Re: (RADIATOR) Re: Fwd: Re: radiator radius server
Hi Hugh, Thank you very much for your help and support. I'll try it out and let you know. Regards, Deepak On Mon, 24 Jul 2000, Hugh Irvine wrote: > > Hello Deepak - > > On Mon, 24 Jul 2000, Deepak Shrestha wrote: > > Hi Hugh, > > I would like to know how many users can to listed in the users file > > without compromising on the performance of the Radiator Radius Server. Is > > it much faster if I use the DBM format user database file? > > Thank you very much for your help. > > When you set up an AuthBy FILE, the contents of the file get cached inside > Radiator. We have done performance tests with a 10,000 user file that showed > almost the same performance as with a file with 3 users. Have a look at section > 23 in the reference manual. Interestingly enough, DBM performance is slightly > slower. > > BTW - the cached information is refreshed automatically if the file itself is > modified (Radiator checks the file modification time). > > hth > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Fwd: Re: radiator radius server
Hello Deepak - On Mon, 24 Jul 2000, Deepak Shrestha wrote: > Hi Hugh, > I would like to know how many users can to listed in the users file > without compromising on the performance of the Radiator Radius Server. Is > it much faster if I use the DBM format user database file? > Thank you very much for your help. When you set up an AuthBy FILE, the contents of the file get cached inside Radiator. We have done performance tests with a 10,000 user file that showed almost the same performance as with a file with 3 users. Have a look at section 23 in the reference manual. Interestingly enough, DBM performance is slightly slower. BTW - the cached information is refreshed automatically if the file itself is modified (Radiator checks the file modification time). hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Fwd: Re: radiator radius server
Hi Hugh, I would like to know how many users can to listed in the users file without compromising on the performance of the Radiator Radius Server. Is it much faster if I use the DBM format user database file? Thank you very much for your help. Regards, Deepak > > You would do something like this: > > # configure AuthBy's > # Realms (or Handlers) will have AuthByPolicy ContinueWhileAccept > # so that Sim-Use and Livingston must both Accept > > > Identifier Check_Sim-Use > Filename%D/users.Sim-Use > > > > Identifier Check_Livingston > Hostlivingston.radius.on.aix > Secret xx > > > # configure Realms or Handlers > > > AuthByPolicy ContinueWhileAccept > AuthBy Check_Sim-Use > AuthBy Check_Livingston > > > > . > > > ... > > The file %D/users.Sim-Use would contain this: > > # define simultaneous use limits for > # only those users with Sim-Use greater than 1 > # DEFAULT is 1 for all users not explicitly listed > # > # it is a good idea to list users alphabetically > > DEFAULT Simultaneous-Use = 1 > > anotheruser Simultaneous-Use = 3 > > someoneelse Simultaneous-Use = 4 > > someuser Simultaneous-Use = 2 > > yetanotherSimultaneous-Use = 2 > > > .. > > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Fwd: Re: radiator radius server
Hello Deepak - On Mon, 24 Jul 2000, Deepak Shrestha wrote: > Hi Hugh, > > This is what I was thinking of: > Have Radiator Radius running in Linux and configure it to proxy all > requests to the Livingston Radius already running in AIX. > I want the Radiator Radius to control the simultaneous-use and the > accounting as well. The Linux box does not have any user accounts but are > all present in the AIX. Do I need to have all the users( that are not > DEFAULT ) listed in the users file to achieve control over simultaneous > logins? You would do something like this: # configure AuthBy's # Realms (or Handlers) will have AuthByPolicy ContinueWhileAccept # so that Sim-Use and Livingston must both Accept Identifier Check_Sim-Use Filename%D/users.Sim-Use Identifier Check_Livingston Hostlivingston.radius.on.aix Secret xx # configure Realms or Handlers AuthByPolicy ContinueWhileAccept AuthBy Check_Sim-Use AuthBy Check_Livingston . ... The file %D/users.Sim-Use would contain this: # define simultaneous use limits for # only those users with Sim-Use greater than 1 # DEFAULT is 1 for all users not explicitly listed # # it is a good idea to list users alphabetically DEFAULT Simultaneous-Use = 1 anotheruser Simultaneous-Use = 3 someoneelse Simultaneous-Use = 4 someuserSimultaneous-Use = 2 yetanother Simultaneous-Use = 2 .. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Fwd: Re: radiator radius server
Hi Hugh, This is what I was thinking of: Have Radiator Radius running in Linux and configure it to proxy all requests to the Livingston Radius already running in AIX. I want the Radiator Radius to control the simultaneous-use and the accounting as well. The Linux box does not have any user accounts but are all present in the AIX. Do I need to have all the users( that are not DEFAULT ) listed in the users file to achieve control over simultaneous logins? Your suggestions would be appreciated. Thanks, Deepak > It is quite simple to run Radiator on Linux, and it is also quite simple to > configure Radiator to proxy requests to another radius server. > > If you describe your requirements in more detail, I will be able to make some > sensible suggestions. You mention wanting to proxy to the Livingston radius > server if a user is not found on the Linux box. How are you going to store the > users on the Linux box, and what else do you want to be able to do? Also, how > will you determine which users are in which groups to check for simultaneous > use? > > thanks > > Hugh > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Fwd: Re: radiator radius server
