RE: (RADIATOR) Handler for a set of realms
Hello Andrew - On Thu, 07 Sep 2000, Andrew Pollock wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hugh Irvine Sent: Tuesday, September 05, 2000 2:14 PM To: Andrew Pollock; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Handler for a "set of realms" Hello Andrew - On Tue, 05 Sep 2000, Andrew Pollock wrote: Hi, Is it currently possible with Radiator to readily have a handler that checks for the realm being in a set of realms? The reason I ask is we have a system here that can theoretically add additional realms that require to be handled at any point in time, and it would be ideal if Radiator could read this from an external file. I think you will have to use a PreHandlerHook to check your file, and perhaps set a pseudo-attribute in the request packet that will be used to select the Handler. There are some examples of hooks in the file "goodies/hooks.txt" in the Radiator 2.16.3 release (also included in all recent releases). hth Cool, thanks Hugh. Do you know how I might go about cacheing this file instead of opening it and reading it evertime the hook executes? It depends on how complex the data is, but the simplest approach is to use the GlobalVar constructs. The first two examples in "goodies/hooks.txt" show how to do it. The first hook is a StartupHook which reads the file and initialises the GlobalVar's, while the second hook uses the GlobalVar data to manipulate the packet contents. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Log files
I have a user who for some reason skips being logged to the log files. I am running a failed attempt log, a detail log, and a password log. They appear in the detail log but for some reason they seem to slide between the cracks in the passlog. I show the users who log in before and after just not them for some reason. Anybody else experience this? Gordon L. Foster System Administrator OTZ Telephone Cooperative, INC. Ph. 907-442-3114 Fax 907-442-2123
(RADIATOR) delete users from radwho
My radwho lists old users that are over 4 months old. I press "delete" sessions but they don't go away. How can I remove them from the radwho.cgi. Andrew P. Kaplan, CNE, MCSE+Internet, MCT, CCNA, CCDA CyberShore, Inc. -- Premium Internet Services -- http://www.cshore.com "BREAKFAST.SYS halted ! Cereal port not responding." === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Negative look ahead assertion log question.
I just recently put in a negative look ahead assertion. #Negative look ahead assertion for SQL DB. Clean up garbled logins. Handler User-Name=/[^a-zA-Z0-9-@_.]/ SessionDatabase SDB2 AuthBy FILE Filename %D/reject_users /AuthBy /Handler I just got this in my log today. What does it mean? Thu Sep 7 07:28:07 2000: ERR: Error while doing regexp match for User-Name: /[^a-zA-Z0-9- ]+t?i/%"X)jli` qrR!ugH8.Ro26ru.=E4D_*2JOo3Xx%D0fu-;|/MRZ /[^a-zA-Z0-9-@_.]/ User-Name.]/: unmatched () in regexp at (eval 10177) line 1. Thu Sep 7 07:28:07 2000: INFO: Access rejected for ]+t?i/%"x)jli` qrr!ugh8.ro26ru.=e4d_*2joo3xx%d0fu-;|/mrz: No such user Thanks for any help. Cortney Thompson [EMAIL PROTECTED] Opinions are mine and do not necessarily reflect those of wyoming.com LLC === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Log files
Hello Gordon - I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug showing what is happening. thanks Hugh On Fri, 08 Sep 2000, Gordon L. Foster wrote: I have a user who for some reason skips being logged to the log files. I am running a failed attempt log, a detail log, and a password log. They appear in the detail log but for some reason they seem to slide between the cracks in the passlog. I show the users who log in before and after just not them for some reason. Anybody else experience this? Gordon L. Foster System Administrator OTZ Telephone Cooperative, INC. Ph. 907-442-3114 Fax 907-442-2123 Content-Type: text/html; name="unnamed" Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) delete users from radwho
Hello Andrew - The simplest thing to do is to use radpwtst to send a dummy stop packet to Radiator with the username, NAS-Identifier and NAS-Port of the entry(s) in question. hth Hugh On Fri, 08 Sep 2000, Andrew P. Kaplan wrote: My radwho lists old users that are over 4 months old. I press "delete" sessions but they don't go away. How can I remove them from the radwho.cgi. Andrew P. Kaplan, CNE, MCSE+Internet, MCT, CCNA, CCDA CyberShore, Inc. -- Premium Internet Services -- http://www.cshore.com "BREAKFAST.SYS halted ! Cereal port not responding." === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PasswordLogFileName, does it work?
