Hi Hugh,
I have been running Livingston Radius for the last couple of years. I had it
setup with a Livingston menu so that customers could login with a prefix of M
to bring up a menu to select the machine to rlogin to for shell access. This
is especially improtant for my UUCP customers (who have now not been able to
connect for 2 weeks).
I discussed this with Mike McCauley who said that Radiator does not support
Livingston Menu's but that it does support radius login prefixes. I need to
setup a login prefix of U to allow my UUCP customers to rlogin to the correct
machine. I suspect that the prefix handling code for Radiator has not been
fully tested. pm1 is my PortMaster and does
resolve.
My radius.cfg file is attached as is my users file.
Regards. Paul
Hugh Irvine wrote:
>
> Hi Paul -
>
> I think we might want to go back to basics. Could you please send me (again)
> your config file, together with your description of what exactly you want to do.
>
> That way we can make sure.
>
> Notice that the definition below will only work on calls coming in on "pm1" -
> is this correct? And have you checked that "pm1" will resolve to an IP address
> (and vice-versa)?
>
> I've also taken this discussion off the list.
>
> thanks
>
> Hugh
>
> On Wed, 11 Aug 1999, you wrote:
> > Hugh Irvine wrote:
> >
> > > Tom is correct, Check items are on the first line, Reply items are on the
> > > following lines. See Section 13 in the Radiator 2.14.1 manual.
> > >
> > > I think you might want something more like this (if not let me know):
> > >
> > > # Check for Prefix = U and Client-Id = pm1 (not sure if this is correct?)
> > > # Reply with the others
> > > DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1
> > > Service-Type = Login-User,
> > > Login-IP-Host = ice.triode.net.au,
> > > Login-Service = Rlogin
> >
> > Still no luck. I have changed the entry in my users file as follows. What can
> > I try next?
> >
> > Regards. Paul
> >
> >
> > DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1
> > Service-Type = Login-User,
> > Login-IP-Host = ice.triode.net.au,
> > Login-Service = Rlogin,
> > Framed-IP-Address = 255.255.255.254
> >
> > Following is what I see in the logfile:
> >
> > Wed Aug 11 21:16:16 1999: DEBUG: Packet dump:
> > *** Received from 203.63.235.9 port 1028 ....
> > Code: Access-Request
> > Identifier: 245
> > Authentic: <192>#Rb<136><204><207>'<244>25<191>.7<145><131>
> > Attributes:
> > User-Name = "Upaulb"
> > User-Password =
> > "<208>q<26><140><135>?7<150>+<192><27><24><218><189><252><227>"
> > NAS-IP-Address = 203.63.235.9
> > NAS-Port = 6
> > NAS-Port-Type = Async
> >
> > Wed Aug 11 21:16:16 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> > Wed Aug 11 21:16:16 1999: DEBUG: Deleting session for Upaulb, 203.63.235.9, 6
> > Wed Aug 11 21:16:16 1999: DEBUG: do query is: delete from RADONLINE where
> > NASIDENTIFIER='203.63.235.9' and NASPORT=6
> >
> > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthRADMIN
> > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES
> > (TIME_STAMP, TYPE, MESSAGE)
> > values (934370176, 4, 'Handling with Radius::AuthRADMIN')
> >
> > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthRADMIN
> > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES
> > (TIME_STAMP, TYPE, MESSAGE)
> > values (934370176, 4, 'Handling with Radius::AuthRADMIN')
> >
> > Wed Aug 11 21:16:16 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS,
> > TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='Upaulb' and BADLOGINS < 5
> > and VALIDFROM < 934370176 and VALIDTO > 934370176
> >
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthRADMIN looks for match with
> > Upaulb
> > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES
> > (TIME_STAMP, TYPE, MESSAGE)
> > values (934370176, 4, 'Radius::AuthRADMIN looks for match with Upaulb')
> >
> > Wed Aug 11 21:16:16 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS,
> > TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='DEFAULT' and BADLOGINS < 5
> > and VALIDFROM < 934370176 and VALIDTO > 934370176
> >
> > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthFILE
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with Upaulb
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
> > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with
> > DEFAULT1
> > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with
> > DEFAULT2
> > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user
> > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX
> > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb
> > Wed Aug 11 21:16:16 1999: INFO: Access rejected for Upaulb: No such user
> > Wed Aug 11 21:16:16 1999: DEBUG: Packet dump:
> > *** Sending to 203.63.235.9 port 1028 ....
