You could proabably use the Class attribute for this in your AUTH reply. The
NAS should send the Class attribute back in any accounting requests.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
It looks like radpwtst is sending the default NAS-Port of 1234 for each
request. Since radiator sees the second call coming in on the same physical
port it assumes that the first session had to have ended. Change the
NAS-Port in the second test using the -nas_port parameter of radpwtst so it
system and accepts requests from Radiator via
hooks or AuthBy EXTERNAL. My concern is the overhead introduced by this and I'm
hoping that I can do something like create a socket in a startup hook and pass
it to a preauth hook later on.
Frank Danielson
[Infrastructure
Architect]
wireless
and radwho.cgi for the session
database.
Frank Danielson
[Infrastructure
Architect]
wireless:
407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St.
Suite 450
Orlando, Fl
32801
http://www.dataonair.com
-Original Message-From: Barry Andersson
[mailto:[EMAIL PROTECTED
10.1.10.6 port 1818
Code: Access-AcceptIdentifier:
184Authentic: 1234567890123456Attributes:
Frank Danielson
[Infrastructure
Architect]
wireless:
407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St.
Suite 450
Orlando, Fl
32801
http://www.dataonair.com
would usually just use the Calling-Station-Id attribute directly, and
provide an AuthSelect statement in the AuthBy SQL clause (assuming you are
using an SQL database).
Perhaps you could describe you requirements in more detail?
regards
Hugh
On Sat, 23 Feb 2002 05:30, Frank Danielson wrote:
Hi
Hugh-
For general education purposes could you elaborate on Radiator clearing
entries for a NAS if it sees a NAS restart? I'm not sure how Radiator would
detect that event and if some certain Client config is needed support this.
Thanks.
-Original Message-
From: Hugh Irvine
AcctStartResult ACCEPT
AcctStopResult ACCEPT
DefaultResult REJECT
/AuthBy
AcctLogFileName /var/log/radacct/detail
/Handler
Just put this before your other handlers so it will match first, see Section
6.16 in the manual for more info.
Frank Danielson
If I understand section 13.1.6 of the manual correctly you could add a check
item of Auth-Type = Reject for the users in the DBFILE or if all of the users
in that database are to be rejected, just put the check item for the DEFAULT
user.
= Original Message From Jon Snyder [EMAIL
]
Opinions are mine and do not necessarily reflect
those of wyoming.com LLC
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Frank
AuthBy SQLRADIUS proxies requests to other RADIUS servers and doesn't do any
accounting explicitly. When the docs say it understands the parameters of
AuthBy SQL they are referring to the parameters that define the connectivity
to the database. If yout want to do accounting you can add an
AuthLog SQL records access-requests to a database.
AuthBy SQL w /an empty AuthSelect records accounting-requests to a database.
-Frank
-Original Message-
From: radiator [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 12:06 AM
To: '[EMAIL PROTECTED]'
Subject: (RADIATOR) AuthBy SQL
You could use the built in MySQL function FROM_UNIXTIME() in your INSERT
statement to convert from a unix timestamp to the datetime format.
-Original Message-
From: Viraj Alankar [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 1:57 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR)
You could use identifiers in your client clauses like so-
Client 1.2.3.4
Identifier noip
/Client
Client 1.2.3.5
Identifier send254
/Client
Client 1.2.4.6
Identifier noip
/Client
Client 1.2.3.7
Identifier send254
/Client
Handler Client-Identifier=noip
Do auth
Title: Cisco, non-unique NAS-Ports, clobbering Online DB
How about handling it with a preclient
hook in the client clauseto strip the number you want out of the
Cisco-NAS-Port attribute and stuff it into the NAS-Port
attribute.
-Original Message-From: Dave Kitabjian
A
simple way around it would be to use a handler that accepts the
Interim-Accounting requests and then another Handler to proxy the rest. We are
using this on a production system for similar purposes.
Handler
Acct-Status-Type=AliveAuthBy
INTERNALDefaultResult
ACCEPT/AuthBy/Handler
According to the IANA website
http://www.iana.org/assignments/enterprise-numbers, 2937 is the enterprise
number for Deutsche Telekom AG. Maybe you could ask whoever is proxying
those requests to you to send you a copy of thier dictionary?
Frank Danielson
[Infrastructure Architect]
wireless
item.
AuthBy RADIUS is also well documented in the manual and has been discussed
in length on the mailing list.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
http://www.dataonair.com
-Original
I don't think there is a way to tell inside of Radiator. You can run
multiple instances of Radiator with each one bound to a different address
using the BindAddress config parameter. This will also give you the
advantage of being able to handle more traffic since you will have multiple
threads
Yes, it's quite handy.
