Re: (RADIATOR) Ah. question..
On Apr 18, 4:27pm, tom minchin wrote: > Subject: Re: (RADIATOR) Ah. question.. > On Sun, Apr 18, 1999 at 03:49:09PM -0500, Mike McCauley wrote: > > Hi Rob, > > > > On Apr 17, 11:47pm, Rob Thomas wrote: > > > Subject: (RADIATOR) Ah. question.. > > > > > > I've been plowing through radiator, and I'm pretty happy with it. Just going > > > through and I don't seem to find any documentation on having a different > > > database for authentication and accounting. Am I blind, or is it not there? > > Its there, just a bit non-obvious > > > > You wil need to set up 2 AuthBy SQL, each with slightly differetn setup. With > > SQL, if you have an _empty string_ for the AuthSelect, it wont to do > > authentication. If AcctTable is not defined, it wont do accounting, so: > > Would it also work if you used a Handler? > > > > [...blah blah off to the accounts SQL server...] > > Yes, I expect it would, though I havent tested it. > [... continue on to the rest of the handlers/realms...] The only thing to beware of with that last line is that Radiator will look at all the Realm clauses first, and only if exactly none of the Realms match will it go on to look for a Handler. That means if you have a DEFAULT Realm, no Handler will _ever_ get called, regardless of where the Handler is placed in the config file. Cheers. > > [EMAIL PROTECTED] > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from tom minchin -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) replyattr and fixed ip's
On Apr 16, 10:09am, me wrote: > Subject: Re: (RADIATOR) replyattr and fixed ip's > Hi I understood all but part 3 I meant that you should check that your NAS will allocate an address from its pool if and only if there was no static address sent back by Radiator. Thats the normal behaviour for a NAS, but you should check. Cheers. > > I assume you meant, that the pool specified in our NAS does not contain > any of the statis IP's > > Iqbal > > Mike McCauley wrote: > > > > Hello Iqbal, > > > > On Apr 15, 11:54am, me wrote: > > > Subject: (RADIATOR) replyattr and fixed ip's > > > Hi > > > > > > I origiannly used to have asimple query which authenticated users fine > > > select Password etc etc , however I now want to assign some of my users > > > with fixed IP addresses (they are currently assigned from a pool in our > > > NAS). > > OK, should be no problem. > > > > > > > > The fixed IP's used to be assigned from the flat radius users file > > > Fixed-IP-Address=xxx.xxx.xxx.xxx > > I guess you mean Framed-IP-Address, but fine. > > > > > > > > However when i went down the sql route I cant seem to assign these fixed > > > IP, the "normal" customers work fine. > > > > > > Then i decided to alter the Authselect statement > > > > > > ...select PASSWORD,CHECKATTR,REPLYATTR from SUBSCRIBERS where > > > USERNAME='%n' > > Hmm, its a bit hard to tell without seeing your config file, but I would > > suggect this approach: > > > > 1. Make a new column in your database for the framed ip address, call it, say > > FRAMEDIPADDRESS. > > > > 2. use this in your config file: > > AuthSelect select PASSWORD,FRAMEDIPADDRESS from SUBSCRIBERS \ > > where USERNAME='%n' > > AuthColumnDef 0,User-Password,check > > AuthColumnDef 1,Framed-IP-Address,reply > > > > Then, whenever a user has an entry in FRAMEDIPADDRESS, it will be used to set > > Framed-IP-Address in the reply. If FRAMEDIPADDRESS is NULL, then it will not be > > set in the reply. > > > > 3. Make sure your NAS uses a pool adddress of a static address is not supplied > > by radius. > > > > (it _is_ possible to do something similar using REPLYATTR as you are trying, > > but its a bit harder to set up, and wastes some space) > > > > Hope that helps. > > > > Cheers. > > > > > > > > now nothing gets access no dynamic IP customers or fixed. > > > > > > I had a look at the logfile, and in there it does say Access Accept > > > > > > Thu Apr 15 10:57:34 1999: DEBUG: Handling request with Handler 'Realm=' > > > Thu Apr 15 10:57:34 1999: DEBUG: Handling with Radius::AuthSQL > > > Thu Apr 15 10:57:34 1999: DEBUG: Query is: select PASSWORD, CHECKATTR, > > > REPLYATTR > > > > > > from SUBSCRIBERS where USERNAME='mirza' > > > > > > Thu Apr 15 10:57:34 1999: DEBUG: Radius::AuthSQL looks for match with > > > mirza > > > Thu Apr 15 10:57:34 