Re: (RADIATOR) Version 3.3 install
Hi Chris, thanks for reporting this. Looks like 5.005 does not look in any version independent site files. Looks like we will have to work on this again. In the meantime, I have uploaded a new Makefile.PL to the patches area that removes the use of PREFIX etc, and it now works the same as in earlier versions: http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL We apologise for any inconvenience. On Thu, 29 Aug 2002 16:17, Chris Myers wrote: Hi Mike, Pavel, The patched Makefile.PL on SPARC Solaris 8 was installing the .pm files in /usr/local/lib/perl5/site_perl instead of /usr/local/lib/perl5/site_perl/5.005 where perl expected it. Cheers, Chris Pavel A Crasotin wrote: Hi, Mike. The same problem is on SPARC Solaris 8. I dont test new Makefile.PL yet. MM Hello all, MM a number of people have reported problems with the install process in version MM 3.3. On Suse and FreeBSD, 'make install' will try to install library files MM into /lib instead of the more usual /usr/lib. MM We have uploaded a new Makefile.PL to the 3.3 patches area that should fix MM this problem. MM http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL MM Any further reports to me please. MM Cheers. With respect, Pavel A Crasotin OJSC SeverTransCom 159 Moskovsky pr, Yaroslavl, 150048, Russia Tel/Fax: +7 (0852) 49-57-57, 49-58-88 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous-User connection
Hello Rajan - You should run the snmp query shown below by hand to see what it returns. This query should return the details for the existing session, and obviously if it doesn't the session is deemed to be a phantom and it is removed from the session database. You will need to make sure that the query operates successfully by hand before Radiator can use it. Have you checked that you are using the correct SNMP package (netsnmp from sourceforge.net)? regards Hugh On Thursday, August 29, 2002, at 03:32 PM, Rajan wrote: Dear All, I am checking for simulatenous user connection. Here demo@abc has simulatenous-user = 1. But the user can do multiple connection. Here's my Trace 4 debug: first access request session: from XXX.XXX.XXX.2:4 for demo@abc ..Access-accepted ..Accounting-request .. During the second connection session: from XXX.XXX.XXX.3:6 for demo@abc ... Wed Aug 28 15:28:40 2002: DEBUG: Checking if user is still online: Router demo@abc, XXX.XXX.XXX.2, 4, 08B3 Wed Aug 28 15:28:40 2002: DEBUG: Running command `/usr/bin/snmpget XXX.XXX.XXX.2 mysecret.iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.4` (i.e. simultaneous user is been checked. perfect till here, i suppose.) Wed Aug 28 15:28:40 2002: NOTICE: SessSQL Session for demo@abc, at XXX.XXX.XXX.2:4 has gone away (here i doubt why first session has gone away ) Wed Aug 28 15:28:40 2002: DEBUG: SessSQL Deleting session for demo@abc, XXX.XXX.XXX.2, 4 Wed Aug 28 15:28:40 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER ='XXX.XXX.XXX.3' and NASPORT =06 . hence, second got connected. What might be the reason for the first session ie XXX.XXX.XXX.2:4 that has gone away. It should be denying the second session mentioning "Simulatenous-Use of 1 exceeded". right? Plese help me out. Thanking you in advance. regards, Rajan. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Version 3.3 install
Hi Mike, Mike McCauley schrieb: Hi Chris, thanks for reporting this. Looks like 5.005 does not look in any version independent site files. Looks like we will have to work on this again. In the meantime, I have uploaded a new Makefile.PL to the patches area that removes the use of PREFIX etc, and it now works the same as in earlier versions: http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL for me (Solaris 5.9, perl 5.6.1) it's working with this new/old Makefile.PL as usual with older releases. Anyway, I think now it's time to rethink the possibility to have parallel radiator installations simultan for easy upgrade. (For a lot of us, radiusd is a mission critical application, upgrades are always a pain if you get running installations overwritten) Why do you use the following in your scripts: # Make sure we get the local libs for preference BEGIN { unshift(@INC, '.'); # You will probably have to uncomment the next line if you want to # run this script SUID #$ENV{PATH} = '/sbin:/bin:/usr/sbin:/usr/bin'; } this helps nothing if you use PREFIX=/new/version/test. unshift(@INC, '.') is normally wrong. This '.' in @INC is the CWD of the running process not the installdir of the script. I think you should do this similar like: use FindBin; use lib $FindBin::Bin/../lib/site_perl; then your PREFIX get's automagically proper handelt. Perhaps I'm wrong, so please enligth me. Best regards and thanks again and again and ... for this wonderful fast and competent support! Charly -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration Tel.: ++49 731 50-22499 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Version 3.3 install
