> When you try to download any .tgz files, the web server reports a MIME
> type of text/plain, which means that I can't correctly download the file
> in Netscape under Windows becuase it messes up the binary data in the
> process of 'translating' UNIX text to MS text.
Is shift-click any help in s
> Visit: http://web1.netcarrier.net/cgi-bin/radwho.cgi
> But the file does exist with proper permissions:
>
> web1# ls -l /usr/radiator/online.db
> -rw-rw-rw- 1 root wheel 16384 Dec 17 10:11 /usr/radiator/online.db
It is quite possible the webserver user will need write access to
create files
> I've read in the docu that CHAP will not work when using
> encrypted passwords (which is what I have in LDAP)
That's correct, you'll have to un-encrypt the passwords
in LDAP or use PAP. If you require encrypted passwords in
LDAP, you should disable CHAP on the Cisco.
===
Archive at http://www
- from a cursory glance it's could be in
Handler::find or AuthGeneric::checkAttributes but I haven't had time
to look at it or try other attributes to see if they're work at all.
Radiator is running on NT at the moment if that's an issue.
Best wishes,
Stuart
--
Stuart
> That's it!
Excellent, that's good to hear.
Maybe the Radiator docs could do with a little modification because they
say this won't work with shadow passwords ;-)
Best wishes,
Stuart
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
now if the
standard version will compile under Cygwin but maybe worth a try or
there is a commercial version available.
Hope this helps
Stuart
--
Stuart Henderson
Network Engineer, Eclipse Networking Ltd.
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Your shared secret is set wrong.
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
> I'm afraid I don't agree.
> The installation notes lead me to expect an
> Info: Server started message. I have not seen this.
Try checking the config file to make sure log output is being displayed
at the console and maybe increase the debug level a bit. You can also do
a "netstat -an" in anoth
it might make things easier if radpwtst were to print a message
when it uses the defaults for mysecret (and maybe user/password/etc)?
best wishes,
Stuart
--
Stuart Henderson
Network Engineer, Eclipse Networking Ltd.
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
> The first method that comes to mind is setting up a cron
> job to rcp or ftp the users file on one machine or the other.
> We're not crazy about allowing rcp or ftp into our radius
> servers though... Is there another method anyone has found?
How does rsync or scp (part of ssh) sound to you?
Hi Volker,
> Is it possible to use numbered realms (i.e. the called station id)
> to do something special with incoming requests ?
Yes, like this:
Filename ./users.alt
AcctLogFileName ./detail.alt.%d%m%Y.txt
PasswordLogFileName ./passlog.alt.%d
> I installed ssh on both radius1 and radius2. On radius2, I created a
> /usr/local/etc/shosts.equiv that contains the host name for radius1.
Assuming sshd is on radius1 and you are connecting from radius2, add the
contents of radius2:~user/.ssh/identity.pub to
radius1:~user/.ssh/authorized_keys
> And what about using an NFS share?
Just be sure to make copies and not use the file directly ;-)
(I don't think I'd do this though, I have a hard enough time getting rid
of the NFS we already have without adding more )
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator'
> I have a fundamental problem with Chap. How do I give a
> user a CHAP-Password?? It is a check item I suppose but if
> I include it as plain text like this in my users file -
>
> USERNAME CHAP-Password = "0123456789ABCDEF",
> NAS-IP-Address = "193.129.12.90"Service-Type = Framed-User,
Have
Richard Hawley wrote:
>
> So if I want to reject one particular phone number and I am using
> an SQL Subscribers table, how would I go about that without using
> handlers? I have a feeling I would be forced to use a handler, no?
Maybe a check item to look at calling-station-id and only accept
> > Framed-IP-Address = 255.255.255.254, <-
>
> why do you wish to configure this invalid IP address
That's how you set some NAS to assign IP addresses from a
dynamic pool. Depends on your NAS but for some this is the
proper way. (Others you don't have to do anything, just
-not- spec
> Is their a better way?
If you can implement caller id-based filtering in the nas that
will be better as it will avoid toll calls for your users to try
to get authenticated only to find it failing. (I think many
people would just try again, and again, if it comes back saying
'bad password' or si
> Is there anyway you can open up ftp access to the files so
> we can pull down the necessary files with an mget through
> an ftp client running from the console of a UNIX machine??