Hello Deepak - On Sun, 23 Jul 2000, Deepak Shrestha wrote: > Hi Hugh, > Thank you for your reply. > I have perl 5.6.0 ( per-built ). > #perl -v > This is perl, v5.6.0 built for aix > > Copyright 1987-2000, Larry Wall > -- > I tried compiling perl from the source but couldn't succeed in doing so! > > I have not been able to compile FreeTDS nor DBD::ODBC in my AIX. phew!! > AIX has been a pain for me!! > > Now, I would like to do this; install Radiator in a Linux box and proxy > all request to the AIX which is currently running Livingston Radius. > I would like to know how can I configure the Radiator to check for group > for users who are not present in the Linux box. I would like to configure > it for groups with 2,3,4,5 and 1 simultaneous-use. Is it possible? > If not is there a better way to achieve this? > It is quite simple to run Radiator on Linux, and it is also quite simple to configure Radiator to proxy requests to another radius server. If you describe your requirements in more detail, I will be able to make some sensible suggestions. You mention wanting to proxy to the Livingston radius server if a user is not found on the Linux box. How are you going to store the users on the Linux box, and what else do you want to be able to do? Also, how will you determine which users are in which groups to check for simultaneous use? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Fwd: Re: radiator radius server
Hi Hugh, Thank you for your reply. I have perl 5.6.0 ( per-built ). #perl -v This is perl, v5.6.0 built for aix Copyright 1987-2000, Larry Wall -- I tried compiling perl from the source but couldn't succeed in doing so! I have not been able to compile FreeTDS nor DBD::ODBC in my AIX. phew!! AIX has been a pain for me!! Now, I would like to do this; install Radiator in a Linux box and proxy all request to the AIX which is currently running Livingston Radius. I would like to know how can I configure the Radiator to check for group for users who are not present in the Linux box. I would like to configure it for groups with 2,3,4,5 and 1 simultaneous-use. Is it possible? If not is there a better way to achieve this? Any help would be appreciated. Thanks and Regards, Deepak On Fri, 21 Jul 2000, Hugh Irvine wrote: > > Hello Deepak - > > On Fri, 21 Jul 2000, Deepak Shrestha wrote: > > Hi Hugh, > > I have configured the Radiator Radius successfully in AIX4.3.1 but it is > > taking a lot of resources ( 80-90% of CPU by perl-radiator ). This causes > > Radiator to stop responding to "Start" accounting packets though it > > responds to the "Stop" accounting packets. I need to "kill -HUP > > radiusd.pid" to have it accept the logins again. And everything resumes to > > normal once again until it stops accepting logins again. Though when it is > > in operation it runs well. > > I have gone through the Performance & Tuning Section of the manual as > > well. > > > > Here are my radius.cfg and users file: > > > > #radius.cfg > > > > Foreground > > #LogStdout > > #Trace 3 > > PidFile %L/radiusd.pid > > AuthPort1645 > > AcctPort1646 > > LogDir /var/adm/radacct/Radiator > > DbDir /usr/local/etc/raddb > > #LogFile %L/logfile-%d > > LogFile > > > > DictionaryFile %D/dictionary > > #DictionaryFile %D/dictionary.cisco > > #DictionaryFile %D/dictionary.ascend > > #DictionaryFile %D/dictionary.ascend2 > > #DictionaryFile %D/dictionary.usr.merit > > > > #unknownMIB .iso.org.dod.internet.private.enterprises.307 > > #unknownOffs29 > > #unknownHole2 > > SnmpgetProg /usr/local/bin/snmpget > > > > > > > > Secret pass > > NasType unknown > > > > . > > .. > > .. > > > > > > Secret pass > > NasType unknown > > > > Secret pass > > NasType unknown > > > > > > > > > > > > Filename %D/users > > > > > > > > Identifier System > > > > > > AcctLogFileName %L/detail > > # PasswordLogFileName %L/password.log > > > > > > > > > > RewriteUsername s/^([^@]+).*/$1/ > > > > Filename %D/users > > > > > > > > Identifier System > > > > > > AcctLogFileName %L/detail > > # PasswordLogFileName %L/password.log > > > > > > > > > > > > Host202.52.255.47 > > Secret mypass > > AuthPort1745 > > AcctPort1746 > > Retries 3 > > RetryTimeout5 > > > > > > > > # > > # Filename %L/online > > # > > Thanks for sending all the information. I can't see anything wrong with > Radiator or the way it is running. I suspect you may have a problem with Perl. > What version of Perl are you using and where did it come from? You are probably > better off downloading the latest version and building it directly on the > machine you are going to run it on. > > BTW - you can tidy up your configuration file like this: > > #radius.cfg > > Foreground > #LogStdout > #Trace 3 > PidFile %L/radiusd.pid > AuthPort1645 > AcctPort1646 > LogDir /var/adm/radacct/Radiator > DbDir /usr/local/etc/raddb > #LogFile %L/logfile-%d > LogFile > > DictionaryFile %D/dictionary > #DictionaryFile %D/dictionary.cisco > #DictionaryFile %D/dictionary.ascend > #DictionaryFile %D/dictionary.ascend2 > #DictionaryFile %D/dictionary.usr.merit > > #unknownMIB .iso.org.dod.internet.private.enterprises.307 > #unknownOffs29 > #unknownHole2 > SnmpgetProg /usr/local/bin/snmpget > > > > Secret pass > NasType unknown > > .. > .. > .. > > > Secret pass > NasType unknown > > > > Secret pass > NasType unknown > > > # configure AuthBy clauses with Identifiers > > > Identifier Check_FILE > Filename %D/users > > > > Identifier System > > > > Identifier Check_RADIUS > Host202.52.255.47 > Secret mypass > AuthPort1745 > AcctPort1746 > Retries 3 > RetryTimeout5 > > > # configure Realms > > > AuthBy Check_FILE > AcctLogFileName %L/detail > # PasswordLogFileName %L/password.log > > > > RewriteUsername s/^([^@]+).*/$1/ > AuthBy Check_FI