Hi Karl, On Thu, 29 Aug 2002 18:53, Karl Gaissmaier wrote: Hi Mike, Mike McCauley schrieb: Hi Chris, thanks for reporting this. Looks like 5.005 does not look in any version independent site files. Looks like we will have to work on this again. In the meantime, I have uploaded a new Makefile.PL to the patches area that removes the use of PREFIX etc, and it now works the same as in earlier versions: http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL for me (Solaris 5.9, perl 5.6.1) it's working with this new/old Makefile.PL as usual with older releases. Thanks for the feedback. Looks like it depends heavily on the verison of perl installed. Anyway, I think now it's time to rethink the possibility to have parallel radiator installations simultan for easy upgrade. (For a lot of us, radiusd is a mission critical application, upgrades are always a pain if you get running installations overwritten) Why do you use the following in your scripts: The main reason is to allow testing from within a distribution: you always run with the library files that come with the distribution. Otherwise you can get hard to trace effects due to libraries being loaded from previously installed version etc. # Make sure we get the local libs for preference BEGIN { unshift(@INC, '.'); # You will probably have to uncomment the next line if you want to # run this script SUID #$ENV{PATH} = '/sbin:/bin:/usr/sbin:/usr/bin'; } this helps nothing if you use PREFIX=/new/version/test. unshift(@INC, '.') is normally wrong. This '.' in @INC is the CWD of the running process not the installdir of the script. I think you should do this similar like: use FindBin; use lib $FindBin::Bin/../lib/site_perl; then your PREFIX get's automagically proper handelt. Perhaps I'm wrong, so please enligth me. Best regards and thanks again and again and ... for this wonderful fast and competent support! Charly -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re[2]: (RADIATOR) Win2K connection Manager problem..
Which attributes would you recomend us sending? Wednesday, August 28, 2002, 1:53:12 AM, you wrote: HI Hello Mehmet - HI Please do not send Word documents to the list - text only is preferred HI (and I do not use Microsoft products). HI The log file shows only a Service-Type = Framed-User and HI Framed-Protocol = PPP in the access accept that is send back to the HI client. I suspect that there are additional attributes required to set HI up the connection. HI regards HI Hugh HI On Tuesday, August 27, 2002, at 10:15 PM, Mehmet Ugursoy wrote: We have got a problem dialup connection with a Win2K connection Manager. Modem connected, but a few seconds later, connection droping by Connection Manager. Log file attached.. Thanks for Help. -- Saygilarimla Mehmet Ugursoy Netone Iletisim Hizmetleri -- Saygilarimla Mehmet Ugursoy Netone Iletisim Hizmetleri HI -- HI Radiator: the most portable, flexible and configurable RADIUS server HI anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. HI - HI Nets: internetwork inventory and management - graphical, extensible, HI flexible with hardware, software, platform and database independence. -- Saygilarimla Mehmet Ugursoy Netone Iletisim Hizmetleri === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) wireless access point accounting
Hello again - Many thanks to all those who replied to my request regarding wireless accounting via radius. It is obviously fairly early days looking at the replies I received, with the Cisco being the only unit sending (partially) useful accounting starts and accounting stops (note that this is not an exhaustive survey). Any additions, corrections, modifications, etc. gratefully received. Thanks again. regards Hugh On Saturday, August 24, 2002, at 12:35 AM, Hugh Irvine wrote: Hello Everyone - I have recently been investigating wireless access points for 802.1x. Is anyone out there using radius authentication and accounting with these devices? If so could you please send me copies of the authentication requests and the accounting starts and stops? Any war stories regarding different brands would also be welcome. many thanks Hugh NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) how to handle requests by prefix
hi all, How can we handle requests by prefix used in the username et not by the realm ? thx === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) pre-authentication
hi hugh, hi all, I have a Tigirs NAS and i have configured it to send pre- authentication requests. how can we configure pre-authentication in raditor and wht are the attributes that it looks for so as to distinguish between a pre- authentication request and a normal authentication request i want to perform pre-authentication from one machine running radiator and proxy the request to another to perform normal authentication. Thanks and regards eapen === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) pre-authentication