1999: DEBUG: Packet dump: > > > *** Sending to 193.218.160.68 port 3760 > > > Code: Access-Accept > > > Identifier: 13 > > > Authentic: 7<21><196>u<0>u<24><188><0><0>M<1><0><0>l<153> > > > Attributes: > > > Service-Type = Framed > > > Framed-Protocol = PPP > > > Framed-IP-Netmask = 255.255.255.0 > > > Framed-Routing = None > > > Framed-MTU = 1500 > > > Framed-Compression = Van-Jacobson-TCP-IP > > > > > > etc etc > > > > > > but they get an entry into the accounting logs, then disconnect. the > > > fixed Ips dont even get that far. > > > > > > My CheckATTR in the db is NULL, but the replies are the ones above. I > > > havent got any replies for fixed IP ones cause they dont get that far. > > > > > > Iqbal > > > > > > === > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > >-- End of excerpt from me > > > > -- > > Mike McCauley [EMAIL PROTECTED] > > Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW > > 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au > > Phone +61 3 9598-0985 Fax +61 3 9598-0955 > > > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > > Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from me -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in th
Re: (RADIATOR) Authentication with multiple RADIUS servers
Hi Rich, On Apr 16, 3:03pm, Richard Hawley wrote: > Subject: (RADIATOR) Authentication with multiple RADIUS servers > We have an old Steel-Belted radius server. Our radiator server is just > now going into full production use. I have it configured now with a > ContinueUntilAccept clause, however, this is getting around the > Simultaneous-Use checking. The concern is that not every user was added > to the SQL database from the old NT database. If I change radius.cfg to > be ContinueUntilReject, anyone who is not in the SQL database will be > rejected. Is there a way to avoid this? I know if the user is not in > the database, it will automatically reject. Obviously I do not want to > set it so it automatically accepts anyone not in the database. I want > it to pass the request to AuthBy RADIUS if the user does not exist in > the SQL database. Thanks. You should do something like this: AuthByPolicy ContinueWhileReject blah blah blah blah blah blah So, if they are in the SQL database, auths will accept without going to the proxy. If they are not in SQL, auths will go to the proxy. Accoutning will always be handled by SQL, and will never go to the proxy. The sim-use checking should continue to work fine, counting peoples sessions regardless of which method authenticated them. Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ah. question..
On Sun, Apr 18, 1999 at 03:49:09PM -0500, Mike McCauley wrote: > Hi Rob, > > On Apr 17, 11:47pm, Rob Thomas wrote: > > Subject: (RADIATOR) Ah. question.. > > > > I've been plowing through radiator, and I'm pretty happy with it. Just going > > through and I don't seem to find any documentation on having a different > > database for authentication and accounting. Am I blind, or is it not there? > Its there, just a bit non-obvious > > You wil need to set up 2 AuthBy SQL, each with slightly differetn setup. With > SQL, if you have an _empty string_ for the AuthSelect, it wont to do > authentication. If AcctTable is not defined, it wont do accounting, so: Would it also work if you used a Handler? [...blah blah off to the accounts SQL server...] [... continue on to the rest of the handlers/realms...] [EMAIL PROTECTED] === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problem with internal session database fixed
Hi A number of people have reported a problem where Radiator would do sim-use double checking against lots of NAS ports, not just the ones of interest. This slows radiator down a lot when it happens. We have found and fixed this problem. It affects only the INTERNAL session database (ie the default one you get if you dont specify a SessionDatabase clause) People affected by this problem can download a new version of the code from http://www.open.com.au/radiator/downloads/patches-2.13.1/SessINTERNAL.pm We apologise for this problem. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SessionsDataBase Identifier
