(RADIATOR) IMPORTANT - MaxSessions problem in Radiator 2.18
Salut Fred, Salut Tout-le-monde - There is a slight error in Radiator 2.18 when using MaxSessions in a Realm or Handler. There is a patched version of Handler.pm in the patches area. Merci a Fred de l'avoir trouve! A+ Hugues -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Nortel CVX-1800
They are actually in two different subnets and we are using static routing. I can ping or traceroute either address from anywhere on the internet, they just can't see each other. Kevin -Original Message- From: Hugh Irvine <[EMAIL PROTECTED]> To: Kevin Wormington <[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Wednesday, March 21, 2001 5:30 PM Subject: Re: (RADIATOR) Nortel CVX-1800 > >Hello Kevin - > >On Thursday 22 March 2001 09:42, Kevin Wormington wrote: >> Hi all, >> >> This question is a little off-topic, but I have seen some CVX-1800 users >> post to the list before who are using them with radiator as we are. >> >> We are having trouble with customers that are assigned static-ips via >> radiator being able to route to other customers who are just automatically >> assigned from the pools on the CVX-1800. They are able to reach the world, >> but can't even ping another dialup ip that's on the same box. Any pointers >> would be appreciated. >> > >Some devices have trouble with multiple bits of the same subnet in different >places. You will probably need to set up some form of routing (either static >or dynamic) to force the device to recognise the different subnet blocks. > >hth > >Hugh > >-- >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >- >Nets: internetwork inventory and management - graphical, extensible, >flexible with hardware, software, platform and database independence. > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Nortel CVX-1800
Hello Kevin - On Thursday 22 March 2001 09:42, Kevin Wormington wrote: > Hi all, > > This question is a little off-topic, but I have seen some CVX-1800 users > post to the list before who are using them with radiator as we are. > > We are having trouble with customers that are assigned static-ips via > radiator being able to route to other customers who are just automatically > assigned from the pools on the CVX-1800. They are able to reach the world, > but can't even ping another dialup ip that's on the same box. Any pointers > would be appreciated. > Some devices have trouble with multiple bits of the same subnet in different places. You will probably need to set up some form of routing (either static or dynamic) to force the device to recognise the different subnet blocks. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PPPOE Authentication / Accounting
Hello Brian - On Wednesday 21 March 2001 21:57, Brian Morris wrote: > Hugh, > > Is a NAS-like device required for PPPoE? If so, can you (or anyone) > suggest one? > PPPoE translates to "Point to Point Protocol over Ethernet", and just like using PPP over modems, you need two ends to make a connection. Most ISP operators who are doing broadband over cable, or xDSL, use some sort of mass termination device to terminate the head-end of their subscribers' sessions. The question for you is "how many sessions are you looking to terminate?". If it is just one you could probably use a Linux box (or similar), but for larger numbers you will probably want a higher density solution. Others on the list have made a couple of suggestions regarding PPPoE devices, and as I have no experience in that area I have nothing to add. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) cisco av-pair and session-timeout
Hello Jaime - On Thursday 22 March 2001 04:56, Jaime Elizaga Jr. wrote: > Hello again, > > I've been reading about the session-timeout with cisco by using their > av-pair. I anyone kind enough to show me how to implement this av-pair on > my radius config file. > > You help will be deeply appreciated. > There are some example cisco-avpair reply attributes in the sample users file (called "users") in the main distribution directory. Also have a look at this item in the FAQ: 59. Whats the story with Session-Timeout and Cisco's hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Trouble with SessionDatabase SQL