-Original Message-
From: Listuser [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 30, 2002 8:54 AM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Client Statements
Hey Folks,
Just wondering if it is possible to have multiple Client statments with the
same Identifier
Why not use an AddToReply in your Client clause for this NAS? See section
6.5.18 in the manual.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 10:26 AM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) users database format
Hello,
I have
on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Frank Danielson
[Infrastructure Architect]
wireless:407.467.7832
fax:407.515.9001
Data On Air
301 E. Pine St. Suite 450
Orlando, FL 32801
USA
===
Archive at http://www.open.com.au
http://jradius-client.sourceforge.net/
= Original Message From MURUGAN V V [EMAIL PROTECTED] =
hi,
anybody knows about any Java API for implementing a Radius Client.
any body is using Radiator in Japan.
Regards,
Murugan
===
Archive at http://www.open.com.au/archives/radiator/
You can call your AuthBy SQL from a ReplyHook making the whole thing easier
than you might think. Examples are in goodies/hooks.txt.
-Original Message-
From: [EMAIL PROTECTED] [mailto:alexander.deboer;kpn.com]
Sent: Wednesday, October 23, 2002 11:59 AM
To: [EMAIL PROTECTED]
Subject:
in it that looks like this-
ATTRIBUTE Ascend-Session-svr-Key 151 string
Just stick it in with the other attributes and restart radiator to make it
take effect.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St
The Cisco PIX firewall has the option to do RADIUS authentication before
allowing a TCP session to set up for a certain protocol. For example, if you
wanted to control who was able to Telnet into your network through the
firewall you could configure the PIX to check with your RADIUS server to see
://www.ethereal.com)
or something similar that would decode the RADIUS packets for you.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
http://www.dataonair.com
-Original Message-
From: Marcel Brown
Hi-
As Hugh has said in the past, please send a trace 4 debug showing what's
happening during an acess-request so we can see what the problem is.
-Original Message-
From: Denis Beauchemin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 16, 2003 12:02 PM
To: Radiator
Subject:
=
auth1
AuthBy acct1/Handler
Handler Request-Type =
Accounting-Request, Class =
auth1
AuthBy acct1/Handler
HandlerAuthByPolicy
ContinueUntilAcceptAuthBy
auth1AuthBy auth2AuthBy
auth3/Handler
Frank Danielson
[Infrastructure
Architect]
wireless:
407.467.7832
wireline: 407.515.86
AuthBy acct2
/Handler
Handler Request-Type = Accounting-Request, Class = auth3
AuthBy acct3
/Handler
Handler
AuthByPolicy ContinueUntilAccept
AuthBy auth1
AuthBy auth2
AuthBy auth3
/Handler
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline
Yes. You shut put your most detailed match first and work down to more
generic ones.
-Original Message-
From: Tom Swenson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 04, 2003 12:14 PM
To: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Auth only on same realm
Just so I understand
/AuthBy
/Handler
If you examine your data you will probably find a similar pattern that you
can detect.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
301 E. Pine St. Suite 400
Orlando, FL 32801
USA
-Original Message
LDAP config
/AuthBy
/Handler
Handler Auth=No
AuthBy INTERNAL
DefaultResult REJECT
/AuthBy
/Handler
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
301 E. Pine St. Suite 400
Orlando, FL 32801
USA
Try a PreHandlerHook, it's in section 6.5.11 of my radiator manual. Also
look in goodies/hooks.txt for more information on writing hooks.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 32801
USA
]}-delete_attr('Framed-IP-Address'); }
LocalAddress XX.XX.XX.XXX
/AuthBy
Then you should be able to use ContinueWhileAccept without a problem.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 32801
USA
and improve response time.
Why not post your config file with a more detailed explanation of what you
are trying to accomplish? A number of folks on the list are authenticating
with LDAP/SQL combinations. You can also search the mailing list archives
for examples of what others have done.
Frank
You could use a PreHandlerHook in your Client clause like this-
Client XXX.XXX.XXX.XXX
Secret somesecret
PreHandlerHook sub
{${$_[0]}-change_attr('NAS-IP-Address','YYY.YYY.YYY.YYY');}
/Client
This may cause unintended consequences with your downstream RADIUS servers
since all
Hi ronnie-
How about a copy of your config file and a trace 4 debug of an authentiction
happening? This would help the people on the list see what is happening and
offer some advice.
