems with it, only advantages. I know I'd like to be
able to fiddle with the default
Well, the problem is that the ctlportslave program is returning a -1 and that
is why Radiator is complaining. You will have to sort out why its got a
problem, so it returns 0 upon successful completion.
at a push, you could run a shell script that does
ctlportslave $*
exit 0
I think it's
The only slight complication is configuring Radiator as an NT service so it
starts up at boot time,
http://www.formida.com.au/firedaemon/
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
This is generated when the user authenticates using CHAP. CHAP uses a
method that doesn't allow you to know what the user actually entered. If
you switch your NAS to use PAP (which is less secure, I'm given to
understand) you will be able to see these passwords.
Not vastly less secure,
1) I'm trying to figure out if I can set a time limit an account is allowed
to be on. I know that I can set "windows" when an account can connect, but
suppose I have an account that can connect Mon-Fri 8am-5pm (normal business
hours). What happens if that account connects on Wed at 4:55pm.
Would it be possible to setup the access server to simply ignore the call if
it does not display the caller ID. That way the 'customer' does not get
billed for the call.
You can do this on recent Bay 5399 software, and I think possibly
also some others (Ascend/Cisco/Tigris?)
===
Archive at
i tried altering my dictionary file and change the User-Service to
Service-Type. no wonder my Service-Type has the value of "2" instead of
"Framed-User". anyhow, the "Framed-Route" is still not set.
i wonder if anybody implementing Framed-Routes can show us their
configs.
Are you sure
pretty sure the problem is not with the machine, its a custom build
PII-400, 256 megs SDRAM, SCSI drives, the works. We're running RH6.0
with the 2.2.11-ac3 kernel. I am running Perl version 5.00503 and have
gotten the latest DBI and DBD drivers. We are authenticating off of a
mySQL database
Radiator running RedHat 6 system with shadow passwords. Users are
authenticated by SYSTEM. radpwtst works on the local machine, but
dialing in gives me a 'Bad Encrypted-Password'.
You can't do challenge-handshake (CHAP/encrypted) authentication
unless you are storing cleartext passwords.
Hugh Irvine wrote:
On Wed, 11 Aug 1999, Ricardo Guerra wrote:
is there any way to assign DNS servers, IP and gateways from radiator?
You can return anything in the vendor specific A-V pairs, but the
functionality you describe above is usually implemented in DHCP/BOOTP.
DNS/WINS servers
Framed-Compression = Van-Jacobsen-TCP-IP
Framed-Compression = Van-Jacobson-TCP-IP
I'm not sure why our PM3's suddenly get fussy over the spelling error
when served by Radiator rather than Radius, but that's what appears to
happen.
It's probably a difference in the
Before I destroy next weekend in a frenzy of hacking, can
someone tell me if there already exists a patch to allow a POP
server to authenticate using Radius? (Ditto for IMAP)
I have heard of it being done *somewhere*! I think you should
probably look into PAM (pluggable authentication
we'd like to send the uid and password, and simply have the LDAP
server authenticate this against its one-way hash'ed password for
that user and just return an 'accept' or 'reject'...
That is a good idea, and one we have been contemplating for some
time, but right now, and for the
Thanks for contributing that!. I know lots of people appreciate it.
Especially as Bay have just come up with a feature on their Annex
servers that let you do a Radius check before deciding whether to
answer the phone call or just busy it out :-)
Stuart
===
Archive at
Is their a better way?
If you can implement caller id-based filtering in the nas that
will be better as it will avoid toll calls for your users to try
to get authenticated only to find it failing. (I think many
people would just try again, and again, if it comes back saying
'bad password' or
And what about using an NFS share?
Just be sure to make copies and not use the file directly ;-)
(I don't think I'd do this though, I have a hard enough time getting rid
of the NFS we already have without adding more grin)
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe
Hi Volker,
Is it possible to use numbered realms (i.e. the called station id)
to do something special with incoming requests ?
Yes, like this:
Handler Called-Station-Id=20810[1-6]
AuthBy DBFILE
Filename ./users.alt
/AuthBy
AcctLogFileName
I installed ssh on both radius1 and radius2. On radius2, I created a
/usr/local/etc/shosts.equiv that contains the host name for radius1.
Assuming sshd is on radius1 and you are connecting from radius2, add the
contents of radius2:~user/.ssh/identity.pub to
radius1:~user/.ssh/authorized_keys
The first method that comes to mind is setting up a cron
job to rcp or ftp the users file on one machine or the other.
We're not crazy about allowing rcp or ftp into our radius
servers though... Is there another method anyone has found?
How does rsync or scp (part of ssh) sound to you? Scp
I'm afraid I don't agree.
The installation notes lead me to expect an
Info: Server started message. I have not seen this.
Try checking the config file to make sure log output is being displayed
at the console and maybe increase the debug level a bit. You can also do
a "netstat -an" in another
der Cygwin but maybe worth a try or
there is a commercial version available.
Hope this helps
Stuart
--
Stuart Henderson
Network Engineer, Eclipse Networking Ltd.
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
34 matches
Mail list logo