Salut Fred - Comment va la vie? Je suis desole qu'on s'est pas vu lors de ma derniere visite a Paris - mais peut-etre la prochaine fois? On Thursday 22 March 2001 04:50, Frederic Gargula wrote: > Hi all, > > > I write again to this list to report a strange behavior : > > I want to limit simultaneous logins : Each user can be logged on once at > a time. > > [In the bottom, you can find interesting parts of my config file.] > > I agree with you - it looks quite strange. Could you tell me what version of Radiator you are running? And could you also try to remove the AuthByPolicy from the Handler? As you only have a single AuthBy you shouldn't need the AuthByPolicy anyway. A+ Hugues -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Nortel CVX-1800
Hi all, This question is a little off-topic, but I have seen some CVX-1800 users post to the list before who are using them with radiator as we are. We are having trouble with customers that are assigned static-ips via radiator being able to route to other customers who are just automatically assigned from the pools on the CVX-1800. They are able to reach the world, but can't even ping another dialup ip that's on the same box. Any pointers would be appreciated. Thanks, Kevin === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Trouble with SessionDatabase SQL
Hi all, I write again to this list to report a strange behavior : I want to limit simultaneous logins : Each user can be logged on once at a time. [In the bottom, you can find interesting parts of my config file.] My trouble is the following : When I want to test that he second simultaneous is rejected, I can see into the logfile : *** Received from 212.180.2.10 port 2291 Code: Access-Request Identifier: 22 Authentic: 1234567890123456 Attributes: User-Name = "testrtc" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 12342 NAS-Port-Type = Async User-Password = "i<173><217><150><233><186><189><175><212>8<240>XUg<162><230>" Wed Mar 21 18:08:14 2001: DEBUG: Check if Handler Vendor-Specific=testing should be used to handle this request Wed Mar 21 18:08:14 2001: DEBUG: Check if Handler Vendor-Specific=dialup,Request-Type = Access-Request should be used to handle this request Wed Mar 21 18:08:14 2001: DEBUG: Handling request with Handler 'Vendor-Specific=dialup,Request-Type = Access-Request' Wed Mar 21 18:08:14 2001: DEBUG: Rewrote user name to [EMAIL PROTECTED] Wed Mar 21 18:08:14 2001: DEBUG: SDB1 Deleting session for testrtc, 203.63.154.1, 12342 Wed Mar 21 18:08:14 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=012342 Wed Mar 21 18:08:14 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='testrtc' Wed Mar 21 18:08:14 2001: WARNING: SDB1 Could not find a Client for NAS 203.63.154.1 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Wed Mar 21 18:08:14 2001: INFO: Access rejected for [EMAIL PROTECTED]: MaxSessions exceeded Wed Mar 21 18:08:14 2001: DEBUG: Packet dump: *** Sending to 212.180.2.10 port 2291 Code: Access-Reject Identifier: 22 Authentic: 1234567890123456 Attributes: Reply-Message = "Request Denied" Reply-Message = "MaxSessions exceeded" Wed Mar 21 18:08:14 2001: DEBUG: Handling with Radius::AuthLDAP2 Wed Mar 21 18:08:14 2001: DEBUG: LDAP got result for [EMAIL PROTECTED],ou=users,domain=easynet.fr,vip=easynet-fr,o=easynet .net Wed Mar 21 18:08:14 2001: DEBUG: LDAP got userpassword: {MD5}ZviHb9U7k5r2YaTNG6QuTA== Wed Mar 21 18:08:14 2001: DEBUG: LDAP got idletime: 0 Wed Mar 21 18:08:14 2001: DEBUG: LDAP got ippool: 1 Wed Mar 21 18:08:14 2001: DEBUG: LDAP got ipnetmask: 255.255.255.255 Wed Mar 21 18:08:14 2001: DEBUG: LDAP got iproutemetric: 2 Wed Mar 21 18:08:14 2001: DEBUG: Radius::AuthLDAP2 looks for match with [EMAIL PROTECTED] Wed Mar 21 18:08:14 