-Original Message-
From: ronnie nyaruwabvu [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 11:16
is dropped.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 32801
USA
-Original Message-
From: Brian CHNG Sing Yong [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 9:07 PM
To: [EMAIL
Hugh-
I can't speak for Angus but it makes sense that if you are passing
authentication reqests to an external system using AuthBy URL that you may
want to pass accounting requests to that same system.
It's something that we have looked at since we have a lot of internal talent
in developing
Hi Julio-
It has been my experience that an ORA-01002 error happens when the results
of the query are no longer available, usually due to memory or TEMP space
limitations on the database server. Have a look in yor Oracle server's error
log when this happens and you should see one or more
Igor-
It sounds like you are using the Oracle database for storing accounting data
only. If that is the case how about runnning an instance of Radiator on each
box for authentication and another instance of Radiator for accounting? That
way authentication should not be affected by database
of
by
the routines in SqlDb.pm. As a relatively simple example of some SQL code
that
uses these routines, have a look at Radius/SessSQL.pm.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax
The only catch is that AuthBy SQL will open a connection to the database
when it starts up and keep that connection up unless there is a problem with
it so your round robin DNS will not do much. AuthBY SQL supports declaring a
database to use as a backup which may be a better scheme for
Identifier OtherQuintum
Secret somesecret
DefaultRealm 111.222.333.555
Other client config
/Client
DefaultRealm is documented in Section 6.5.2 of my Radiator 2.19 manual and
is used to add a realm to incoming requests that do not have a realm
specified.
Frank Danielson
Just a guess from the last time I looked into AuthBy ROUNDROBIN but I
believe the CachePasswords directive is specific to a host if it works at
all. Try this and see if it works:
Handler
UsernameCharset [EMAIL PROTECTED]
RewriteUsername tr/A-Z/a-z/
proceed at your own risk.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 32801
USA
-Original Message-
From: Jesus Rodriguez [mailto:[EMAIL PROTECTED]
Sent: Friday, October 17, 2003 2:30 PM
=1234556 Class=someclass Acct-Session-Time=X
Where X is the amount of time elapsed for the session so far. You will most
likely need to use a different set of attributes depending on what you are
trying to test.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky
It's really not that hard. You run a number of Radiator instances, with each
one having it's own connection to the LDAP, SQL, or whatever backend. Then
you front end those with an instance or two of Radiator running AuthBy
ROUNDROBIN or AuthBy LOADBALANCE to distribute the requests among them.
Rodrigo-
If I understand you correctly, you are concerned that someone may insert
some characters or even SQL statements into the password in order to launch
some sort of attack against your database. I think the root of your issue is
the fact that you want to include the password in the queries,
It's hard to say from the info you have provided. How about providing the
config file, a level 4 trace, and doing a snoop -o to capture some of this
unanswered traffic to a file and send that as well?
-Original Message-
From: Jason Signalness [mailto:[EMAIL PROTECTED]
Sent: Wednesday,
:[EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 4:05 PM
To: Frank Danielson
Subject: Re: (RADIATOR) Radiator ignoring some clients
I have attached my radius.cfg file. Currently, I don't have the ability
to capture a snoop showing the problem. Basically, here's what I saw
during the snoop
How about using-
kill '1',$$
or if you are in a hurry-
kill '9',$$
Using kill 1 should allow Radiator to execute any shutdown hooks you have
and otherwise exit normally.
-Frank
-Original Message-
From: Jerome Fleury [mailto:[EMAIL PROTECTED]
Sent: Monday, January 05, 2004 12:16 PM
to be at least as large as that
number, is that correct?
Frank Danielson
ClearSky Mobile Media, Inc. | fdaniel...@csky.commailto:fdaniel...@csky.com
A human being should be able to change a diaper, plan an invasion, butcher a
hog, conn a ship, design a building, write a sonnet, balance accounts, build
Hi Jim-
Have you tried FarmSize instead of Fork?
-Frank
On May 3, 2013, at 7:34 AM, Jim Tyrrell wrote:
OK, I increased the timeout of the AuthBy RADIUS to 20 seconds and had
to add 'UseExtendedIds', which just delays the issue occuring.
It looks like the issue is with the MySQL server
and the second AuthBy is not called.
You could set AuthByPolicy ContinueAlways in the Handler to always execute all
of the AuthBy clauses.
[cid:A5561F0C-29ED-4FB5-B132-7DDD0D907642]
Frank Danielson | Chief Technology Officer
•
fdaniel...@csky.com
On Jul 6, 2016, at 6:45 AM, Marco Marino
<mar
56 matches
Mail list logo
