Hugh, Note: I don't care that I left my ip address in there or the "encrypted" password. This is a test server with test data.
Brandon ----- Original Message ----- From: "Brandon Lehmann" <[EMAIL PROTECTED]> To: "Hugh Irvine" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, November 12, 2003 5:43 PM Subject: Re: (RADIATOR) Profiles problems > Hugh, > > Trace 4 with the config in my original message shows: > > --- START---- > Reading dictionary file './dictionary' > sending Access-Request... > Packet dump: > *** Sending to 63.148.117.3 port 1645 .... > Code: Access-Request > Identifier: 120 > Authentic: 1234567890123456 > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = > ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>" > > No reply > sending Accounting-Request Start... > Packet dump: > *** Sending to 63.148.117.3 port 1646 .... > Code: Accounting-Request > Identifier: 121 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Start > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > > Packet dump: > *** Received from 63.148.117.3 port 1646 .... > Code: Accounting-Response > Identifier: 121 > Authentic: f>e#O#<156><150>S<239>N<240><234><182><23><229> > Attributes: > > OK > sending Accounting-Request Stop... > Packet dump: > *** Sending to 63.148.117.3 port 1646 .... > Code: Accounting-Request > Identifier: 122 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Stop > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > Acct-Session-Time = 1000 > Acct-Input-Octets = 20000 > Acct-Output-Octets = 30000 > > Packet dump: > *** Received from 63.148.117.3 port 1646 .... > Code: Accounting-Response > Identifier: 122 > Authentic: 5Y<2>V<137><180>L<2>R<138>vzai<248><184> > Attributes: > > OK > -----END---- > > > Chaning AuthByPolicy to ContinueWhileAccept returns this: > > -----START----- > Reading dictionary file './dictionary' > sending Access-Request... > Packet dump: > *** Sending to 63.148.117.3 port 1645 .... > Code: Access-Request > Identifier: 81 > Authentic: 1234567890123456 > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>" > > Packet dump: > *** Received from 63.148.117.3 port 1645 .... > Code: Access-Reject > Identifier: 81 > Authentic: <201>KV<189>Ao<213><235><254>3<22>z>h<239><4> > Attributes: > Reply-Message = "Request Denied" > > Rejected: Request Denied > sending Accounting-Request Start... > Packet dump: > *** Sending to 63.148.117.3 port 1646 .... > Code: Accounting-Request > Identifier: 82 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Start > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > > Packet dump: > *** Received from 63.148.117.3 port 1646 .... > Code: Accounting-Response > Identifier: 82 > Authentic: <237><157><221><24><8><3><11><235><207><167>t<226>SVQ<227> > Attributes: > > OK > sending Accounting-Request Stop... > Packet dump: > *** Sending to 63.148.117.3 port 1646 .... > Code: Accounting-Request > Identifier: 83 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Stop > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > Acct-Session-Time = 1000 > Acct-Input-Octets = 20000 > Acct-Output-Octets = 30000 > > Packet dump: > *** Received from 63.148.117.3 port 1646 .... > Code: Accounting-Response > Identifier: 83 > Authentic: <4>\<212>g'`<252><214><23><246>>A]<136><172><174> > Attributes: > > OK > > ----END----- > > Removing the Authby clause for the profile & timeofday returns this (with > ContinueWhileAccept): > > ----START------ > Reading dictionary file './dictionary' > sending Access-Request... > Packet dump: > *** Sending to 63.148.117.3 port 1645 .... > Code: Access-Request > Identifier: 251 > Authentic: 1234567890123456 > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>" > > Packet dump: > *** Received from 63.148.117.3 port 1645 .... > Code: Access-Reject > Identifier: 251 > Authentic: <2>I<24> <180>7<222><164><151>k<213><22>O<15><255>N > Attributes: > Reply-Message = "Request Denied" > > Rejected: Request Denied > sending Accounting-Request Start... > Packet dump: > *** Sending to 63.148.117.3 port 1646 .... > Code: Accounting-Request > Identifier: 252 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Start > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > > Packet dump: > *** Received from 63.148.117.3 port 1646 .... > Code: Accounting-Response > Identifier: 252 > Authentic: <203>r<199><16>8<247>G<146><29>fe<135>`<20><133>Q > Attributes: > > OK > sending Accounting-Request Stop... > Packet dump: > *** Sending to 63.148.117.3 port 1646 .... > Code: Accounting-Request > Identifier: 253 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Stop > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > Acct-Session-Time = 1000 > Acct-Input-Octets = 20000 > Acct-Output-Octets = 30000 > > Packet dump: > *** Received from 63.148.117.3 port 1646 .... > Code: Accounting-Response > Identifier: 253 > Authentic: TZ<243><171><164><236><146>h<14>+<186>)<190><14><<197> > Attributes: > > OK > ----------END--------- > > And with the authbyclaus for timeofday removed and the policy set to > ContinueAlways: > > --------START--------- > Reading dictionary file './dictionary' > sending Access-Request... > Packet dump: > *** Sending to 63.148.117.3 port 1645 .... > Code: Access-Request > Identifier: 62 > Authentic: 1234567890123456 > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = ".<255>x]<205>2><212><197><219>Sj<143><221><224><129>" > > Packet dump: > *** Received from 63.148.117.3 port 1645 .... > Code: Access-Accept > Identifier: 62 > Authentic: 9<165>Y<201><211><140><2>u<210><251><161><200>3<149><179><1> > Attributes: > Service-Type = Framed-User > Session-Timeout = 18000 > Idle-Timeout = 1740 > Framed-IP-Netmask = 255.255.255.255 > Port-Limit = 3 > > OK > sending Accounting-Request Start... > Packet dump: > *** Sending to 63.148.117.3 port 1646 .... > Code: Accounting-Request > Identifier: 63 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Start > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > > Packet dump: > *** Received from 63.148.117.3 port 1646 .... > Code: Accounting-Response > Identifier: 63 > Authentic: <1>.<245><190>|!.1g<201>0<201><148><229><234>% > Attributes: > > OK > sending Accounting-Request Stop... > Packet dump: > *** Sending to 63.148.117.3 port 1646 .... > Code: Accounting-Request > Identifier: 64 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > User-Name = "brandon" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "00001234" > Acct-Status-Type = Stop > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > Acct-Delay-Time = 0 > Acct-Session-Time = 1000 > Acct-Input-Octets = 20000 > Acct-Output-Octets = 30000 > > Packet dump: > *** Received from 63.148.117.3 port 1646 .... > Code: Accounting-Response > Identifier: 64 > Authentic: <237><203>Z_<169><202>Um#&<241><136><29>8<145><23> > Attributes: > > OK > --------END---------- > > As for a crash course in TimeOfDay, its a radius attribute that is used to > define when a user can login. Say 7:30am to 3:30pm etc -> "07:30-15:30" or > cannot login "!00:00-02:00" -> midnight to 2am. It is pretty similar to the > Radiator Time attribute. However I have tried changing the columndef to > "AuthColumnDef 0,Time,reply" and adding "Al" to the front of the field to > apply for all days as the radiator manual shows. What I need to do is limit > a few users to only login during certain hours (at their bosses request). > For now I have just added a stored procedure to my SQL server and a job to > turn the account on and off at the specified time however that will not work > forever. > > Thanks for the help, > > Brandon > > Note: This is running Radiator 3.7.1 on Windows 2000 SP4, w/ activestate > perl 5.6.1 using a 3com total control. > > ----- Original Message ----- > From: "Hugh Irvine" <[EMAIL PROTECTED]> > To: "Brandon Lehmann" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, November 12, 2003 5:03 PM > Subject: Re: (RADIATOR) Profiles problems > > > > > > Hello Brandon - > > > > Could you please send me a trace 4 debug showing what is happening, and > > a bit more detail on what exactly you are wanting to have happen? I am > > not clear on what the TimeOfDay reply item is meant to do. > > > > regards > > > > Hugh > > > > > > On 13/11/2003, at 7:10 AM, Brandon Lehmann