Hi Remi. You only need to do this if you want different realms to be sim-use checked against different session databases. You need to do several things. 1. Define 2 or more SessionDatabase clauses 2. Add an identifier line to each SessionDatabase clause 3. In each Realm clause add a SessionDatabase line saying whcih sesison datybase to use for all sessions in that realm. something liek this: Identifier sdb1 blah blah blah Identifier sdb2 blah blah blah # This makes all the sessions in this realm go into the first # session database SessionDatabase sdb1 blah blah blah # This makes all the sessions in this realm go into the first # session database SessionDatabase sdb2 blah blah blah Hope that helps. Cheers. On Apr 16, 1:29pm, Remi Godin wrote: > Subject: (RADIATOR) SessionsDataBase Identifier > > [ Attachment (text/plain): ".prt391MHd" 601 bytes > Character set: Windows-1252 > plain text ] >-- End of excerpt from Remi Godin How do I use Identifier in regards to SessionDatabase SQL? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Remi Godin Escape Communications Corp. Jr. Systems Support665 Stafford Street Winnipeg, MB R3M 2X7 [EMAIL PROTECTED] Tel: 1-877-372-2730 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ah. question..
Hi Rob, On Apr 17, 11:47pm, Rob Thomas wrote: > Subject: (RADIATOR) Ah. question.. > > I've been plowing through radiator, and I'm pretty happy with it. Just going > through and I don't seem to find any documentation on having a different > database for authentication and accounting. Am I blind, or is it not there? Its there, just a bit non-obvious You wil need to set up 2 AuthBy SQL, each with slightly differetn setup. With SQL, if you have an _empty string_ for the AuthSelect, it wont to do authentication. If AcctTable is not defined, it wont do accounting, so: AuthByPolicy ContinueWhileReject # This one does accounting, but rejects all auths AuthSelect AcctTable ACCOUNTING DBSourcedbi:mysql:db1 # THis one does auths, but not accounting AuthSelect whatever DBSourcedbi:mysql:db2 Hope that helps. Cheers. > Why, I hear you asking, do you want to do that? > > Well. I'm using MySQL and MySQL can't limit access per table, only per > database. So, I'm going to have to set up two databases. One with only > 'select' permissions (for authentcation), and the other with > insert/update/delete permissions (for accounting - insert only, and > simultaneous-use, requires insert, update(?) and delete.) So really, I need > three databases. Or I need Oracle 8-) > > Anyone done this? > > --Rob > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Rob Thomas -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: your mail
> >interesting. Do you all feel its a good idea to "lowercase and chop" all > >usernames like this, and just let the user have "[EMAIL PROTECTED]" incorrectly > >in their dial up config, or do you think its better to correct for it? > > > >I think the RewriteUsername would cut down alot of tech support calls, and > >really its harmless so long as its only their dialup config that is > >braindead and not their mail config etc. > > I think it's not a good idea. > Remeber that the password will not be touched, so if your customer forgot to > turn off caps lock, the authentication will fail anyway, and support calls > will happen. FWIW, we like to automatically LC() the realm. Enough of our users think that their e-mail address ought to be upper case - or lower case - or proper case - that we decided it was simpler to accept them all. Especially since our name has odd capitalization anyway (cyberTours. Yup - sure looks funny at the beginnig of a sentence.) Phil Freed <[EMAIL PROTECTED]> === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Ah. question..
I've been plowing through radiator, and I'm pretty happy with it. Just going through and I don't seem to find any documentation on having a different database for authentication and accounting. Am I blind, or is it not there? Why, I hear you asking, do you want to do that? Well. I'm using MySQL and MySQL can't limit access per table, only per database. So, I'm going to have to set up two databases. One with only 'select' permissions (for authentcation), and the other with insert/update/delete permissions (for accounting - insert only, and simultaneous-use, requires insert, update(?) and delete.) So really, I need three databases. Or I need Oracle 8-) Anyone done this? --Rob === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