2001: DEBUG: Radius::AuthLDAP2 ACCEPT: Wed Mar 21 18:08:14 2001: DEBUG: Access accepted for [EMAIL PROTECTED] Wed Mar 21 18:08:14 2001: DEBUG: Packet dump: *** Sending to 212.180.2.10 port 2291 Code: Access-Accept Identifier: 22 Authentic: 1234567890123456 Attributes: Reply-Message = "Request Denied" Reply-Message = "MaxSessions exceeded" Ascend-Idle-Limit = 0 Ascend-Assign-IP-Pool = 1 Framed-IP-Netmask = 255.255.255.255 Ascend-Metric = 2 Service-Type = Framed-User Framed-Protocol = PPP Reply-Message = "Bienvenue sur Easynet France" One request, and two answers : one reject (this is normal) and one Accept (Abnormal, because of the MaxSessions Exceeded) If think the Radius client will consider only the first answer, but in case the first request is lost, the second (the wrong one) will be received by the Radius client. I want to have only one response, the reject. Is there a way to do that ? with an AuthByPolicy ? Thank you for attention, I hope someone can help me. CONFIG FILE BELOW ## Identifier Auth_ldap_dialup Host xxx.xxx.xxx.xxx Port 389 AuthDN cn=xxx,o=xx.xxx AuthPassword xx BaseDN o=xxx.xxx UsernameAttr uid PasswordAttr userPassword HoldServerConnection AuthAttrDef ipaddr,Framed-IP-Address,reply AuthAttrDef ipNetmask,Framed-IP-Netmask,reply AuthAttrDef protocol,Framed-Protocol,reply AuthAttrDef ipPool,Ascend-Assign-IP-Pool,reply AuthAttrDef ipRouteMetric,Ascend-Metric,reply AuthAttrDef minChannels,Ascend-Minimum-Channels,reply AuthAttrDef maxChannels,Ascend-Maximum-Channels,reply AuthAttrDef baseChannels,Ascend-Base-Channel-Count,reply AuthAttrDef idleTime,Ascend-Idle-Limit,reply SearchFilter (&(uid=$name)(|(services=pstn)(services=isdn))(status=active)) AddToReply Service-Type=Framed-User,Framed-Protocol=PPP,Reply-Message="Bienvenue sur Easynet France" Identifier Accounting1 # Disable authentication AuthSelect DBSource dbi:mysql:x:xxx DBUsername xx DBAuth x AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE, Acct-St
(RADIATOR) cisco av-pair and session-timeout
Hello again, I've been reading about the session-timeout with cisco by using their av-pair. I anyone kind enough to show me how to implement this av-pair on my radius config file. You help will be deeply appreciated. Thanks everyone!!! Jiame === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PPPOE Authentication / Accounting
Redback Matthew C. Karl Florida State University Office of Telecommunications, MIS -Original Message- From: Andy De Petter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 21, 2001 7:23 AM To: Brian Morris Cc: Radiator Mailing Subject:RE: (RADIATOR) PPPOE Authentication / Accounting DANA, from Alcatel (http://www.alcatel.com), or REDBACK 1 (http://www.redback.com)? -a > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Brian Morris > Sent: woensdag 21 maart 2001 11:58 > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) PPPOE Authentication / Accounting > > > Hugh, > > Is a NAS-like device required for PPPoE? If so, can you (or > anyone) suggest > one? > > Regards, Brian Morris > > > > - Original Message - > From: Hugh Irvine <[EMAIL PROTECTED]> > To: Brian Morris <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, March 21, 2001 7:48 PM > Subject: Re: (RADIATOR) PPPOE Authentication / Accounting > > > > > > Hello Brian - > > > > Whatever NAS-like device you use to terminate your PPPoE > sessions looks to > > Radiator like any other NAS. If the device reports packets in/out and > bytes > > in/out in accounting records you will record them just the same as with > any > > other NAS. > > > > hth > > > > Hugh > > > > On Wednesday 21 March 2001 15:33, Brian Morris wrote: > > > Hi All, > > > > > > We require the ability to authenticate clients using PPPoE as well as > > > account for their traffic. Our regular dial-in NAS (PM3 for modem > > > customers) does both auth and accounting just fine however we > are new to > > > PPPoE and I am not sure how to monitor traffic. > > > > > > Can anyone offer any suggestions as to the best way to do accounting > > > (Time/Mb) using PPPoE. > > > > > > Any help would be appreciated. > > > > > > Regards, Brian Morris > > > > > > > > > > > > === > > > Archive at http://www.starport.net/~radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > > > === > > Archive at http://www.starport.net/~radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PPPOE Authentication / Accounting