On Thu, 29 Aug 2002, Eapen Joseph wrote: hi hugh, hi all, I have a Tigirs NAS and i have configured it to send pre- authentication requests. how can we configure pre-authentication in raditor and wht are the attributes that it looks for so as to distinguish between a pre- authentication request and a normal authentication request i want to perform pre-authentication from one machine running radiator and proxy the request to another to perform normal authentication. It depends in the pre-auth packet sent by your NAS. Usually the attribute sent for pre-auth is: Service-Type=Call-Check Saludos JesusR. - Jesus Rodriguez IP Engineering Security Manager Grupo Tiscali España [EMAIL PROTECTED] http://www.tiscali.es Tel. + (34) 93-3930800 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Server Connection Handling
Mike McCauley wrote: On Wed, 28 Aug 2002 08:32, Hugh Irvine wrote: Hello Dan - I would have to suggest that you use a more sensible database. Of course that there might be other reasons that prevent you from doing that. I am a bit puzzled though: I would normally expect Radiator to attempt to reconnect and have another go after failing to execute that query the first time? Perhaps if you send more the the trace file we might see if that is happening? Cheers. Here's what happens: 1) If the server has been writing to MSSQL server frequently, no problems. 2) If the server has not written anything over TCP connection to MSSQL in quite a long while, the server is blocked. Any subsequent requests to the server fail. This is the last thing in the log before a block: Wed Aug 28 18:58:52 2002 707093: DEBUG: do query is: insert into failedattempts (LoggedAt,User_Name,NAS_IP_Address,Caller_ID,NAS_Port,Failure_Message, Active_Handler) values ('2002-08-28 18:58:52.000','dan','203.63.154.1','987654321','1234','''Bad Password''', 'prodnetilla') . I suspect a problem may be with FreeTDS libraries, DBD::Sybase, or MSSQL server itself. Unfortunately I can't use a different database for logging for beauraucratical reasons. A connect-log-disconnect feature would be a quick fix for this. It would also allow some people simple load balancing with round-robin DNS to boot. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) pre-authentication
Hello Eapen - You will have to check your vendor documentation, or better still do some experiments with Radiator running at trace 4 to see exactly what you receive from the NAS. regards Hugh On Friday, August 30, 2002, at 01:42 AM, Eapen Joseph wrote: hi hugh, hi all, I have a Tigirs NAS and i have configured it to send pre- authentication requests. how can we configure pre-authentication in raditor and wht are the attributes that it looks for so as to distinguish between a pre- authentication request and a normal authentication request i want to perform pre-authentication from one machine running radiator and proxy the request to another to perform normal authentication. Thanks and regards eapen === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) how to handle requests by prefix
Hello Mehdi - You would use Handlers instead of Realms - something like this: Handler User-Name = /^/ where is the prefix you are looking for. The exact syntax of the regular expression will depend on the string you are looking for. Check your Perl book for a discussion on regular expressions. regards Hugh On Friday, August 30, 2002, at 01:22 AM, Mohamed Mehdi Khemiri wrote: hi all, How can we handle requests by prefix used in the username et not by the realm ? thx === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Re[2]: (RADIATOR) Win2K connection Manager problem..
Hello Mehmet - You should check your system documentation, as there are no standard attribute sets. I would expect that you might need to send one or both of Framed-IP-Netmask and/or Framed-IP-Address. regards Hugh On Thursday, August 29, 2002, at 09:17 PM, Mehmet Ugursoy wrote: Which attributes would you recomend us sending? Wednesday, August 28, 2002, 1:53:12 AM, you wrote: HI Hello Mehmet - HI Please do not send Word documents to the list - text only is preferred HI (and I do not use Microsoft products). HI The log file shows only a Service-Type = Framed-User and HI Framed-Protocol = PPP in the access accept that is send back to the HI client. I suspect that there are additional attributes required to set HI up the connection. HI regards HI Hugh HI On Tuesday, August 27, 2002, at 10:15 PM, Mehmet Ugursoy wrote: We have got a problem dialup connection with a Win2K connection Manager. Modem connected, but a few seconds later, connection droping by Connection Manager. Log file attached.. Thanks for Help. -- Saygilarimla Mehmet Ugursoy Netone Iletisim Hizmetleri -- Saygilarimla Mehmet Ugursoy Netone Iletisim Hizmetleri HI -- HI Radiator: the most portable, flexible and configurable RADIUS server HI anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. HI - HI Nets: internetwork inventory and management - graphical, extensible, HI flexible with hardware, software, platform and database independence. -- Saygilarimla Mehmet Ugursoy Netone Iletisim Hizmetleri -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Server Connection Handling