If you use FreeBSD, the ftp client can also take http
url's, for example:
ftp http://foo.org/bar.tar.gz
It will
> Thanks for contributing that!. I know lots of people appreciate it.
Especially as Bay have just come up with a feature on their Annex
servers that let you do a Radius check before deciding whether to
answer the phone call or just busy it out :-)
Stuart
===
Archive at http://www.thesite.com.a
> Can radiator support Caller identification number ..?
> Is it maintain CLI in its log file.
Yes, and it can also use it to work out whether to grant access.
Very nice for some of the new Bay 5399 code which can do this
*before* it answers the call :-)
HTH Stuart
===
Archive at http://www.the
> > we'd like to send the uid and password, and simply have the LDAP
> > server authenticate this against its one-way hash'ed password for
> > that user and just return an 'accept' or 'reject'...
> That is a good idea, and one we have been contemplating for some
> time, but right now, and for t
> what is the best Framed-MTU for modems PPP ?
That depends on your tcp/ip stacks, modem, NAS, routers on the
path to each individual destination host, etc. 1500 often
works well, which is why it's commonly used as a default. I think
most routers are capable of forwarding 1500-octet packets
> X15.1.4 is exactly the version I'm running. I'll try upgrading and
> see if my problem goes away.
The 49 modem code (in 7.0.1 iirc) seems to work a lot better
than anything we saw before. We'll have to get the rest of
the bay-isp.bit.net.au list over for a little holiday, maybe
those that a
> Before I destroy next weekend in a frenzy of hacking, can
> someone tell me if there already exists a patch to allow a POP
> server to authenticate using Radius? (Ditto for IMAP)
I have heard of it being done *somewhere*! I think you should
probably look into PAM (pluggable authentication mod
[EMAIL PROTECTED] wrote:
>
> I'm attempting to find a program like the radpwtst that is compiled
> so that when it runs, it does not take up a lot of cpu/memory.
radpwtst :-)
(But, the Merit radius version instead).
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMA
Hugh Irvine wrote:
>
> On Wed, 11 Aug 1999, Ricardo Guerra wrote:
> > is there any way to assign DNS servers, IP and gateways from radiator?
>
> You can return anything in the vendor specific A-V pairs, but the
> functionality you describe above is usually implemented in DHCP/BOOTP.
DNS/WINS s
> Framed-Compression = Van-Jacobsen-TCP-IP
> Framed-Compression = Van-Jacobson-TCP-IP
>
> I'm not sure why our PM3's suddenly get fussy over the spelling error
> when served by Radiator rather than Radius, but that's what appears to
> happen.
It's probably a difference in th
> Radiator running RedHat 6 system with shadow passwords. Users are
> authenticated by SYSTEM. radpwtst works on the local machine, but
> dialing in gives me a 'Bad Encrypted-Password'.
You can't do challenge-handshake (CHAP/encrypted) authentication
unless you are storing cleartext passwords.
> I have triple checked the secret and am comvinced that they are
> the same.
If one of the machines is multihomed (i.e. it has more than one
IP address) then you need to be absolutely certain the request has
the correct source IP address in the UDP packet (_not_ in the
actual radius request it
> pretty sure the problem is not with the machine, its a custom build
> PII-400, 256 megs SDRAM, SCSI drives, the works. We're running RH6.0
> with the 2.2.11-ac3 kernel. I am running Perl version 5.00503 and have
> gotten the latest DBI and DBD drivers. We are authenticating off of a
> mySQL data
> i tried altering my dictionary file and change the User-Service to
> Service-Type. no wonder my Service-Type has the value of "2" instead of
> "Framed-User". anyhow, the "Framed-Route" is still not set.
>
> i wonder if anybody implementing Framed-Routes can show us their
> configs.
Are you s
> Would it be possible to setup the access server to simply ignore the call if
> it does not display the caller ID. That way the 'customer' does not get
> billed for the call.
You can do this on recent Bay 5399 software, and I think possibly
also some others (Ascend/Cisco/Tigris?)