Radiator 2.16.1 Redhat Linux 6.2 Defining PasswordLogFileName doesn't seem to produce output, whether it is defined in the global section of the .cfg or within the Realm. Does that setting actually work for anyone??? Or is this just some weird handler-only call the subroutine kind of thing??? ex: Realm /(^barney$)/i RewriteUsername s/^([^@]+)@.*/$1/ AcctLogFileName /rad/barney-realm.log PasswordLogFileName /rad/barney-pass.log AuthBy RADIUS Host barney Secret /AuthBy /Realm Thanks, John Kemp ([EMAIL PROTECTED]) === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) question: Cisco 3000 VPN/radiator/windows 2000
Title: question: Cisco 3000 VPN/radiator/windows 2000 Hi all, I apologize for asking a question which has probably been asked before but I can't seem to find an archive of the list. As there is no Cisco VPN client for windows 2000, I've been trying to establish a connection via a PPTP connection to our VPN concentrator which authenticates off of radiator. Radiator in turn does an AuthBy NT to authenticate off of the NT server. From the Concentrator admin screen, doing a test authentication off of radiator works fine. However, trying an actual PPTP connection from outside fails with the log showing NT authentication failed. Pointers? Thanks and please let me know if more info is needed... Jeff
Re: (RADIATOR) Strange SIGHUP handling
Hugh, Here is an example, my current config, with IPs changed: LogDir /usr/local/radiator/raddb DbDir /usr/local/radiator/raddb Trace 4 AuthPort 1645 AcctPort 1646 Client 5.6.7.8 Secret hello /Client # DEFAULT handler Handler # Strip out junk from username RewriteUsername s/[^A-Za-z0-9\-\.\@_\/]//g; AcctLogFileName /radius/radiator/roaming/%R/%m-%d-%Y/%c AuthBy RADIUS Host 1.2.3.4 Secret blah RetryTimeout 30 /AuthBy /Handler Realm DEFAULT AuthBy TEST /AuthBy /Realm I sent a radius test to hit the AuthBy TEST. Then I edited the config, and commented out the last 4 lines. I then sent a SIGHUP, and tried the same radius test. It again hit the AuthBy TEST clause even though it wasn't there. Below are logs. Hope this helps. Viraj. Thu Sep 7 23:28:39 2000: DEBUG: AuthTEST loaded Thu Sep 7 23:28:39 2000: DEBUG: New Radius::AuthTEST constructed Thu Sep 7 23:28:39 2000: DEBUG: AuthTEST DESTROY ed Thu Sep 7 23:28:39 2000: INFO: Server started: Radiator 2.16.3 on my.host.com Thu Sep 7 23:29:04 2000: DEBUG: Packet dump: *** Received from 5.6.7.8 port 1026 Code: Access-Request Identifier: 102 Authentic: 00-21300Bl00C16900O198 Attributes: User-Name = "blah@blah" User-Password = "C159!1722517180187189250.234129R/y" NAS-Port = 21 Livingston = "test" USR-Blah-Index = 1952805748 NAS-IP-Address = 5.6.7.8 Thu Sep 7 23:29:04 2000: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Sep 7 23:29:04 2000: DEBUG: Deleting session for blah@blah, 5.6.7.8, 21 Thu Sep 7 23:29:04 2000: INFO: AuthTEST handle_request: Received from 5.6.7.8 port 1026 Thu Sep 7 23:29:04 2000: DEBUG: Access accepted for blah@blah Thu Sep 7 23:29:04 2000: DEBUG: Packet dump: *** Sending to 5.6.7.8 port 1026 Code: Access-Accept Identifier: 102 Authentic: 00-21300Bl00C16900O198 Attributes: Thu Sep 7 23:29:36 2000: NOTICE: SIGHUP received: restarting Thu Sep 7 23:29:36 2000: INFO: Server started: Radiator 2.16.3 on my.host.com Thu Sep 7 23:29:45 2000: DEBUG: Packet dump: *** Received from 5.6.7.8 port 1026 Code: Access-Request Identifier: 107 Authentic: 00615200nv00W20500n208 Attributes: User-Name = "blah@blah" User-Password = "301962evyjm1762151qn2162" NAS-Port = 21 Livingston = "test" USR-Blah-Index = 1952805748 NAS-IP-Address = 5.6.7.8 Thu Sep 7 23:29:45 2000: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Sep 7 23:29:45 2000: DEBUG: Deleting session for blah@blah, 5.6.7.8, 21 Thu Sep 7 23:29:45 2000: INFO: AuthTEST handle_request: Received from 5.6.7.8 port 1026 Thu Sep 7 23:29:45 2000: DEBUG: Access accepted for blah@blah Thu Sep 7 23:29:45 2000: DEBUG: Packet dump: *** Sending to 5.6.7.8 port 1026 Code: Access-Accept Identifier: 107 Authentic: 00615200nv00W20500n208 Attributes: Thu Sep 7 23:29:57 2000: NOTICE: SIGTERM received: stopping Thu Sep 7 23:29:57 2000: DEBUG: AuthTEST DESTROY ed On Thu, 7 Sep 2000, Hugh Irvine wrote: Hello Viraj - On Thu, 07 Sep 2000, Viraj Alankar wrote: On v2.16.3, I just noticed that if I have a: Realm DEFAULT in the configuration file, startup Radiator, then remove the Realm DEFAULT clause and send a SIGHUP, it appears to still be in the configuration. I'm not sure if it is a bug or not, but I was thinking HUP would first remove the current config and reload from the file, so this section would be gone from the running config. This is what should happen. If you are seeing odd behaviour, it would be very helpful if you could send us the relevant configuration files and debug output so we can try to reproduce the problem. many thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.