wrote: > > > > > Hi List, > > > > > > I cannot get the radius server to return the profile while using > > > the following configuration: > > > > > > ------START----- > > > LogStdout c:/radiator/stdout.txt > > > LogDir c:/radiator > > > DbDir c:/radiator. > > > > > > <Client DEFAULT> > > > Secret !removed for my protection! > > > DupInterval 0 > > > </Client> > > > > > > <Realm DEFAULT> > > > > > > AuthByPolicy ContinueAlways > > > > > > <AuthBy SQL> > > > Identifier ACCT1 > > > DBSource dbi:ODBC:!removed for my protection! > > > DBUsername !removed for my protection! > > > DBAuth !removed for my protection! > > > > > > AuthSelect > > > > > > AccountingTable radacct1 > > > AcctColumnDef UserName,User-Name > > > AcctColumnDef LogDateTime,Timestamp,integer-date > > > AcctColumnDef AcctStatusType,Acct-Status-Type > > > AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer > > > AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer > > > AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer > > > AcctColumnDef AcctInputPackets,Acct-Input-Packets,integer > > > AcctColumnDef AcctOutputPackets,Acct-Output-Packets,integer > > > AcctColumnDef AcctSessionTime,Acct-Session-Time,integer > > > AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause > > > AcctColumnDef NasIPAddress,NAS-IP-Address > > > AcctColumnDef NasIdentifier,NAS-Identifier > > > AcctColumnDef NasPortId,NAS-Port,integer > > > AcctColumnDef NasPortType,NAS-Port-Type,integer > > > AcctColumnDef ConnectInfo,Connect-Info > > > AcctColumnDef ServiceType,Service-Type > > > AcctColumnDef FramedProtocol,Framed-Protocol > > > AcctColumnDef FramedAddress,Framed-IP-Address > > > AcctColumnDef CallingStationId,Calling-Station-Id > > > </AuthBy> > > > > > > <AuthBy SQL> > > > Identifier AUTH1 > > > DBSource dbi:ODBC:!removed for my protection! > > > DBUsername !removed for my protection! > > > DBAuth !removed for my protection! > > > > > > AuthSelect select > > > ClearTextPassword,ServiceType,SessionLimit, \ > > > IdleLimit,StaticIP,IPNetmask,FramedRoute,PortLimit, \ > > > PortLimit,ProfileID from Customers where CustomerID=%0 \ > > > and Disable is null > > > AuthColumnDef 0,Password,check > > > AuthColumnDef 1,Service-Type,reply > > > AuthColumnDef 2,Session-Timeout,reply > > > AuthColumnDef 3,Idle-Timeout,reply > > > AuthColumnDef 4,Framed-IP-Address,reply > > > AuthColumnDef 5,Framed-IP-Netmask,reply > > > AuthColumnDef 6,Framed-Route,reply > > > AuthColumnDef 7,Port-Limit,reply > > > AuthColumnDef 8,Simultaneous-Use,check > > > AuthColumnDef 9,Profile,reply > > > </AuthBy> > > > <AuthBy SQL> > > > DBSource dbi:ODBC:!removed for my protection! > > > DBUsername !removed for my protection! > > > DBAuth !removed for my protection! > > > > > > AuthSelect SELECT timeofday FROM profiles WHERE \ > > > [profile]='%{Reply:Profile}' > > > AuthColumnDef 0,TimeOfDay,reply > > > > > > StripFromReply Profile > > > </AuthBy> > > > > > > SessionDatabase SDB1 > > > > > > </Realm> > > > > > > <SessionDatabase SQL> > > > Identifier SDB1 > > > DBSource dbi:ODBC:!removed for my protection! > > > DBUsername !removed for my protection! > > > DBAuth !removed for my protection! > > > </SessionDatabase> > > > -------END---- > > > > > > If I change "AuthByPolicy ContinueAlways" to "AuthByPolicy > > > ContinueWhileAccept" then the server always returns "Request Denied". > > > Any > > > input would be greatly appreciated. Note: I have already searched the > > > list > > > archives, nothing seems to work. > > > > > > Thank you, > > > > > > Brandon Lehmann > > > Network Administrator > > > Great Lakes Internet Service, LLC. > > > The Computer Loft, Inc. > > > 218 Justice St > > > Fremont, Ohio 43420 > > > 419.332.3553 > > > [EMAIL PROTECTED] > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > > > > > > > NB: have you included a copy of your configuration file (no secrets), > > together with a trace 4 debug showing what is happening? > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > - > > CATool: Private Certificate Authority for Unix and Unix-like systems. > > > > > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.