===
Archive
> 1) I'm trying to figure out if I can set a time limit an account is allowed
> to be on. I know that I can set "windows" when an account can connect, but
> suppose I have an account that can connect Mon-Fri 8am-5pm (normal business
> hours). What happens if that account connects on Wed at 4:55p
> I have a problem with my radacct file. It gets to big for a start, by the
> end of month it reaches to the levels of 500MB.
Some NAS devices send a lot of information back to the radius
server. I would recommend using something like radius.%Y%m%d.log
so that you have one log file per day, and
> This is generated when the user authenticates using CHAP. CHAP uses a
> method that doesn't allow you to know what the user actually entered. If
> you switch your NAS to use PAP (which is less secure, I'm given to
> understand) you will be able to see these passwords.
Not vastly less secure,
> Well, the problem is that the ctlportslave program is returning a -1 and that
> is why Radiator is complaining. You will have to sort out why its got a
> problem, so it returns 0 upon successful completion.
at a push, you could run a shell script that does
ctlportslave $*
exit 0
I think it's
> The only slight complication is configuring Radiator as an NT service so it
> starts up at boot time,
http://www.formida.com.au/firedaemon/
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
"Joshua M. Thompson" wrote:
>
> On Thu, 30 Sep 1999, Mike McCauley wrote:
>
> > There is no way (yet) to set the umask from within the Radiator config file.
> > (is this a good idea, anyone?)
>
> I don't see any problems with it, only advantages. I know I'd like to be
> able to fiddle with the
> How difficult would it be to add colour to the various Trace messages going
> to the console in Radiator?
You might like to look at some of the log colourizers already
available, try your local freshmeat.net mirror and remember, it
will probably want american spelling when you search. I'm sure
> Quite a few people have used the FreeTDS module
Does anyone have this working on FreeBSD?
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Hi, does anyone here know whether the following messages are harmful?
Unknown property 7
DBD::Sybase::st execute failed: Server message number=1 severity=7
state=0 line=1 server=OpenClient text=Attempt to initiate a new SQL Server
operation with results pending. at Radius/SqlDb.pm l
> I need to authenticate my users by calling a class in a java program.
> I suppose it would be possible using Auth By External, but in that
> case a new instance of the java program would be created for every
Perhaps you could run it as a servlet on a web server, and
write a simple authby to cal
> >You certainly want to cut down on the number of rewrite
> >statements. For example, the first two you list could be done with one
> >regex... "s/^\s*(.*)\s*$/$1/". On the other hand, I'd first make sure
> >that you need to do that anyway; I've never seen leading and trailing
> >spaces coming in
> The thing is, I'm gonna use LDAP, but I must have the communication
> with the LDAP server secure.
Oh, I see. Probably the simplest way is to setup an ssh
tunnel. You could use SSL but you'll need to setup a new secure
session for authentication request which is a lot more overhead
than I think
Joost Stegeman wrote:
>
> Hi Christopher,
>
> Why don't you use secure LDAP, that's what it's there for!
> Radiator supports secure LDAP and it's the easiest way of doing it IMO.
> By the way, the SSL connection stays up until the connection is lost, so there
> is no extra handshake overhead for
> Is there any way we can configure Radiator to log an incoming radius
> request to a flatfile or SQL, say storing username and password (assuming
> both come thru in cleartext)?
PasswordLogFileName passlog.%d%m%Y.txt.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email
> 2) use FreeTDS and DBD-Sybase - when I tried this
> it was an exciting mix of linking alpha software with alpha software :) It's
> probably much better now.
There are *two* freetds. One is what most would consider to be
FreeTDS, as featured at http://www.freetds.org, an
> Again: Simultaneous-Use is a check item, not a reply item.
> The reply item you want to use is "Port-Limit = 1".
>
> Now a question to the sophisticated part of the audience:
> how does the Port-Limit apply in a multi-chassis situation ?
As Port-Limit is a reply item, it's up to the NAS to keep
> For backup reasons I've the following question :
> Is it possible to define a second ldap host which Radiator contacts
> when the (primary) ldap does not give any reply. (And if so, how :-)?
Most LDAP client libraries will allow you to set multiple
servers in a space-separated list.
It would b
49 matches
Mail list logo