That's to be discussed, depending on the amount of concurrent users you're expecting :) Of course RedBack is better, but for low-profile ISP, DANA will do aswell. -Andy > -Original Message- > From: Karl, Matthew [mailto:[EMAIL PROTECTED]] > Sent: woensdag 21 maart 2001 17:20 > To: 'Andy De Petter'; Brian Morris > Cc: Radiator Mailing > Subject: RE: (RADIATOR) PPPOE Authentication / Accounting > > > Redback > > Matthew C. Karl > Florida State University > Office of Telecommunications, MIS > > -Original Message- > From: Andy De Petter [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 21, 2001 7:23 AM > To: Brian Morris > Cc: Radiator Mailing > Subject: RE: (RADIATOR) PPPOE Authentication / Accounting > > > DANA, from Alcatel (http://www.alcatel.com), or REDBACK 1 > (http://www.redback.com)? > > -a > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of Brian Morris > > Sent: woensdag 21 maart 2001 11:58 > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: Re: (RADIATOR) PPPOE Authentication / Accounting > > > > > > Hugh, > > > > Is a NAS-like device required for PPPoE? If so, can you (or > > anyone) suggest > > one? > > > > Regards, Brian Morris > > > > > > > > - Original Message - > > From: Hugh Irvine <[EMAIL PROTECTED]> > > To: Brian Morris <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Wednesday, March 21, 2001 7:48 PM > > Subject: Re: (RADIATOR) PPPOE Authentication / Accounting > > > > > > > > > > Hello Brian - > > > > > > Whatever NAS-like device you use to terminate your PPPoE > > sessions looks to > > > Radiator like any other NAS. If the device reports packets in/out and > > bytes > > > in/out in accounting records you will record them just the > same as with > > any > > > other NAS. > > > > > > hth > > > > > > Hugh > > > > > > On Wednesday 21 March 2001 15:33, Brian Morris wrote: > > > > Hi All, > > > > > > > > We require the ability to authenticate clients using PPPoE > as well as > > > > account for their traffic. Our regular dial-in NAS (PM3 for modem > > > > customers) does both auth and accounting just fine however we > > are new to > > > > PPPoE and I am not sure how to monitor traffic. > > > > > > > > Can anyone offer any suggestions as to the best way to do accounting > > > > (Time/Mb) using PPPoE. > > > > > > > > Any help would be appreciated. > > > > > > > > Regards, Brian Morris > > > > > > > > > > > > > > > > === > > > > Archive at http://www.starport.net/~radiator/ > > > > Announcements on [EMAIL PROTECTED] > > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > > 'unsubscribe radiator' in the body of the message. > > > > > > -- > > > Radiator: the most portable, flexible and configurable RADIUS server > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > > - > > > Nets: internetwork inventory and management - graphical, extensible, > > > flexible with hardware, software, platform and database independence. > > > > > > === > > > Archive at http://www.starport.net/~radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > > > === > > Archive at http://www.starport.net/~radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Help with session timeout over l2tp tunnel
