Hi Hugh, I have been running Livingston Radius for the last couple of years. I had it setup with a Livingston menu so that customers could login with a prefix of M to bring up a menu to select the machine to rlogin to for shell access. This is especially improtant for my UUCP customers (who have now not been able to connect for 2 weeks). I discussed this with Mike McCauley who said that Radiator does not support Livingston Menu's but that it does support radius login prefixes. I need to setup a login prefix of U to allow my UUCP customers to rlogin to the correct machine. I suspect that the prefix handling code for Radiator has not been fully tested. pm1 is my PortMaster and does resolve. My radius.cfg file is attached as is my users file. Regards. Paul Hugh Irvine wrote: > > Hi Paul - > > I think we might want to go back to basics. Could you please send me (again) > your config file, together with your description of what exactly you want to do. > > That way we can make sure. > > Notice that the definition below will only work on calls coming in on "pm1" - > is this correct? And have you checked that "pm1" will resolve to an IP address > (and vice-versa)? > > I've also taken this discussion off the list. > > thanks > > Hugh > > On Wed, 11 Aug 1999, you wrote: > > Hugh Irvine wrote: > > > > > Tom is correct, Check items are on the first line, Reply items are on the > > > following lines. See Section 13 in the Radiator 2.14.1 manual. > > > > > > I think you might want something more like this (if not let me know): > > > > > > # Check for Prefix = U and Client-Id = pm1 (not sure if this is correct?) > > > # Reply with the others > > > DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1 > > > Service-Type = Login-User, > > > Login-IP-Host = ice.triode.net.au, > > > Login-Service = Rlogin > > > > Still no luck. I have changed the entry in my users file as follows. What can > > I try next? > > > > Regards. Paul > > > > > > DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1 > > Service-Type = Login-User, > > Login-IP-Host = ice.triode.net.au, > > Login-Service = Rlogin, > > Framed-IP-Address = 255.255.255.254 > > > > Following is what I see in the logfile: > > > > Wed Aug 11 21:16:16 1999: DEBUG: Packet dump: > > *** Received from 203.63.235.9 port 1028 .... > > Code: Access-Request > > Identifier: 245 > > Authentic: <192>#Rb<136><204><207>'<244>25<191>.7<145><131> > > Attributes: > > User-Name = "Upaulb" > > User-Password = > > "<208>q<26><140><135>?7<150>+<192><27><24><218><189><252><227>" > > NAS-IP-Address = 203.63.235.9 > > NAS-Port = 6 > > NAS-Port-Type = Async > > > > Wed Aug 11 21:16:16 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' > > Wed Aug 11 21:16:16 1999: DEBUG: Deleting session for Upaulb, 203.63.235.9, 6 > > Wed Aug 11 21:16:16 1999: DEBUG: do query is: delete from RADONLINE where > > NASIDENTIFIER='203.63.235.9' and NASPORT=6 > > > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthRADMIN > > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES > > (TIME_STAMP, TYPE, MESSAGE) > > values (934370176, 4, 'Handling with Radius::AuthRADMIN') > > > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthRADMIN > > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES > > (TIME_STAMP, TYPE, MESSAGE) > > values (934370176, 4, 'Handling with Radius::AuthRADMIN') > > > > Wed Aug 11 21:16:16 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS, > > TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='Upaulb' and BADLOGINS < 5 > > and VALIDFROM < 934370176 and VALIDTO > 934370176 > > > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthRADMIN looks for match with > > Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES > > (TIME_STAMP, TYPE, MESSAGE) > > values (934370176, 4, 'Radius::AuthRADMIN looks for match with Upaulb') > > > > Wed Aug 11 21:16:16 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS, > > TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='DEFAULT' and BADLOGINS < 5 > > and VALIDFROM < 934370176 and VALIDTO > 934370176 > > > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthFILE > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with > > DEFAULT1 > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with > > DEFAULT2 > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb > > Wed Aug 11 21:16:16 1999: INFO: Access rejected for Upaulb: No such user > > Wed Aug 11 21:16:16 1999: DEBUG: Packet dump: > > *** Sending to 203.63.235.9 port 1028 .... > > Code: Access-Reject > > Identifier: 245 > > Authentic: <192>#Rb<136><204><207>'<244>25<191>.7<145><131> > > Attributes: > > Reply-Message = "Request Denied" > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody
# livingCompat.cfg # # This is a simple Radiator config file that allows you # to continue using a bog standard Livingston or # similar users file with Radiator, It implements the # Auth-Type="System" check item by using AuthBy UNIX # # You will probably want to change the definitions of # DbDir, LogDir and the Filename parameters # # Author: Mike McCauley ([EMAIL PROTECTED]) # Copyright (C) 1997 Open System Consultants # $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $ #Foreground #LogStdout Trace 4 DbDir /etc/raddb LogDir /var/log/radacct DictionaryFile /etc/raddb/dictionary # This clause defines a single client to listen to # You will probably want to change localhost and mysecret # to suit your site. <Client iggy> Secret XXXX </Client> <Client dm1> Secret XXXX </Client> <Client pm1> Secret XXXX </Client> # This clause means we will handle any real that arrives <Realm DEFAULT> AuthByPolicy ContinueWhileReject <AuthBy