> > Code: Access-Reject
> > Identifier: 245
> > Authentic: <192>#Rb<136><204><207>'<244>25<191>.7<145><131>
> > Attributes:
> > Reply-Message = "Request Denied"
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
# livingCompat.cfg
#
# This is a simple Radiator config file that allows you
# to continue using a bog standard Livingston or
# similar users file with Radiator, It implements the
# Auth-Type="System" check item by using AuthBy UNIX
#
# You will probably want to change the definitions of
# DbDir, LogDir and the Filename parameters
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
#Foreground
#LogStdout
Trace 4
DbDir /etc/raddb
LogDir /var/log/radacct
DictionaryFile /etc/raddb/dictionary
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
<Client iggy>
Secret XXXX
</Client>
<Client dm1>
Secret XXXX
</Client>
<Client pm1>
Secret XXXX
</Client>
# This clause means we will handle any real that arrives
<Realm DEFAULT>
AuthByPolicy ContinueWhileReject
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin
DBUsername radmin
DBAuth XXXX
# You can add to or change these if you want, but you
# will probably want to change the databse schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
#
# This updates the time and octets left for this user
#
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
#
# #
# # These are the classic things to add to each users
# # reply to allow a PPP dialup session. It may be
# # different for your NAS. This will add some
# # reply items to everyone's reply
# #
#
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
<AuthBy FILE>
Filename /etc/raddb/users
</AuthBy>
<AuthBy UNIX>
Filename /etc/shadow
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName /var/log/radacct/dm1/detail
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin
DBUsername radmin
DBAuth XXXX
</SessionDatabase>
# This clause defines an authorisation method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
<AuthBy UNIX>
Identifier System
Filename /etc/shadow
</AuthBy>
#---------------------------------------------------------------------------
#
# @(#)users 1.2 5/20/97 Copyright 1991, 1997 Livingston Enterprises Inc
#
#---------------------------------------------------------------------------
#
# This file contains security and configuration information for
# each user. The first field is the user's name and can be up to
# 8 characters in length. This is followed (on the same line)
# with the list of authentication requirements for that user.
# This can include password, comm server name, comm server port
# number, and an expiration date of the user's password. When an
# authentication request is received from the comm server, these
# values are tested. Special users named "DEFAULT", "DEFAULT2",
# "DEFAULT3" can be created (and should be placed at the end of
# the user file) to specify what to do with users not contained
# in the user file.
#
# Indented (with the tab character) lines following the first
# line indicate the configuration values to be passed back to
# the comm server to allow the initiation of a user session.
# This can include things like the PPP configuration values
# or the host to log the user onto.
#
DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1
Service-Type = Login-User,
Login-IP-Host = ice.triode.net.au,
Login-Service = Rlogin,
Framed-IP-Address = 255.255.255.254
paulb Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.34.253,
Framed-MTU = 1500,
Idle-Timeout = 999999
geoff Auth-Type = System
Client-Id = pm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.235.67,
Framed-MTU = 1500,
Idle-Timeout = 999999
csmall Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.235.152,
Framed-MTU = 1500
dannya Auth-Type = System, Client-Id = pm1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.235.96,
Framed-Netmask = 255.255.255.248,
Framed-MTU = 1500,
Idle-Timeout = 999999
nch Auth-Type = System
Client-Id = pm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.235.221,
Framed-MTU = 1500,
Idle-Timeout = 999999
davidm Auth-Type = System, Client-Id = pm1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.235.213,
Framed-MTU = 1500,
Idle-Timeout = 999999
stevew Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.34.246,
Framed-MTU = 1500,
Idle-Timeout = 2400
kgriffin Auth-Type = System
Client-Id = pm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.235.66,
Framed-MTU = 1500,
Idle-Timeout = 999999
lee Auth-Type = System
Client-Id = pm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.235.68,
Framed-MTU = 1500,
Idle-Timeout = 999999
#
# Mailbox Only Customers
#
skisec Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
skied Auth-Type = Systemx,
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
skipl Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
simone Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
richardm Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
stepheng Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
rogers Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
rrver Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
kristian Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
dajdpw Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
dajmax Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
dajurs Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
dajjen Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
dajdeb Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
smp Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
ibsmb1 Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
ibsmb2 Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
ibsmb3 Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
ibsmb4 Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
swarod Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
alpbarry Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
alpgreg Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
alpsales Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
gcoinfo Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
forever Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
dougg Auth-Type = System
Client-Id = dm1,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Filter-Id = "email",
Framed-MTU = 1500
#
# Customers with their own IP addresses
#
fx Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.34.254,
Idle-Timeout = 2400,
Framed-MTU = 1500
vlx Auth-Type = System
Client-Id = pm1,
Framed-Compression = None,
Menu = "menu1"
#
# Anything else uses PPP to the host set for that port
#
DEFAULT Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1500,
Idle-Timeout = 2400