Hi everyone, I'm kind new here and I am having problems with L2TP. My telco provider offers RAS ports via ERICSSON TIGRIS. We've configured a L2TP tunnel from their TIGIRS to my gateway router, a Cisco 3640 via vpdn. All is well, authentication and accounting, but the session timeout does not seem to work. Althought I can see that the Cisco router is accepting the "session-timeout" value from the radius but it doesn't seem to implement it on the tigris. I hope someone can enlighten me. Thanks, Jaime Here is a copy of my radius config.: MaxSessions 1 #DbDir * AcctLogFileName /var/log/radius/Cards/details WtmpFileName /var/log/radius/Cardusers/%u PasswordLogFileName /var/log/radius/Cardpasswd/%m%d%Y-passlog PreAuthHook file:"hook2xonly" SessionDatabase SDB1 # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:mysql:* DBUsername DBAuth # Authentication ### AuthSelect select password, MAXTIME from SUBSCRIBERS where username='%n' and MAXTIME>30 AuthColumnDef 0, User-Password, check AuthColumnDef 1, Ascend-Maximum-Time, reply AccountingTable ACCOUNTING AccountingStopsOnly AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef A_STAT_TYP,Acct-Status-Type AcctColumnDef A_SES_ID,Acct-Session-Id AcctColumnDef A_SES_TIME,Acct-Session-Time,integer AcctColumnDef A_TERM_CAUSE,Ascend-Disconnect-Cause,integer AcctColumnDef NAS_ID,NAS-IP-Address AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef F_IP_ADD,Framed-IP-Address AcctColumnDef CALLER_ID,Calling-Station-Id AcctColumnDef CALLED_STATION,Called-Station-Id AcctColumnDef 1X,tot1x,integer AcctColumnDef 2X,tot2x,integer AcctColumnDef 3X,tot3x,integer AcctColumnDef TIME_START,time-start,integer AcctSQLStatement DefaultReply Service-Type=Framed-User, Framed Protocol=PPP, Framed-Routing=None, Framed-MTU=1500 # Framed-IP-Netmask = 255.255.255.0, Framed-Compression = Van-Jacobson-TCP-IP Timeout 4 Here is what I have on my Cisco: aaa new-model aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default if-authenticated group radius aaa authorization network default if-authenticated group radius aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius ! vpdn enable ! vpdn-group PLDT accept-dialin protocol l2tp virtual-template 1 terminate-from hostname MAKATI_TIGRIS2 lcp renegotiation always l2tp tunnel password 7 * ! interface Virtual-Template1 description 300-port Manila RAS ip unnumbered FastEthernet0/1 keepalive 30 peer default ip address pool mnl-ras-pool ppp authentication pap ! === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PPPOE Authentication / Accounting
DANA, from Alcatel (http://www.alcatel.com), or REDBACK 1 (http://www.redback.com)? -a > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Brian Morris > Sent: woensdag 21 maart 2001 11:58 > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) PPPOE Authentication / Accounting > > > Hugh, > > Is a NAS-like device required for PPPoE? If so, can you (or > anyone) suggest > one? > > Regards, Brian Morris > > > > - Original Message - > From: Hugh Irvine <[EMAIL PROTECTED]> > To: Brian Morris <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, March 21, 2001 7:48 PM > Subject: Re: (RADIATOR) PPPOE Authentication / Accounting > > > > > > Hello Brian - > > > > Whatever NAS-like device you use to terminate your PPPoE > sessions looks to > > Radiator like any other NAS. If the device reports packets in/out and > bytes > > in/out in accounting records you will record them just the same as with > any > > other NAS. > > > > hth > > > > Hugh > > > > On Wednesday 21 March 2001 15:33, Brian Morris wrote: > > > Hi All, > > > > > > We require the ability to authenticate clients using PPPoE as well as > > > account for their traffic. Our regular dial-in NAS (PM3 for modem > > > customers) does both auth and accounting just fine however we > are new to > > > PPPoE and I am not sure how to monitor traffic. > > > > > > Can anyone offer any suggestions as to the best way to do accounting > > > (Time/Mb) using PPPoE. > > > > > > Any help would be appreciated. > > > > > > Regards, Brian Morris > > > > > > > > > > > > === > > > Archive at http://www.starport.net/~radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > > > === > > Archive at http://www.starport.net/~radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PPPOE Authentication / Accounting