Hi Dan, OK, here is a new version of SqlDb.pm that implements a new DisconnectAfterQuery flag. This will cause AuthBy SQL and other SQL users to disconnect after every SQL 'do' and after every 'getOneRow'. Let me know how you go. Cheers. On Fri, 30 Aug 2002 05:11, Dan Melomedman wrote: Mike McCauley wrote: On Wed, 28 Aug 2002 08:32, Hugh Irvine wrote: Hello Dan - I would have to suggest that you use a more sensible database. Of course that there might be other reasons that prevent you from doing that. I am a bit puzzled though: I would normally expect Radiator to attempt to reconnect and have another go after failing to execute that query the first time? Perhaps if you send more the the trace file we might see if that is happening? Cheers. Here's what happens: 1) If the server has been writing to MSSQL server frequently, no problems. 2) If the server has not written anything over TCP connection to MSSQL in quite a long while, the server is blocked. Any subsequent requests to the server fail. This is the last thing in the log before a block: Wed Aug 28 18:58:52 2002 707093: DEBUG: do query is: insert into failedattempts (LoggedAt,User_Name,NAS_IP_Address,Caller_ID,NAS_Port,Failure_Message, Active_Handler) values ('2002-08-28 18:58:52.000','dan','203.63.154.1','987654321','1234','''Bad Password''', 'prodnetilla') . I suspect a problem may be with FreeTDS libraries, DBD::Sybase, or MSSQL server itself. Unfortunately I can't use a different database for logging for beauraucratical reasons. A connect-log-disconnect feature would be a quick fix for this. It would also allow some people simple load balancing with round-robin DNS to boot. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc # SqlDb.pm # # Object for handling an SQL database. # Routines are provided to connect to a server (and fall back # to alternates if not available. # Also routines to do generic prepare/execute # # This module also implements database handle sharing: all instances # that connect to the same database with the same username and password # will share the same database connection # # Author: Mike McCauley ([EMAIL PROTECTED]) # Copyright (C) 1997 Open System Consultants # $Id: SqlDb.pm,v 1.19 2002/05/23 02:02:44 mikem Exp mikem $ package Radius::SqlDb; @ISA = qw(Radius::Configurable); use Radius::Configurable; use DBI; use strict; %Radius::SqlDb::ConfigKeywords = ('DBSource' = 'stringarray', 'DBUsername' = 'stringarray', 'DBAuth' = 'stringarray', 'Timeout'= 'integer', 'FailureBackoffTime' = 'integer', 'DateFormat' = 'string', 'DisconnectAfterQuery' = 'flag', ); # This is a has of $dbsource;$dbusername;$dbauth to database handle # that allows multuple instances to share handles %Radius::SqlDb::handles; # # Constructs a new SQL database sub new { my ($class, @args) = @_; my $self = $class-SUPER::new(@args); $self-log($main::LOG_WARNING, No DBSource defined for $class at '$main::config_file' line $.) if @{$self-{DBSource}} == 0; return $self; } # # Do per-instance default initialization # This is called by Configurable during Configurable::new before # the config file is parsed. Its a good place initalze # instance variables # that might get overridden when the config file is parsed. sub initialize { my ($self) = @_; $self-SUPER::initialize; # Empty arrays for database details $self-{DBSource} = []; $self-{DBUsername} = []; $self-{DBAuth} = []; $self-{Timeout}= 60; # Seconds $self-{FailureBackoffTime} = 600; # Seconds $self-{DateFormat} = '%b %e, %Y %H:%M'; # eg 'Sep 3, 1995 13:37' } # # reconnect # Connect or reconnect to a database # Returns true if there is a viable database connection available sub reconnect { my ($self) = @_; # Implement backoff strategy in case of database failure return 0 if time $self-{backoff_until}; if (!$Radius::SqlDb::handles{$self-{dbname}}) { print Reconnecting to $self-{dbname}\n; # A new connection is required, try all the # ones in the $self-{DBSource} in order til we # find either an existing shared one, or a can create # a new connection my $i; for ($i =
(RADIATOR) handlers and realms
i am not sure, but i thought i read that you should not (or could not?) use handler and realm in the same radius config file. is this true? if so, what to do if for some clients i need to use a handler, and others a realm? thanks, shon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) handlers and realms
Hello Shon - You *should* not mix Realms and Handlers - it is possible to do - but it is almost impossible after the fact to understand what is going on when trying to debug problems. Here is what to do: Handler .. .. /Handler Handler Realm = foo.com .. /Handler Handler .. /Handler Keep in mind that Handlers are evaluated in the order they appear in the configuration file, and the first match is the only match, so the more specific Handlers must appear before the more general. Also note that in some cases it makes sense to split the processing into two (or more) seperate instances of Radiator, depending on what else you are trying to do. regards Hugh On Friday, August 30, 2002, at 11:13 AM, Shon Stephens wrote: i am not sure, but i thought i read that you should not (or could not?) use handler and realm in the same radius config file. is this true? if so, what to do if for some clients i need to use a handler, and others a realm? thanks, shon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.