RADMIN> # Change DBSource, DBUsername, DBAuth for your database # See the reference manual. You will also have to # change the one in <SessionDatabse SQL> below # so its the same DBSource dbi:mysql:radmin DBUsername radmin DBAuth XXXX # You can add to or change these if you want, but you # will probably want to change the databse schema first AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id # # This updates the time and octets left for this user # AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' # # # # # These are the classic things to add to each users # # reply to allow a PPP dialup session. It may be # # different for your NAS. This will add some # # reply items to everyone's reply # # # AddToReply Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP </AuthBy> <AuthBy FILE> Filename /etc/raddb/users </AuthBy> <AuthBy UNIX> Filename /etc/shadow </AuthBy> # Log accounting to the detail file in LogDir AcctLogFileName /var/log/radacct/dm1/detail </Realm> <SessionDatabase SQL> # This database spec usually should be exactly the same # as in <AuthBy RADMIN> above DBSource dbi:mysql:radmin DBUsername radmin DBAuth XXXX </SessionDatabase> # This clause defines an authorisation method that will be used # by any users in the database with Auth-Type="System". It will # match the "Identifier System" <AuthBy UNIX> Identifier System Filename /etc/shadow </AuthBy>
#--------------------------------------------------------------------------- # # @(#)users 1.2 5/20/97 Copyright 1991, 1997 Livingston Enterprises Inc # #--------------------------------------------------------------------------- # # This file contains security and configuration information for # each user. The first field is the user's name and can be up to # 8 characters in length. This is followed (on the same line) # with the list of authentication requirements for that user. # This can include password, comm server name, comm server port # number, and an expiration date of the user's password. When an # authentication request is received from the comm server, these # values are tested. Special users named "DEFAULT", "DEFAULT2", # "DEFAULT3" can be created (and should be placed at the end of # the user file) to specify what to do with users not contained # in the user file. # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1 Service-Type = Login-User, Login-IP-Host = ice.triode.net.au, Login-Service = Rlogin, Framed-IP-Address = 255.255.255.254 paulb Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.34.253, Framed-MTU = 1500, Idle-Timeout = 999999 geoff Auth-Type = System Client-Id = pm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.67, Framed-MTU = 1500, Idle-Timeout = 999999 csmall Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.152, Framed-MTU = 1500 dannya Auth-Type = System, Client-Id = pm1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.96, Framed-Netmask = 255.255.255.248, Framed-MTU = 1500, Idle-Timeout = 999999 nch Auth-Type = System Client-Id = pm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.221, Framed-MTU = 1500, Idle-Timeout = 999999 davidm Auth-Type = System, Client-Id = pm1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.213, Framed-MTU = 1500, Idle-Timeout = 999999 stevew Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.34.246, Framed-MTU = 1500, Idle-Timeout = 2400 kgriffin Auth-Type = System Client-Id = pm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.66, Framed-MTU = 1500, Idle-Timeout = 999999 lee Auth-Type = System Client-Id = pm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.68, Framed-MTU = 1500, Idle-Timeout = 999999 # # Mailbox Only Customers # skisec Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 skied Auth-Type = Systemx, Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 skipl Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 simone Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 richardm Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 stepheng Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 rogers Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 rrver Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 kristian Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 dajdpw Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 dajmax Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 dajurs Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 dajjen Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 dajdeb Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 smp Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 ibsmb1 Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 ibsmb2 Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 ibsmb3 Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 ibsmb4 Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 swarod Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 alpbarry Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 alpgreg Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 alpsales Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 gcoinfo Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 forever Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 dougg Auth-Type = System Client-Id = dm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id = "email", Framed-MTU = 1500 # # Customers with their own IP addresses # fx Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.34.254, Idle-Timeout = 2400, Framed-MTU = 1500 vlx Auth-Type = System Client-Id = pm1, Framed-Compression = None, Menu = "menu1" # # Anything else uses PPP to the host set for that port # DEFAULT Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 2400