Hugh, Is a NAS-like device required for PPPoE? If so, can you (or anyone) suggest one? Regards, Brian Morris - Original Message - From: Hugh Irvine <[EMAIL PROTECTED]> To: Brian Morris <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, March 21, 2001 7:48 PM Subject: Re: (RADIATOR) PPPOE Authentication / Accounting > > Hello Brian - > > Whatever NAS-like device you use to terminate your PPPoE sessions looks to > Radiator like any other NAS. If the device reports packets in/out and bytes > in/out in accounting records you will record them just the same as with any > other NAS. > > hth > > Hugh > > On Wednesday 21 March 2001 15:33, Brian Morris wrote: > > Hi All, > > > > We require the ability to authenticate clients using PPPoE as well as > > account for their traffic. Our regular dial-in NAS (PM3 for modem > > customers) does both auth and accounting just fine however we are new to > > PPPoE and I am not sure how to monitor traffic. > > > > Can anyone offer any suggestions as to the best way to do accounting > > (Time/Mb) using PPPoE. > > > > Any help would be appreciated. > > > > Regards, Brian Morris > > > > > > > > === > > Archive at http://www.starport.net/~radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Client list question
Hello Griff - You are correct, if a Client clause does not catch a request, it should be rejected. An easy test is to dummy up some authentication requests with radpwtst and do some experiments. Use a trace 4 and check what is happening. hth Hugh On Wednesday 21 March 2001 09:16, Griff Hamlin wrote: > Hello all, > > I've noticed that several people have been authenticated on my server > when the routers are not listed in the client list. How can this be? I > was under the impression from the documentation that if the router is > not listed, and no default is given, it should be immediately rejected. > Please advise. My radius config file is below with many routers removed > for brevity, and the secrets missing. The users that are calling in on > these routers are in the database, and are being accepted as they should > be. However, I though that they should not be authenticated since their > routers are not in the config file. > > Griff Hamlin, III > > > _ > # Radiator configuration file > > Trace 3 > > # Directory where logfile and details file are > LogDir /var/adm/radacct > > # Database directory. Should contain: > # users The user database > # dictionary The dictionary for your NAS > DbDir /etc/raddb > > AuthPort 1645 > AcctPort 1646 > > # Global parameters > LivingstonOffs 22 > LivingstonHole 1 > > # Handle all users from all other realms by looking them up > # in the users file at /etc/raddb/users. > > RewriteUsername s/^([^@]+).*/$1/ > > AuthByPolicy ContinueUntilAccept > > # authorize by the module AuthQuikRadAcct.pm > > > Filename %D/blkspam.1 > DefaultReply Service-Type = Framed-User,\ > Framed-Protocol = PPP,\ > Framed-IP-Address = 10.10.10.10,\ > Session-Timeout = 25,\ > Idle-Timeout = 20 > > > Filename %D/blkspam.2 > DefaultReply Service-Type = Framed-User,\ > Framed-Protocol = PPP,\ > Framed-IP-Address = 10.10.10.10,\ > Session-Timeout = 25,\ > Idle-Timeout = 20 > > > Filename %D/blkspam.3 > DefaultReply Service-Type = Framed-User,\ > Framed-Protocol = PPP,\ > Framed-IP-Address = 10.10.10.10,\ > Session-Timeout = 25,\ > Idle-Timeout = 20 > > > Filename %D/blkspam.4 > DefaultReply Service-Type = Framed-User,\ > Framed-Protocol = PPP,\ > Framed-IP-Address = 10.10.10.10,\ > Session-Timeout = 25,\ > Idle-Timeout = 20 > > > # This is primarily for test accounts not entered in Cheetah. > Filename %D/users.head > > # authorize by the module AuthQuikRad.pm > > > # Log accounting to the detail file in LogDir/ > AcctLogFileName %L/%c/detail > # MaxSessions 1 > > > # Allows us to honour requests from radpwtst on the same host. > > DupInterval 0 > Secret xx > > > #63.169.132.243 O1 Communications proxy > > Secret xx > > > #63.169.132.244 O1 Communications proxy > > Secret xx > > > #63.169.132.245 O1 Communications proxy > > Secret xx > > > #63.169.132.248 O1 Communications proxy > > Secret xx > > > #63.169.132.249 O1 Communications proxy > > Secret xx > > > #64.114.5.254 Chilliwack 1 > > Secret xx > NasType Livingston > SNMPCommunity quik77 > > > #140.186.142.2 Boston 2 > > Secret xx > NasType Livingston > SNMPCommunity quik77 > > > #140.186.142.100Boston Ascend > > Secret xxx > NasType Livingston > SNMPCommunity quik77 > > > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthRADIUS mods
Thanks Arjan - I have forwarded your suggestions to Mike for consideration. cheers Hugh On Tuesday 20 March 2001 19:33, Arjan Waardenburg wrote: > Hi all, > > I made some modifications to the AuthRADIUS.pm and maybe other folks can > use them. > > The first one is to choose beforehand which port is used for the forwarded > packets. I used OutPort as keyword and default value is 0 which causes > Radiator to use a random free port just like the standard AuthRADIUS.pm. > The reason for this modification is the strict filtering on firewalls or > routers between our proxy radiusserver and the final radiusserver. > > The second modification is to ensure fast processing of accountingpackets > by sending a response immediately after receiving an accounting-request. > This is done using AccountingHandled in combination with a new keyword > IgnoreAccountingReponse. AccountingHandled takes care of the immediate > response and IgnoreAccountingResponse silently drops the > accounting-response from the final radiusserver. > > Here is the diff : > > 72a73 > > > $self->{OutPort} = 0; > > 92a94 > > > 'OutPort' => $self->{OutPort}, > > 121a124 > > >'OutPort'=> 'string', > > 126a130 > > >'IgnoreAccountingResponse' => 'flag', > > 270c274 > <(0, Socket::inet_aton($bind_address))) > --- > > >($self->{OutPort}, Socket::inet_aton($bind_address))) > > 478,479c482,485 > < unless $self->{IgnoreReject} > < && $p->code eq 'Access-Reject'; > --- > > > unless (($self->{IgnoreReject} > > && $p->code eq 'Access-Reject') > > > > || ($self->{IgnoreAccountingResponse} > > > > && $p->code eq 'Accounting-Response')); > > Regards, > Arjan > > > > > ***DISCLAIMER*** > Deze e-mail is uitsluitend bestemd voor de geadresseerde(n). > Verstrekking aan en gebruik door anderen is niet toegestaan. > KPN N.V. sluit iedere aansprakelijkheid uit die voortvloeit uit > elektronische verzending. > > This e-mail is intended exclusively for the addressee(s), and may > not be passed on to, or made available for use by any person > other than the addressee(s). > KPN N.V. rules out any and every liability resulting from any > electronic transmission. > > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PPPOE Authentication / Accounting
Hello Brian - Whatever NAS-like device you use to terminate your PPPoE sessions looks to Radiator like any other NAS. If the device reports packets in/out and bytes in/out in accounting records you will record them just the same as with any other NAS. hth Hugh On Wednesday 21 March 2001 15:33, Brian Morris wrote: > Hi All, > > We require the ability to authenticate clients using PPPoE as well as > account for their traffic. Our regular dial-in NAS (PM3 for modem > customers) does both auth and accounting just fine however we are new to > PPPoE and I am not sure how to monitor traffic. > > Can anyone offer any suggestions as to the best way to do accounting > (Time/Mb) using PPPoE. > > Any help would be appreciated. > > Regards, Brian Morris > > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) IdenticalClients
Hello Daniel - You can either use Include file(s) in your configuration file, or you can use the ClientListSQL clause to store the definitions in a database. hth Hugh On Wednesday 21 March 2001 18:31, daniel wrote: > Hi, > > I have to add lots of IdenticalClients and I was wondering if it > is possible to do something like /24? > > Example, > > IdenticalClients *.*.*.0/24 > > According to the Doc, I can only do ip space ip. > > Thanks in advance. > > Daniel > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.